bpf汇编指令
ld #len
sub #6
tax
ldh [x+0]
or #0xe6cf
st M[4]
ldh [x+0]
and #0xe6cf
neg
sub #1
tax
ld M[4]
and x
tax
st M[4]
ld #len
sub x
tax
ldh [x+0]
st M[6]
ldx M[4]
ldb [23]
jeq #0x6,L23,L28
L23: ldb [46]
rsh #2
sub #20
add x
tax
L28: ldh [x+14]
st M[8]
ld #len
sub #2
tax
ldh [x+0]
or #0x9d6a
st M[4]
ldh [x+0]
and #0x9d6a
neg
sub #1
tax
ld M[4]
and x
tax
ld M[8]
jeq x,L48,L46
L46: ld M[6]
jeq x.L48,L49
L48: ret #0xffff
L49: ret #0
注释
t=len
t-=6
x=t ;len-6
t=packet[len-6]
t|=0xe6cf
M[4]=t ;packet[len-6]|0xe6cf
t=packet[len-6]
t&=0xe6cf ;packet[len-6]&0xe6cf
neg ;t=0-t 取补码==按位取反加1
t-=1 ;-1得按位取反
x=t
t=M[4] ;packet[len-6]|0xe6cf
t&=x ;t=(packet[len-6]|0xe6cf) & ~(packet[len-6]&0xe6cf)
x=t
M[4]=x ;M[4]=packet[len-6]^0xe6cf ==>datalen
t=len
t=t-x
x=t ;x=len-packet[len-6]^0xe6cf ==>data_offset
t=packet[x] ;random_0
M[6]=t ;M[6]=random_0
x=M[4]
t=packet[23] ;protocol :6 tcp
if t==6 j L23, else j L28
L23: t=packet[46] ;Eth_14 ip_20_ tcp+12 byte tcp header len
t>>2 ;tcp header len
t-=20 ;0
t+=x
x=t ;x=datalen
L28: t=packet[x+14] ;[14+datalen]==> data[datalen-header_sz]
M[8]=t ;random_data
t=len
t-=2
x=t
t=packet[x] ;packet[len-2]
t|=0x9d6a
M[4]=t ;M[4]=packet[len-2]|0x9d6a
t=packet[x]
t&=0x9d6a ;packet[len-2]&0x9d6a
neg
t-=1
x=t
t=M[4]
t&=x
x=t ;x=(packet[len-2]|0x9d6a)& ~(packet[len-2]&0x9d6a)==>random_xor
t=M[8] ;M[8]==>random_data
if t==x,j L48 else L46
L46: t=M[6] ;M[6]==>random_0
if t==x,jL48 else L49
L48: ret -1
L49: ret 0
note
- random_0
对应紫色部分的值
- random_data
packet[14+datalen]
为数据中取到的值 data[datalen-header_sz] (header_sz==>iph+(tcph/udph))
- random_xor
对应深蓝 randowm xor 0x9d6a的值
