On Wed, Jul 1, 2015 at 11:38 AM, Vadim Kochan <vadi...@gmail.com> wrote: > Hi, > > There are some examples of the possible proto syntax: > > { eth(src=AA:BB:CC:DD:DD:FF, dst=11:22:33:44:55:66, proto=0x0800), > tcp(flags=syn|ack, dport=rand) } > > { dns(q="xxx.com") } > > Here is an example of little complicated param's value which might require > more parameters: > > dns answer: > { dns(a=(host="www.xxx.com", type=INET, addr=192.168.1.1)) } > > also I think about cases where param name can be omitted and specify value > only which > is more shorter, of course this is useful only for few such parameters: > > wlan beacon: > { beacon(ssid="my wife-i", ie=(100, 0xabcdef)) } > > id & data can be specified w/o parameter names which is faster to > type and not > complicated to memorize. > > I also changed trafgen grammar to have possibility to do not specify '{' '}' > which is useful for command line mode: > > $ echo 'eth(arg="xxx" , arg2 = "ccc"),ip(dst="1.1.1.1")' | > trafgen/trafgen --dev lo -i - > > Also I am not sure which way to choose: > > 1) have a generic grammar and dynamically lookup proto name from parser, > this allows to do not > modify parser each time when add new proto (I am in 80% for this). > > 2) have defined each param in the grammar, this might help with having > some special syntax for some proto, > but it needs to change modify parser when add new proto & it will get > parser FATter. > > Below is just some dirty-draft-demo patch (not a good in parsers): > > diff --git a/trafgen_lexer.l b/trafgen_lexer.l > index a361bfc..d1fb94e 100644 > --- a/trafgen_lexer.l > +++ b/trafgen_lexer.l > @@ -115,6 +115,7 @@ number_ascii ([a-zA-Z]) > "]" { return ']'; } > "," { return ','; } > ":" { return ':'; } > +"=" { return '='; } > > "\n" { yylineno++; } > > @@ -150,6 +151,9 @@ number_ascii ([a-zA-Z]) > "'"."'" { yylval.number = (uint8_t) (*(yytext + 1)); > return number; } > > +[a-z][a-z0-9]* { yylval.str = xstrdup(yytext); > + return name; } > + > ";"[^\n]* {/* NOP */} > . { printf("Unknown character '%s'", yytext); > yyerror("lex Unknown character"); } > diff --git a/trafgen_parser.y b/trafgen_parser.y > index ee3d476..bc9ae89 100644 > --- a/trafgen_parser.y > +++ b/trafgen_parser.y > @@ -324,10 +324,10 @@ static void set_dynamic_incdec(uint8_t start, uint8_t > stop, uint8_t stepping, > > %token ',' '{' '}' '(' ')' '[' ']' ':' '-' '+' '*' '/' '%' '&' '|' '<' '>' > '^' > > -%token number string > +%token number string name > > %type <number> number expression > -%type <str> string > +%type <str> string name param value > > %left '-' '+' '*' '/' '%' '&' '|' '<' '>' '^' > > @@ -360,6 +360,11 @@ noenforce_white > | delimiter_nowhite { } > ; > > +skip_white > + : {} > + | K_WHITE {} > + ; > + > packet > : '{' noenforce_white payload noenforce_white '}' { > min_cpu = max_cpu = -1; > @@ -382,6 +387,7 @@ packet > min_cpu = max_cpu = $3; > realloc_packet(); > } > + | proto_expr { } > ; > > payload > @@ -411,8 +417,39 @@ elem > | csum { } > | const { } > | inline_comment { } > + | proto {} > + ; > + > +proto_expr > + : proto { } > + | proto_expr ',' proto { } > + ; > +proto > + : name param_list { printf("proto(%s)\n", $1); } > + | name { printf("proto(%s)\n", $1); } > + ; > + > +param_list > + : '(' param_list_name_value ')' { } > ; > > +param_list_name_value > + : name_value { } > + | param_list_name_value ',' name_value { } > + ; > + > +name_value > + : skip_white param skip_white '=' skip_white value skip_white { } > + ; > + > +param > + : name { printf("param=%s\n", $1); } > + ; > + > +value : string { printf("value=%s\n", $1); } > + | param_list { } > + ; > + > expression > : number > { $$ = $1; }
Also I am thinking about some alternative proto syntax which might look more nicer when crafting proto header with a lot of fields in the trafgen's script: { eth { type=xxx, dst=FF:FF:FF:FF:FF:FF, }, tcp { flags=syn|ack, dport=56, }, dhcp { opt(...), /* a lot of dhcp options */ } } it should look more nicer than one-line proto description ... wht do you thing ? -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.