Hello,
I am Sai Reddy an undergrad student in Rajiv Gandhi University of
Knowledge Technologies in Basar, Telangana, India.
As of now for Summer internship, i am doing in IIT Madras, We are
working on some message filters.
My professor questioned my team "How is BPF happening inside the Kernel?"
More precisely he pointed out that something.. When we said ," When a
kprobe is used, some BPF instruction's are going to happen before
actual syscall instructions happen"..He questioned us back, "Means
it's actually modifying the underlying syscall instrutions...with jump
instructions..is that feasible? and we are actually making an extra
overhead too?"..
We tried to explain as much as possible, using XDP at NIC level..and
many more..But the Professor is asking "This internal modification of
instructions is really useful?"
And one more question I have, "How does a BPF program know a
particular syscall has happened. Is it going to check always, Where
for checking some set of instructions executed again?".
I hope you will reach me back with answers to the above questions.
Thanks for your time and clarifying my doubts.
Regards,
Avuluri Venkata Sai Reddy
B.Tech 3rd Year(CSE),
RGUKT IIIT BASAR.
