func getBPFFilter()

in internal/ip/ip.go [217:232]

• 13 lines of code
• 1 McCabe index (conditional complexity)

func getBPFFilter(ipHeaderOffset uint32, listenPort uint32) ([]bpf.RawInstruction, error) {
	// The Arachne BPF Filter reads values starting from the TCP Header by adding ipHeaderOffset to all
	// offsets. It filters for packets of destination port equal to listenPort, or src port equal to HTTP or HTTPS ports
	// and for packets containing a TCP SYN flag (SYN, or SYN+ACK packets)
	return bpf.Assemble([]bpf.Instruction{
		bpf.LoadAbsolute{Off: ipHeaderOffset + 2, Size: 2},              // Starting from TCP Header, load DstPort (2nd word)
		bpf.JumpIf{Cond: bpf.JumpEqual, Val: listenPort, SkipTrue: 3},   // Return packet if DstPort is listen Port
		bpf.LoadAbsolute{Off: ipHeaderOffset, Size: 2},                  // Starting from TCP Header, load SrcPort (1st word)
		bpf.JumpIf{Cond: bpf.JumpEqual, Val: d.PortHTTP, SkipTrue: 1},   // Return packet if SrcPort is HTTP Port
		bpf.JumpIf{Cond: bpf.JumpEqual, Val: d.PortHTTPS, SkipFalse: 2}, // Discard packet if not HTTPS
		bpf.LoadAbsolute{Off: ipHeaderOffset + 13, Size: 1},             // Starting from TCP Header, load Flags byte (not including NS bit)
		bpf.JumpIf{Cond: bpf.JumpBitsSet, Val: 2, SkipTrue: 1},          // AND Flags byte with 00000010 (SYN), and drop packet if 0
		bpf.RetConstant{Val: 0},                                         // Drop packet
		bpf.RetConstant{Val: 4096},                                      // Return up to 4096 bytes from packet
	})
}