Class: SeccompTools::BPF

Inherits:

Object

• Object
• SeccompTools::BPF

Defined in:

lib/seccomp-tools/bpf.rb

Overview

Define the struct sock_filter, while more powerful.

Instance Attribute Summary

• #arch ⇒ Symbol readonly

  Architecture.

• #code ⇒ Integer readonly

  BPF code.

• #contexts ⇒ Set<Context>

  Possible contexts before this instruction.

• #jf ⇒ Integer readonly

  BPF JF.

• #jt ⇒ Integer readonly

  BPF JT.

• #k ⇒ Integer readonly

  BPF K.

• #line ⇒ Integer readonly

  Line number.

Instance Method Summary

• #asm ⇒ String

  Convert to raw bytes.

• #branch(context) {|pc, ctx| ... } ⇒ void
• #command ⇒ Symbol

  Command according to code.

• #decompile ⇒ String

  Decompile.

• #disasm ⇒ String

  Pretty display the disassemble result.

• #initialize(raw, arch, line) ⇒ BPF constructor

  Instantiate a BPF object.

• #inst ⇒ SeccompTools::Instruction::Base

  Corresponding instruction object.

Constructor Details

#initialize(raw, arch, line) ⇒ BPF

Instantiate a SeccompTools::BPF object.

Parameters:

• raw (String) —

  One struct sock_filter in bytes, should exactly 8 bytes.

• arch (Symbol) —

  Architecture, for showing constant names in decompile.

• line (Integer) —

  Line number of this filter.

# File 'lib/seccomp-tools/bpf.rb', line 34

def initialize(raw, arch, line)
  if raw.is_a?(String)
    io = ::StringIO.new(raw)
    @code = io.read(2).unpack1('S')
    @jt = io.read(1).ord
    @jf = io.read(1).ord
    @k = io.read(4).unpack1('L')
  else
    @code = raw[:code]
    @jt = raw[:jt]
    @jf = raw[:jf]
    @k = raw[:k]
  end
  @arch = arch
  @line = line
  @contexts = Set.new
end

Instance Attribute Details

#arch ⇒ Symbol (readonly)

Returns Architecture.

Returns:

• (Symbol) —

  Architecture.

# File 'lib/seccomp-tools/bpf.rb', line 23

def arch
  @arch
end

#code ⇒ Integer (readonly)

Returns BPF code.

Returns:

• (Integer) —

  BPF code.

# File 'lib/seccomp-tools/bpf.rb', line 15

def code
  @code
end

#contexts ⇒ Set<Context>

Returns Possible contexts before this instruction.

Returns:

• (Set<Context>) —

  Possible contexts before this instruction.

# File 'lib/seccomp-tools/bpf.rb', line 25

def contexts
  @contexts
end

#jf ⇒ Integer (readonly)

Returns BPF JF.

Returns:

• (Integer) —

  BPF JF.

# File 'lib/seccomp-tools/bpf.rb', line 19

def jf
  @jf
end

#jt ⇒ Integer (readonly)

Returns BPF JT.

Returns:

• (Integer) —

  BPF JT.

# File 'lib/seccomp-tools/bpf.rb', line 17

def jt
  @jt
end

#k ⇒ Integer (readonly)

Returns BPF K.

Returns:

• (Integer) —

  BPF K.

# File 'lib/seccomp-tools/bpf.rb', line 21

def k
  @k
end

#line ⇒ Integer (readonly)

Returns Line number.

Returns:

• (Integer) —

  Line number.

# File 'lib/seccomp-tools/bpf.rb', line 13

def line
  @line
end

Instance Method Details

#asm ⇒ String

Convert to raw bytes.

Returns:

• (String) —

  Raw bpf bytes.

# File 'lib/seccomp-tools/bpf.rb', line 62

def asm
  [code].pack('S*') + [jt, jf].pack('C*') + [k].pack('L')
end

#branch(context) {|pc, ctx| ... } ⇒ void

This method returns an undefined value.

Parameters:

• context (Context) —

  Current context.

Yield Parameters:

• pc (Integer) —

  Program counter after this instruction.

• ctx (Context) —

  Context after this instruction.

# File 'lib/seccomp-tools/bpf.rb', line 87

def branch(context, &block)
  inst.branch(context).each(&block)
end

#command ⇒ Symbol

Command according to code.

Returns:

• (Symbol) —

  See Const::BPF::COMMAND for list of commands.

# File 'lib/seccomp-tools/bpf.rb', line 69

def command
  Const::BPF::COMMAND.invert[code & 7]
end

#decompile ⇒ String

Decompile.

Returns:

• (String) —

  Decompile string.

# File 'lib/seccomp-tools/bpf.rb', line 76

def decompile
  inst.decompile
end

#disasm ⇒ String

Pretty display the disassemble result.

Returns:

• (String)

# File 'lib/seccomp-tools/bpf.rb', line 54

def disasm
  format(' %04d: 0x%02x 0x%02x 0x%02x 0x%08x  %s',
         line, code, jt, jf, k, decompile)
end

#inst ⇒ SeccompTools::Instruction::Base

Corresponding instruction object.

Returns:

• (SeccompTools::Instruction::Base)

# File 'lib/seccomp-tools/bpf.rb', line 93

def inst
  @inst ||= case command
            when :alu  then SeccompTools::Instruction::ALU
            when :jmp  then SeccompTools::Instruction::JMP
            when :ld   then SeccompTools::Instruction::LD
            when :ldx  then SeccompTools::Instruction::LDX
            when :misc then SeccompTools::Instruction::MISC
            when :ret  then SeccompTools::Instruction::RET
            when :st   then SeccompTools::Instruction::ST
            when :stx  then SeccompTools::Instruction::STX
            end.new(self)
end