eBPF ELF Profile

[jarkkojs]

I've used Goblin to parse ELF and Mach-O but in some cases it would be convenient if Goblin was able to also parse eBPF ELF Profile without having to add external crate.

[jarkkojs]

Neither requesting to do anything, nor committing to implement it (although it is a possibility). Just first probing whether it is "thinkable" or "unthinkable" for Goblin so that no one wastes time for nothing ;-)

[m4b]

If it's apart of elf, it is likely fair game, some initial questions and comments:

1. could you give a high level summary of what structs you'd expect to be parsed out of the eBPF
2. in general, no more dependencies are being added to goblin, so if you expect you will need a bunch of upstream crates to do any parsing/whatever, that is likely out of the question.
3. if possible, do you imagine this being backwards compatible changes, or will it require some breaking changes?

otherwise this seems tentatively like something that I have no issue with adding, in principle.

[m4b]

4. are eBPF elf profiles a proposal, or is it something used in production/commonly found (the link you've pasted suggests its a proposal, but i haven't perused it fully yet)

[jarkkojs]

OK, did not expect this quick response thanks! I'm on holiday for next week but will do a quick feasibility study and try to provide decent answers to your questions. Thank you.

[jarkkojs]

Correction: I will do a quick feasibility study after next week ;-) So if you don't mind to keep the bug open up until end of week after next week I'd appreciate it. I might then even draft something to see if it will work or not.

In Enarx we've been heavily relying on Goblin, and use it generate ELF payload dynamically for the confidential computing VM and SGX hosts.

[jarkkojs]

[1] is way too early draft to work with. So maybe some other day once this gets refined.

[1] https://www.ietf.org/archive/id/draft-thaler-bpf-elf-00.html