I'd love to see a size comparison of the DWARF encoding vs the binary search map. I have a strong suspicion that there's a neat perfect hash solution to this problem - perfect hashes can encode keys in single digit #bits, and you get faster lookups.
> Note that seccomp has limited visibility into recvmsg / sendmsg args because bpf can't dereference syscall arg pointers.
BPF programs attached to syscalls (via kprobe or fentry) can read arguments via helpers (bpf_probe_read_{user,kernel}). Seccomp uses "classic BPF" which has no concept of helpers or calls.
The FDA's report on third party servicing says this:
> The currently available objective evidence is not sufficient to conclude whether or not there is a
widespread public health concern related to servicing, including by third party servicers, of
medical devices that would justify imposing additional/different, burdensome regulatory
requirements at this time. Rather, the objective evidence indicates that many OEMs and third party entities provide high
quality, safe, and effective servicing of medical devices.
From my personal experience poking at a CPAP machine, there's nothing magical about it. All the sensors and active elements I could track down are available from the respective manufacturers in large quantities. The CPU is a freaking off the shelf STM32F4 with the jtag header still on the board. This is not some impossible to debug hyper-integrated design.
It looks like it's using tcp flow tuple + tcp_seq to join things.