def packet_filter

def packet_filter_prog()

in github-runner-ami/packer/files/runner-supervisor.py [0:0]
30 lines of code
3 McCabe index (conditional complexity)

        def packet_filter_prog():
            """
            A Berkley Packet Filter program to filter down the "firehose" of info we receive over the netlink
            socket.

            The Proc Connector doesn't provide any easy way to filter out the firehose of package events, and
            while we could ignore the things we don't care about in Python, it's more efficient to never
            receive those packets. "Luckily" there is the BPF, or Berkley Packet Filter, which can operate on
            any socket. This BPF program was taken from
            https://web.archive.org/web/20130601175512/https://netsplit.com/2011/02/09/the-proc-connector-and-socket-filters/
            """
            # A subset of Berkeley Packet Filter constants and macros, as defined in linux/filter.h.

            # Instruction classes
            BPF_LD = 0x00
            BPF_JMP = 0x05
            BPF_RET = 0x06

            # ld/ldx fields
            BPF_W = 0x00
            BPF_H = 0x08
            BPF_ABS = 0x20

            # alu/jmp fields
            BPF_JEQ = 0x10
            BPF_K = 0x00

            return bpf_program(
                [
                    # Load 16-bit ("half"-word) nlmsg.type field
                    bpf_stmt(BPF_LD | BPF_H | BPF_ABS, NLMsgHdr.type.offset),
                    bpf_jump(BPF_JMP | BPF_JEQ | BPF_K, socket.htons(NlMsgFlag.Done), 1, 0),
                    # Not NlMsgFlag.Done, return whole packet
                    bpf_stmt(BPF_RET | BPF_K, 0xFFFFFFFF),
                    #
                    # Load 32-bit (word) cb_id_idx field
                    bpf_stmt(BPF_LD | BPF_W | BPF_ABS, ctypes.sizeof(NLMsgHdr) + cn_msg.cb_id_idx.offset),
                    bpf_jump(BPF_JMP | BPF_JEQ | BPF_K, socket.htonl(cn_msg.CN_IDX_PROC), 1, 0),
                    # If not CN_IDX_PROC, return whole packet
                    bpf_stmt(BPF_RET | BPF_K, 0xFFFFFFFF),
                    #
                    # Load cb_id_val field
                    bpf_stmt(BPF_LD | BPF_W | BPF_ABS, ctypes.sizeof(NLMsgHdr) + cn_msg.cb_id_val.offset),
                    bpf_jump(BPF_JMP | BPF_JEQ | BPF_K, socket.htonl(cn_msg.CN_VAL_PROC), 1, 0),
                    # If not CN_VAL_PROC, return whole packet
                    bpf_stmt(BPF_RET | BPF_K, 0xFFFFFFFF),
                    #
                    # If not ProcEventWhat.EXEC or ProcEventWhat.EXIT, event, filter out the packet
                    bpf_stmt(
                        BPF_LD | BPF_W | BPF_ABS,
                        ctypes.sizeof(NLMsgHdr) + ctypes.sizeof(cn_msg) + proc_event.what.offset,
                    ),
                    bpf_jump(BPF_JMP | BPF_JEQ | BPF_K, socket.htonl(ProcEventWhat.EXEC), 2, 0),
                    bpf_jump(BPF_JMP | BPF_JEQ | BPF_K, socket.htonl(ProcEventWhat.EXIT), 1, 0),
                    bpf_stmt(BPF_RET | BPF_K, 0x0),
                    # Return everything
                    bpf_stmt(BPF_RET | BPF_K, 0xFFFFFFFF),
                ]
            )