-
Notifications
You must be signed in to change notification settings - Fork 0
/
dsml_definition.txt
91 lines (83 loc) · 2.34 KB
/
dsml_definition.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
Syntax Examples:
Note: All strings should use double-quotes.
***************************************************
# Comment
start variables
variable-name starting-value
[...]
start filters
of_filter(src_ip, dst_ip, src_port, dst_port) # Use None for wildcard in a field
[...]
start state state-name
keywords: "define", "variables", "start", "state", "filters", "of_filter"
variable-name: user-defined string
starting-value:
- string
- integer
state-name: user-defined string
****************************************************
define state state-name argument-1 argument-2 ...
matching
match-func(arguments ...)
conjunction match-func(arugments ...)
[...]
compare
value-1 comparator value-2
conjunction value-3 comparator value-4
[...]
do
side-effect-func(arguments ...)
[...]
goto
destination argument-1 argument-2 ...
[...]
timeout
seconds
[do/goto ...]
keywords: "define", "state", "matching", "do", "goto", "timeout", "compare"
state-name: user-defined string
argument-x: user-defined string # Must not share a name with a global variable.
match-func:
- match_string(protocol, field_name, value, substring=False)
- match_atmost(protocol, field_name, value)
- match_atleast(protocol, field_name, value)
- match_exactly(protocol, field_name, value)
- match_regex(protocol, field_name, regular_expression)
conjunction:
- and
- or
comparator:
- <
- <=
- ==
- >=
- >
value-x:
- string literal # == only
- integer
- variable-name
regular_expression:
- Python regex string
seconds: integer > 0
side-effect-func:
- print(text)
- print_packet()
- print_stacktrace()
- print_of_rules()
- print_time()
- log(filename, text)
- log_packet(filename)
- log_stacktrace(filename)
- log_of_rules(filename)
- log_time(filename)
# Setting functions cannot create new variables, only overwrite existing variables.
- set_to_field_value(variable, protocol, field_name)
- set_to_regex_match(variable, protocol, field_name, regex, sub_index)
- set(variable, value)
- inc(variable)
- dec(variable)
- add_of_rule(src_ip, dst_ip, src_port, dst_port) # Use None for wildcard
- remove_of_rule(src_ip, dst_ip, src_port, dst_port) # Use None for wildcard
destination:
- state-name
- exit # No arguments allowed.