反汇编ebpf目标文件实例sockex2_kern.c

已于 2024-01-27 15:22:47 修改
阅读量288 收藏 4
点赞数 9
文章标签: c语言 网络 开发语言
于 2024-01-27 15:17:19 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/chen45464546/article/details/135883479
版权

反汇编ebpf目标文件实例sockex2_kern.c

此示例的作用是以协议中的目的ip地址统计报文的个数和累计长度;

本文按照普通的ipv4 以太网报文逻辑走查了一遍sockex2_kern汇编,按照step进行了相应的注释,并在最后简单总结了一下。
内核5.15

c代码 samples/bpf/sockex2_kern.c


#include <uapi/linux/bpf.h>
#include <uapi/linux/in.h>
#include <uapi/linux/if.h>
#include <uapi/linux/if_ether.h>
#include <uapi/linux/ip.h>
#include <uapi/linux/ipv6.h>
#include <uapi/linux/if_tunnel.h>
#include <bpf/bpf_helpers.h>
#include "bpf_legacy.h"
#define IP_MF		0x2000
#define IP_OFFSET	0x1FFF

struct vlan_hdr {
	__be16 h_vlan_TCI;
	__be16 h_vlan_encapsulated_proto;
};

struct flow_key_record {
	__be32 src;
	__be32 dst;
	union {
		__be32 ports;
		__be16 port16[2];
	};
	__u16 thoff;
	__u8 ip_proto;
};

static inline int proto_ports_offset(__u64 proto)
{
	switch (proto) {
	case IPPROTO_TCP:
	case IPPROTO_UDP:
	case IPPROTO_DCCP:
	case IPPROTO_ESP:
	case IPPROTO_SCTP:
	case IPPROTO_UDPLITE:
		return 0;
	case IPPROTO_AH:
		return 4;
	default:
		return 0;
	}
}

static inline int ip_is_fragment(struct __sk_buff *ctx, __u64 nhoff)
{
	return load_half(ctx, nhoff + offsetof(struct iphdr, frag_off))
		& (IP_MF | IP_OFFSET);
}

static inline __u32 ipv6_addr_hash(struct __sk_buff *ctx, __u64 off)
{
	__u64 w0 = load_word(ctx, off);
	__u64 w1 = load_word(ctx, off + 4);
	__u64 w2 = load_word(ctx, off + 8);
	__u64 w3 = load_word(ctx, off + 12);

	return (__u32)(w0 ^ w1 ^ w2 ^ w3);
}

static inline __u64 parse_ip(struct __sk_buff *skb, __u64 nhoff, __u64 *ip_proto,
			     struct flow_key_record *flow)
{
	__u64 verlen;

	if (unlikely(ip_is_fragment(skb, nhoff)))
		*ip_proto = 0;
	else
		*ip_proto = load_byte(skb, nhoff + offsetof(struct iphdr, protocol));

	if (*ip_proto != IPPROTO_GRE) {
		flow->src = load_word(skb, nhoff + offsetof(struct iphdr, saddr));
		flow->dst = load_word(skb, nhoff + offsetof(struct iphdr, daddr));
	}

	verlen = load_byte(skb, nhoff + 0/*offsetof(struct iphdr, ihl)*/);
	if (likely(verlen == 0x45))
		nhoff += 20;
	else
		nhoff += (verlen & 0xF) << 2;

	return nhoff;
}

static inline __u64 parse_ipv6(struct __sk_buff *skb, __u64 nhoff, __u64 *ip_proto,
			       struct flow_key_record *flow)
{
	*ip_proto = load_byte(skb,
			      nhoff + offsetof(struct ipv6hdr, nexthdr));
	flow->src = ipv6_addr_hash(skb,
				   nhoff + offsetof(struct ipv6hdr, saddr));
	flow->dst = ipv6_addr_hash(skb,
				   nhoff + offsetof(struct ipv6hdr, daddr));
	nhoff += sizeof(struct ipv6hdr);

	return nhoff;
}

static inline bool flow_dissector(struct __sk_buff *skb,
				  struct flow_key_record *flow)
{
	__u64 nhoff = ETH_HLEN;
	__u64 ip_proto;
	__u64 proto = load_half(skb, 12);
	int poff;

	if (proto == ETH_P_8021AD) {
		proto = load_half(skb, nhoff + offsetof(struct vlan_hdr,
							h_vlan_encapsulated_proto));
		nhoff += sizeof(struct vlan_hdr);
	}

	if (proto == ETH_P_8021Q) {
		proto = load_half(skb, nhoff + offsetof(struct vlan_hdr,
							h_vlan_encapsulated_proto));
		nhoff += sizeof(struct vlan_hdr);
	}

	if (likely(proto == ETH_P_IP))
		nhoff = parse_ip(skb, nhoff, &ip_proto, flow);
	else if (proto == ETH_P_IPV6)
		nhoff = parse_ipv6(skb, nhoff, &ip_proto, flow);
	else
		return false;

	switch (ip_proto) {
	case IPPROTO_GRE: {
		struct gre_hdr {
			__be16 flags;
			__be16 proto;
		};

		__u64 gre_flags = load_half(skb,
					    nhoff + offsetof(struct gre_hdr, flags));
		__u64 gre_proto = load_half(skb,
					    nhoff + offsetof(struct gre_hdr, proto));

		if (gre_flags & (GRE_VERSION|GRE_ROUTING))
			break;

		proto = gre_proto;
		nhoff += 4;
		if (gre_flags & GRE_CSUM)
			nhoff += 4;
		if (gre_flags & GRE_KEY)
			nhoff += 4;
		if (gre_flags & GRE_SEQ)
			nhoff += 4;

		if (proto == ETH_P_8021Q) {
			proto = load_half(skb,
					  nhoff + offsetof(struct vlan_hdr,
							   h_vlan_encapsulated_proto));
			nhoff += sizeof(struct vlan_hdr);
		}

		if (proto == ETH_P_IP)
			nhoff = parse_ip(skb, nhoff, &ip_proto, flow);
		else if (proto == ETH_P_IPV6)
			nhoff = parse_ipv6(skb, nhoff, &ip_proto, flow);
		else
			return false;
		break;
	}
	case IPPROTO_IPIP:
		nhoff = parse_ip(skb, nhoff, &ip_proto, flow);
		break;
	case IPPROTO_IPV6:
		nhoff = parse_ipv6(skb, nhoff, &ip_proto, flow);
		break;
	default:
		break;
	}

	flow->ip_proto = ip_proto;
	poff = proto_ports_offset(ip_proto);
	if (poff >= 0) {
		nhoff += poff;
		flow->ports = load_word(skb, nhoff);
	}

	flow->thoff = (__u16) nhoff;

	return true;
}

struct pair {
	long packets;
	long bytes;
};

struct {
	__uint(type, BPF_MAP_TYPE_HASH);
	__type(key, __be32);
	__type(value, struct pair);
	__uint(max_entries, 1024);
} hash_map SEC(".maps");

SEC("socket2")
int bpf_prog2(struct __sk_buff *skb)
{
	struct flow_key_record flow = {};
	struct pair *value;
	u32 key;

	if (!flow_dissector(skb, &flow))
		return 0;

	key = flow.dst;
	value = bpf_map_lookup_elem(&hash_map, &key);
	if (value) {
		__sync_fetch_and_add(&value->packets, 1);
		__sync_fetch_and_add(&value->bytes, skb->len);
	} else {
		struct pair val = {1, skb->len};

		bpf_map_update_elem(&hash_map, &key, &val, BPF_ANY);
	}
	return 0;
}

char _license[] SEC("license") = "GPL";

反汇编


+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|           目标MAC地址 (Destination MAC Address)            | 6 字节
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             源MAC地址 (Source MAC Address)                | 6 字节
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      类型/长度 (Type/Length)          |        Payload           | 最多 1500 字节
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                       CRC校验码 (CRC)                            | 4 字节
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

cl@cl-Alienware-13:~/source/stable/linux/samples/bpf$ llvm-objdump -S sockex2_kern.o 

sockex2_kern.o:	file format ELF64-BPF


Disassembly of section socket2:

0000000000000000 bpf_prog2:
; {
       0:	bf 16 00 00 00 00 00 00	r6 = r1
       1:	b7 08 00 00 0e 00 00 00	r8 = 14
; 	__u64 proto = load_half(skb, 12);
       2:	28 00 00 00 0c 00 00 00	r0 = *(u16 *)skb[12]   【step 1. 如上以太网格式,12取的是 类型】
; 	if (proto == ETH_P_8021AD) {
       3:	55 00 02 00 a8 88 00 00	if r0 != 34984 goto +2 <LBB0_2>  【step 2. 判断是否是 ETH_P_8021AD(vlan in vlan), 如果是,则继续分解vlan头, 一般不是,跳转】
       4:	b7 08 00 00 12 00 00 00	r8 = 18
; 		proto = load_half(skb, nhoff + offsetof(struct vlan_hdr,
       5:	28 00 00 00 10 00 00 00	r0 = *(u16 *)skb[16] 【nhoff(14) + offsetof(struct vlan_hdr, h_vlan_encapsulated_proto)(2)】

0000000000000030 LBB0_2:
; 	if (proto == ETH_P_8021Q) {
       6:	55 00 04 00 00 81 00 00	if r0 != 33024 goto +4 <LBB0_4> 【step 3. 判断是否是 ETH_P_8021Q, 如果是,则继续分解vlan头, 一般不是,跳转】
; 		proto = load_half(skb, nhoff + offsetof(struct vlan_hdr,
       7:	bf 87 00 00 00 00 00 00	r7 = r8
       8:	07 07 00 00 02 00 00 00	r7 += 2
       9:	48 70 00 00 00 00 00 00	r0 = *(u16 *)skb[r7]
; 		nhoff += sizeof(struct vlan_hdr);
      10:	07 08 00 00 04 00 00 00	r8 += 4

0000000000000058 LBB0_4:
; 	if (likely(proto == ETH_P_IP))
      11:	15 00 4f 00 00 08 00 00	if r0 == 2048 goto +79 <LBB0_6>   【step 4. 如果是ipv4则跳转,一般是,跳转】
      12:	15 00 01 00 dd 86 00 00	if r0 == 34525 goto +1 <LBB0_12>
      13:	05 00 a2 00 00 00 00 00	goto +162 <LBB0_39>

0000000000000070 LBB0_12:
; 			      nhoff + offsetof(struct ipv6hdr, nexthdr));
      14:	bf 87 00 00 00 00 00 00	r7 = r8
      15:	07 07 00 00 06 00 00 00	r7 += 6
; 	*ip_proto = load_byte(skb,
      16:	50 70 00 00 00 00 00 00	r0 = *(u8 *)skb[r7]
      17:	7b 0a d8 ff 00 00 00 00	*(u64 *)(r10 - 40) = r0
; 	__u64 w3 = load_word(ctx, off + 12);
      18:	bf 87 00 00 00 00 00 00	r7 = r8
      19:	07 07 00 00 24 00 00 00	r7 += 36
      20:	40 70 00 00 00 00 00 00	r0 = *(u32 *)skb[r7]
      21:	7b 0a e0 ff 00 00 00 00	*(u64 *)(r10 - 32) = r0
; 	__u64 w2 = load_word(ctx, off + 8);
      22:	bf 87 00 00 00 00 00 00	r7 = r8
      23:	07 07 00 00 20 00 00 00	r7 += 32
      24:	40 70 00 00 00 00 00 00	r0 = *(u32 *)skb[r7]
      25:	7b 0a d0 ff 00 00 00 00	*(u64 *)(r10 - 48) = r0
; 				   nhoff + offsetof(struct ipv6hdr, daddr));
      26:	bf 87 00 00 00 00 00 00	r7 = r8
      27:	07 07 00 00 18 00 00 00	r7 += 24
; 	__u64 w0 = load_word(ctx, off);
      28:	40 70 00 00 00 00 00 00	r0 = *(u32 *)skb[r7]
      29:	bf 09 00 00 00 00 00 00	r9 = r0
; 	__u64 w1 = load_word(ctx, off + 4);
      30:	bf 87 00 00 00 00 00 00	r7 = r8
      31:	07 07 00 00 1c 00 00 00	r7 += 28
      32:	40 70 00 00 00 00 00 00	r0 = *(u32 *)skb[r7]
      33:	79 a1 d8 ff 00 00 00 00	r1 = *(u64 *)(r10 - 40)
; 	nhoff += sizeof(struct ipv6hdr);
      34:	07 08 00 00 28 00 00 00	r8 += 40
; 	return (__u32)(w0 ^ w1 ^ w2 ^ w3);
      35:	af 90 00 00 00 00 00 00	r0 ^= r9
      36:	79 a2 d0 ff 00 00 00 00	r2 = *(u64 *)(r10 - 48)
      37:	af 20 00 00 00 00 00 00	r0 ^= r2
      38:	79 a2 e0 ff 00 00 00 00	r2 = *(u64 *)(r10 - 32)
      39:	af 20 00 00 00 00 00 00	r0 ^= r2
      40:	7b 0a e0 ff 00 00 00 00	*(u64 *)(r10 - 32) = r0
      41:	bf 87 00 00 00 00 00 00	r7 = r8
; 	switch (ip_proto) {
      42:	15 01 4d 00 04 00 00 00	if r1 == 4 goto +77 <LBB0_30>

0000000000000158 LBB0_13:
      43:	15 01 58 00 29 00 00 00	if r1 == 41 goto +88 <LBB0_33>   【step 13. r1存储的还是 ip的 Protocol 字段, 判断是否是IPPROTO_IPV6,一般不是,继续】
      44:	55 01 6a 00 2f 00 00 00	if r1 != 47 goto +106 <LBB0_36>  【step 14. 判断是否是IPPROTO_GRE, 一般不是,跳转】
; 					    nhoff + offsetof(struct gre_hdr, proto));
      45:	bf 78 00 00 00 00 00 00	r8 = r7
      46:	07 08 00 00 02 00 00 00	r8 += 2
; 		__u64 gre_proto = load_half(skb,
      47:	48 80 00 00 00 00 00 00	r0 = *(u16 *)skb[r8]
      48:	bf 08 00 00 00 00 00 00	r8 = r0
; 		__u64 gre_flags = load_half(skb,
      49:	48 70 00 00 00 00 00 00	r0 = *(u16 *)skb[r7]
; 		if (gre_flags & (GRE_VERSION|GRE_ROUTING))
      50:	bf 01 00 00 00 00 00 00	r1 = r0
      51:	57 01 00 00 40 07 00 00	r1 &= 1856
      52:	55 01 62 00 00 00 00 00	if r1 != 0 goto +98 <LBB0_36>
; 		if (gre_flags & GRE_CSUM)
      53:	bf 01 00 00 00 00 00 00	r1 = r0
      54:	67 01 00 00 38 00 00 00	r1 <<= 56
      55:	c7 01 00 00 38 00 00 00	r1 s>>= 56
      56:	b7 03 00 00 08 00 00 00	r3 = 8
      57:	b7 02 00 00 00 00 00 00	r2 = 0
      58:	6d 12 01 00 00 00 00 00	if r2 s> r1 goto +1 <LBB0_18>
      59:	b7 03 00 00 04 00 00 00	r3 = 4

00000000000001e0 LBB0_18:
      60:	0f 73 00 00 00 00 00 00	r3 += r7
; 		if (gre_flags & GRE_KEY)
      61:	bf 01 00 00 00 00 00 00	r1 = r0
      62:	57 01 00 00 20 00 00 00	r1 &= 32
      63:	15 01 01 00 00 00 00 00	if r1 == 0 goto +1 <LBB0_20>
      64:	07 03 00 00 04 00 00 00	r3 += 4

0000000000000208 LBB0_20:
; 		if (gre_flags & GRE_SEQ)
      65:	57 00 00 00 10 00 00 00	r0 &= 16
      66:	15 00 01 00 00 00 00 00	if r0 == 0 goto +1 <LBB0_22>
      67:	07 03 00 00 04 00 00 00	r3 += 4

0000000000000220 LBB0_22:
; 		if (proto == ETH_P_8021Q) {
      68:	55 08 07 00 00 81 00 00	if r8 != 33024 goto +7 <LBB0_24>
; 					  nhoff + offsetof(struct vlan_hdr,
      69:	bf 37 00 00 00 00 00 00	r7 = r3
      70:	07 07 00 00 02 00 00 00	r7 += 2
      71:	bf 38 00 00 00 00 00 00	r8 = r3
; 			proto = load_half(skb,
      72:	48 70 00 00 00 00 00 00	r0 = *(u16 *)skb[r7]
      73:	bf 83 00 00 00 00 00 00	r3 = r8
      74:	bf 08 00 00 00 00 00 00	r8 = r0
; 			nhoff += sizeof(struct vlan_hdr);
      75:	07 03 00 00 04 00 00 00	r3 += 4

0000000000000260 LBB0_24:
; 		if (proto == ETH_P_IP)
      76:	15 08 65 00 dd 86 00 00	if r8 == 34525 goto +101 <LBB0_29>
      77:	55 08 62 00 00 08 00 00	if r8 != 2048 goto +98 <LBB0_39>
; 	return load_half(ctx, nhoff + offsetof(struct iphdr, frag_off))
      78:	bf 37 00 00 00 00 00 00	r7 = r3
      79:	07 07 00 00 06 00 00 00	r7 += 6
      80:	bf 38 00 00 00 00 00 00	r8 = r3
      81:	48 70 00 00 00 00 00 00	r0 = *(u16 *)skb[r7]
; 	if (unlikely(ip_is_fragment(skb, nhoff)))
      82:	57 00 00 00 ff 3f 00 00	r0 &= 16383
      83:	55 00 04 00 00 00 00 00	if r0 != 0 goto +4 <LBB0_28>
; 		*ip_proto = load_byte(skb, nhoff + offsetof(struct iphdr, protocol));  【parse_ip 内联了,相同的汇编逻辑在多出出现】
      84:	bf 87 00 00 00 00 00 00	r7 = r8
      85:	07 07 00 00 09 00 00 00	r7 += 9
      86:	50 70 00 00 00 00 00 00	r0 = *(u8 *)skb[r7]
; 	if (*ip_proto != IPPROTO_GRE) {
      87:	15 00 3f 00 2f 00 00 00	if r0 == 47 goto +63 <LBB0_36>

00000000000002c0 LBB0_28:
; 		flow->dst = load_word(skb, nhoff + offsetof(struct iphdr, daddr));
      88:	07 08 00 00 10 00 00 00	r8 += 16
      89:	40 80 00 00 00 00 00 00	r0 = *(u32 *)skb[r8]
      90:	05 00 3b 00 00 00 00 00	goto +59 <LBB0_35>


0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version|  IHL  |Type of Service|           Total Length         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|         Identification        |Flags|     Fragment Offset     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|  Time to Live |    Protocol   |        Header Checksum        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                       Source IP Address                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Destination IP Address                     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Options                    |    Padding    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

00000000000002d8 LBB0_6:    【step 5. 是 ipv4, r8还是14,是 ip 协议开始的地方】
; 	return load_half(ctx, nhoff + offsetof(struct iphdr, frag_off))
      91:	bf 87 00 00 00 00 00 00	r7 = r8
      92:	07 07 00 00 06 00 00 00	r7 += 6
      93:	48 70 00 00 00 00 00 00	r0 = *(u16 *)skb[r7]  【以太网头14 + 6字节为Flags字段】
      94:	b7 09 00 00 00 00 00 00	r9 = 0
; 	if (unlikely(ip_is_fragment(skb, nhoff)))
      95:	57 00 00 00 ff 3f 00 00	r0 &= 16383   【 & (IP_MF | IP_OFFSET);】
      96:	55 00 07 00 00 00 00 00	if r0 != 0 goto +7 <LBB0_8> 【step 6. 如果 Flags字段包含如上标记,则*ip_proto = 0; 一般继续】
; 		*ip_proto = load_byte(skb, nhoff + offsetof(struct iphdr, protocol)); 
      97:	bf 87 00 00 00 00 00 00	r7 = r8
      98:	07 07 00 00 09 00 00 00	r7 += 9
      99:	50 70 00 00 00 00 00 00	r0 = *(u8 *)skb[r7]   【step 7. 获取ip Protocol 字段】
     100:	bf 09 00 00 00 00 00 00	r9 = r0
     101:	b7 01 00 00 2f 00 00 00	r1 = 47
     102:	b7 00 00 00 00 00 00 00	r0 = 0
; 	if (*ip_proto != IPPROTO_GRE) {
     103:	15 09 04 00 2f 00 00 00	if r9 == 47 goto +4 <LBB0_9>  【step 8. 正常应该不等于 IPPROTO_GRE, 继续】

0000000000000340 LBB0_8:
; 		flow->dst = load_word(skb, nhoff + offsetof(struct iphdr, daddr));   
     104:	bf 87 00 00 00 00 00 00	r7 = r8
     105:	07 07 00 00 10 00 00 00	r7 += 16     【+16 取得 Destination IP Address 】
     106:	40 70 00 00 00 00 00 00	r0 = *(u32 *)skb[r7]
     107:	bf 91 00 00 00 00 00 00	r1 = r9

0000000000000360 LBB0_9:
     108:	7b 0a e0 ff 00 00 00 00	*(u64 *)(r10 - 32) = r0   【step 9. 存储  Destination IP Address 到栈里面】
     109:	bf 19 00 00 00 00 00 00	r9 = r1
; 	verlen = load_byte(skb, nhoff + 0/*offsetof(struct iphdr, ihl)*/);
     110:	50 80 00 00 00 00 00 00	r0 = *(u8 *)skb[r8]   【取 Version 字段】
     111:	b7 07 00 00 14 00 00 00	r7 = 20
; 	if (likely(verlen == 0x45))
     112:	15 00 03 00 45 00 00 00	if r0 == 69 goto +3 <LBB0_11>   【step 10. (likely(verlen == 0x45)), 跳转】
     113:	67 00 00 00 02 00 00 00	r0 <<= 2
     114:	57 00 00 00 3c 00 00 00	r0 &= 60
     115:	bf 07 00 00 00 00 00 00	r7 = r0

00000000000003a0 LBB0_11:
     116:	0f 87 00 00 00 00 00 00	r7 += r8   【step 11. 以太网头 + ip头】
     117:	bf 91 00 00 00 00 00 00	r1 = r9   【r9还是  ip协议的 Protocol 字段】
; 	switch (ip_proto) {
     118:	15 01 01 00 04 00 00 00	if r1 == 4 goto +1 <LBB0_30>  【step 12. 如果是IPIP tunnels 协议(ip in ip),则跳转继续parse_ip,正常一般不是ip in ip,继续】
     119:	05 00 b3 ff 00 00 00 00	goto -77 <LBB0_13>

00000000000003c0 LBB0_30:
; 	return load_half(ctx, nhoff + offsetof(struct iphdr, frag_off))
     120:	bf 78 00 00 00 00 00 00	r8 = r7
     121:	07 08 00 00 06 00 00 00	r8 += 6
     122:	48 80 00 00 00 00 00 00	r0 = *(u16 *)skb[r8]
; 	if (unlikely(ip_is_fragment(skb, nhoff)))
     123:	57 00 00 00 ff 3f 00 00	r0 &= 16383
     124:	55 00 04 00 00 00 00 00	if r0 != 0 goto +4 <LBB0_32>
; 		*ip_proto = load_byte(skb, nhoff + offsetof(struct iphdr, protocol));
     125:	bf 78 00 00 00 00 00 00	r8 = r7
     126:	07 08 00 00 09 00 00 00	r8 += 9
     127:	50 80 00 00 00 00 00 00	r0 = *(u8 *)skb[r8]
; 	if (*ip_proto != IPPROTO_GRE) {
     128:	15 00 16 00 2f 00 00 00	if r0 == 47 goto +22 <LBB0_36>

0000000000000408 LBB0_32:
; 		flow->dst = load_word(skb, nhoff + offsetof(struct iphdr, daddr));
     129:	07 07 00 00 10 00 00 00	r7 += 16
     130:	40 70 00 00 00 00 00 00	r0 = *(u32 *)skb[r7]
     131:	05 00 12 00 00 00 00 00	goto +18 <LBB0_35>

0000000000000420 LBB0_33:
; 	__u64 w3 = load_word(ctx, off + 12);
     132:	bf 78 00 00 00 00 00 00	r8 = r7
     133:	07 08 00 00 24 00 00 00	r8 += 36
     134:	40 80 00 00 00 00 00 00	r0 = *(u32 *)skb[r8]
     135:	7b 0a e0 ff 00 00 00 00	*(u64 *)(r10 - 32) = r0
; 	__u64 w2 = load_word(ctx, off + 8);
     136:	bf 78 00 00 00 00 00 00	r8 = r7
     137:	07 08 00 00 20 00 00 00	r8 += 32
     138:	40 80 00 00 00 00 00 00	r0 = *(u32 *)skb[r8]
     139:	bf 09 00 00 00 00 00 00	r9 = r0
; 				   nhoff + offsetof(struct ipv6hdr, daddr));
     140:	bf 78 00 00 00 00 00 00	r8 = r7
     141:	07 08 00 00 18 00 00 00	r8 += 24
; 	__u64 w0 = load_word(ctx, off);
     142:	40 80 00 00 00 00 00 00	r0 = *(u32 *)skb[r8]
     143:	bf 08 00 00 00 00 00 00	r8 = r0
; 	__u64 w1 = load_word(ctx, off + 4);
     144:	07 07 00 00 1c 00 00 00	r7 += 28
     145:	40 70 00 00 00 00 00 00	r0 = *(u32 *)skb[r7]
; 	return (__u32)(w0 ^ w1 ^ w2 ^ w3);
     146:	af 80 00 00 00 00 00 00	r0 ^= r8
     147:	af 90 00 00 00 00 00 00	r0 ^= r9

00000000000004a0 LBB0_34:
     148:	79 a1 e0 ff 00 00 00 00	r1 = *(u64 *)(r10 - 32)
     149:	af 10 00 00 00 00 00 00	r0 ^= r1

00000000000004b0 LBB0_35:
     150:	7b 0a e0 ff 00 00 00 00	*(u64 *)(r10 - 32) = r0

00000000000004b8 LBB0_36:
; 	key = flow.dst;
     151:	79 a1 e0 ff 00 00 00 00	r1 = *(u64 *)(r10 - 32)  【step 15. 这里取出前面存在栈里面的 Destination IP Address, 可以看到flow->ports没有编译出来】
     152:	63 1a fc ff 00 00 00 00	*(u32 *)(r10 - 4) = r1   【step 16. 这里存入r10-4的位置,下面r2取为key】
     153:	bf a2 00 00 00 00 00 00	r2 = r10
     154:	07 02 00 00 fc ff ff ff	r2 += -4
; 	value = bpf_map_lookup_elem(&hash_map, &key);
     155:	18 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00	r1 = 0 ll
     157:	85 00 00 00 01 00 00 00	call 1   【调用bpf_map_lookup_elem】
; 	if (value) {
     158:	15 00 05 00 00 00 00 00	if r0 == 0 goto +5 <LBB0_38>  【如果没搜索到,则bpf_map_update_elem, 此ip的第一次则跳转17-1】
     159:	b7 01 00 00 01 00 00 00	r1 = 1
; 		__sync_fetch_and_add(&value->packets, 1);
     160:	db 10 00 00 00 00 00 00	lock *(u64 *)(r0 + 0) += r1   【step 17. 搜索到了packets+1】
; 		__sync_fetch_and_add(&value->bytes, skb->len);
     161:	61 61 00 00 00 00 00 00	r1 = *(u32 *)(r6 + 0)  【step 18. r6还是入参 skb, __sync_fetch_and_add(&value->bytes, skb->len);】
     162:	db 10 08 00 00 00 00 00	lock *(u64 *)(r0 + 8) += r1  
     163:	05 00 0c 00 00 00 00 00	goto +12 <LBB0_39>

0000000000000520 LBB0_38:   【step 17-1. bpf_map_update_elem 流程】
     164:	b7 01 00 00 01 00 00 00	r1 = 1
; 		struct pair val = {1, skb->len};
     165:	7b 1a e8 ff 00 00 00 00	*(u64 *)(r10 - 24) = r1
     166:	61 61 00 00 00 00 00 00	r1 = *(u32 *)(r6 + 0)
     167:	7b 1a f0 ff 00 00 00 00	*(u64 *)(r10 - 16) = r1
     168:	bf a2 00 00 00 00 00 00	r2 = r10
     169:	07 02 00 00 fc ff ff ff	r2 += -4
     170:	bf a3 00 00 00 00 00 00	r3 = r10
     171:	07 03 00 00 e8 ff ff ff	r3 += -24
; 		bpf_map_update_elem(&hash_map, &key, &val, BPF_ANY);
     172:	18 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00	r1 = 0 ll
     174:	b7 04 00 00 00 00 00 00	r4 = 0
     175:	85 00 00 00 02 00 00 00	call 2 【第一次ipdate后继续走LBB0_39退出】

0000000000000580 LBB0_39:
; }
     176:	b7 00 00 00 00 00 00 00	r0 = 0
     177:	95 00 00 00 00 00 00 00	exit   【step 19. 退出,每个 ebpf section 只有一个exit】

0000000000000590 LBB0_29:
; 	__u64 w3 = load_word(ctx, off + 12);
     178:	bf 37 00 00 00 00 00 00	r7 = r3
     179:	07 07 00 00 24 00 00 00	r7 += 36
     180:	bf 39 00 00 00 00 00 00	r9 = r3
     181:	40 70 00 00 00 00 00 00	r0 = *(u32 *)skb[r7]
     182:	7b 0a e0 ff 00 00 00 00	*(u64 *)(r10 - 32) = r0
; 	__u64 w2 = load_word(ctx, off + 8);
     183:	bf 97 00 00 00 00 00 00	r7 = r9
     184:	07 07 00 00 20 00 00 00	r7 += 32
     185:	40 70 00 00 00 00 00 00	r0 = *(u32 *)skb[r7]
     186:	bf 07 00 00 00 00 00 00	r7 = r0
; 				   nhoff + offsetof(struct ipv6hdr, daddr));
     187:	bf 98 00 00 00 00 00 00	r8 = r9
     188:	07 08 00 00 18 00 00 00	r8 += 24
; 	__u64 w0 = load_word(ctx, off);
     189:	40 80 00 00 00 00 00 00	r0 = *(u32 *)skb[r8]
     190:	bf 08 00 00 00 00 00 00	r8 = r0
; 	__u64 w1 = load_word(ctx, off + 4);
     191:	07 09 00 00 1c 00 00 00	r9 += 28
     192:	40 90 00 00 00 00 00 00	r0 = *(u32 *)skb[r9]
; 	return (__u32)(w0 ^ w1 ^ w2 ^ w3);
     193:	af 80 00 00 00 00 00 00	r0 ^= r8
     194:	af 70 00 00 00 00 00 00	r0 ^= r7
     195:	05 00 d0 ff 00 00 00 00	goto -48 <LBB0_34>
cl@cl-Alienware-13:~/source/stable/linux/samples/bpf$

几个特点:

  1. r6默认作为入参skb一直都是skb,这个寄存器没有被重复使用过
  2. c代码里面只赋值但最后没有实际使用的代码最后没有被编译出来,
    例如flow->src, flow->ports在c代码里面看到有赋值,但最终没有使用,
    即没有存入map,所以也没编译出来。
  3. 这里内联使用较多,在汇编里面可以看到相同逻辑的汇编。如parse_ip 内联了,相同的汇编逻辑在多出出现
  4. 调用helper函数使用call 加一个数字,这个数字代表了一个函数,helper函数调用的入参是r1,r2, 返回值是r0
    5.各个LBB0_*的含义跟汇编里面标号是一样的,如果LBB0_末端还没跳转,则继续执行下一个LBB0_
  5. 单个section只有一个exit出口

程序总体还是比较好懂,有一些比较有意思的东西比如ETH_P_8021AD(vlan in vlan), IPPROTO_IPIP (ip in ip), 分析汇编能立刻明白他们就是个封装。

其他:

如果不内联,函数调用汇编是什么样子的?可以实验一下

自由国度chen
关注
  • 9
    点赞
  • 4
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
汇编语言socket程序与工具包
LukeO的博客
11-28 322
如有问题欢迎指出
socket编程概述
桦桦的博客
02-14 559
socket操作API函数 socket是“open—write/read—close”模式的一种实现,那么socket就提供了这些操作对应的函数接口。下面以TCP为 例,介绍几个基本的socket接口函数。 [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-mpJhvCUh-1581692668209)(en-resource://database/477:1)] s...
反汇编ebpf目标文件实例sockex1_kern.c
自由国度的博客
01-21 368
/home/cl/source/stable/linux/samples/bpf# cat sockex1_kern.c网上汇编的基本解释如,就不多的解释寄存器和编码的用法: https://blog.csdn.net/weixin_49393427/article/details/124057792 https://zhuanlan.zhihu.com/p/487995137 这个指令为特殊的指令(non-generic instructions),不能按照编码进行解读,按照编码解读则src 和 dst
【Linux】一文搞懂socket网络编程!!!附详细代码
w903414的博客
12-21 1900
tcp网络编程,udp网络编程,附详细代码。
Linux eBPF内核源码sample/bpf全网最细解析(一)
尧fighting的博客
09-28 3277
本文重点讲解samples/bpf/sockex1_kern.c和samples/bpf/sockex1_user.c这两个文件,并剖析了它们调用的其他外部函数。
Linux: eBPF 实现简析
JiMoKuangXiangQu的专栏
04-02 957
linux,eBPF,调试追踪工具
ebpf字节码的加载过程(三)
u013237642的博客
03-17 510
添加kernel-src/sample/bpf/bpf_load.h(头文件搜索目录在makefile中指定了),把sample/bpf/bpf_load.c和自己的user_load.c文件通过Makefile编译出一个monitor-exec程序,负责加载elf格式的.o文件。《2》int load_bpf_file(char *path)、read_trace_pipe()等用户空间函数在bpf_load.c中定义。《3》在bpf_load.c中我们看看load_bpf_file()做了啥。
sockex2_kern.rar_Code Name
09-20
2. `sockex2_kern.c`: 这个文件很可能是内核模块的一部分,可能涉及网络协议栈中的套接字(socket)扩展或优化。"sockex2"可能是"Socket Extensions 2"的缩写,表明它可能包含了一些对标准套接字接口的增强功能,...
net_kern.rar_drop_skb
09-23
`net_kern.c`是C源代码文件,里面会有实际的函数定义和操作,如`drop_skb`的具体实现。而`net_kern.h`是头文件,通常会声明相关的函数原型、结构体定义以及常量等,供其他模块调用或引用。 在`drop_skb`的实现中,...
net_kern.rar_drop
09-24
The drop_skb is used when we can t allocate an skb. The packet is read into drop_skb in order to get the data off the connection to the host.
HA_Application.rar_HOOPS/ACIS_Visual_acis_acisr14_parasolid_kern
09-23
标题中的"HA_Application.rar_HOOPS/ACIS_Visual_acis_acisr14_parasolid_kern"揭示了这个压缩包的核心内容是关于一个名为"HA_Application"的应用程序,该程序集成了HOOPS(High Order Operating System for ...
kern_levels.rar_V2
09-24
标题 "kern_levels.rar_V2" 暗示我们正在处理与Linux内核相关的源代码文件,特别是可能涉及内核级别的调整或优化。"V2"可能表示这是该主题的第二个版本,暗示可能存在一个早期的版本或者有更新的内容。 描述中的 ...
一个简单的自定义通信协议(socket
热门推荐
懒人的技术笔记
12-31 5万+
转自:http://vtrtbb.javaeye.com/blog/849336这是转自javaeye的一篇文章,作者是vtrtbb。按照网络通信的传统,我们都会自定义协议,这有很多好处,大家可以自己体会(嘿嘿)。一直不知道socket通信时候自定义数据包是什么样子的,偶然做了个小例子。先来说说数据包的定义,我这里是包头+内容 组成的:其中包头内容分为包类型+包长度, 那就是 消息对象=包类型+包长度+消息体包类型 byte 型包长度 int 型消息体 byte[]包总长度为 1 + 4 +  消息体.ge
UEFI——使用标准C库
qq_44807736的博客
09-06 465
C标准库是ANSL C标准为C语言定义的标准库。C标准库包含15个头文件:assert.h ctype.h error.h float.h limits.h locale.h math.h setjmp.h signal.h stdarg.h stddef.h stdio.h stdlib.h string.h time.h。使用C标准库开发的应用程序有很强的可移植性,标准库为上层应用程序屏蔽了底层平台的差异,使得这些程序可以在任意平台上通过编译。当我们决定在工程中使用标准库函数的时候,有两种方法。
C和指针:字符串
暮色年华的博客
09-07 912
字符串就是一串零个或多个字符,并且以一个位模式为全0的NUL字节结尾。字符串长度就是字符串中字符数。string为指针常量(const修饰string),指向的string是常量不能修改。size_t是无符号数,定义在stddef.h。C语言遍历字符串: while(*string++!='\0'){}上面两句不等价,第二个恒真,无符合数-无符合数还是无符合数,恒大于0。
c语言和c++的区别
2301_77743184的博客
09-07 3727
.........
【最新华为OD机试E卷-支持在线评测】计算疫情扩散时间(200分)多语言题解-(Python/C/JavaScript/Java/Cpp)
春秋招笔试突围
09-06 390
🍭 大家好这里是,一枚热爱算法的程序员✨ 本系列打算持续跟新的三语言AC题解💻 ACM金牌🏅️团队| 多次AK大厂笔试 | 编程一对一辅导。
​数据链路层——流量控制&可靠传输机制 ​
最新发布
qq_25467441的博客
09-09 704
例题:一个信道的数据传输率为4kb/s ,单向传播时延为30ms ,如果使停止-等待协议的信道最大利用率达到80%,要求的数据帧长度至少为。设数据帧的长度为L比特,则发送方发送全部的数据需要时间:L/4。“停止-等待”就是每发送完一个分组就停止发送,等待对方确认,在收到确认后再发送下一个分组。因为是在讨论可靠传输的原理,所以并不考虑数据是在哪一个层次上传送的。发送方在一个发送周期内,有效地发送数据所需要的时间占整个发送周期的比率。数据链路层的流量控制是点对点的,而传输层的流量控制是端到端的。
static unsigned int phytuart_msg_cmd_set_txim(unsigned int im, unsigned int txim , struct pokemon_uart_port *pup) { if (txim == 0) { im &= ~REG_IMSC_TXIM; pokemon_uart_write(im, pup, REG_IMSC); } else{ im |= REG_IMSC_TXIM; pokemon_uart_write(im, pup, REG_IMSC); } return im; } static int phytuart_cmd_handler(struct pokemon_uart_port *pup, struct ring_buffer *rbuf){ struct msg rsv_msg; unsigned int data1, data2, data3; unsigned int ret; rsv_msg = ring_buffer_out(pup->tx_buf); if (rsv_msg.module_id != 0x1) printk(KERN_INFO "AP_MSG1: completed!\n"); return -1; else{ switch (rsv_msg.cmd_id){ case 0x1: switch (rsv_msg.cmd_subid){ case 0x1: data1 = ((int)rsv_msg.data[0] << 24 | (int)rsv_msg.data[1] << 16 | (int)rsv_msg.data[2] << 8 | (int)rsv_msg.data[3]); data2 = ((int)rsv_msg.data[4] << 24 | (int)rsv_msg.data[5] << 16 | (int)rsv_msg.data[6] << 8 | (int)rsv_msg.data[7]); ret = phytuart_msg_cmd_set_txim(data1, data2, pup); rsv_msg.complete = 1; rsv_msg.data[8] = (char)(ret >> 24); rsv_msg.data[9] = (char)(0xff & (ret >> 16)); rsv_msg.data[10] = (char)(0xff & (ret >> 8)); rsv_msg.data[11] = (char)(0xff & ret); break; default: break; } default: break; } } return 0; } 审查一下这段Linux内核驱动代码有无逻辑和格式错误
06-08
这段代码的逻辑是正确的,没有明显的错误。但是,在 phytuart_cmd_handler 函数中,if 语句的代码块需要加上花括号,以确保逻辑正确。另外,建议将代码缩进调整一下,使其更易读。 下面是格式和缩进调整后的代码: ``` static unsigned int phytuart_msg_cmd_set_txim(unsigned int im, unsigned int txim, struct pokemon_uart_port *pup) { if (txim == 0) { im &= ~REG_IMSC_TXIM; pokemon_uart_write(im, pup, REG_IMSC); } else { im |= REG_IMSC_TXIM; pokemon_uart_write(im, pup, REG_IMSC); } return im; } static int phytuart_cmd_handler(struct pokemon_uart_port *pup, struct ring_buffer *rbuf) { struct msg rsv_msg; unsigned int data1, data2, data3; unsigned int ret; rsv_msg = ring_buffer_out(pup->tx_buf); if (rsv_msg.module_id != 0x1) { printk(KERN_INFO "AP_MSG1: completed!\n"); return -1; } else { switch (rsv_msg.cmd_id) { case 0x1: switch (rsv_msg.cmd_subid) { case 0x1: data1 = ((int)rsv_msg.data[0] << 24 | (int)rsv_msg.data[1] << 16 | (int)rsv_msg.data[2] << 8 | (int)rsv_msg.data[3]); data2 = ((int)rsv_msg.data[4] << 24 | (int)rsv_msg.data[5] << 16 | (int)rsv_msg.data[6] << 8 | (int)rsv_msg.data[7]); ret = phytuart_msg_cmd_set_txim(data1, data2, pup); rsv_msg.complete = 1; rsv_msg.data[8] = (char)(ret >> 24); rsv_msg.data[9] = (char)(0xff & (ret >> 16)); rsv_msg.data[10] = (char)(0xff & (ret >> 8)); rsv_msg.data[11] = (char)(0xff & ret); break; default: break; } default: break; } } return 0; } ```
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值