On Sun, 2007-02-11 at 15:49 -0500, Matt Kettler wrote:
> Raul Dias wrote:
> > There are some cases, that it is desired to match part a value from a
> > header, to another value somewhere else.
> >
> > Is there a way for SA to retain the value matched in a RE like $1/$2
> > matching parentheses, so that it might be used later (or at least in the
> > next rule)?
> >
> No, that's where you need to write a plugin.
I am thinking something that a plugin can help but to be used outside
the plugin scope.
For example, lets pretend there is a header X-Remote-IP, that has the
incoming ip address.
>From a plugin point of view, this could be:
header X_REMOTE_IP_RULE eval:match_re(/X-Remote-IP: (.*)/, 'remoteIP')
This would create a local/global/lexical variable $remoteIP that could
be used like this:
header MESSAGEID_WIP MESSAGEID =~ /<[EMAIL PROTECTED]>/
describe MESSAGEID_WIP Message-Id has the remote IP of the connection
Of course, having a new variable for each match (even in local/lexical
context) is too polluted, a better way is to store it within a hash.
Then the rule to use it becomes:
header MESSAGEID_WIP MESSAGEID =~ /<[EMAIL PROTECTED]>/
not so clear to non perl users, but still perl without too much
preprocessing.
Now, forgetting about plugin stuff, this can almost be done right now.
To declare a variable (?{ }) can be used.
So, now we have:
header X_REMOTE_IP_RULE /X-Remote-IP: (.*)(?{ $remoteIP = $1 })/
or better yet:
header X_REMOTE_IP_RULE /X-Remote-IP: (.*)(?{ $rule{remoteIP} = $1 })/
However, because of 'use strict', the variables have to be declared
first, and cant be done inside the RE.
A simple 'my %rule;' in the right place is probably enough.
What would make this really interesting is that a lot of the data is
already internal to SA and could be easily available to the rules
(instead of chasing it).
Of course, this example is really crude, but a lot more advanced rules
could be written straight in the cf files.
-Raul Dias
