Key Pages: [ Rope Home Page | Basics (tutorial) | Language Reference | Download ]
'$offset' is an internal ROPE register that holds the current position in the packet being checked. As a ROPE script lifts (and checks) bytes in the packet, so the $offset is advanced accordingly.
'$offset' can also be set explicitly in order to "seek" to a specified location in the buffer. For example...
if( lift(1) "\r" ne { $offset dec } )
This fragment takes a single byte from the packet using lift. This action has the side effect of advancing $offset by one place. It then checks to see whether the byte is a carriage-return and knocks the $offset back by one place if not. This effectively skips an optional "\r" in the buffer.
When a ROPE script is invoked by NetFilter, the value of $offset is set to point to the start of the data payload for UDP and TCP/IP packets, and the start of the IP payload for all other protocols. As more protocols are explicitly supported by ROPE, so the initial $offset values for them will be re-defined.
For TCP/IP, this initial offset is equivalent to:
$ip_ihl $tcp_doff add 4 mult
For UDP, it is equivalent to:
$ip_ihl 4 mult 8 add
lift, lift_to, lifti_to, lift_while
Lowth.com: [ Home | Rope | P2PWall | LinWiz | cutter | Protector - Free Antivirus software | TapeIO ]