diff --git a/docs/document.aux b/docs/document.aux index 63fcbd0..d0aa66f 100644 --- a/docs/document.aux +++ b/docs/document.aux @@ -54,22 +54,26 @@ \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.4}Structure of the document}{4}{section.1.4}\protected@file@percent } \abx@aux@cite{bpf_bsd_origin} \abx@aux@segm{0}{0}{bpf_bsd_origin} +\abx@aux@cite{ebpf_history_opensource} +\abx@aux@segm{0}{0}{ebpf_history_opensource} \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {2}State of the art}{5}{chapter.2}\protected@file@percent } \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }} \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }} \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {2.1}Introduction to eBPF}{5}{section.2.1}\protected@file@percent } \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.1}{\ignorespaces Sketch of the functionality of classic BPF\relax }}{5}{figure.caption.7}\protected@file@percent } -\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Methods??}{6}{chapter.3}\protected@file@percent } +\providecommand*\caption@xref[2]{\@setref\relax\@undefined{#1}} +\newlabel{fig:classif_bpf}{{2.1}{5}{Sketch of the functionality of classic BPF\relax }{figure.caption.7}{}} +\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Methods??}{7}{chapter.3}\protected@file@percent } \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }} \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }} -\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Results}{7}{chapter.4}\protected@file@percent } +\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Results}{8}{chapter.4}\protected@file@percent } \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }} \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }} -\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Conclusion and future work}{8}{chapter.5}\protected@file@percent } +\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Conclusion and future work}{9}{chapter.5}\protected@file@percent } \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }} \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }} -\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{9}{chapter.5}\protected@file@percent } -\abx@aux@read@bbl@mdfivesum{614E9E8BA8F58ECCA430604904639F32} +\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{10}{chapter.5}\protected@file@percent } +\abx@aux@read@bbl@mdfivesum{A3394ACFF19F9604812726160FADD43B} \abx@aux@refcontextdefaultsdone \abx@aux@defaultrefcontext{0}{ransomware_pwc}{none/global//global/global} \abx@aux@defaultrefcontext{0}{rootkit_ptsecurity}{none/global//global/global} @@ -82,5 +86,6 @@ \abx@aux@defaultrefcontext{0}{bad_ebpf}{none/global//global/global} \abx@aux@defaultrefcontext{0}{ebpf_friends}{none/global//global/global} \abx@aux@defaultrefcontext{0}{bpf_bsd_origin}{none/global//global/global} +\abx@aux@defaultrefcontext{0}{ebpf_history_opensource}{none/global//global/global} \ttl@finishall -\gdef \@abspage@last{25} +\gdef \@abspage@last{26} diff --git a/docs/document.log b/docs/document.log index fe05c0d..2055a9e 100644 --- a/docs/document.log +++ b/docs/document.log @@ -1,4 +1,4 @@ -This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27) 22 MAY 2022 08:18 +This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27) 22 MAY 2022 09:54 entering extended mode restricted \write18 enabled. %&-line parsing enabled. @@ -1210,37 +1210,37 @@ Overfull \hbox (0.50073pt too wide) in paragraph at lines 355--356 [3] [4] Chapter 2. - + File: images//classic_bpf.jpg Graphic file (type jpg) Package pdftex.def Info: images//classic_bpf.jpg used on input line 413. (pdftex.def) Requested size: 341.43306pt x 251.12224pt. [5 - <./images//classic_bpf.jpg>] + <./images//classic_bpf.jpg>] [6] Chapter 3. -[6 - -] -Chapter 4. [7 ] -Chapter 5. +Chapter 4. [8 +] +Chapter 5. +[9 + ] LaTeX Font Info: Trying to load font information for T1+txtt on input line 4 -42. +48. (/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd File: t1txtt.fd 2000/12/15 v3.1 ) -Overfull \hbox (5.34976pt too wide) in paragraph at lines 443--443 +Overfull \hbox (5.34976pt too wide) in paragraph at lines 449--449 \T1/txtt/m/n/12 threat -[] intelligence / cyber -[] year -[] in -[] retrospect / yir -[] cyber -[] threats -[] [] -[9 +[10 ] [1 @@ -1258,7 +1258,7 @@ pdfTeX warning (ext4): destination with the same identifier (name{page.}) has b een already used, duplicate ignored \relax -l.459 \end{document} +l.465 \end{document} [2 ] (./document.aux) @@ -1269,10 +1269,10 @@ Package logreq Info: Writing requests to 'document.run.xml'. ) Here is how much of TeX's memory you used: - 27194 strings out of 481209 - 431200 string characters out of 5914747 - 1167217 words of memory out of 5000000 - 43670 multiletter control sequences out of 15000+600000 + 27199 strings out of 481209 + 431366 string characters out of 5914747 + 1168340 words of memory out of 5000000 + 43673 multiletter control sequences out of 15000+600000 447071 words of font info for 92 fonts, out of 8000000 for 9000 36 hyphenation exceptions out of 8191 88i,11n,90p,1029b,2369s stack positions out of 5000i,500n,10000p,200000b,80000s @@ -1284,9 +1284,9 @@ tic/uhvb8a.pfb> -Output written on document.pdf (25 pages, 199165 bytes). +Output written on document.pdf (26 pages, 201266 bytes). PDF statistics: - 304 PDF objects out of 1000 (max. 8388607) - 54 named destinations out of 1000 (max. 500000) + 313 PDF objects out of 1000 (max. 8388607) + 56 named destinations out of 1000 (max. 500000) 132 words of extra memory for PDF output out of 10000 (max. 10000000) diff --git a/docs/document.pdf b/docs/document.pdf index 9e90502..c33ef5a 100644 Binary files a/docs/document.pdf and b/docs/document.pdf differ diff --git a/docs/document.synctex.gz b/docs/document.synctex.gz index 32d2823..c04efcd 100644 Binary files a/docs/document.synctex.gz and b/docs/document.synctex.gz differ diff --git a/docs/document.tex b/docs/document.tex index ecd5f13..14c4567 100644 --- a/docs/document.tex +++ b/docs/document.tex @@ -405,15 +405,21 @@ This chapter is dedicated to an study of the eBPF technology. Firstly, we will a \section{Introduction to eBPF} Nowadays eBPF is not officially considered to be an acronym anymore, but it remains largely known as "extended Berkeley Packet Filters", given its roots in the Berkeley Packet Filter (BPF) technology, now known as classic BPF. -BPF was introduced in 1992 in the paper "The BSD Packet Filter: A New Architecture for User-level Packet Capture"\cite{bpf_bsd_origin}, as a new filtering technology for network packets in the BSD platform. +BPF was introduced in 1992 in the paper "The BSD Packet Filter: A New Architecture for User-level Packet Capture"\cite{bpf_bsd_origin}, as a new filtering technology for network packets in the BSD platform. It was first integrated in the Linux kernel on version 2.1.75\cite{ebpf_history_opensource}. \begin{figure}[h] \centering \includegraphics[width=12cm, keepaspectratio=true]{classic_bpf.jpg} \caption{Sketch of the functionality of classic BPF} + \label{fig:classif_bpf} \end{figure} +Figure \ref{fig:classif_bpf} shows how BPF was integrated in the existing network packet processing by the kernel. After receiving a packet, it would first be analysed by BPF filters, which are directly programmed by the BPF developer. The filter decides whether the packet is to be accepted by analysing the packet properties, such as its length or the type and values of its headers. If a packet is accepted, the filter proceeds to decide how many bytes of the original buffer are passed to the application. Otherwise, the packet is redirected to the original network stack, where it is managed as usual. + + + + diff --git a/docs/document.toc b/docs/document.toc index 7e21961..72c23a8 100644 --- a/docs/document.toc +++ b/docs/document.toc @@ -19,11 +19,11 @@ \defcounter {refsection}{0}\relax \contentsline {section}{\numberline {2.1}Introduction to eBPF}{5}{section.2.1}% \defcounter {refsection}{0}\relax -\contentsline {chapter}{\numberline {3}Methods??}{6}{chapter.3}% +\contentsline {chapter}{\numberline {3}Methods??}{7}{chapter.3}% \defcounter {refsection}{0}\relax -\contentsline {chapter}{\numberline {4}Results}{7}{chapter.4}% +\contentsline {chapter}{\numberline {4}Results}{8}{chapter.4}% \defcounter {refsection}{0}\relax -\contentsline {chapter}{\numberline {5}Conclusion and future work}{8}{chapter.5}% +\contentsline {chapter}{\numberline {5}Conclusion and future work}{9}{chapter.5}% \defcounter {refsection}{0}\relax -\contentsline {chapter}{Bibliography}{9}{chapter.5}% +\contentsline {chapter}{Bibliography}{10}{chapter.5}% \contentsfinish diff --git a/docs/pdfa.xmpi b/docs/pdfa.xmpi index 0a94a72..d63d9dc 100644 --- a/docs/pdfa.xmpi +++ b/docs/pdfa.xmpi @@ -73,15 +73,15 @@ LaTeX with hyperref - 2022-05-22T08:18:59-04:00 - 2022-05-22T08:18:59-04:00 - 2022-05-22T08:18:59-04:00 + 2022-05-22T09:54:23-04:00 + 2022-05-22T09:54:23-04:00 + 2022-05-22T09:54:23-04:00 uuid:467B87E0-A1EA-A037-7CB7-0477245DEBC3 - uuid:7C5084A7-0928-3FCA-282B-690A2430241A + uuid:54E6B66D-9219-1781-FDF0-6CBAEB994DB9