3 private links
bpf filter: tcp src port not 22
(000) ldh [12]
(001) jeq #0x86dd jt 2 jf 6
(002) ldb [20]
(003) jeq #0x6 jt 4 jf 15
(004) ldh [54]
(005) jeq #0x16 jt 14 jf 15
(006) jeq #0x800 jt 7 jf 15
(007) ldb [23]
(008) jeq #0x6 jt 9 jf 15
(009) ldh [20]
(010) jset #0x1fff jt 15 jf 11
(011) ldxb 4*([14]&0xf)
(012) ldh [x + 14]
(013) jeq #0x16 jt 14 jf 15
(014) ret #0
(015) ret #96
(000) ldh [12]
(001) jeq #0x86dd jt 2 jf 6
If the ethernet type is 0x86dd (ipv6) go to 2
else go to 6
(002) ldb [20]
Load the 1 byte value at packet offset 20 (ipv6 next header)
(003) jeq #0x6 jt 4 jf 15
If the next header equals 6 (tcp) jump to 4, else jump to 15
(004) ldh [54]
Load the half word value from packet offset 54 (tcp source port)
(005) jeq #0x16 jt 14 jf 15
If the source port is 0x16 (22) jump to 14, else jump to 15
(006) jeq #0x800 jt 7 jf 15
If the eth type is 0x800 (ipv4) jump to 7, else jump to 15
(007) ldb [23]
Load the 1 byte value at packet offset 23 ( ip proto )
(008) jeq #0x6 jt 9 jf 15
If the ip proto equals 6 (tcp) jump to 9, else jump to 15
(009) ldh [20]
Load the half word value at packet offset 20 (flags + frag offset)
(010) jset #0x1fff jt 15 jf 11
Only look at the last 13 bits of the data
0x1fff == 0001 1111 1111 1111 (fragment offset)
If any of the data in fragment offset is true, jump to 15, else jump to 11
Essentially, if this packet is a fragment, return true for packet match
(011) ldxb 4([14]&0xf)
x = ip header len 4
In our case lets assume that we have a default size of 20 bytes.
(012) ldh [x + 14]
Load the half word at packet offset x+14 (in our case offset 20)
20 + 14 == 34
(013) jeq #0x16 jt 14 jf 15
If the value of packet offset 34 is 0x16 (tcp source port 22) jump to 14, else
jump to 15
(014) ret #0
Return a non-match
(015) ret #96
Return a match
Hacker News new | past | comments | ask | show | jobs | submit login
Someone1234 81 days ago | parent | favorite | on: Fitful nightly sleep linked to chronic inflammatio...
They're slowly moving to "at home" sleep studies, so hopefully the cost will come down. Essentially they just loan you a bunch of monitors on a chest belt, teach you how to put it on, and you return it the next day for your consultation.
Here's a video showing how to install the monitor:
https://www.youtube.com/watch?v=FHvydhYu85o
It is still a "developing area" but I think it will be the norm eventually. It *should reduce the cost (but YMMV, as US healthcare costs don't conform to normal logic).
