Blame tests/py/any/rawpayload.t.json
|
Packit Service |
e7ae83 |
# meta l4proto { tcp, udp, sctp} @th,16,16 { 22, 23, 80 }
|
|
Packit Service |
e7ae83 |
[
|
|
Packit Service |
e7ae83 |
{
|
|
Packit Service |
e7ae83 |
"match": {
|
|
Packit Service |
e7ae83 |
"left": {
|
|
Packit Service |
e7ae83 |
"meta": { "key": "l4proto" }
|
|
Packit Service |
e7ae83 |
},
|
|
Packit Service |
e7ae83 |
"op": "==",
|
|
Packit Service |
e7ae83 |
"right": {
|
|
Packit Service |
e7ae83 |
"set": [
|
|
Packit Service |
e7ae83 |
"tcp",
|
|
Packit Service |
e7ae83 |
"udp",
|
|
Packit Service |
e7ae83 |
"sctp"
|
|
Packit Service |
e7ae83 |
]
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
},
|
|
Packit Service |
e7ae83 |
{
|
|
Packit Service |
e7ae83 |
"match": {
|
|
Packit Service |
e7ae83 |
"left": {
|
|
Packit Service |
e7ae83 |
"payload": {
|
|
Packit Service |
e7ae83 |
"base": "th",
|
|
Packit Service |
e7ae83 |
"len": 16,
|
|
Packit Service |
e7ae83 |
"offset": 16
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
},
|
|
Packit Service |
e7ae83 |
"op": "==",
|
|
Packit Service |
e7ae83 |
"right": {
|
|
Packit Service |
e7ae83 |
"set": [
|
|
Packit Service |
e7ae83 |
22,
|
|
Packit Service |
e7ae83 |
23,
|
|
Packit Service |
e7ae83 |
80
|
|
Packit Service |
e7ae83 |
]
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
]
|
|
Packit Service |
e7ae83 |
|
|
Packit Service |
e7ae83 |
# meta l4proto tcp @th,16,16 { 22, 23, 80}
|
|
Packit Service |
e7ae83 |
[
|
|
Packit Service |
e7ae83 |
{
|
|
Packit Service |
e7ae83 |
"match": {
|
|
Packit Service |
e7ae83 |
"left": { "meta": { "key": "l4proto" } },
|
|
Packit Service |
e7ae83 |
"op": "==",
|
|
Packit Service |
e7ae83 |
"right": "tcp"
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
},
|
|
Packit Service |
e7ae83 |
{
|
|
Packit Service |
e7ae83 |
"match": {
|
|
Packit Service |
e7ae83 |
"left": {
|
|
Packit Service |
e7ae83 |
"payload": {
|
|
Packit Service |
e7ae83 |
"base": "th",
|
|
Packit Service |
e7ae83 |
"len": 16,
|
|
Packit Service |
e7ae83 |
"offset": 16
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
},
|
|
Packit Service |
e7ae83 |
"op": "==",
|
|
Packit Service |
e7ae83 |
"right": {
|
|
Packit Service |
e7ae83 |
"set": [
|
|
Packit Service |
e7ae83 |
22,
|
|
Packit Service |
e7ae83 |
23,
|
|
Packit Service |
e7ae83 |
80
|
|
Packit Service |
e7ae83 |
]
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
]
|
|
Packit Service |
e7ae83 |
|
|
Packit Service |
e7ae83 |
# @nh,8,8 255
|
|
Packit Service |
e7ae83 |
[
|
|
Packit Service |
e7ae83 |
{
|
|
Packit Service |
e7ae83 |
"match": {
|
|
Packit Service |
e7ae83 |
"left": {
|
|
Packit Service |
e7ae83 |
"payload": {
|
|
Packit Service |
e7ae83 |
"base": "nh",
|
|
Packit Service |
e7ae83 |
"len": 8,
|
|
Packit Service |
e7ae83 |
"offset": 8
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
},
|
|
Packit Service |
e7ae83 |
"op": "==",
|
|
Packit Service |
e7ae83 |
"right": 255
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
]
|
|
Packit Service |
e7ae83 |
|
|
Packit Service |
e7ae83 |
# @nh,8,16 0
|
|
Packit Service |
e7ae83 |
[
|
|
Packit Service |
e7ae83 |
{
|
|
Packit Service |
e7ae83 |
"match": {
|
|
Packit Service |
e7ae83 |
"left": {
|
|
Packit Service |
e7ae83 |
"payload": {
|
|
Packit Service |
e7ae83 |
"base": "nh",
|
|
Packit Service |
e7ae83 |
"len": 16,
|
|
Packit Service |
e7ae83 |
"offset": 8
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
},
|
|
Packit Service |
e7ae83 |
"op": "==",
|
|
Packit Service |
e7ae83 |
"right": 0
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
]
|
|
Packit Service |
e7ae83 |
|
|
Packit Service |
e7ae83 |
# @ll,0,1 1
|
|
Packit Service |
e7ae83 |
[
|
|
Packit Service |
e7ae83 |
{
|
|
Packit Service |
e7ae83 |
"match": {
|
|
Packit Service |
e7ae83 |
"left": {
|
|
Packit Service |
e7ae83 |
"payload": {
|
|
Packit Service |
e7ae83 |
"base": "ll",
|
|
Packit Service |
e7ae83 |
"len": 1,
|
|
Packit Service |
e7ae83 |
"offset": 0
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
},
|
|
Packit Service |
e7ae83 |
"op": "==",
|
|
Packit Service |
e7ae83 |
"right": 1
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
]
|
|
Packit Service |
e7ae83 |
|
|
Packit Service |
e7ae83 |
# @ll,0,8 and 0x80 eq 0x80
|
|
Packit Service |
e7ae83 |
[
|
|
Packit Service |
e7ae83 |
{
|
|
Packit Service |
e7ae83 |
"match": {
|
|
Packit Service |
e7ae83 |
"left": {
|
|
Packit Service |
e7ae83 |
"&": [
|
|
Packit Service |
e7ae83 |
{
|
|
Packit Service |
e7ae83 |
"payload": {
|
|
Packit Service |
e7ae83 |
"base": "ll",
|
|
Packit Service |
e7ae83 |
"len": 8,
|
|
Packit Service |
e7ae83 |
"offset": 0
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
},
|
|
Packit Service |
e7ae83 |
"0x80"
|
|
Packit Service |
e7ae83 |
]
|
|
Packit Service |
e7ae83 |
},
|
|
Packit Service |
e7ae83 |
"op": "==",
|
|
Packit Service |
e7ae83 |
"right": "0x80"
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
]
|
|
Packit Service |
e7ae83 |
|
|
Packit Service |
e7ae83 |
# @ll,0,128 0xfedcba987654321001234567890abcde
|
|
Packit Service |
e7ae83 |
[
|
|
Packit Service |
e7ae83 |
{
|
|
Packit Service |
e7ae83 |
"match": {
|
|
Packit Service |
e7ae83 |
"left": {
|
|
Packit Service |
e7ae83 |
"payload": {
|
|
Packit Service |
e7ae83 |
"base": "ll",
|
|
Packit Service |
e7ae83 |
"len": 128,
|
|
Packit Service |
e7ae83 |
"offset": 0
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
},
|
|
Packit Service |
e7ae83 |
"op": "==",
|
|
Packit Service |
e7ae83 |
"right": "0xfedcba987654321001234567890abcde"
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
}
|
|
Packit Service |
e7ae83 |
]
|
|
Packit Service |
e7ae83 |
|