elem, bpf_map_pop_elem, bpf_map_peek_elem, bpf_spin_lock, bpf_spin_lock, bpf_spin_unlock, bpf_sk_fullsock, bpf_tcp_sock, bpf_skb_ecn_set_ce, bpf_get_listener_sock, bpf_PROFILE_lookup_tcp, bpf_tcp_check_syncookie, bpf_strtol, bpf_strtoul, bpf_sk_storage_get, bpf_sk_...
return-1; sk = bpf_sk_fullsock(sk); if(!sk) return-1; active = (int*)bpf_per_cpu_ptr(&bpf_prog_active, bpf_get_smp_processor_id); if(active) active_res = *active; sk_state_res = bpf_kfunc_call_test3((struct sock *)sk)->__sk_common.skc_state; return(__u32)bpf_kfun...
ARG_PTR_TO_SOCKET, /* pointer to bpf_sock (fullsock) */ ARG_PTR_TO_BTF_ID, /* pointer to in-kernel struct */ ARG_PTR_TO_ALLOC_MEM, /* pointer to dynamically allocated memory */ ARG_PTR_TO_ALLOC_MEM_OR_NULL, /* pointer to dynamically allocated memory or NULL */ ARG_CONST_ALL...
BPF_PROG_TYPE_SK_MSG, BPF_PROG_TYPE_RAW_TRACEPOINT, BPF_PROG_TYPE_CGROUP_SOCK_ADDR, BPF_PROG_TYPE_LWT_SEG6LOCAL, BPF_PROG_TYPE_LIRC_MODE2, BPF_PROG_TYPE_SK_REUSEPORT, BPF_PROG_TYPE_FLOW_DISSECTOR, /* See /usr/include/linux/bpf.h for the full list. */};BPF MAP BPF...
KERNEL_SOCKPTR(optval), optlen); } static int __bpf_setsockopt(struct sock *sk, int level, int optname, char *optval, int optlen) { int val, ret = 0; if (!sk_fullsock(sk)) return -EINVAL; if (level == SOL_SOCKET) { if (level == SOL_SOCKET) return sol_socket_setsockopt(...
BPF_PROG_TYPE_CGROUP_SOCK_ADDR, BPF_PROG_TYPE_LWT_SEG6LOCAL, BPF_PROG_TYPE_LIRC_MODE2, BPF_PROG_TYPE_SK_REUSEPORT, BPF_PROG_TYPE_FLOW_DISSECTOR, /* See /usr/include/linux/bpf.h for the full list. */ }; BPF MAP BPF 的 map 可用于内核 BPF 程序和用户应用程序之间实现双向的数据交换...
1.1.1、bpf内存空间分配1.1.2、bpf verifier1.1.3、bpf JIT/kernel interpreter1.1.4、fd分配1.2、bpf map操作1.2.1、map的创建1.2.2、map的查找1.2.3、BPF_FUNC_map_lookup_elem1.3、obj pin1.3.1、bpf_obj_pin()1.3.2、bpf_obj_get() 2、Tracing类型的BPF程序 2.1、bpf程序的绑定2.2、bpf程序的执行 ...
int bpf_setsockopt(struct bpf_sock_ops *bpf_socket, int level, int optname, char *optval, int optlen) Description Emulate a call to setsockopt() on the socket associated to bpf_socket, which must be a full socket. The level at which the option resides and the name optname of the opti...
Linux内核为了执行效率,损失了很多安全性。但是在用户空间很难触发内核代码,所以给内核漏洞利用造成了很大的困难。但是BPF使得用户空间拥有了与内核通信和数据共享的能力,所以成为了内核漏洞的高发区。本文以CVE-2017-16995漏洞初步学习了BPF漏洞的利用技巧。若有错误,敬请各位师傅斧正。
BPF_MAP_TYPE_REUSEPORT_SOCKARRAY, BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE, BPF_MAP_TYPE_QUEUE, BPF_MAP_TYPE_STACK, /* See /usr/include/linux/bpf.h for the full list. */ }; map_type选择内核中一个可用的map实现. 对于所有的map类型, eBPF程序都使用相同的bpf_map_look_elem()和bpf_map_update...