Comment by foxmoss

Comment by foxmoss 9 hours ago

0 replies

View on Hacker News

> Otherwise I’m already freaked out by treating a 32 bit field as a pointer… even if you extend it to first.

The cast from a 32 bit pointer to a 64 bit pointer is in fact an eBPF oddity. So what's happening here is that the virtual machine is just giving us a fake memory address just to use in the program and when the read actually needs to happen the kernel just rewrites the virtual addresses to the real ones. I'm assuming this is just a byproduct of the memory separation that eBPF does to prevent filters from accidentally reading kernel memory.

Also yes the double cast is just to keep the compiler from throwing a warning.