Key Pages: [ Rope Home Page | Basics (tutorial) | Language Reference | Download ]
The $ip_protocol register is a read-only integer that identifies the IP protocol type of the packet being inspected. The possible values are listed on many systems in the file /etc/protocols (see Protocols). You can compare $ip_protocol against an integer number - which can optionally be expanded from mnemonics such as IPPROTO_TCP (see Protocols and the examples below).
Note that ROPE provides registers for interpreting the headers of TCP ($tcp_XXX registers) and UDP ($udp_XXX registers); for other protocols, the script needs to perform it's own explicit interpretation. This may change in future as the development of ROPE progresses to add further common protocols to the list of those explicitly understood.
These examples test for a TCP/IP packet..
$ip_protocol 6 eq assert $ip_protocol IPPROTO_TCP eq assert
and these examples test for a UDP packet..
$ip_protocol 17 eq assert $ip_protocol IPPROTO_UDP eq assert
RFC_791, $ip_check, $ip_daddr, $ip_dont_frag, $ip_frag_off, $ip_id, $ip_ihl, $ip_saddr, $ip_tos, $ip_tot_len, $ip_ttl, $ip_version
Lowth.com: [ Home | Rope | P2PWall | LinWiz | cutter | Protector - Free Antivirus software | TapeIO ]