Continued with the state of the art section

docs/bibliography/bibliography.bib

@@ -70,6 +70,24 @@
 @online{ebpf_android,
 	title={eBPF for Windows},
 	url={https://source.android.com/devices/architecture/kernel/bpf}
+},
+
+
+
+@article{bpf_bsd_origin,
+	title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
+	author={Steven McCanne, Van Jacobson},
+	institution={Lawrence Berkeley Laboratory},
+	date={1992-12-19},
+	url={https://www.tcpdump.org/papers/bpf-usenix93.pdf}
+}
+
+@misc{bpf_bsd_origin_bpf_scheme,
+	author={Steven McCanne, Van Jacobson},
+	institution={Lawrence Berkeley Laboratory},
+	date={1992-12-19},
+	url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
+	pages={2}
 }
 
 

docs/document.aux

@@ -51,10 +51,14 @@
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.3}Regulatory framework}{4}{section.1.3}\protected@file@percent }
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.1}Social and economic environment}{4}{subsection.1.3.1}\protected@file@percent }
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.2}Budget}{4}{subsection.1.3.2}\protected@file@percent }
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.3}Structure of the document}{4}{subsection.1.3.3}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.4}Structure of the document}{4}{section.1.4}\protected@file@percent }
+\abx@aux@cite{bpf_bsd_origin}
+\abx@aux@segm{0}{0}{bpf_bsd_origin}
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {2}State of the art}{5}{chapter.2}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {2.1}Introduction to eBPF}{5}{section.2.1}\protected@file@percent }
+\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.1}{\ignorespaces Sketch of the functionality of classic BPF\relax }}{5}{figure.caption.7}\protected@file@percent }
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Methods??}{6}{chapter.3}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
@@ -65,7 +69,7 @@
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{9}{chapter.5}\protected@file@percent }
-\abx@aux@read@bbl@mdfivesum{D747C591A940D097CD0716131C9FB28E}
+\abx@aux@read@bbl@mdfivesum{614E9E8BA8F58ECCA430604904639F32}
 \abx@aux@refcontextdefaultsdone
 \abx@aux@defaultrefcontext{0}{ransomware_pwc}{none/global//global/global}
 \abx@aux@defaultrefcontext{0}{rootkit_ptsecurity}{none/global//global/global}
@@ -77,5 +81,6 @@
 \abx@aux@defaultrefcontext{0}{evil_ebpf}{none/global//global/global}
 \abx@aux@defaultrefcontext{0}{bad_ebpf}{none/global//global/global}
 \abx@aux@defaultrefcontext{0}{ebpf_friends}{none/global//global/global}
+\abx@aux@defaultrefcontext{0}{bpf_bsd_origin}{none/global//global/global}
 \ttl@finishall
 \gdef \@abspage@last{25}

docs/document.bbl

@@ -222,6 +222,39 @@
       \verb https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf
       \endverb
     \endentry
+    \entry{bpf_bsd_origin}{article}{}
+      \name{author}{1}{}{%
+        {{hash=b74c2671072cf5a1a1400dc035240dfd}{%
+           family={Steven\bibnamedelima McCanne},
+           familyi={S\bibinitperiod\bibinitdelim M\bibinitperiod},
+           given={Van\bibnamedelima Jacobson},
+           giveni={V\bibinitperiod\bibinitdelim J\bibinitperiod}}}%
+      }
+      \list{institution}{1}{%
+        {Lawrence Berkeley Laboratory}%
+      }
+      \strng{namehash}{b74c2671072cf5a1a1400dc035240dfd}
+      \strng{fullhash}{b74c2671072cf5a1a1400dc035240dfd}
+      \strng{bibnamehash}{b74c2671072cf5a1a1400dc035240dfd}
+      \strng{authorbibnamehash}{b74c2671072cf5a1a1400dc035240dfd}
+      \strng{authornamehash}{b74c2671072cf5a1a1400dc035240dfd}
+      \strng{authorfullhash}{b74c2671072cf5a1a1400dc035240dfd}
+      \field{sortinit}{1}
+      \field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba}
+      \field{labelnamesource}{author}
+      \field{labeltitlesource}{title}
+      \field{day}{19}
+      \field{month}{12}
+      \field{title}{The BSD Packet Filter: A New Architecture for User-level Packet Capture}
+      \field{year}{1992}
+      \field{dateera}{ce}
+      \verb{urlraw}
+      \verb https://www.tcpdump.org/papers/bpf-usenix93.pdf
+      \endverb
+      \verb{url}
+      \verb https://www.tcpdump.org/papers/bpf-usenix93.pdf
+      \endverb
+    \endentry
   \enddatalist
 \endrefsection
 \endinput

docs/document.bcf

@@ -2358,6 +2358,7 @@
     <bcf:citekey order="8">evil_ebpf</bcf:citekey>
     <bcf:citekey order="9">bad_ebpf</bcf:citekey>
     <bcf:citekey order="10">ebpf_friends</bcf:citekey>
+    <bcf:citekey order="11">bpf_bsd_origin</bcf:citekey>
   </bcf:section>
   <!-- SORTING TEMPLATES -->
   <bcf:sortingtemplate name="none">

docs/document.blg

@@ -1,26 +1,27 @@
 [0] Config.pm:311> INFO - This is Biber 2.16
-[1] Config.pm:314> INFO - Logfile is 'document.blg'
-[148] biber:340> INFO - === Sat May 21, 2022, 16:49:21
-[182] Biber.pm:415> INFO - Reading 'document.bcf'
-[353] Biber.pm:952> INFO - Found 10 citekeys in bib section 0
-[393] Biber.pm:4340> INFO - Processing section 0
-[415] Biber.pm:4531> INFO - Looking for bibtex format file 'bibliography/bibliography.bib' for section 0
-[418] bibtex.pm:1689> INFO - LaTeX decoding ...
-[433] bibtex.pm:1494> INFO - Found BibTeX data source 'bibliography/bibliography.bib'
-[522] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_s9YY/f4d088b3f9f145b5c3058da33afd57d4_96431.utf8, line 9, warning: 1 characters of junk seen at toplevel
-[522] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_s9YY/f4d088b3f9f145b5c3058da33afd57d4_96431.utf8, line 15, warning: 1 characters of junk seen at toplevel
-[523] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_s9YY/f4d088b3f9f145b5c3058da33afd57d4_96431.utf8, line 22, warning: 1 characters of junk seen at toplevel
-[523] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_s9YY/f4d088b3f9f145b5c3058da33afd57d4_96431.utf8, line 28, warning: 1 characters of junk seen at toplevel
-[523] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_s9YY/f4d088b3f9f145b5c3058da33afd57d4_96431.utf8, line 35, warning: 1 characters of junk seen at toplevel
-[523] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_s9YY/f4d088b3f9f145b5c3058da33afd57d4_96431.utf8, line 42, warning: 1 characters of junk seen at toplevel
-[524] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_s9YY/f4d088b3f9f145b5c3058da33afd57d4_96431.utf8, line 50, warning: 1 characters of junk seen at toplevel
-[524] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_s9YY/f4d088b3f9f145b5c3058da33afd57d4_96431.utf8, line 58, warning: 1 characters of junk seen at toplevel
-[524] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_s9YY/f4d088b3f9f145b5c3058da33afd57d4_96431.utf8, line 65, warning: 1 characters of junk seen at toplevel
-[524] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_s9YY/f4d088b3f9f145b5c3058da33afd57d4_96431.utf8, line 70, warning: 1 characters of junk seen at toplevel
-[553] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'normalization = NFD' with 'normalization = prenormalized'
-[553] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'variable = shifted' with 'variable = non-ignorable'
-[553] Biber.pm:4168> INFO - Sorting list 'none/global//global/global' of type 'entry' with template 'none' and locale 'en-US'
-[554] Biber.pm:4174> INFO - No sort tailoring available for locale 'en-US'
-[580] bbl.pm:654> INFO - Writing 'document.bbl' with encoding 'UTF-8'
-[587] bbl.pm:757> INFO - Output to document.bbl
-[588] Biber.pm:128> INFO - WARNINGS: 10
+[0] Config.pm:314> INFO - Logfile is 'document.blg'
+[60] biber:340> INFO - === Sun May 22, 2022, 07:41:59
+[75] Biber.pm:415> INFO - Reading 'document.bcf'
+[143] Biber.pm:952> INFO - Found 11 citekeys in bib section 0
+[158] Biber.pm:4340> INFO - Processing section 0
+[167] Biber.pm:4531> INFO - Looking for bibtex format file 'bibliography/bibliography.bib' for section 0
+[169] bibtex.pm:1689> INFO - LaTeX decoding ...
+[175] bibtex.pm:1494> INFO - Found BibTeX data source 'bibliography/bibliography.bib'
+[220] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 9, warning: 1 characters of junk seen at toplevel
+[220] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 15, warning: 1 characters of junk seen at toplevel
+[220] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 22, warning: 1 characters of junk seen at toplevel
+[220] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 28, warning: 1 characters of junk seen at toplevel
+[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 35, warning: 1 characters of junk seen at toplevel
+[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 42, warning: 1 characters of junk seen at toplevel
+[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 50, warning: 1 characters of junk seen at toplevel
+[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 58, warning: 1 characters of junk seen at toplevel
+[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 65, warning: 1 characters of junk seen at toplevel
+[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 70, warning: 1 characters of junk seen at toplevel
+[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 77, warning: 1 characters of junk seen at toplevel
+[234] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'variable = shifted' with 'variable = non-ignorable'
+[234] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'normalization = NFD' with 'normalization = prenormalized'
+[234] Biber.pm:4168> INFO - Sorting list 'none/global//global/global' of type 'entry' with template 'none' and locale 'en-US'
+[234] Biber.pm:4174> INFO - No sort tailoring available for locale 'en-US'
+[244] bbl.pm:654> INFO - Writing 'document.bbl' with encoding 'UTF-8'
+[247] bbl.pm:757> INFO - Output to document.bbl
+[247] Biber.pm:128> INFO - WARNINGS: 11

docs/document.lof

@@ -5,6 +5,8 @@
 \defcounter {refsection}{0}\relax 
 \addvspace {10\p@ }
 \defcounter {refsection}{0}\relax 
+\contentsline {figure}{\numberline {2.1}{\ignorespaces Sketch of the functionality of classic BPF\relax }}{5}{figure.caption.7}%
+\defcounter {refsection}{0}\relax 
 \addvspace {10\p@ }
 \defcounter {refsection}{0}\relax 
 \addvspace {10\p@ }

docs/document.log

@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  21 MAY 2022 19:59
+This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  22 MAY 2022 08:18
 entering extended mode
  restricted \write18 enabled.
  %&-line parsing enabled.
@@ -916,47 +916,47 @@ File: l3backend-pdftex.def 2020-01-29 L3 backend support: PDF output (pdfTeX)
 (./document.aux)
 \openout1 = `document.aux'.
 
-LaTeX Font Info:    Checking defaults for OML/txmi/m/it on input line 177.
+LaTeX Font Info:    Checking defaults for OML/txmi/m/it on input line 179.
 LaTeX Font Info:    Trying to load font information for OML+txmi on input line 
-177.
+179.
  (/usr/share/texlive/texmf-dist/tex/latex/txfonts/omltxmi.fd
 File: omltxmi.fd 2000/12/15 v3.1
 )
-LaTeX Font Info:    ... okay on input line 177.
-LaTeX Font Info:    Checking defaults for OMS/txsy/m/n on input line 177.
+LaTeX Font Info:    ... okay on input line 179.
+LaTeX Font Info:    Checking defaults for OMS/txsy/m/n on input line 179.
 LaTeX Font Info:    Trying to load font information for OMS+txsy on input line 
-177.
+179.
 
 (/usr/share/texlive/texmf-dist/tex/latex/txfonts/omstxsy.fd
 File: omstxsy.fd 2000/12/15 v3.1
 )
-LaTeX Font Info:    ... okay on input line 177.
-LaTeX Font Info:    Checking defaults for OT1/cmr/m/n on input line 177.
-LaTeX Font Info:    ... okay on input line 177.
-LaTeX Font Info:    Checking defaults for T1/cmr/m/n on input line 177.
-LaTeX Font Info:    ... okay on input line 177.
-LaTeX Font Info:    Checking defaults for TS1/cmr/m/n on input line 177.
-LaTeX Font Info:    ... okay on input line 177.
-LaTeX Font Info:    Checking defaults for OMX/txex/m/n on input line 177.
+LaTeX Font Info:    ... okay on input line 179.
+LaTeX Font Info:    Checking defaults for OT1/cmr/m/n on input line 179.
+LaTeX Font Info:    ... okay on input line 179.
+LaTeX Font Info:    Checking defaults for T1/cmr/m/n on input line 179.
+LaTeX Font Info:    ... okay on input line 179.
+LaTeX Font Info:    Checking defaults for TS1/cmr/m/n on input line 179.
+LaTeX Font Info:    ... okay on input line 179.
+LaTeX Font Info:    Checking defaults for OMX/txex/m/n on input line 179.
 LaTeX Font Info:    Trying to load font information for OMX+txex on input line 
-177.
+179.
 
 (/usr/share/texlive/texmf-dist/tex/latex/txfonts/omxtxex.fd
 File: omxtxex.fd 2000/12/15 v3.1
 )
-LaTeX Font Info:    ... okay on input line 177.
-LaTeX Font Info:    Checking defaults for U/txexa/m/n on input line 177.
+LaTeX Font Info:    ... okay on input line 179.
+LaTeX Font Info:    Checking defaults for U/txexa/m/n on input line 179.
 LaTeX Font Info:    Trying to load font information for U+txexa on input line 1
-77.
+79.
 
 (/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxexa.fd
 File: utxexa.fd 2000/12/15 v3.1
 )
-LaTeX Font Info:    ... okay on input line 177.
-LaTeX Font Info:    Checking defaults for PD1/pdf/m/n on input line 177.
-LaTeX Font Info:    ... okay on input line 177.
-LaTeX Font Info:    Checking defaults for PU/pdf/m/n on input line 177.
-LaTeX Font Info:    ... okay on input line 177.
+LaTeX Font Info:    ... okay on input line 179.
+LaTeX Font Info:    Checking defaults for PD1/pdf/m/n on input line 179.
+LaTeX Font Info:    ... okay on input line 179.
+LaTeX Font Info:    Checking defaults for PU/pdf/m/n on input line 179.
+LaTeX Font Info:    ... okay on input line 179.
 
 *geometry* driver: auto-detecting
 *geometry* detected driver: pdftex
@@ -1022,7 +1022,7 @@ G,.JBIG2,.JB2,.eps]
 File: epstopdf-sys.cfg 2010/07/13 v1.3 Configuration of (r)epstopdf for TeX Liv
 e
 ))
-Package hyperref Info: Link coloring ON on input line 177.
+Package hyperref Info: Link coloring ON on input line 179.
 
 (/usr/share/texlive/texmf-dist/tex/latex/hyperref/nameref.sty
 Package: nameref 2019/09/16 v2.46 Cross-referencing by name of section
@@ -1035,9 +1035,9 @@ Package: gettitlestring 2019/12/15 v1.6 Cleanup title references (HO)
 )
 \c@section@level=\count442
 )
-LaTeX Info: Redefining \ref on input line 177.
-LaTeX Info: Redefining \pageref on input line 177.
-LaTeX Info: Redefining \nameref on input line 177.
+LaTeX Info: Redefining \ref on input line 179.
+LaTeX Info: Redefining \pageref on input line 179.
+LaTeX Info: Redefining \nameref on input line 179.
 
 (./document.out) (./document.out)
 \@outlinefile=\write5
@@ -1080,37 +1080,37 @@ Package: blx-case-expl3 2020/12/31 v3.16 expl3 case changing code for biblatex
 Package biblatex Info: Trying to load bibliographic data...
 Package biblatex Info: ... file 'document.bbl' found.
  (./document.bbl)
-Package biblatex Info: Reference section=0 on input line 177.
-Package biblatex Info: Reference segment=0 on input line 177.
+Package biblatex Info: Reference section=0 on input line 179.
+Package biblatex Info: Reference segment=0 on input line 179.
 LaTeX Font Info:    Trying to load font information for T1+txss on input line 1
-84.
+86.
  (/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txss.fd
 File: t1txss.fd 2000/12/15 v3.1
 )
 LaTeX Font Info:    Font shape `T1/txss/m/n' will be
-(Font)              scaled to size 11.39996pt on input line 184.
-<images//Portada_Logo.png, id=49, 456.2865pt x 45.99pt>
+(Font)              scaled to size 11.39996pt on input line 186.
+<images//Portada_Logo.png, id=57, 456.2865pt x 45.99pt>
 File: images//Portada_Logo.png Graphic file (type png)
 <use images//Portada_Logo.png>
-Package pdftex.def Info: images//Portada_Logo.png  used on input line 188.
+Package pdftex.def Info: images//Portada_Logo.png  used on input line 190.
 (pdftex.def)             Requested size: 455.24408pt x 45.88531pt.
 LaTeX Font Info:    Font shape `T1/txss/m/n' will be
-(Font)              scaled to size 16.41594pt on input line 191.
+(Font)              scaled to size 16.41594pt on input line 193.
 LaTeX Font Info:    Font shape `T1/txss/m/sl' will be
-(Font)              scaled to size 16.41594pt on input line 195.
+(Font)              scaled to size 16.41594pt on input line 197.
 LaTeX Font Info:    Font shape `T1/txss/m/n' will be
-(Font)              scaled to size 23.63593pt on input line 199.
+(Font)              scaled to size 23.63593pt on input line 201.
 LaTeX Font Info:    Font shape `T1/txss/m/n' will be
-(Font)              scaled to size 19.70294pt on input line 203.
-<images/creativecommons.png, id=51, 338.76563pt x 118.19156pt>
+(Font)              scaled to size 19.70294pt on input line 205.
+<images/creativecommons.png, id=59, 338.76563pt x 118.19156pt>
 File: images/creativecommons.png Graphic file (type png)
 <use images/creativecommons.png>
-Package pdftex.def Info: images/creativecommons.png  used on input line 213.
+Package pdftex.def Info: images/creativecommons.png  used on input line 215.
 (pdftex.def)             Requested size: 119.50148pt x 41.69228pt.
 LaTeX Font Info:    Font shape `T1/txss/b/n' in size <12> not available
-(Font)              Font shape `T1/txss/bx/n' tried instead on input line 214.
+(Font)              Font shape `T1/txss/bx/n' tried instead on input line 216.
 LaTeX Font Info:    Font shape `T1/txss/bx/n' will be
-(Font)              scaled to size 11.39996pt on input line 214.
+(Font)              scaled to size 11.39996pt on input line 216.
 
 [1
 
@@ -1119,45 +1119,75 @@ t4): destination with the same identifier (name{page.i}) has been already used,
  duplicate ignored
 <to be read again> 
                    \relax 
-l.226 \begin{abstract}
+l.228 \begin{abstract}
                        [1]
 LaTeX Font Info:    Font shape `T1/txr/b/n' in size <12> not available
-(Font)              Font shape `T1/txr/bx/n' tried instead on input line 226.
+(Font)              Font shape `T1/txr/bx/n' tried instead on input line 228.
 LaTeX Font Info:    Font shape `T1/txr/b/n' in size <14.4> not available
-(Font)              Font shape `T1/txr/bx/n' tried instead on input line 226.
+(Font)              Font shape `T1/txr/bx/n' tried instead on input line 228.
  [3]pdfTeX warning (ext4): destination with the same identifier (name{page.i}) 
 has been already used, duplicate ignored
 <to be read again> 
                    \relax 
-l.245 \chapter
+l.247 \chapter
               *{Dedication} [1] [5
 
 ] [6]pdfTeX warning (ext4): destination with the same identifier (name{page.v})
  has been already used, duplicate ignored
 <to be read again> 
                    \relax 
-l.265 	\newpage
+l.267 	\newpage
                 [5
 
 ]pdfTeX warning (ext4): destination with the same identifier (name{page.vi}) ha
 s been already used, duplicate ignored
 <to be read again> 
                    \relax 
-l.277 \tableofcontents
+l.279 \tableofcontents
                        [6] (./document.toc)
 \tf@toc=\write6
 \openout6 = `document.toc'.
 
  [7
 
-] [8] (./document.lof)
+] [8] (./document.lof
+LaTeX Font Info:    Trying to load font information for OT1+txr on input line 8
+.
+
+(/usr/share/texlive/texmf-dist/tex/latex/txfonts/ot1txr.fd
+File: ot1txr.fd 2000/12/15 v3.1
+)
+LaTeX Font Info:    Trying to load font information for U+txsya on input line 8
+.
+
+(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsya.fd
+File: utxsya.fd 2000/12/15 v3.1
+)
+LaTeX Font Info:    Trying to load font information for U+txsyb on input line 8
+.
+
+(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyb.fd
+File: utxsyb.fd 2000/12/15 v3.1
+)
+LaTeX Font Info:    Trying to load font information for U+txmia on input line 8
+.
+
+(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxmia.fd
+File: utxmia.fd 2000/12/15 v3.1
+)
+LaTeX Font Info:    Trying to load font information for U+txsyc on input line 8
+.
+
+(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyc.fd
+File: utxsyc.fd 2000/12/15 v3.1
+))
 \tf@lof=\write7
 \openout7 = `document.lof'.
 
  [9
 
-]
-[10] (./document.lot)
+] [10]
+(./document.lot)
 \tf@lot=\write8
 \openout8 = `document.lot'.
 
@@ -1166,23 +1196,28 @@ l.277 \tableofcontents
 ] [12]
 Chapter 1.
 LaTeX Font Info:    Trying to load font information for TS1+txr on input line 3
-28.
+30.
 (/usr/share/texlive/texmf-dist/tex/latex/txfonts/ts1txr.fd
 File: ts1txr.fd 2000/12/15 v3.1
 ) [1
 
 
 ] [2]
-Overfull \hbox (0.50073pt too wide) in paragraph at lines 353--354
+Overfull \hbox (0.50073pt too wide) in paragraph at lines 355--356
 []\T1/txr/m/n/12 Subsequent talks on 2021 by Pat Hogan at DE-F-CON 29[[][]9[][]
 ], and by Guil-laume Fournier
  []
 
 [3] [4]
 Chapter 2.
+<images//classic_bpf.jpg, id=195, 588.1975pt x 432.61626pt>
+File: images//classic_bpf.jpg Graphic file (type jpg)
+<use images//classic_bpf.jpg>
+Package pdftex.def Info: images//classic_bpf.jpg  used on input line 413.
+(pdftex.def)             Requested size: 341.43306pt x 251.12224pt.
 [5
 
-]
+ <./images//classic_bpf.jpg>]
 Chapter 3.
 [6
 
@@ -1196,41 +1231,11 @@ Chapter 5.
 
 ]
 LaTeX Font Info:    Trying to load font information for T1+txtt on input line 4
-14.
+42.
  (/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd
 File: t1txtt.fd 2000/12/15 v3.1
 )
-LaTeX Font Info:    Trying to load font information for OT1+txr on input line 4
-14.
-
-(/usr/share/texlive/texmf-dist/tex/latex/txfonts/ot1txr.fd
-File: ot1txr.fd 2000/12/15 v3.1
-)
-LaTeX Font Info:    Trying to load font information for U+txsya on input line 4
-14.
-
-(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsya.fd
-File: utxsya.fd 2000/12/15 v3.1
-)
-LaTeX Font Info:    Trying to load font information for U+txsyb on input line 4
-14.
-
-(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyb.fd
-File: utxsyb.fd 2000/12/15 v3.1
-)
-LaTeX Font Info:    Trying to load font information for U+txmia on input line 4
-14.
-
-(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxmia.fd
-File: utxmia.fd 2000/12/15 v3.1
-)
-LaTeX Font Info:    Trying to load font information for U+txsyc on input line 4
-14.
-
-(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyc.fd
-File: utxsyc.fd 2000/12/15 v3.1
-)
-Overfull \hbox (5.34976pt too wide) in paragraph at lines 415--415
+Overfull \hbox (5.34976pt too wide) in paragraph at lines 443--443
 \T1/txtt/m/n/12 threat -[] intelligence / cyber -[] year -[] in -[] retrospect 
 / yir -[] cyber -[] threats -[]
  []
@@ -1246,35 +1251,29 @@ Package caption Warning: Unused \captionsetup[table] on input line 112.
 See the caption package documentation for explanation.
 
 
-Package caption Warning: Unused \captionsetup[lstlisting] on input line 162.
+Package caption Warning: Unused \captionsetup[lstlisting] on input line 164.
 See the caption package documentation for explanation.
 
 pdfTeX warning (ext4): destination with the same identifier (name{page.}) has b
 een already used, duplicate ignored
 <to be read again> 
                    \relax 
-l.431 \end{document}
+l.459 \end{document}
                      [2
 
 ] (./document.aux)
-
-Package rerunfilecheck Warning: File `document.out' has changed.
-(rerunfilecheck)                Rerun to get outlines right
-(rerunfilecheck)                or use package `bookmark'.
-
-Package rerunfilecheck Info: Checksums for `document.out':
-(rerunfilecheck)             Before: 029B6DE53007DA8B33AC812D93231EF1;656
-(rerunfilecheck)             After:  D2AB64F5FB48584C9F73C77A3A80F30D;744.
+Package rerunfilecheck Info: File `document.out' has not changed.
+(rerunfilecheck)             Checksum: AA28FA8D72587FC8F4EDD5E616FC72E7;810.
 Package logreq Info: Writing requests to 'document.run.xml'.
 \openout1 = `document.run.xml'.
 
  ) 
 Here is how much of TeX's memory you used:
- 27173 strings out of 481209
- 430782 string characters out of 5914747
- 1166131 words of memory out of 5000000
- 43656 multiletter control sequences out of 15000+600000
- 444100 words of font info for 89 fonts, out of 8000000 for 9000
+ 27194 strings out of 481209
+ 431200 string characters out of 5914747
+ 1167217 words of memory out of 5000000
+ 43670 multiletter control sequences out of 15000+600000
+ 447071 words of font info for 92 fonts, out of 8000000 for 9000
  36 hyphenation exceptions out of 8191
  88i,11n,90p,1029b,2369s stack positions out of 5000i,500n,10000p,200000b,80000s
 {/usr/share/texlive/texmf-dist/fonts/enc/dvips/base/8r.enc}</usr/share/texliv
@@ -1285,9 +1284,9 @@ tic/uhvb8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvr8a.p
 fb></usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvr8a.pfb></usr/sha
 re/texlive/texmf-dist/fonts/type1/urw/times/utmb8a.pfb></usr/share/texlive/texm
 f-dist/fonts/type1/urw/times/utmr8a.pfb>
-Output written on document.pdf (25 pages, 163741 bytes).
+Output written on document.pdf (25 pages, 199165 bytes).
 PDF statistics:
- 286 PDF objects out of 1000 (max. 8388607)
- 51 named destinations out of 1000 (max. 500000)
- 111 words of extra memory for PDF output out of 10000 (max. 10000000)
+ 304 PDF objects out of 1000 (max. 8388607)
+ 54 named destinations out of 1000 (max. 500000)
+ 132 words of extra memory for PDF output out of 10000 (max. 10000000)
 

docs/document.out

@@ -4,9 +4,10 @@
 \BOOKMARK [1][-]{section.1.3}{Regulatory\040framework}{chapter.1}% 4
 \BOOKMARK [2][-]{subsection.1.3.1}{Social\040and\040economic\040environment}{section.1.3}% 5
 \BOOKMARK [2][-]{subsection.1.3.2}{Budget}{section.1.3}% 6
-\BOOKMARK [2][-]{subsection.1.3.3}{Structure\040of\040the\040document}{section.1.3}% 7
+\BOOKMARK [1][-]{section.1.4}{Structure\040of\040the\040document}{chapter.1}% 7
 \BOOKMARK [0][-]{chapter.2}{State\040of\040the\040art}{}% 8
-\BOOKMARK [0][-]{chapter.3}{Methods??}{}% 9
-\BOOKMARK [0][-]{chapter.4}{Results}{}% 10
-\BOOKMARK [0][-]{chapter.5}{Conclusion\040and\040future\040work}{}% 11
-\BOOKMARK [0][-]{chapter.5}{Bibliography}{}% 12
+\BOOKMARK [1][-]{section.2.1}{Introduction\040to\040eBPF}{chapter.2}% 9
+\BOOKMARK [0][-]{chapter.3}{Methods??}{}% 10
+\BOOKMARK [0][-]{chapter.4}{Results}{}% 11
+\BOOKMARK [0][-]{chapter.5}{Conclusion\040and\040future\040work}{}% 12
+\BOOKMARK [0][-]{chapter.5}{Bibliography}{}% 13

docs/document.tex

@@ -123,7 +123,9 @@ hmargin=3cm
 	singlelinecheck=off,
 	labelsep=period,
 	labelfont=small,
-	font=small		
+	font=small,
+	%THE FOLLOWING WAS ADDED BY ME, is this ok? I think it was missed on the template
+	justification=centering		
 }
 
 
@@ -359,7 +361,7 @@ Taking the previous research into account, and on the basis of common functional
 \item Analysing eBPF's possibilities when hooking system calls and kernel functions.
 \end{itemize}
 
-The knowledge gathered by the previous three pillars will be then used as a basis for building our rootkit. We will present different attack vectors and techniques than the ones presented in previous research, although inevitably we will also tackle common points, which will be clearly indicated and on which we will try to perform further research. In essence, our eBPF-based rootkit aims at:
+The knowledge gathered by the previous three pillars will be then used as a basis for building our rootkit. We will present attack vectors and techniques different than the ones presented in previous research, although inevitably we will also tackle common points, which will be clearly indicated and on which we will try to perform further research. In essence, our eBPF-based rootkit aims at:
 \begin{itemize}
 \item Hijacking the execution of user programs while they are running, injecting libraries and executing malicious code, without impacting their normal execution.
 \item Featuring a command-and-control module powered by a network backdoor, which can be operated from a remote client. This backdoor should be controlled with stealth in mind, featuring similar mechanisms to those present in rootkits found in the wild.
@@ -398,8 +400,19 @@ The knowledge gathered by the previous three pillars will be then used as a basi
 
 \chapter{State of the art}
 % I WILL NOT INCLUDE A ROOTKIT BACKGROUND, considering that a deep study of that is not fully relevant for us. I explained what it is, its two main types (should we include bootkits, maybe?) and its relation with eBPF in the introduction, since it is needed to introduce the overall context. Should we do otherwise?
+This chapter is dedicated to an study of the eBPF technology. Firstly, we will analyse its origins, understanding what it is and how it works, and discuss the reasons why it is a necessary component of the Linux kernel today. Afterwards, we will cover the main features of eBPF in detail. Finally, an study of the existing alternatives for developing eBPF applications will be also included.
+
+\section{Introduction to eBPF}
+Nowadays eBPF is not officially considered to be an acronym anymore, but it remains largely known as "extended Berkeley Packet Filters", given its roots in the Berkeley Packet Filter (BPF) technology, now known as classic BPF.
+
+BPF was introduced in 1992 in the paper "The BSD Packet Filter: A New Architecture for User-level Packet Capture"\cite{bpf_bsd_origin}, as a new filtering technology for network packets in the BSD platform.
 
 
+\begin{figure}[h]
+	\centering
+	\includegraphics[width=12cm, keepaspectratio=true]{classic_bpf.jpg}
+	\caption{Sketch of the functionality of classic BPF}
+\end{figure}
 
 
 

docs/document.toc

@@ -13,10 +13,12 @@
 \defcounter {refsection}{0}\relax 
 \contentsline {subsection}{\numberline {1.3.2}Budget}{4}{subsection.1.3.2}%
 \defcounter {refsection}{0}\relax 
-\contentsline {subsection}{\numberline {1.3.3}Structure of the document}{4}{subsection.1.3.3}%
+\contentsline {section}{\numberline {1.4}Structure of the document}{4}{section.1.4}%
 \defcounter {refsection}{0}\relax 
 \contentsline {chapter}{\numberline {2}State of the art}{5}{chapter.2}%
 \defcounter {refsection}{0}\relax 
+\contentsline {section}{\numberline {2.1}Introduction to eBPF}{5}{section.2.1}%
+\defcounter {refsection}{0}\relax 
 \contentsline {chapter}{\numberline {3}Methods??}{6}{chapter.3}%
 \defcounter {refsection}{0}\relax 
 \contentsline {chapter}{\numberline {4}Results}{7}{chapter.4}%

docs/pdfa.xmpi

@@ -73,15 +73,15 @@
   </rdf:Description> 
   <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/"> 
    <xmp:CreatorTool>LaTeX with hyperref</xmp:CreatorTool> 
-   <xmp:ModifyDate>2022-05-21T19:59:13-04:00</xmp:ModifyDate> 
-   <xmp:CreateDate>2022-05-21T19:59:13-04:00</xmp:CreateDate> 
-   <xmp:MetadataDate>2022-05-21T19:59:13-04:00</xmp:MetadataDate> 
+   <xmp:ModifyDate>2022-05-22T08:18:59-04:00</xmp:ModifyDate> 
+   <xmp:CreateDate>2022-05-22T08:18:59-04:00</xmp:CreateDate> 
+   <xmp:MetadataDate>2022-05-22T08:18:59-04:00</xmp:MetadataDate> 
   </rdf:Description> 
   <rdf:Description rdf:about="" xmlns:xmpRights = "http://ns.adobe.com/xap/1.0/rights/"> 
   </rdf:Description> 
   <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/"> 
    <xmpMM:DocumentID>uuid:467B87E0-A1EA-A037-7CB7-0477245DEBC3</xmpMM:DocumentID> 
-   <xmpMM:InstanceID>uuid:92690ABF-FD4E-34F6-0677-8E9FB2D8ECBB</xmpMM:InstanceID> 
+   <xmpMM:InstanceID>uuid:7C5084A7-0928-3FCA-282B-690A2430241A</xmpMM:InstanceID> 
   </rdf:Description> 
  </rdf:RDF> 
 </x:xmpmeta>