helper for memmem() · iovisor/bcc#471

(6 评论) (0 反应) (0 负责人)C (22,409 star) (4,051 fork)batch import

enhancementhelp wantedprio:medium

描述

Protocol such as DNS or IPv6 are hard to filter with cBPF because important parts are relative to floating offset, since BPF disallows loops and has relatively narrow registers, we have to unroll them and scan message with a lot of branches, burning the instruction limit.

Proposal

Provide kernel helper such as memmem(off_from, off_to, pattern) where offsets (R0, R1) are relative to packet payload, and pattern (R2) is a b/h/w/dw, and returned value would be offset in packet where the match occured or packet length (no occurence).

贡献者指南

技术栈: c
领域: backendinfrastructureperformance
议题类型: feature
难度: 5
预计时间: over 1 week
活动状态: stale
清晰度: clear
前置要求: understanding of BPF internalskernel programming experienceC proficiency
新手友好度: 10
研究方向: This issue proposes a new kernel helper `memmem()` for BPF to scan packet payloads for patterns. Research should focus on existing BPF helper patterns in the kernel (e.g., `bpf skb load bytes`), the BPF verifier constraints on loops, and how offset calculations are handled. Look at the kernel's BPF helper API in `include/uapi/linux/bpf.h` and existing helpers in `net/core/filter.c`. Consider discussing with the BPF mailing list or reviewing similar feature requests in the kernel bug tracker.