Decoder: Payload Functions

Document created by RSA Information Design and Development on Apr 21, 2016
Version 1Show Document
  • View in full screen mode
 
  

This topic defines language for the flex parser payload functions.

These functions operate on a read position, set at the beginning of a match element.

Language Definition

                                                                                                              
Node NameAttribute NameDescription
find  Searches the stream payload starting at the read position for a provided string value. If the value is found, the offset from the read position is returned. Any child elements will then execute. If not found, any child elements will not execute. 
 nameA number variable to receive the offset from the read position where the match begins.
 valueA string to find.
 length (optional)A limit to the length of the payload to be searched. If a limit is not provided, the remainder of the payload is searched. It is recommended to always use the smallest value possible here in order to reduce the effect on performance. 
install-decoder  To enable tokens to match on payload data that may be fragmented or otherwise encoded. A scan decoder can be installed to preprocess a section of the payload before it is scanned for tokens. An example would be an HTTP response that uses the chunked transfer encoding with gzip content encoding. By parsing the HTTP header, the necessary type, offset, and length parameters can all be set, after which the HTTP response payload would appear to the token scanning as if neither encoding had been applied. However, this incurs significant overhead. 
 typeThe type of decoder to install.
Valid options are: gzip, deflate, chunked, chunked-gzip, chunked-deflate. 
 offsetOffset from the current read position to begin decoding.
 lengthThe maximum payload length to decode.
isdecoding  Tests whether an installed decoder is currently active. If so, any children of this function will execute. This function has no parameters. 
move  Moves the read position forward in the current stream by a specified number of bytes. If there is sufficient data in the stream, the read position is updated and any child elements will then execute. If not found, the read position remains unchanged and any child elements will not execute. 
 valueThe number of bytes to move the read position.
 direction (optional)The direction to move the current read position. Can be forward (default) or reverse.
packetid  Returns the id of the packet for the current read position. It is possible for the result to be 0, which indicates that the packet id could not be determined. 
 nameA number variable to receive the current packet id.
payload-position  Returns the current read position. This is a zero based index into the stream payload.
 nameA number variable to receive the current read position.
read  Reads a specified number of bytes starting at the read position into a variable. If there is sufficient data in the stream, the read position is updated, the data read assigned, and any child elements will then execute. If not found, the read position remains unchanged and any child elements will not execute. 
 nameThe name of a string or number variable to receive stream data. If a number variable is provided, the bytes read are interpreted as a single unsigned numeric value. 
 lengthThe number of bytes to read from a stream.
 endianess (optional)The byte ordering to use when reading into a number variable. Can be big (default) or little. The attribute is invalid when reading into a string variable. 
You are here: References > Services Config View - Files Tab > Flex Parser > Payload Functions

Attachments

    Outcomes