flat assembler
Message board for the users of flat assembler.

Index > Linux > New eBPF - New Unknown Elf file Structure [FIGURED OUT]

Author
Thread Post new topic Reply to topic
duanebonas6822



Joined: 06 Dec 2024
Posts: 25
duanebonas6822 28 Jan 2025, 16:17
Before i try this does anybody know if this format will work as this is a structure i have never even
seen before, it is a special type of (eBPF ELF File).... I normally just use format Elf64 executable
but there is a elf dynamic linking from scratch that i can maybe alter to maybe work, just it states its type REL, to get eBPF working i think i need this unknown format ..(EM_BPF ).. - just dont know if
its even possible.

(im just concerned as i know FASM sometimes doesnt generate sections,, need sections definatly)

Any quick responses if anybody knows more on formats,

(LINK)..... (im going to try build this structure as below).

(https://www.ietf.org/archive/id/draft-thaler-bpf-elf-00.html)

(below few quick specs but main link above).... cheers

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HEADER

e_ident[EI_CLASS] must be set to ELFCLASS64 (2).
e_type must be set to ET_REL (1) .
e_machine must be set to EM_BPF (247).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Classic Map Definitions

The format of a map definition is as follows, where fields are in the byte order indicated in e_ident[EI_DATA] in the ELF header:

typedef struct {
Elf64_Word type;
Elf64_Word key_size;
Elf64_Word value_size;
Elf64_Word max_entries;
Elf64_Word inner_map_idx;
unsigned char platform_specific_data[];
} Elf64_BpfMapDefinition;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
BTF Map Definitions

BTF eBPF map definitions are stored in a DATA section named ".maps". The number of map definitions in a section can be determined by counting the number of symbols in the
".symtab" section that point into the ".maps" section.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_________________
d.bonas


Last edited by duanebonas6822 on 28 Jan 2025, 19:23; edited 1 time in total
Post 28 Jan 2025, 16:17
View user's profile Send private message Reply with quote
duanebonas6822



Joined: 06 Dec 2024
Posts: 25
duanebonas6822 28 Jan 2025, 18:58
Anyone who decides to try getting ebpf to work in assembley, READ. You should really deeply understand how the ELF files are used. For few days ive been trying to get eBPF working. I have been trying everything to get eBPF machine code to execute as if it was acting as the main code base for eBPF. The way it works is you obviously create the binary with FASM, statically link all the macros, helpers and functions. You then have to use the syscalls to actually load another ELF64 file or a LKM even relocatable elf files can load. So u obviously use the FASM code base to interact with another ELF64 file that eBPF has created itself. I didnt even know you could load ELF64 files like that. Anybody trying to mess on with eBPF i think this is what u have to do, haha stress over
Post 28 Jan 2025, 18:58
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.