非官方的eBPF规格 | Unofficial eBPF spec

Posted rtoax

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了非官方的eBPF规格 | Unofficial eBPF spec相关的知识,希望对你有一定的参考价值。

Unofficial eBPF spec

The official documentation for the eBPF instruction set is in the
Linux repository. However, while it is concise, it isn’t always easy to
use as a reference. This document lists each valid eBPF opcode.

Instruction encoding

An eBPF program is a sequence of 64-bit instructions. This project assumes each
instruction is encoded in host byte order, but the byte order is not relevant
to this spec.

All eBPF instructions have the same basic encoding:

msb                                                        lsb
+------------------------+----------------+----+----+--------+
|immediate               |offset          |src |dst |opcode  |
+------------------------+----------------+----+----+--------+

From least significant to most significant bit:

  • 8 bit opcode
  • 4 bit destination register (dst)
  • 4 bit source register (src)
  • 16 bit offset
  • 32 bit immediate (imm)

Most instructions do not use all of these fields. Unused fields should be
zeroed.

The low 3 bits of the opcode field are the “instruction class”.
This groups together related opcodes.

LD/LDX/ST/STX opcode structure:

msb      lsb
+---+--+---+
|mde|sz|cls|
+---+--+---+

The sz field specifies the size of the memory location. The mde field is
the memory access mode. uBPF only supports the generic “MEM” access mode.

ALU/ALU64/JMP opcode structure:

msb      lsb
+----+-+---+
|op  |s|cls|
+----+-+---+

If the s bit is zero, then the source operand is imm. If s is one, then
the source operand is src. The op field specifies which ALU or branch
operation is to be performed.

ALU Instructions

64-bit

OpcodeMnemonicPseudocode
0x07add dst, immdst += imm
0x0fadd dst, srcdst += src
0x17sub dst, immdst -= imm
0x1fsub dst, srcdst -= src
0x27mul dst, immdst *= imm
0x2fmul dst, srcdst *= src
0x37div dst, immdst /= imm
0x3fdiv dst, srcdst /= src
0x47or dst, immdst |= imm
0x4for dst, srcdst |= src
0x57and dst, immdst &= imm
0x5fand dst, srcdst &= src
0x67lsh dst, immdst <<= imm
0x6flsh dst, srcdst <<= src
0x77rsh dst, immdst >>= imm (logical)
0x7frsh dst, srcdst >>= src (logical)
0x87neg dstdst = -dst
0x97mod dst, immdst %= imm
0x9fmod dst, srcdst %= src
0xa7xor dst, immdst ^= imm
0xafxor dst, srcdst ^= src
0xb7mov dst, immdst = imm
0xbfmov dst, srcdst = src
0xc7arsh dst, immdst >>= imm (arithmetic)
0xcfarsh dst, srcdst >>= src (arithmetic)

32-bit

These instructions use only the lower 32 bits of their operands and zero the
upper 32 bits of the destination register.

OpcodeMnemonicPseudocode
0x04add32 dst, immdst += imm
0x0cadd32 dst, srcdst += src
0x14sub32 dst, immdst -= imm
0x1csub32 dst, srcdst -= src
0x24mul32 dst, immdst *= imm
0x2cmul32 dst, srcdst *= src
0x34div32 dst, immdst /= imm
0x3cdiv32 dst, srcdst /= src
0x44or32 dst, immdst |= imm
0x4cor32 dst, srcdst |= src
0x54and32 dst, immdst &= imm
0x5cand32 dst, srcdst &= src
0x64lsh32 dst, immdst <<= imm
0x6clsh32 dst, srcdst <<= src
0x74rsh32 dst, immdst >>= imm (logical)
0x7crsh32 dst, srcdst >>= src (logical)
0x84neg32 dstdst = -dst
0x94mod32 dst, immdst %= imm
0x9cmod32 dst, srcdst %= src
0xa4xor32 dst, immdst ^= imm
0xacxor32 dst, srcdst ^= src
0xb4mov32 dst, immdst = imm
0xbcmov32 dst, srcdst = src
0xc4arsh32 dst, immdst >>= imm (arithmetic)
0xccarsh32 dst, srcdst >>= src (arithmetic)

Byteswap instructions

OpcodeMnemonicPseudocode
0xd4 (imm == 16)le16 dstdst = htole16(dst)
0xd4 (imm == 32)le32 dstdst = htole32(dst)
0xd4 (imm == 64)le64 dstdst = htole64(dst)
0xdc (imm == 16)be16 dstdst = htobe16(dst)
0xdc (imm == 32)be32 dstdst = htobe32(dst)
0xdc (imm == 64)be64 dstdst = htobe64(dst)

Memory Instructions

OpcodeMnemonicPseudocode
0x18lddw dst, immdst = imm
0x20ldabsw src, dst, immSee kernel documentation
0x28ldabsh src, dst, imm
0x30ldabsb src, dst, imm
0x38ldabsdw src, dst, imm
0x40ldindw src, dst, imm
0x48ldindh src, dst, imm
0x50ldindb src, dst, imm
0x58ldinddw src, dst, imm
0x61ldxw dst, [src+off]dst = *(uint32_t *) (src + off)
0x69ldxh dst, [src+off]dst = *(uint16_t *) (src + off)
0x71ldxb dst, [src+off]dst = *(uint8_t *) (src + off)
0x79ldxdw dst, [src+off]dst = *(uint64_t *) (src + off)
0x62stw [dst+off], imm*(uint32_t *) (dst + off) = imm
0x6asth [dst+off], imm*(uint16_t *) (dst + off) = imm
0x72stb [dst+off], imm*(uint8_t *) (dst + off) = imm
0x7astdw [dst+off], imm*(uint64_t *) (dst + off) = imm
0x63stxw [dst+off], src*(uint32_t *) (dst + off) = src
0x6bstxh [dst+off], src*(uint16_t *) (dst + off) = src
0x73stxb [dst+off], src*(uint8_t *) (dst + off) = src
0x7bstxdw [dst+off], src*(uint64_t *) (dst + off) = src

Branch Instructions

OpcodeMnemonicPseudocode
0x05ja +offPC += off
0x15jeq dst, imm, +offPC += off if dst == imm
0x1djeq dst, src, +offPC += off if dst == src
0x25jgt dst, imm, +offPC += off if dst > imm
0x2djgt dst, src, +offPC += off if dst > src
0x35jge dst, imm, +offPC += off if dst >= imm
0x3djge dst, src, +offPC += off if dst >= src
0xa5jlt dst, imm, +offPC += off if dst < imm
0xadjlt dst, src, +offPC += off if dst < src
0xb5jle dst, imm, +offPC += off if dst <= imm
0xbdjle dst, src, +offPC += off if dst <= src
0x45jset dst, imm, +offPC += off if dst & imm
0x4djset dst, src, +offPC += off if dst & src
0x55jne dst, imm, +offPC += off if dst != imm
0x5djne dst, src, +offPC += off if dst != src
0x65jsgt dst, imm, +offPC += off if dst > imm (signed)
0x6djsgt dst, src, +offPC += off if dst > src (signed)
0x75jsge dst, imm, +offPC += off if dst >= imm (signed)
0x7djsge dst, src, +offPC += off if dst >= src (signed)
0xc5jslt dst, imm, +offPC += off if dst < imm (signed)
0xcdjslt dst, src, +offPC += off if dst < src (signed)
0xd5jsle dst, imm, +offPC += off if dst <= imm (signed)
0xddjsle dst, src, +offPC += off if dst <= src (signed)
0x85call immFunction call
0x95exitreturn r0

以上是关于非官方的eBPF规格 | Unofficial eBPF spec的主要内容,如果未能解决你的问题,请参考以下文章

CROC 2016 - Elimination Round (Rated Unofficial Edition) E - Intellectual Inquiry dp

Python Unofficial Package Site

eBPF技术应用云原生网络实践系列之基于socket的service | 龙蜥技术

Firebase_db_web_unofficial 依赖

如何摆脱 WordPress functions.php 中的“SiteLock-PHP-FILEHACKER-of.UNOFFICIAL”

[ztg@localhost lineage-17.1---dipper]$ brunch dipper --- error --- lineage-17.1-20201027-UNOFFICIAL-