1. 19 Jun, 2019 1 commit
  2. 18 Jan, 2018 1 commit
  3. 30 Dec, 2017 1 commit
  4. 02 Nov, 2017 1 commit
  5. 05 Oct, 2017 1 commit
  6. 14 Jun, 2017 1 commit
  7. 13 Apr, 2017 1 commit
  8. 09 May, 2016 1 commit
  9. 29 Sep, 2015 1 commit
  10. 31 Jul, 2015 1 commit
  11. 27 May, 2015 1 commit
  12. 16 May, 2014 2 commits
  13. 21 Mar, 2013 1 commit
    • Daniel Borkmann's avatar
      filter: add minimal BPF JIT image disassembler · e306e2c1
      Daniel Borkmann authored
      This is a minimal stand-alone user space helper, that allows for debugging or
      verification of emitted BPF JIT images. This is in particular useful for
      emitted opcode debugging, since minor bugs in the JIT compiler can be fatal.
      The disassembler is architecture generic and uses libopcodes and libbfd.
      
      How to get to the disassembly, example:
      
        1) `echo 2 > /proc/sys/net/core/bpf_jit_enable`
        2) Load a BPF filter (e.g. `tcpdump -p -n -s 0 -i eth1 host 192.168.20.0/24`)
        3) Run e.g. `bpf_jit_disasm -o` to disassemble the most recent JIT code output
      
      `bpf_jit_disasm -o` will display the related opcodes to a particular instruction
      as well. Example for x86_64:
      
      $ ./bpf_jit_disasm
      94 bytes emitted from JIT compiler (pass:3, flen:9)
      ffffffffa0356000 + <x>:
         0:	push   %rbp
         1:	mov    %rsp,%rbp
         4:	sub    $0x60,%rsp
         8:	mov    %rbx,-0x8(%rbp)
         c:	mov    0x68(%rdi),%r9d
        10:	sub    0x6c(%rdi),%r9d
        14:	mov    0xe0(%rdi),%r8
        1b:	mov    $0xc,%esi
        20:	callq  0xffffffffe0d01b71
        25:	cmp    $0x86dd,%eax
        2a:	jne    0x000000000000003d
        2c:	mov    $0x14,%esi
        31:	callq  0xffffffffe0d01b8d
        36:	cmp    $0x6,%eax
      [...]
        5c:	leaveq
        5d:	retq
      
      $ ./bpf_jit_disasm -o
      94 bytes emitted from JIT compiler (pass:3, flen:9)
      ffffffffa0356000 + <x>:
         0:	push   %rbp
      	55
         1:	mov    %rsp,%rbp
      	48 89 e5
         4:	sub    $0x60,%rsp
      	48 83 ec 60
         8:	mov    %rbx,-0x8(%rbp)
      	48 89 5d f8
         c:	mov    0x68(%rdi),%r9d
      	44 8b 4f 68
        10:	sub    0x6c(%rdi),%r9d
      	44 2b 4f 6c
      [...]
        5c:	leaveq
      	c9
        5d:	retq
      	c3
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e306e2c1