Add another real-world example code. Rename ldx to ldxb for the MSH hack, to more closely match tcpdump-generated output

1 files changed, 8 insertions, 4 deletions

diff --git a/bpf-assembler.scm b/bpf-assembler.scm
index 9614fac..c626bee 100644
--- a/bpf-assembler.scm
+++ b/bpf-assembler.scm
@@ -43,7 +43,7 @@
  ;; XXX TODO: Use the constants from net/bpf.h?
  
  ;; Ordered by complexity
- (defaddrmode no-operands #x80 (() => 0) (_ => ()))
+ (defaddrmode no-operands #x00 (() => 0) (_ => ()))
  (defaddrmode packet-length #x80 (('len) => 0) (_ => (len)))
  (defaddrmode index-register #x08 (('x) => 0) (_ => (x)))
  (defaddrmode accumulator-register #x10 (('a) => 0) (_ => (a)))
@@ -53,6 +53,9 @@
  (defaddrmode memory-ref #x60
    ((('mem (and k (? uint?)))) => k)
    (k => ((mem ,k))))
+ (defaddrmode memory-set! #x00  ; No corresponding definition in bpf.h
+   ((('mem (and k (? uint?)))) => k)
+   (k => ((mem ,k))))
  (defaddrmode packet-ref #x20
    ((('pkt (and k (? uint?)))) => k)
    (k => ((pkt ,k))))
@@ -81,9 +84,10 @@
    packet-length immediate memory-ref packet-ref packet-ref/index-register)
  (defop ldh  #x08 packet-ref packet-ref/index-register)
  (defop ldb  #x10 packet-ref packet-ref/index-register)
- (defop ldx  #x01 packet-length immediate memory-ref packet-ref/hack)
- (defop st   #x02 memory-ref)
- (defop stx  #x03 memory-ref)
+ (defop ldx  #x01 packet-length immediate memory-ref)
+ (defop ldxb #x11 packet-ref/hack)      ; This is how tcpdump prints ldx/msh
+ (defop st   #x02 memory-set!)
+ (defop stx  #x03 memory-set!)
  (defop jmp  #x05 immediate)            ; aka JA
  (defop jeq  #x15 conditional-jump-immediate conditional-jump-index-register)
  (defop jgt  #x25 conditional-jump-immediate conditional-jump-index-register)