CN112817597A - EBPF-based software container implementation method operating in user space - Google Patents
EBPF-based software container implementation method operating in user space Download PDFInfo
- Publication number
- CN112817597A CN112817597A CN202110040004.2A CN202110040004A CN112817597A CN 112817597 A CN112817597 A CN 112817597A CN 202110040004 A CN202110040004 A CN 202110040004A CN 112817597 A CN112817597 A CN 112817597A
- Authority
- CN
- China
- Prior art keywords
- ebpf
- user space
- bpf
- map
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000003068 static effect Effects 0.000 claims abstract description 12
- 238000012795 verification Methods 0.000 claims abstract description 8
- 238000004458 analytical method Methods 0.000 claims abstract description 5
- 244000035744 Hura crepitans Species 0.000 claims description 13
- 238000007781 pre-processing Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 abstract description 18
- 238000005516 engineering process Methods 0.000 abstract description 8
- 230000007547 defect Effects 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 27
- 230000018109 developmental process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000011161 development Methods 0.000 description 6
- 238000002054 transplantation Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000005314 correlation function Methods 0.000 description 4
- 238000012217 deletion Methods 0.000 description 4
- 230000037430 deletion Effects 0.000 description 4
- 230000032683 aging Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 230000009191 jumping Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000005457 optimization Methods 0.000 description 3
- 238000013479 data entry Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 229910002056 binary alloy Inorganic materials 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 239000003292 glue Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 238000010926 purge Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/42—Syntactic analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/3624—Software debugging by performing operations on the source code, e.g. via a compiler
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/42—Syntactic analysis
- G06F8/427—Parsing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Stored Programmes (AREA)
Abstract
The invention relates to a software container implementation method based on EBPF (enhanced broadcast processor) and operated in user space, belonging to the technical field of data processing; the method comprises the following steps: step S1, receiving the bpf command data stream sent by the client terminal established in the user space at the container terminal established in the user space; step S2A, static analysis, instruction verification, Map and function association are executed through the verifier; S3A, if the verifier verifies that the eBPF program passes, loading the eBPF program to a target platform through an analyzer, otherwise, compiling the eBPF program into a machine code of the target platform through a real-time compiler and then loading the machine code to the target platform; step S2B, horizontal access and vertical access of the bpf command are completed through supporting the concurrent shared Map; S3B, loading the bpf command of the accessed bpf command to the target platform; the EBPF idea is realized on a user plane so as to overcome the defect that the existing EBPF technology can only be applied to a Linux kernel.
Description
Technical Field
The invention relates to a software container implementation method based on EBPF (enhanced broadcast processor) and operated in user space, belonging to the technical field of data processing.
Background
The EBPF technology is based on the BPF technology, the BPF technology is born in Berkely university in 1992, is an abbreviation of Berkerly Packet Filter, and is used in the field of data Packet filtering, and a segment of BPF code consists of a plurality of BPF instructions, wherein one BPF instruction has 64 bits in total and consists of four parts, as shown in FIG. 1.
Through careful compilation of a plurality of bpf instructions, a self-adaptive finite state machine can be formed, input parameters of the finite state machine are the first address and the length of a data packet, and return values of true or false can be compiled into a format-friendly grammar through a mature third-party library (such as libpcap) to form the bpf instructions, for example:
tcp port 80 or udp dst port 8000
can be compiled into
Since the format and logic of BPF are simple, it is very suitable for being used as JIT (just In time) real-time compiler to compile BPF code into machine code of target platform In real time, so that each cpu computing platform has come out JIT version of BPF In 2000, and thus old BPF technology has revived new vitality.
Although BPF is born in a long time, the simple and powerful design concept of BPF does not disappear with the spanning of the era but is more attractive, in 2011, BPF is completely JIT with the release of a Linux kernel 3.0, Alexei Starovaitov is used for thoroughly transforming BPF after two years, new functions are added, the performance of the BPF is improved, and the new version is named eBPF (meaning 'extended BPF') and simultaneously changes the former BPF into cBPF (meaning 'classic' BPF). In almost the same year llvm introduced the back-end compiler of eBPF, making it possible to quickly compile and deploy eBPF programs.
The EBPF instruction is also 64 bits, but its meaning varies greatly, as shown in fig. 2.
As can be seen from fig. 2, the modified eBPF instruction is unchanged in volume, but has a structure more similar to a modern processor instruction, and thus the state machine constructed by the instruction is not only capable of making a simple judgment of a network packet, but also capable of making a judgment, branching, looping, jumping and jumping (supporting function calls), and supporting stack operations (depending on the selection of a register). And a mapping mechanism of the MAP is added, and the user layer program interface is concise and clear.
In addition, the 'injectable' attribute of the eBPF program is updated, so that hot updating is possible, and actually, when the eBPF program is just launched, the application is performed in each subsystem of the kernel in a short time, from network data processing to file system tracking, and from system security to container application, the eBPF can be almost suitable for any scene.
The above is the background of the application of eBPF.
The disadvantages of the EBPF technique:
the EBPF technique can only be applied to Linux kernels, and its function update and bug repair can only wait for the release of a new kernel version.
The Map type in the EBPF kernel is single, and only the array, linked list, hash table and related variant types are implemented, and no Map of other types such as ACL, LPM, PIPE, etc. is implemented.
Although EBPF is applied in multiple subsystems of the kernel, its application characteristics are still only extensive, and the application in depth requires time considerations.
Poor support for concurrency, and the Map doubts about the suitability and accuracy of concurrency.
The static checking of EBPF is too critical, especially for loop and pointer checks, which sometimes must sacrifice performance, such as making additional memory copies.
No timer mechanism
O Kernel Container is poor for interface function calls and cannot be added
Global Map without multiple ebpf subroutines sharing
In the field of network data processing, the basic unit is a single packet
The debugging problem of the eBPF program is that the debugging mode of breakpoint trace is not supported except that the printing interface has no other debugging mode.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the EBPF-based software container implementation method running in the user space is provided, and the EBPF idea is implemented on the user plane, so that the defect that the existing EBPF technology can only be applied to a Linux kernel is overcome.
The invention relates to a method for realizing an EBPF-based software container running in a user space, which comprises the following steps:
step S1, receiving the bpf command data stream sent by the client terminal established in the user space at the container terminal established in the user space;
step S2A, static analysis, instruction verification, Map and function association are executed through the verifier;
S3A, if the verifier verifies that the eBPF program passes, loading the eBPF program to a target platform through an analyzer, compiling the eBPF program into a machine code of the target platform through a real-time compiler, and then loading the machine code to the target platform;
the step S2A and step S3A add support for concurrent step S2B and step S3B:
step S2B, horizontal access and vertical access of the bpf command are completed through supporting the concurrent shared Map;
step S3B, load the accessed bpf command to the target platform.
The EBPF idea is realized on a user level, and is displayed in a server or container mode, the container realization and map mechanism realization of the EBPF is transplanted from a kernel layer to a user layer, not only the code transplantation, but also the true meaning of the transplantation lies in that the autonomy is released from the kernel, the own container is realized according to the service logic and the hardware form of the equipment, and the container can not only cross a software platform (linux/bsd/windows), but also cross a hardware platform (x86_64/mips _64/arm64), and even can run in a barereal mode. For the data processing field, the basic unit is increased by the data stream unit. The addition of a Map type supporting concurrency can support automatic aging deletion.
In the static checking item, the circulation limitation and the pointer limitation are removed, the credibility level registration and verification are added, and different static checking items are run for the sub eBPF programs with different credibility levels.
Preferably, the step S1 includes the steps of:
step S101, a client established in a user space converts a C source code into a file in an ELF format through LLVM/clone;
and S102, after the client established in the user space analyzes the bpf command through the loader and carries out preprocessing, the bpf command is sent to the container end established in the user space.
Preferably, the library type is defined in the preprocessing of step S102, the name of the library function to be called is obtained, the library file is loaded preferentially, and the library type program may also call a function declared by another library type than the library type program.
For the mutual calling among eBPF subprograms, a mode of tail call carried by an original kernel is abandoned, a mode that an eBPF program can be registered as a library is changed into a mode that the eBPF program can be registered as the library, for the eBPF of a library type, no entry exists, only a called function interface exists, and the library interface can be called as long as other eBPF programs contain a library statement, so that the container only puts energy on the aspects of container optimization, cross-platform, stability and the like, except that interfaces related to the platform or interfaces which are opened by heavy tasks (the stack exceeds 512), other interfaces are realized by the eBPF library. Here, a timer entry, an idle time entry, an initialization entry, a single packet data entry, a stream data entry may be added.
Preferably, the method further comprises the following steps:
and step S4, the client communicates with the eBPF program through Map to display to the outside.
Preferably, the shared Map includes arrays, hash tables, red-black trees, ACLs, LPMs, and regular Map types.
More Map types are added.
Preferably, the real-time compiler in step S3A is also used as an interpreter, cooperating with the sandbox mode to achieve the standard sandbox operation environment.
For program debugging, a sandbox environment can be realized by means of a secondary development interface of gdb, and the aims of breakpoint tracking and debugging of the eBPF program are fulfilled under the sandbox environment.
Compared with the prior art, the invention has the following beneficial effects:
(1) the EBPF idea is realized at a user level and is displayed in a server or container mode, and all the later improvements are based on the EBPF idea.
(2) More Map types are added, the method mainly focuses on the field of data processing, and EBPF container transplantation also assumes that a plurality of interfaces and Map types which are irrelevant to the field are abandoned.
(3) The method adds a Map type supporting concurrency and can support automatic aging deletion
(4) And the static checking items are limited to be reserved, the circulation limitation and the pointer limitation are removed, the credibility level registration and verification are added, and different static checking items are operated for the sub eBPF programs with different credibility levels.
(4) For the data processing field, the basic unit is increased by the data stream unit.
(5) The method comprises the steps of adding a timer inlet, an idle time inlet, an initialization inlet, a single-packet data inlet and a stream data inlet.
(7) For the mutual calling among eBPF subprograms, a mode of tail call carried by an original kernel is abandoned, and a mode that an eBPF program can be registered as a library is changed into a mode that the eBPF program can be registered as the library, for the eBPF of a library type, no entry exists, only a called function interface exists, and the library interface can be called as long as other eBPF programs contain a library statement, so that the container only puts energy on the aspects of container optimization, cross-platform performance, stability and the like, except that an interface related to the platform or a heavy task (the stack exceeds 512) is opened, other interfaces are realized by an eBPF library.
(8) For program debugging, a sandbox environment can be realized by means of a secondary development interface of gdb, and the aims of breakpoint tracking and debugging of the eBPF program are fulfilled under the sandbox environment.
Drawings
FIG. 1 is a schematic diagram illustrating a bpf instruction according to the background art of the present invention;
FIG. 2 is a schematic structural diagram of an EBPF instruction according to the background art of the present invention;
FIG. 3 is a block diagram of an implementation of the EBPF-based software container operating in user space according to the present invention;
FIG. 4 is a diagram illustrating a structure of a shared Map according to the present invention;
FIG. 5 is a schematic diagram of the structure of library types according to the present invention;
fig. 6 is a schematic diagram of a network application software architecture based on a user plane EBPF container according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
As shown in fig. 3-5, the method for implementing an EBPF-based software container operating in a user space according to the present invention includes:
step S1, receiving the bpf command data stream sent by the client terminal established in the user space at the container terminal established in the user space;
step S2A, static analysis, instruction verification, Map and function association are executed through the verifier;
S3A, if the verifier verifies that the eBPF program passes, loading the eBPF program to a target platform through an analyzer, compiling the eBPF program into a machine code of the target platform through a real-time compiler, and then loading the machine code to the target platform;
the step S2A and step S3A add support for concurrent step S2B and step S3B:
step S2B, horizontal access and vertical access of the bpf command are completed through supporting the concurrent shared Map;
step S3B, load the accessed bpf command to the target platform.
The EBPF idea is realized on a user level, and is displayed in a server or container mode, the container realization and map mechanism realization of the EBPF is transplanted from a kernel layer to a user layer, not only the code transplantation, but also the true meaning of the transplantation lies in that the autonomy is released from the kernel, the own container is realized according to the service logic and the hardware form of the equipment, and the container can not only cross a software platform (linux/bsd/windows), but also cross a hardware platform (x86_64/mips _64/arm64), and even can run in a barereal mode. For the data processing field, the basic unit is increased by the data stream unit. The addition of a Map type supporting concurrency can support automatic aging deletion.
In the static checking item, the circulation limitation and the pointer limitation are removed, the credibility level registration and verification are added, and different static checking items are run for the sub eBPF programs with different credibility levels.
In the method, the Map of the kernel is designed based on the communication between the ebpf subprogram and the client program, and therefore belongs to a point-to-point style, but in the real world, a single ebpf is not enough to implement the whole business logic, and the business logic can be implemented only by interaction between a plurality of subprograms and a plurality of external programs, sometimes the problem is encountered by intersection among a plurality of business logics, and the bridge of interaction among the plurality of business logics is the Map, so that the shared Map is a method which must be implemented in actual work:
as shown in fig. 4, solid arrows indicate accesses to the shared Map by ebpf programs or external programs, dashed lines indicate the conceptual flow of business logic actually achieved by the above accesses, communication for the same business logic is referred to as horizontal access, and communication for intersections between different business logics is referred to as vertical access. The idea of map sharing is simple to implement, but can realize horizontal and vertical communication of ebpf programs and horizontal and vertical access of external programs.
Wherein the step S1 includes the following steps:
step S101, a client established in a user space converts a C source code into a file in an ELF format through LLVM/clone;
and S102, after the client established in the user space analyzes the bpf command through the loader and carries out preprocessing, the bpf command is sent to the container end established in the user space.
In the preprocessing of step S102, a library type is defined, a name of a library function to be called is obtained, a library file is preferentially loaded, and a library type program may also call a function declared by another library type other than the library type program.
The call among a plurality of EBPF subprograms is realized in the kernel EBPF in a call tail mode, however, the realization mode is too complex, the parameter transfer mode is very strange, and the caller and the callee are actually in a flat relation, which is not in accordance with the thinking logic of the traditional code writer, the declaration and creation of the tail function are extremely opaque, and are not friendly to the interface of the developer, so that the problems of high development cost and low development efficiency can be caused in the practical use.
As shown in FIG. 5, aiming at the above problem, as the implemented eBPF container, the call tail mechanism is abandoned, a new eBPF type, library type, is defined, before the loader loads the eBPF program, the library function name called by the loader is obtained through static analysis, the library file is loaded preferentially, and the library type program can also call the function declared by other library types besides the loader. Developers use these interfaces without a difference from calling standard C functions, while library-type ebpf programs only differ slightly from general-purpose programs at registration. Therefore, the purposes of multi-person cooperation of the project and acceleration of project development are achieved.
Wherein, still include:
and step S4, the client communicates with the eBPF program through Map to display to the outside.
The shared Map comprises an array, a hash table, a red-black tree, an ACL, an LPM and a regular Map type.
More Map types are added.
Wherein, the real-time compiler in step S3A is also used as an interpreter, cooperating with the sandbox mode to achieve the standard sandbox operation environment.
Here, debugging of the eBPF program cannot be realized on the original kernel eBPF container, but when the container is migrated to the user plane, building of a sandbox operating environment becomes possible, and as can be seen from the eBPF operation block diagram, the eBPF is actually a jited machine code when running on a device. But as a debugging environment, verifying ebpf program functions or bug recurrences, it is difficult to perform detailed step-by-step tracing and the like on the machine code running JIT on the device, because after JIT, the code and the mark in the original source code are lost. However, as an EBPF container, another function is the interpreter function, which in cooperation with the sandbox mode can achieve the standard sandbox operating environment. The running environment does not pay attention to the running efficiency of the code, pays attention to the logic and functional verification of the code and boundary detection, and the dynamic detection is equivalent to the dynamic detection. In this environment, all the behaviors of ebpf programs can be recorded and reproduced, and the problem of crash or memory leak can be quickly found. And source code level debugging can be realized by matching with a secondary development interface of gdb.
In summary, ebpf is one of the few technologies that have the potential to implement a generic software development framework as an emerging technology in recent years. And the innovation of each aspect based on ebpf is more and more, and the method realizes several innovative functions of the functions, and inspires that more and more developers are involved and more innovations are caused.
The hardware is used as a multi-core collector, 1U,48cpu core and 24 10GE interfaces of 32G memory; the software is an operating system which is a self-compiling linux + barereal program, and the ebpf container runs on the linux system; the application function is to count the network flow, generate a flow log, package the flow log into a zip file and send the zip file to the back-end equipment; the network application based on the user layer EBPF container is realized as follows:
software architecture
The barereal program occupies 8cpu cores, and the linux system occupies 40 cpu cores; wherein, the barereal program receives data, and after necessary pretreatment, the packets are transferred to a linux end in a same-source manner; the linux end runs 40 processes which are respectively run on 40 cpu cores, and each process actually runs an ebpf container; establishing a sharing map for bearing the data stream session and sharing 40 processes; each process can carry out the operations of adding, deleting, modifying and checking the shared Map; and what operates specifically is the dynamically loaded ebpf module.
As shown in fig. 6, the linux runs a socket service program, and receives the request from the client and puts the request into the 40 ebpf containers
The request includes:
prog _ load loads an ebpf module and looks up or creates a Map that the ebpf module needs to access
The prog _ detach unloads an ebpf module, destroys or shields the Map mapping created by the ebpf module
Map _ create creates Map, which runs before loading modules
Map _ lookup Map lookup element
Map _ update Map insert (update) element
Map _ delete Map delete element
Map _ release Map full table purge
Map _ get _ next _ key Map gets NextKey (for traversal)
The client program is actually a peripheral auxiliary program which manages ebpf modules and loads the ebpf modules into the container through the socket as required, and the program is executed according to the following steps:
1. reading the configuration file to find an ebpf module path;
2. analyzing the compiled ebpf module;
3. finding the name, type, size and other information of the Map defined by the module;
4. calling a Map _ create interface to ensure that Map mapping is established before a module is loaded;
5. calling a prog _ load interface, and downloading the ebpf module binary system into an ebpf container;
6. each ebpf module is provided with a heartbeat Map for keeping alive;
7. jumping to the 1 st point, and reading the next ebpf module path;
8. after all ebpf modules are loaded, the heartbeat Map of each ebpf module is periodically inquired through the Map _ lookup interface, and if abnormal conditions exist, the ebpf module is restarted to the 1 st point to operate again.
And the equipment server side creates a map according to the instruction of the interface, downloads the ebpf into 40 ebpf containers after JIT processing, and periodically receives the heartbeat test.
The ebpf module is divided into a single packet processing type, a stream processing type, an idle time processing type and a timer processing type according to functions, and the server classifies the ebpf module according to the ebpf information in the loading instruction, loads the ebpf module to different program mirror linked lists and waits for subsequent calling. The calling logic is:
after each data packet enters the container, calling the single packet processing mirror chain table
When a session is over, the call flow processes the mirror chain table
When there is idle time, calling idle time mirror linked list
Calling a timer mirror chain table when a set timer is triggered
Container provides a related function interface for ebpf module calls
map-related addition, deletion, modification and check operation function
Atomic operation correlation function
cpu and time stamp correlation function
Transmitting single packet and transmitting file function
tlv correlation function operation
Zip packed correlation function operation
The container will determine the subsequent operations based on the return value of each type of module.
Business logic
The current business logic is to generate a flow log and pack the flow log into a zip file to be sent to the back end, so the emphasis is on the realization of the ebpf module. The method can be carried out according to the following steps:
1. defining a global shared Map stream _ Map to ensure all modules are accessible;
2. creating ebpf module, naming prologue, type single-packet processing and top-priority processing for inserting stream _ map, and updating each packet
3. Creating ebpf module, naming tc, type single packet processing, second priority, inquiring stream _ map, recording packet number and byte number, and storing into tlv buffer of the stream
4. Creating an ebpf module, naming tc _ stream, processing type stream, triggering after a certain session is ended, obtaining flow data from tlv and packaging
5. Creating an ebpf module, naming tc _ collect and timer type, ending packaged zip and sending the zip to a back end after timing trigger
Through the five service logic ebpf programs, the function of the session flow log is realized.
From the above code, it can be seen that the whole business logic is finally abstracted to be realized by only dozens of lines of code, and the code can be rapidly accepted from readability and maintainability. The non-business logic is implemented by a container/glue/auxiliary program or the like. Because the programs do not involve service logic, energy can be put on code optimization, platform transplantation and container robustness, and therefore the service logic can finally realize platform-independent operation, and can run on a multi-core mips platform or a x86_64 server, namely, can run on barereal or a large data framework such as vpp or dpdk.
Claims (6)
1. An implementation method of an EBPF-based software container operating in a user space, comprising:
step S1, receiving the bpf command data stream sent by the client terminal established in the user space at the container terminal established in the user space;
step S2A, static analysis, instruction verification, Map and function association are executed through the verifier;
S3A, if the verifier verifies that the eBPF program passes, loading the eBPF program to a target platform through an analyzer, compiling the eBPF program into a machine code of the target platform through a real-time compiler, and then loading the machine code to the target platform;
the step S2A and step S3A add support for concurrent step S2B and step S3B:
step S2B, horizontal access and vertical access of the bpf command are completed through supporting the concurrent shared Map;
step S3B, load the accessed bpf command to the target platform.
2. The method for implementing the EBPF-based software container operating in the user space according to claim 1, wherein the step S1 includes the steps of:
step S101, a client established in a user space converts a C source code into a file in an ELF format through LLVM/clone;
and S102, after the client established in the user space analyzes the bpf command through the loader and carries out preprocessing, the bpf command is sent to the container end established in the user space.
3. The method according to claim 2, wherein the library type is defined in the preprocessing of step S102, the name of the called library function is obtained, the library file is loaded preferentially, and the library type program can call a function declared by another library type other than the library type program.
4. The method for implementing the EBPF-based software container operating in the user space according to any one of claims 1-3, further comprising:
and step S4, the client communicates with the eBPF program through Map to display to the outside.
5. The EBPF-based software container implementation method operating in user space of claim 4, wherein the shared Map comprises an array, a hash table, a red-black tree, an ACL, an LPM and regular Map types.
6. The method for implementing an EBPF-based software container running in user space according to claim 4, wherein the real-time compiler in step S3A is further used as an interpreter to cooperate with a sandbox mode to achieve a standard sandbox running environment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110040004.2A CN112817597B (en) | 2021-01-12 | 2021-01-12 | Method for realizing software container based on EBPF running in user space |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110040004.2A CN112817597B (en) | 2021-01-12 | 2021-01-12 | Method for realizing software container based on EBPF running in user space |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112817597A true CN112817597A (en) | 2021-05-18 |
| CN112817597B CN112817597B (en) | 2024-03-15 |
Family
ID=75868961
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110040004.2A Active CN112817597B (en) | 2021-01-12 | 2021-01-12 | Method for realizing software container based on EBPF running in user space |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112817597B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338524A (en) * | 2021-12-20 | 2022-04-12 | 浪潮云信息技术股份公司 | Method and system for improving large-scale container cloud cluster network Service performance |
| CN114978897A (en) * | 2022-05-17 | 2022-08-30 | 阿里巴巴(中国)有限公司 | Network control method and system based on eBPF and application identification technology |
| CN115037654A (en) * | 2022-05-09 | 2022-09-09 | 维沃移动通信有限公司 | Flow statistical method and device, electronic equipment and readable storage medium |
| WO2022257643A1 (en) * | 2021-06-11 | 2022-12-15 | 中兴通讯股份有限公司 | Network transport layer data processing method, and device and storage medium |
| CN117290857A (en) * | 2023-11-27 | 2023-12-26 | 中孚安全技术有限公司 | System, method, equipment and medium for realizing cloud primary security based on eBPF |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110569106A (en) * | 2019-08-27 | 2019-12-13 | Oppo广东移动通信有限公司 | Code loading method and device, electronic equipment and computer readable medium |
| CN110955584A (en) * | 2018-09-26 | 2020-04-03 | Oppo广东移动通信有限公司 | Block device access tracking method and device, storage medium and terminal |
-
2021
- 2021-01-12 CN CN202110040004.2A patent/CN112817597B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110955584A (en) * | 2018-09-26 | 2020-04-03 | Oppo广东移动通信有限公司 | Block device access tracking method and device, storage medium and terminal |
| CN110569106A (en) * | 2019-08-27 | 2019-12-13 | Oppo广东移动通信有限公司 | Code loading method and device, electronic equipment and computer readable medium |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022257643A1 (en) * | 2021-06-11 | 2022-12-15 | 中兴通讯股份有限公司 | Network transport layer data processing method, and device and storage medium |
| CN114338524A (en) * | 2021-12-20 | 2022-04-12 | 浪潮云信息技术股份公司 | Method and system for improving large-scale container cloud cluster network Service performance |
| CN115037654A (en) * | 2022-05-09 | 2022-09-09 | 维沃移动通信有限公司 | Flow statistical method and device, electronic equipment and readable storage medium |
| CN115037654B (en) * | 2022-05-09 | 2024-01-09 | 维沃移动通信有限公司 | Flow statistics method, device, electronic equipment and readable storage medium |
| CN114978897A (en) * | 2022-05-17 | 2022-08-30 | 阿里巴巴(中国)有限公司 | Network control method and system based on eBPF and application identification technology |
| CN114978897B (en) * | 2022-05-17 | 2023-09-05 | 阿里巴巴(中国)有限公司 | Network control method and system based on eBPF and application identification technology |
| CN117290857A (en) * | 2023-11-27 | 2023-12-26 | 中孚安全技术有限公司 | System, method, equipment and medium for realizing cloud primary security based on eBPF |
| CN117290857B (en) * | 2023-11-27 | 2024-03-26 | 中孚安全技术有限公司 | System, method, equipment and medium for realizing cloud primary security based on eBPF |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112817597B (en) | 2024-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112817597A (en) | EBPF-based software container implementation method operating in user space | |
| CA2801573C (en) | Dynamically loading graph-based computations | |
| US9766867B2 (en) | Systems and methods for improving performance of mobile applications | |
| US8631395B2 (en) | Inter-procedural dead catch handler optimizations | |
| US20040205720A1 (en) | Augmenting debuggers | |
| CN111767116B (en) | Virtual machine for developing programming language for mechanical arm program and running method for assembly file | |
| JP2000181725A (en) | Method and system for altering executable code and giving addition function | |
| CN111897570A (en) | Multi-dependency file extraction method and device based on Maven plug-in | |
| CN113986395B (en) | Packaging method for application-dependent self-contained technology under linux system | |
| EP3895022B1 (en) | Improving emulation and tracing performance using compiler-generated emulation optimization metadata | |
| Dietrich et al. | Xcorpus–an executable corpus of java programs | |
| CN113688186B (en) | Intelligent contract execution method, engine and block link point | |
| US20100218174A1 (en) | Dynamic compiling and loading at runtime | |
| Li et al. | Minimizing context migration in mobile code offload | |
| CN114138281A (en) | Compiling method, device, equipment and medium of software engineering | |
| AU2014262225A1 (en) | Dynamically loading graph-based computations | |
| Alzayat et al. | Groundhog: Efficient request isolation in FaaS | |
| CN113220326B (en) | Intelligent contract upgrading method and block chain system | |
| CN111880804A (en) | Application program code processing method and device | |
| CN115509913A (en) | Software automation test method, device, machine readable medium and equipment | |
| CN115220873A (en) | Method for running Open Harmony application in Android system | |
| CN112882701A (en) | Executable file static pile inserting technical framework supporting multiple architectures | |
| CN113849397A (en) | Execution engine, virtual machine, related apparatus and related methods | |
| Wang et al. | DisTA: Generic dynamic taint tracking for java-based distributed systems | |
| AU2016200107B2 (en) | Dynamically loading graph-based computations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |