I usually place a sample data line or 2 in my source file, so that people who come along after me know what elements im working on, or they can compare the data being passed to the code, vs the data the code is assuming it is receiving and go "duh.. we upgraded app X, need to alter the filter.."#!/usr/bin/perl push(@foo, '1 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 80 [SYN]', '2 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 113 [SYN]', '3 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 123 [SYN]', '4 120 2.3.4.5 -> 5.4.3.2 ICMP ? > ? echo (ping) reply', '5 120 2.3.4.5 -> 5.4.3.2 ICMP ? > ? echo (ping) request', '6 120 2.3.4.5 -> 5.4.3.2 ICMP ? > ? echo (ping) reply', '7 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 562 [RST]', '8 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 36 [RST]', '9 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 90 [RST]', ); # assume that when split the fields are as follows.. #line = '0'; #size = '1'; #src = '2'; #dest = '4'; #proto = '5'; #port = '8'; # here is what we will test on.. this could be altered to be # collected via flags, shifted off of ARGV, or passed as # params to a CGI easily... print "proto: "; chomp(my $i_proto=<>); print "port: "; chomp(my $i_port=<>); # loop over our data set, this could just as easily be a # socket or filehandle.. for ( @foo ) { my @line = split(/\s+/); if ($i_proto) { (my $tmp = $i_proto) =~ s/^!//; if ($i_proto =~ /^!/) { next if ($line[5] =~ /$tmp/); } else { next if ($line[5] !~ /$tmp/); } } if ($i_port) { (my $tmp = $i_port) =~ s/^!//; if ($i_port =~ /^!/) { next if ($line[8] =~ /$tmp/); } else { next if ($line[8] !~ /$tmp/); } } print "$_\n"; }
# @data now contains src_addr, dest_addr, proto, and port @data = ( split(/\s+/) )[2,4,5,8] # later test elem 3 instead of 5.. yada yada
In reply to Re: Runtime Regexp Generation
by l2kashe
in thread Runtime Regexp Generation
by tekkie
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |