tests/py/any/rawpayload.t.json.output


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

# meta l4proto { tcp, udp, sctp} @th,16,16 { 22, 23, 80 }
[
    {
        "match": {
            "left": {
                "meta": { "key": "l4proto" }
            },
            "right": {
                "set": [
                    6,
                    17,
                    132
                ]
            }
        }
    },
    {
        "match": {
            "left": {
                "payload": {
                    "base": "th",
                    "len": 16,
                    "offset": 16
                }
            },
            "right": {
                "set": [
                    22,
                    23,
                    80
                ]
            }
        }
    }
]

# meta l4proto tcp @th,16,16 { 22, 23, 80}
[
    {
        "match": {
            "left": {
                "payload": {
                    "field": "dport",
                    "protocol": "tcp"
                }
            },
            "right": {
                "set": [
                    22,
                    23,
                    80
                ]
            }
        }
    }
]

# @ll,0,1 1
[
    {
        "match": {
            "left": {
                "&": [
                    {
                        "payload": {
                            "base": "ll",
                            "len": 8,
                            "offset": 0
                        }
                    },
                    128
                ]
            },
            "op": "==",
            "right": 128
        }
    }
]

# @ll,0,8 and 0x80 eq 0x80
[
    {
        "match": {
            "left": {
                "&": [
                    {
                        "payload": {
                            "base": "ll",
                            "len": 8,
                            "offset": 0
                        }
                    },
                    128
                ]
            },
            "op": "==",
            "right": 128
        }
    }
]