Get raw text for this example (you can click any command below to see its doc)
/*   Using variables examples   rus as:   anettest -d eth0 -f this_file.fws  */
// VARIABLE DECLARATION
// legacy syntax
VAR
PARAMETERS: <name of variable> <name of field> <initial value> ("autoset"| ["static"] )
Command creates the new variable <name of variable> or reinitializes the old one if some variable of the same name is already exist. The newly created variable will have the same value's type as <name of field>. This command also sets the <initial value> for variable. Variable's value is stored separately from packet's buffer. The "autoset" type of variable indicates that the variable will be initialized by received packet (while using WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command or its analogs), i.e. from received packet will be obtained value of <name of field> and copied to variable. "static" type indicates that variable must not be changed while receiving packet. The "static" keyword may be omitted only if parameters to command are enclosed in round brackets.
The <name of variable> may appear among parameters to other commands. In this case it will be replaced by its value. Such a replacement will be also performed in strings enclosed in apostrophes. In this case the <name of variable> must be enclosed in $ (ex: 'value of variable = $name$').
var1 num 56 static
// types is the same as for
'num'
field, may be used for any field
VAR
PARAMETERS: <name of variable> <name of field> <initial value> ("autoset"| ["static"] )
Command creates the new variable <name of variable> or reinitializes the old one if some variable of the same name is already exist. The newly created variable will have the same value's type as <name of field>. This command also sets the <initial value> for variable. Variable's value is stored separately from packet's buffer. The "autoset" type of variable indicates that the variable will be initialized by received packet (while using WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command or its analogs), i.e. from received packet will be obtained value of <name of field> and copied to variable. "static" type indicates that variable must not be changed while receiving packet. The "static" keyword may be omitted only if parameters to command are enclosed in round brackets.
The <name of variable> may appear among parameters to other commands. In this case it will be replaced by its value. Such a replacement will be also performed in strings enclosed in apostrophes. In this case the <name of variable> must be enclosed in $ (ex: 'value of variable = $name$').
(var2, num, 45)
// type is omitted,
"static"
type is assumed
// new simple syntax
int i1 = 5 string str1 =
'value'
hex hexnum = 0x78
// will be displayed as hex
PRINTL
PARAMETERS: <message>
Analog of PRINT
PARAMETERS: <message>
Displays the given message. Use symbol in message to indicate that line feed must be performed.
command. Additionally performs the line feed.
'var1=$var1$'
PRINTL
PARAMETERS: <message>
Analog of PRINT
PARAMETERS: <message>
Displays the given message. Use symbol in message to indicate that line feed must be performed.
command. Additionally performs the line feed.
'i1=$i1$'
PRINTL
PARAMETERS: <message>
Analog of PRINT
PARAMETERS: <message>
Displays the given message. Use symbol in message to indicate that line feed must be performed.
command. Additionally performs the line feed.
'str1=$str1$'
PRINTL
PARAMETERS: <message>
Analog of PRINT
PARAMETERS: <message>
Displays the given message. Use symbol in message to indicate that line feed must be performed.
command. Additionally performs the line feed.
'hex=$hexnum$'
hexnum = 1
// 1 is treated as decimal number
PRINTL
PARAMETERS: <message>
Analog of PRINT
PARAMETERS: <message>
Displays the given message. Use symbol in message to indicate that line feed must be performed.
command. Additionally performs the line feed.
'hex=$hexnum$'
// MODIFICATION OF VARIABLES
INCVAR
PARAMETERS: <name of variable> <value to add>
Increases the given <name of variable> for the specified <value to add>. The <value to add> may be negative.
var1 2 var1 += 4
// is similar to INCVAR
PARAMETERS: <name of variable> <value to add>
Increases the given <name of variable> for the specified <value to add>. The <value to add> may be negative.
DECVAR
PARAMETERS: <name of variable> <value to subtract>
Analog of INCVAR
PARAMETERS: <name of variable> <value to add>
Increases the given <name of variable> for the specified <value to add>. The <value to add> may be negative.
. Subtracts the given value from variable.
var1 4 var1 -= 3
// is similar to DECVAR
PARAMETERS: <name of variable> <value to subtract>
Analog of INCVAR
PARAMETERS: <name of variable> <value to add>
Increases the given <name of variable> for the specified <value to add>. The <value to add> may be negative.
. Subtracts the given value from variable.
var1 = 10000000 MULVAR
PARAMETERS: <name of variable> <multiplier>
Multiply given variable by specified value.
var1 3 DIVVAR
PARAMETERS: <name of variable> <divisor>
Divide given variable by specified value.
var1 2 PRINT
PARAMETERS: <message>
Displays the given message. Use symbol in message to indicate that line feed must be performed.
'$var1$\n'
// STROING IN FILES
STRING v3 =
"to save in file"
// another way to declare variable
// writing and reading from file
WRITEVAR
PARAMETERS: <name of variable> <name of file>
Writes variable's value to the file on disk.
v3
'file_with_VAR
PARAMETERS: <name of variable> <name of field> <initial value> ("autoset"| ["static"] )
Command creates the new variable <name of variable> or reinitializes the old one if some variable of the same name is already exist. The newly created variable will have the same value's type as <name of field>. This command also sets the <initial value> for variable. Variable's value is stored separately from packet's buffer. The "autoset" type of variable indicates that the variable will be initialized by received packet (while using WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command or its analogs), i.e. from received packet will be obtained value of <name of field> and copied to variable. "static" type indicates that variable must not be changed while receiving packet. The "static" keyword may be omitted only if parameters to command are enclosed in round brackets.
The <name of variable> may appear among parameters to other commands. In this case it will be replaced by its value. Such a replacement will be also performed in strings enclosed in apostrophes. In this case the <name of variable> must be enclosed in $ (ex: 'value of variable = $name$').
'
LOADVAR
PARAMETERS: <name of variable> <name of file>
Loads the file in variable's current value. The variable must have undefined size: use variables with string type or use SETSIZE
PARAMETERS: <name of field> <decimal value of a new size of field>
Allows to specify the size for fields which don't have concrete size initially (strings). It can be also used to change the size for fields with concrete size (hexadecimal numbers). Value "any" may be used to specify the undefined size. A variable may be given so the size may be calculated before. See "samples/http_parser".
command.
v3
'file_with_VAR
PARAMETERS: <name of variable> <name of field> <initial value> ("autoset"| ["static"] )
Command creates the new variable <name of variable> or reinitializes the old one if some variable of the same name is already exist. The newly created variable will have the same value's type as <name of field>. This command also sets the <initial value> for variable. Variable's value is stored separately from packet's buffer. The "autoset" type of variable indicates that the variable will be initialized by received packet (while using WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command or its analogs), i.e. from received packet will be obtained value of <name of field> and copied to variable. "static" type indicates that variable must not be changed while receiving packet. The "static" keyword may be omitted only if parameters to command are enclosed in round brackets.
The <name of variable> may appear among parameters to other commands. In this case it will be replaced by its value. Such a replacement will be also performed in strings enclosed in apostrophes. In this case the <name of variable> must be enclosed in $ (ex: 'value of variable = $name$').
'
PRINTL
PARAMETERS: <message>
Analog of PRINT
PARAMETERS: <message>
Displays the given message. Use symbol in message to indicate that line feed must be performed.
command. Additionally performs the line feed.
v3
// CONVERT INT TO STRING
string s1 =
''
s1 =
'$i1$'
PRINTL
PARAMETERS: <message>
Analog of PRINT
PARAMETERS: <message>
Displays the given message. Use symbol in message to indicate that line feed must be performed.
command. Additionally performs the line feed.
s1
// USING VARIABLES AS VALUES TO COMMANDS
INCLUDE
PARAMETERS: <name of file>
Starts processing the content of given file. The search of file will be performed in the current directory, all search paths (see option -I). For every path the content of samples, headers, traces folders will be also examined. You can also type just the name of file without INCLUDE
PARAMETERS: <name of file>
Starts processing the content of given file. The search of file will be performed in the current directory, all search paths (see option -I). For every path the content of samples, headers, traces folders will be also examined. You can also type just the name of file without INCLUDE
PARAMETERS: <name of file>
Starts processing the content of given file. The search of file will be performed in the current directory, all search paths (see option -I). For every path the content of samples, headers, traces folders will be also examined. You can also type just the name of file without include before it.
before it.
before it.
tcp var1 = 777777 ack = var1
// initialization field by variable
PRINT
PARAMETERS: <message>
Displays the given message. Use symbol in message to indicate that line feed must be performed.
'ack=$ack$\n'
// USING AUTOSET VARIABLES
CLEARMASK
PARAMETERS: no parameters
The mask of packet (the set of previously defined conditions) will be cleared. New mask will correspond to any packet. This command is usually contained in headers to make the mask correspond to all packets of given type (ex: TCP packets).
dstip 45.23.76.34
// comment this to really capture some packet
TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
3000 VAR
PARAMETERS: <name of variable> <name of field> <initial value> ("autoset"| ["static"] )
Command creates the new variable <name of variable> or reinitializes the old one if some variable of the same name is already exist. The newly created variable will have the same value's type as <name of field>. This command also sets the <initial value> for variable. Variable's value is stored separately from packet's buffer. The "autoset" type of variable indicates that the variable will be initialized by received packet (while using WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command or its analogs), i.e. from received packet will be obtained value of <name of field> and copied to variable. "static" type indicates that variable must not be changed while receiving packet. The "static" keyword may be omitted only if parameters to command are enclosed in round brackets.
The <name of variable> may appear among parameters to other commands. In this case it will be replaced by its value. Such a replacement will be also performed in strings enclosed in apostrophes. In this case the <name of variable> must be enclosed in $ (ex: 'value of variable = $name$').
srcip_VAR
PARAMETERS: <name of variable> <name of field> <initial value> ("autoset"| ["static"] )
Command creates the new variable <name of variable> or reinitializes the old one if some variable of the same name is already exist. The newly created variable will have the same value's type as <name of field>. This command also sets the <initial value> for variable. Variable's value is stored separately from packet's buffer. The "autoset" type of variable indicates that the variable will be initialized by received packet (while using WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command or its analogs), i.e. from received packet will be obtained value of <name of field> and copied to variable. "static" type indicates that variable must not be changed while receiving packet. The "static" keyword may be omitted only if parameters to command are enclosed in round brackets.
The <name of variable> may appear among parameters to other commands. In this case it will be replaced by its value. Such a replacement will be also performed in strings enclosed in apostrophes. In this case the <name of variable> must be enclosed in $ (ex: 'value of variable = $name$').
srcip 1.1.1.1 autoset
// VARIABLE WILL BE INITIALIZED BY RECEIVED PACKET, see also MES
PARAMETERS: <string of message>
Defines the message which will be displayed the every time on receiving the currently described packet. Substitutions are allowed in the form of $name$. The 'name' may reference to the field's name, variable's name, someone defined by GDEF
PARAMETERS: <new name> <original name>
Defines the substitution which will be applied while reading almost any read word from text. <New name> will be replaced by <original name>. This substitution may be also performed in strings enclosed in apostrophes. In this case the name must be enclosed in $ (ex: 'value = $name$').
command. In the case of field's name field's value will be retrieved from the content of received packet.
and COPYREC
PARAMETERS: no parameters
The received packet (see command WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
, its analogs) will be copied to the buffer of current packet. Precision waiting must be first enabled (command PRECISEWAIT
PARAMETERS: no parameters
After the work of WAIT command (its analogs) all trace threads will be blocked until the next call to WAIT command. So there will be no missed packets between subsequent calls to WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command.
). See also NOTCOPYREC
PARAMETERS: no parameters
Reverses the action of COPYREC
PARAMETERS: no parameters
The received packet (see command WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
, its analogs) will be copied to the buffer of current packet. Precision waiting must be first enabled (command PRECISEWAIT
PARAMETERS: no parameters
After the work of WAIT command (its analogs) all trace threads will be blocked until the next call to WAIT command. So there will be no missed packets between subsequent calls to WAIT command.
). See also NOTCOPYREC
PARAMETERS: no parameters
Reverses the action of COPYREC
PARAMETERS: no parameters
The received packet (see command WAIT, its analogs) will be copied to the buffer of current packet. Precision waiting must be first enabled (command PRECISEWAIT). See also NOTCOPYREC
PARAMETERS: no parameters
Reverses the action of COPYREC command.
command.
command.
command.
command.
command.
commands
WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND
PARAMETERS: {accept | drop | any }
In common regime generates the packet defined above. In other regimes (testing packet filter, see command FASTTEST
PARAMETERS: no parameters
Enables fasttest regime for packet filter test. See "samples/fasttest".
and option -c) may simply separate packets one from another, so by this command the current content of buffer will be fixed and the new packet will be registered. The requests after command don't make sense in common regime (only while testing packet filter).
, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT
PARAMETERS: {accept | drop | any }
Request specification. The request that the packet must be received. Analog of SEND ACCEPT. It may be processed as command while testing packet filter only (command FASTTEST or option -c). In common regime it may be among parameters to command only.
ANY ANY
PARAMETERS: {accept | drop | any }
Request specification. No requests: the packet may be received or not. Analog of SEND ANY. It may be processed as command while testing packet filter only (command FASTTEST
PARAMETERS: no parameters
Enables fasttest regime for packet filter test. See "samples/fasttest".
or option -c). In common regime it may be amoung parameters to command only. This special word may also be used as value for field that means exclusion the all conditions with this field from current mask of packet - value of the field may be any.
... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
(WAITALL
PARAMETERS: no parameters
The analog of WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command (or using of UNFIX
PARAMETERS: no parameters
By default after the work of WAIT command (its analogs) the statuses for all waited packets will be fixed, so there may be no packets to wait for the next call to WAIT. This command marks these old packets as newly added. The previous status for them will be lost. Take a note of that ALL old packets will be unfixed, so they will be waited: this may cause unexpected results. Consider the use of CLEARREG
PARAMETERS: no parameters
Clears the information about all the packets which were added to the waited ones (by WAIT, ADD
PARAMETERS:
Alias of TOWAIT command.
commands). They will not be displayed in final report (or in the report that is displayed by SHOWREP
PARAMETERS: no parameters
Displays a report which is the same as that displayed while program termination.
command). If this command is typed at the end of script then it omits the displaying of final report (sense there are no packet in it).
command.
command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND
PARAMETERS: {accept | drop | any }
In common regime generates the packet defined above. In other regimes (testing packet filter, see command FASTTEST
PARAMETERS: no parameters
Enables fasttest regime for packet filter test. See "samples/fasttest".
and option -c) may simply separate packets one from another, so by this command the current content of buffer will be fixed and the new packet will be registered. The requests after command don't make sense in common regime (only while testing packet filter).
but before WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
// waiting packet
PRINT
PARAMETERS: <message>
Displays the given message. Use symbol in message to indicate that line feed must be performed.
'srcip_VAR
PARAMETERS: <name of variable> <name of field> <initial value> ("autoset"| ["static"] )
Command creates the new variable <name of variable> or reinitializes the old one if some variable of the same name is already exist. The newly created variable will have the same value's type as <name of field>. This command also sets the <initial value> for variable. Variable's value is stored separately from packet's buffer. The "autoset" type of variable indicates that the variable will be initialized by received packet (while using WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command or its analogs), i.e. from received packet will be obtained value of <name of field> and copied to variable. "static" type indicates that variable must not be changed while receiving packet. The "static" keyword may be omitted only if parameters to command are enclosed in round brackets.
The <name of variable> may appear among parameters to other commands. In this case it will be replaced by its value. Such a replacement will be also performed in strings enclosed in apostrophes. In this case the <name of variable> must be enclosed in $ (ex: 'value of variable = $name$').
= $srcip_VAR
PARAMETERS: <name of variable> <name of field> <initial value> ("autoset"| ["static"] )
Command creates the new variable <name of variable> or reinitializes the old one if some variable of the same name is already exist. The newly created variable will have the same value's type as <name of field>. This command also sets the <initial value> for variable. Variable's value is stored separately from packet's buffer. The "autoset" type of variable indicates that the variable will be initialized by received packet (while using WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command or its analogs), i.e. from received packet will be obtained value of <name of field> and copied to variable. "static" type indicates that variable must not be changed while receiving packet. The "static" keyword may be omitted only if parameters to command are enclosed in round brackets.
The <name of variable> may appear among parameters to other commands. In this case it will be replaced by its value. Such a replacement will be also performed in strings enclosed in apostrophes. In this case the <name of variable> must be enclosed in $ (ex: 'value of variable = $name$').
$\n'