cooker, seitan: simple working example

parser:
  - add OP_BLOCK and OP_RETURN to the parser
seitan:
  - fix op_cmp in seitan, it was jmp when comparison was true

Working example:
demo.json:
[
  {
    "match": [ /* qemu-pr-helper and similar */
      { "connect": { "addr": { "family": "unix", "path": "/tmp/test.sock" } } }
    ],
    "return": 0
  }
]

Create gluten and the bpf filter:
$ seitan-cooker demo.hjson demo.gluten demo.bpf

Launch the seitan eater with the target program:
$ seitan-eater -i demo.bpf -- strace -e connect tests-utils/test-syscalls connect

Start seitan with gluten:
$ seitan -i demo.gluten -p $(pgrep seitan-eater)

Seitan mocks the connect syscall and `connect` returns successfully:
$ seitan-eater -i demo.bpf -- strace -e connect tests-utils/test-syscalls connect
Test syscall: connect
connect(4, {sa_family=AF_UNIX, sun_path="/tmp/test.sock"}, 108) = 0

1 files changed, 2 insertions, 2 deletions

diff --git a/operations.c b/operations.c
index f79c41c..60c8410 100644
--- a/operations.c
+++ b/operations.c
@@ -357,9 +357,9 @@ int op_cmp(const struct seccomp_notif *req, int notifier, struct gluten *g,
 	    (res < 0 && (cmp == CMP_LT || cmp == CMP_LE)) ||
 	    (res > 0 && (cmp == CMP_GT || cmp == CMP_GE)) ||
 	    (res != 0 && (cmp == CMP_NE)))
-		return op->jmp.offset;	/* TODO: check boundaries */
+		return 0;
 
-	return 0;
+	return op->jmp.offset;
 }
 
 int op_resolve_fd(const struct seccomp_notif *req, int notifier,