ebpf-for-windows
ebpf-verifier
ebpf-for-windows | ebpf-verifier | |
---|---|---|
13 | 2 | |
2,592 | 344 | |
1.7% | 1.7% | |
9.7 | 8.5 | |
6 days ago | 3 days ago | |
C | C++ | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ebpf-for-windows
-
Why ACPI?
There already is an eBPF for Windows, it's even Microsoft's own project https://github.com/microsoft/ebpf-for-windows
-
eBPF Verification Is Untenable
This link is about a proposed new eBPF verifier for the Linux kernel that doesn't use signing. As a research project it is not integrated to the kernel, but their plan does not involve trusting user space (instead they suggest doing the heavy lifting of the verification in user space and provide a proof of safety that the kernel checks, which seems sensible to me).
I believe you meant to link https://github.com/microsoft/ebpf-for-windows/ instead (discussed on HN recently) which is an implementation by Microsoft using the above research project that indeed does not follow the suggestion from the authors of the research project to use validation and does require trusting user space.
- eBPF for Windows
-
GitHub - microsoft/DTrace-on-Windows: Code for the cross platform, single source, OpenDTrace implementation
Somewhat funnily, Microsoft also developed eBPF for Windows.
-
ELI5: eBPF
Not for long https://github.com/microsoft/ebpf-for-windows
- Linux developers patch security holes faster than anyone else, says Google
- Linux's IPTABLES Vs OpenBSD's PF ...... Which is more secure ?
- How to add eBPF observability to your product
- eBPF implementation that runs on top of Windows
ebpf-verifier
-
Bpftime: Userspace eBPF runtime for fast Uprobe and Syscall hook and Plugins
This project can use a standalone eBPF verifier in this project: https://github.com/vbpf/ebpf-verifier
It can also use kernel verifier to verify the programs, then “offload”the BPF byte code from kernel, and runs it in userspace.
-
eBPF Verification Is Untenable
No, not driver verifier. https://github.com/vbpf/ebpf-verifier
What are some alternatives?
bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
ebpf - ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
UACME - Defeating Windows User Account Control
xdp-tools - Utilities and example programs for use with XDP
bpftime - Userspace eBPF runtime for fast Uprobe & Syscall hook & Extensions with LLVM JIT
libbpf - Automated upstream mirror for libbpf stand-alone build.
ikos - Static analyzer for C/C++ based on the theory of Abstract Interpretation.
opensnitch - OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.