Network Working Group N. Brownlee Request for Comments: 2723 The University of Auckland Category: Informational October 1999
Network Working Group N. Brownlee Request for Comments: 2723 The University of Auckland Category: Informational October 1999
SRL: A Language for Describing Traffic Flows and Specifying Actions for Flow Groups
SRL:用于描述交通流和指定流组操作的语言
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
Abstract
摘要
This document describes a language for specifying rulesets, i.e. configuration files which may be loaded into a traffic flow meter so as to specify which traffic flows are measured by the meter, and the information it will store for each flow.
本文件描述了一种用于指定规则集的语言,即可加载到交通流量计中的配置文件,以指定流量计测量的交通流量及其将为每个流量存储的信息。
Table of Contents
目录
1 Purpose and Scope . . . . . . . . . . . . . . . . . . . . . . 2 1.1 RTFM Meters and Traffic Flows . . . . . . . . . . . . . . 2 1.2 SRL Overview . . . . . . . . . . . . . . . . . . . . . . 3 2 SRL Language Description . . . . . . . . . . . . . . . . . . 4 2.1 Define Directive . . . . . . . . . . . . . . . . . . . . 4 2.2 Program . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.3 Declaration . . . . . . . . . . . . . . . . . . . . . . . 5 3 Statement . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1 IF_statement . . . . . . . . . . . . . . . . . . . . . . 6 3.1.1 expression . . . . . . . . . . . . . . . . . . . . 6 3.1.2 term . . . . . . . . . . . . . . . . . . . . . . . 6 3.1.3 factor . . . . . . . . . . . . . . . . . . . . . . 6 3.1.4 operand_list . . . . . . . . . . . . . . . . . . . 6 3.1.5 operand . . . . . . . . . . . . . . . . . . . . . . 6 3.1.6 Test Part . . . . . . . . . . . . . . . . . . . . . 7 3.1.7 Action Part . . . . . . . . . . . . . . . . . . . . 8 3.1.8 ELSE Clause . . . . . . . . . . . . . . . . . . . . 8 3.2 Compound_statement . . . . . . . . . . . . . . . . . . . 8 3.3 Imperative_statement . . . . . . . . . . . . . . . . . . 9 3.3.1 SAVE Statement . . . . . . . . . . . . . . . . . . 9 3.3.2 COUNT Statement . . . . . . . . . . . . . . . . . . 10
1 Purpose and Scope . . . . . . . . . . . . . . . . . . . . . . 2 1.1 RTFM Meters and Traffic Flows . . . . . . . . . . . . . . 2 1.2 SRL Overview . . . . . . . . . . . . . . . . . . . . . . 3 2 SRL Language Description . . . . . . . . . . . . . . . . . . 4 2.1 Define Directive . . . . . . . . . . . . . . . . . . . . 4 2.2 Program . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.3 Declaration . . . . . . . . . . . . . . . . . . . . . . . 5 3 Statement . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1 IF_statement . . . . . . . . . . . . . . . . . . . . . . 6 3.1.1 expression . . . . . . . . . . . . . . . . . . . . 6 3.1.2 term . . . . . . . . . . . . . . . . . . . . . . . 6 3.1.3 factor . . . . . . . . . . . . . . . . . . . . . . 6 3.1.4 operand_list . . . . . . . . . . . . . . . . . . . 6 3.1.5 operand . . . . . . . . . . . . . . . . . . . . . . 6 3.1.6 Test Part . . . . . . . . . . . . . . . . . . . . . 7 3.1.7 Action Part . . . . . . . . . . . . . . . . . . . . 8 3.1.8 ELSE Clause . . . . . . . . . . . . . . . . . . . . 8 3.2 Compound_statement . . . . . . . . . . . . . . . . . . . 8 3.3 Imperative_statement . . . . . . . . . . . . . . . . . . 9 3.3.1 SAVE Statement . . . . . . . . . . . . . . . . . . 9 3.3.2 COUNT Statement . . . . . . . . . . . . . . . . . . 10
3.3.3 EXIT Statement . . . . . . . . . . . . . . . . . . 10 3.3.4 IGNORE Statement . . . . . . . . . . . . . . . . . 10 3.3.5 NOMATCH Statement . . . . . . . . . . . . . . . . . 10 3.3.6 STORE Statement . . . . . . . . . . . . . . . . . . 11 3.3.7 RETURN Statement . . . . . . . . . . . . . . . . . 11 3.4 Subroutine_declaration . . . . . . . . . . . . . . . . . 11 3.5 CALL_statement . . . . . . . . . . . . . . . . . . . . . 12 4 Example Programs . . . . . . . . . . . . . . . . . . . . . . 13 4.1 Classify IP Port Numbers . . . . . . . . . . . . . . . . 13 4.2 Classify Traffic into Groups of Networks . . . . . . . . 14 5 Security Considerations . . . . . . . . . . . . . . . . . . . 15 6 IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 7 APPENDICES . . . . . . . . . . . . . . . . . . . . . . . . . 16 7.1 Appendix A: SRL Syntax in BNF . . . . . . . . . . . . . . 16 7.2 Appendix B: Syntax for Values and Masks . . . . . . . . . 18 7.3 Appendix C: RTFM Attribute Information . . . . . . . . . 19 8 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 9 References . . . . . . . . . . . . . . . . . . . . . . . . . 20 10 Author's Address . . . . . . . . . . . . . . . . . . . . . . 21 11 Full Copyright Statement . . . . . . . . . . . . . . . . . . 22
3.3.3 EXIT Statement . . . . . . . . . . . . . . . . . . 10 3.3.4 IGNORE Statement . . . . . . . . . . . . . . . . . 10 3.3.5 NOMATCH Statement . . . . . . . . . . . . . . . . . 10 3.3.6 STORE Statement . . . . . . . . . . . . . . . . . . 11 3.3.7 RETURN Statement . . . . . . . . . . . . . . . . . 11 3.4 Subroutine_declaration . . . . . . . . . . . . . . . . . 11 3.5 CALL_statement . . . . . . . . . . . . . . . . . . . . . 12 4 Example Programs . . . . . . . . . . . . . . . . . . . . . . 13 4.1 Classify IP Port Numbers . . . . . . . . . . . . . . . . 13 4.2 Classify Traffic into Groups of Networks . . . . . . . . 14 5 Security Considerations . . . . . . . . . . . . . . . . . . . 15 6 IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 7 APPENDICES . . . . . . . . . . . . . . . . . . . . . . . . . 16 7.1 Appendix A: SRL Syntax in BNF . . . . . . . . . . . . . . 16 7.2 Appendix B: Syntax for Values and Masks . . . . . . . . . 18 7.3 Appendix C: RTFM Attribute Information . . . . . . . . . 19 8 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 9 References . . . . . . . . . . . . . . . . . . . . . . . . . 20 10 Author's Address . . . . . . . . . . . . . . . . . . . . . . 21 11 Full Copyright Statement . . . . . . . . . . . . . . . . . . 22
1 Purpose and Scope
1目的和范围
A ruleset for an RTFM Meter is a sequence of instructions to be executed by the meter's Pattern Matching Engine (PME). The form of these instructions is described in detail in the 'RTFM Architecture' and 'RTFM Meter MIB' documents [RTFM-ARC, RTFM-MIB], but most users - at least initially - find them confusing and difficult to write, mainly because the effect of each instruction is strongly dependent on the state of the meter's Packet Matching Engine at the moment of its execution.
RTFM电表的规则集是由电表的模式匹配引擎(PME)执行的一系列指令。“RTFM体系结构”和“RTFM仪表MIB”文档[RTFM-ARC,RTFM-MIB]中详细描述了这些指令的形式,但大多数用户(至少在最初)发现它们令人困惑且难以编写,主要是因为每条指令的效果强烈依赖于仪表执行时数据包匹配引擎的状态。
SRL (the Simple Ruleset Language) is a procedural language for creating RTFM rulesets. It has been designed to be simple for people to understand, using statements which help to clarify the execution context in which they operate. SRL programs will be compiled into rulesets which can then be downloaded to RTFM meters.
SRL(简单规则集语言)是一种用于创建RTFM规则集的过程语言。它被设计为便于人们理解,使用有助于澄清其操作的执行上下文的语句。SRL程序将被编译成规则集,然后可以下载到RTFM仪表。
An SRL compiler is available as part of NeTraMet (a free-software implementation of the RTFM meter and manager), version 4.2 [NETRAMET].
SRL编译器是NeTraMet(RTFM仪表和管理器的自由软件实现)4.2版[NeTraMet]的一部分。
The RTFM Architecture [RTFM-ARC] defines a set of 'attributes' which apply to network traffic. Among the attributes are 'address attributes,' such as PeerType, PeerAddress, TransType and TransAddress, which have meaning for many protocols, e.g. for IPv4
RTFM体系结构[RTFM-ARC]定义了一组适用于网络流量的“属性”。这些属性中包括“地址属性”,如PeerType、PeerAddress、TransType和TransAddress,它们对许多协议都有意义,例如IPv4协议
traffic (PeerType == 1) PeerAddress is an IP address, TransType is TCP(6), UDP(17), ICMP(1), etc., and TransAddress is usually an IP port number.
流量(PeerType==1)PeerAddress是一个IP地址,TransType是TCP(6)、UDP(17)、ICMP(1)等,TransAddress通常是一个IP端口号。
An 'RTFM Traffic Flow' is simply a stream of packets observed by a meter as they pass across a network between two end points (or to/from a single end point). Each 'end point' of a flow is specified by the set of values of its address attributes.
“RTFM通信流”只是一个仪表在两个端点之间(或从一个端点到另一个端点)通过网络时观察到的数据包流。流的每个“端点”由其地址属性的值集指定。
An 'RTFM Meter' is a measuring device - e.g. a program running on a Unix or PC host - which observes passing packets and builds 'Flow Data Records' for the flows of interest.
“RTFM流量计”是一种测量设备,例如在Unix或PC主机上运行的程序,它可以观察传递的数据包,并为感兴趣的流建立“流数据记录”。
RTFM traffic flows have another important property - they are bi-directional. This means that each flow data record in the meter has two sets of counters, one for packets travelling from source to destination, the other for returning packets. Within the RTFM architecture such counters appear as further attributes of the flow.
RTFM流量还有另一个重要特性——它们是双向的。这意味着流量计中的每个流量数据记录有两组计数器,一组用于从源到目的地的数据包,另一组用于返回数据包。在RTFM体系结构中,此类计数器显示为流的进一步属性。
An RTFM meter must be configured by the user, which means creating a 'Ruleset' so as to specify which flows are to be measured, and how much information (i.e. which attributes) should be stored for each of them. A ruleset is effectively a program for a minimal virtual machine, the 'Packet Matching Engine (PME),' which is described in detail in [RTFM-ARC]. An RTFM meter may run multiple rule sets, with every passing packet being processed by each of the rulesets. The rule 'actions' in this document are described as though only a single ruleset were running.
RTFM流量计必须由用户配置,这意味着创建一个“规则集”,以便指定要测量的流量,以及每个流量应存储多少信息(即哪些属性)。规则集实际上是一个用于最小虚拟机的程序,即[RTFM-ARC]中详细描述的“数据包匹配引擎(PME)”。RTFM计量器可以运行多个规则集,每个传递的数据包都由每个规则集处理。本文档中的规则“操作”被描述为仅运行一个规则集。
In the past creating a ruleset has meant writing machine code for the PME, which has proved rather difficult to do. SRL provides a high-level language which should enable users to create effective rulesets without having to understand the details of the PME.
在过去,创建规则集意味着为PME编写机器代码,事实证明这相当困难。SRL提供了一种高级语言,使用户无需了解PME的详细信息即可创建有效的规则集。
The language may be useful in other applications, being suitable for any application area which involves selecting traffic flows from a stream of packets.
该语言可在其它应用中有用,适用于涉及从分组流中选择业务流的任何应用领域。
An SRL program is executed from the beginning for each new packet arriving at the meter. It has two essential goals.
对于到达仪表的每个新数据包,从一开始就执行SRL程序。它有两个基本目标。
(a) Decide whether the current packet is part of a flow which is of interest and, if necessary, determine its direction (i.e. decide which of its end-points is considered to be its source). Other packets will be ignored.
(a) 确定当前数据包是否是感兴趣的流的一部分,如有必要,确定其方向(即,确定其端点中的哪一个被视为其源)。其他数据包将被忽略。
(b) SAVE whatever information is required to identify the flow and accumulate (COUNT) quantitative information for that flow.
(b) 保存识别流程所需的任何信息,并累积(计数)该流程的定量信息。
At execution, the meter's Packet Matching Engine (PME) begins by using source and destination attributes as they appear 'on the wire.' If the attributes do not match those of a flow to be recorded, the PME will normally execute the program again, this time with the source and destination addresses interchanged. Because of this bi-directional matching, an RTFM meter is able to build up tables of flows with two sets of counters - one for forward packets, the other for backward packets. The programmer can, if required, suppress the reverse-direction matching and assign 'forward' and 'backward' directions which conform to the conventions of the external context.
在执行时,仪表的数据包匹配引擎(PME)首先使用“在线路上”显示的源和目标属性。如果属性与要记录的流的属性不匹配,PME通常会再次执行程序,这一次交换源和目标地址。由于这种双向匹配,RTFM流量计能够使用两组计数器建立流表——一组用于前向数据包,另一组用于后向数据包。如果需要,程序员可以抑制反向匹配,并指定符合外部上下文约定的“向前”和“向后”方向。
Goal (a) is achieved using IF statements which perform comparisons on information from the packet or from SRL variables. Goal (b) is achieved using one or more SAVE statements to store the flow's identification attributes; a COUNT statement then increments the statistical data accumulating for it.
目标(a)是使用IF语句实现的,该语句对来自数据包或SRL变量的信息执行比较。使用一个或多个SAVE语句存储流的标识属性来实现目标(b);然后,COUNT语句递增为其累积的统计数据。
2 SRL Language Description
2 SRL语言描述
The SRL language is explained below using 'railway diagrams' to describe the syntax. Flow through a diagram is from left to right. The only exception to this is that lines carrying a left arrow may only be traversed right to left. In the diagrams, keywords are written in capital letters; in practice an SRL compiler must be insensitive to case. Lower-case identifiers are explained in the text, or they refer to another diagram.
下面将使用“铁路图”来说明SRL语言的语法。通过图表的流程是从左到右的。唯一的例外是,带有左箭头的线只能从右向左移动。在图表中,关键字用大写字母书写;实际上,SRL编译器必须对大小写不敏感。小写标识符在文本中解释,或者它们参考另一个图表。
The tokens of an SRL program obey the following rules:
SRL程序的令牌遵守以下规则:
- Comments may appear on any line of an SRL program, following a # - White space is used to separate tokens - Semicolon is used as the terminator for most statements - Identifiers (e.g. for defines and labels) must start with a letter - Identifiers may contain letters, digits and underscores - The case of letters is not significant - Reserved words (shown in upper case in this document) may not be used as identifiers
- 注释可能出现在SRL程序的任何一行上,后跟一个#-空格用于分隔标记-分号用作大多数语句的终止符-标识符(例如用于定义和标签)必须以字母开头-标识符可能包含字母、数字和下划线-字母大小写不重要-保留字(本文件中以大写字母显示)不得用作标识符
--- DEFINE -- defname ---- = ---- defined_text ------------------ ;
--- DEFINE -- defname ---- = ---- defined_text ------------------ ;
Simple parameterless defines are supported via the syntax above. The define name, defname, is an identifier. The defined text starts after the equal sign, and continues up to (but not including) the
通过上述语法支持简单的无参数定义。定义名称defname是一个标识符。定义的文本从等号后开始,一直到(但不包括)等号
closing semicolon. If a semicolon is required within the defined text it must be preceded by a backslash, i.e. \; in an SRL define produces ; in the text.
结束分号。如果定义的文本中需要分号,则必须在分号前面加反斜杠,即\;在SRL中定义产品;在文本中。
Wherever defname appears elsewhere in the program, it will be replaced by the defined text.
无论defname出现在程序的其他位置,它都将被定义的文本替换。
For example,
例如
DEFINE ftp = (20, 21); # Well-known Port numbers from [ASG-NBR] DEFINE telnet = 23; DEFINE www = 80;
DEFINE ftp = (20, 21); # Well-known Port numbers from [ASG-NBR] DEFINE telnet = 23; DEFINE www = 80;
------------+-------+-------- Statement -------+-------+----------- | | | | | +------- Declaration ------+ | | | +---------------------<--------------------+
------------+-------+-------- Statement -------+-------+----------- | | | | | +------- Declaration ------+ | | | +---------------------<--------------------+
An SRL program is a sequence of statements or declarations. It does not have any special enclosing symbols. Statements and declarations terminate with a semicolon, except for compound statements, which terminate with a right brace.
SRL程序是一系列语句或声明。它没有任何特殊的封闭符号。语句和声明以分号结尾,复合语句除外,复合语句以右大括号结尾。
---------------------- Subroutine_declaration ---------------------
---------------------- Subroutine_declaration ---------------------
SRL's only explicit declaration is the subroutine declaration. Other implicit declarations are labels (declared where they appear in front of a statement) and subroutine parameters (declared in the subroutine header).
SRL唯一的显式声明是子例程声明。其他隐式声明包括标签(在语句前面声明)和子例程参数(在子例程标题中声明)。
3 Statement
3声明
----------------+---- IF_statement ----------------+--------------- | | +---- Compound_statement ----------+ | | +---- Imperative_statement --------+ | | +---- CALL_statement --------------+
----------------+---- IF_statement ----------------+--------------- | | +---- Compound_statement ----------+ | | +---- Imperative_statement --------+ | | +---- CALL_statement --------------+
An SRL program is a sequence of SRL statements. There are four kinds of statements, as follows.
SRL程序是一系列SRL语句。有四种陈述,如下所示。
Test Part Action Part ............. ...............
Test Part Action Part ............. ...............
--- IF --- expression ---+------------+---- Statement ----+---> | | | +-- SAVE , --+ | | | +-- SAVE ; ----------------------+
--- IF --- expression ---+------------+---- Statement ----+---> | | | +-- SAVE , --+ | | | +-- SAVE ; ----------------------+
>-----------+-----------------------------+----------------- | | +-----ELSE --- Statement -----+
>-----------+-----------------------------+----------------- | | +-----ELSE --- Statement -----+
-------- term --------+------------------------+------------------- | | +--<-- term ----- || ----+ logical OR
-------- term --------+------------------------+------------------- | | +--<-- term ----- || ----+ logical OR
------- factor -------+------------------------+------------------- | | +--<-- factor --- && ----+ logical AND
------- factor -------+------------------------+------------------- | | +--<-- factor --- && ----+ logical AND
------------+-------- attrib == operand_list --------+----------- | | +------------ ( expression ) --------------+
------------+-------- attrib == operand_list --------+----------- | | +------------ ( expression ) --------------+
----------+------------------ operand -----------------+----------- | | +-- ( operand ---+-------------------+-- ) --+ | | +-<-- operand , ---+
----------+------------------ operand -----------------+----------- | | +-- ( operand ---+-------------------+-- ) --+ | | +-<-- operand , ---+
------------- value ---------+----------------------+-------------- | | +------- / width ------+ | | +------- & mask -------+
------------- value ---------+----------------------+-------------- | | +------- / width ------+ | | +------- & mask -------+
The IF statement evaluates a logical expression. If the expression value is TRUE, the action indicated in the 'Action Part' of the diagram is executed. If the value is FALSE and the IF has an ELSE clause, that ELSE clause is executed (see below).
IF语句对逻辑表达式求值。如果表达式值为TRUE,则执行图的“操作部分”中指示的操作。如果该值为FALSE且If有一个ELSE子句,则执行该ELSE子句(见下文)。
The simplest form of expression is a test for equality (== operator); in this an RTFM attribute value (from the packet or from an SRL variable) is ANDed with a mask and compared with a value. A list of RTFM attributes is given in Appendix C. More complicated expressions may be built up using parentheses and the && (logical AND) and || (logical OR) operators.
最简单的表达式形式是等式测试(=运算符);在这种情况下,RTFM属性值(来自数据包或SRL变量)与掩码进行and运算,并与值进行比较。RTFM属性列表见附录C。更复杂的表达式可使用括号和&(逻辑and)和| |(逻辑OR)运算符构建。
Operand values may be specified as dotted decimal, hexadecimal or as a character constant (enclosed in apostrophes). The syntax for operand values is given in Appendix B.
操作数值可以指定为点十进制、十六进制或字符常量(用撇号括起来)。操作数值的语法见附录B。
Masks may be specified as numbers, dotted decimal e.g. &255.255 or hexadecimal e.g. &FF-FF or as a width in bits e.g. /16
掩码可以指定为数字、点十进制(例如&255.255)或十六进制(例如&FF-FF)或位宽度(例如/16)
If a mask is not specified, an all-ones mask is used.
如果未指定掩码,则使用“全一”掩码。
In SRL a value is always combined with a mask; this combination is referred to as an operand. For example, if we were interested in flows originating from IP network 130.216, we might write:
在SRL中,值始终与掩码组合;这种组合称为操作数。例如,如果我们对源自IP网络130.216的流感兴趣,我们可能会写:
IF SourcePeerAddress == 130.216.0.0 & 255.255.0.0 SAVE;
IF SourcePeerAddress == 130.216.0.0 & 255.255.0.0 SAVE;
or equivalently
或同等地
IF SourcePeerAddress == 130.216/16 SAVE;
IF SourcePeerAddress == 130.216/16 SAVE;
A list of values enclosed in parentheses may also be specified; the test succeeds if the masked attribute equals any of the values in the list. For example:
还可以指定括号内的值列表;如果蒙版属性等于列表中的任何值,则测试成功。例如:
IF SourcePeerAddress == ( 130.216.7/24, 130.216.34/24 ) SAVE;
IF SourcePeerAddress == ( 130.216.7/24, 130.216.34/24 ) SAVE;
As this last example indicates, values are right-padded with zeroes, i.e. the given numbers specify the leading bytes of masks and values.
如最后一个示例所示,值用零右填充,即给定的数字指定掩码和值的前导字节。
The operand values and masks used in an IF statement must be consistent with the attribute being tested. For example, a four-byte value is acceptable as a peer address, but would not be accepted as a transport address (which may not be longer than two bytes).
IF语句中使用的操作数值和掩码必须与测试的属性一致。例如,四字节值可以作为对等地址,但不能作为传输地址(长度可能不超过两个字节)。
A SAVE action (i.e. SAVE , or SAVE ;) saves attribute(s), mask(s) and value(s) as given in the statement. If the IF expression tests more than one attribute, the masks and values are saved for all the matched attributes. For each value_list in the statement the value saved is the one which the packet actually matched. See below for further description of SAVE statements.
保存操作(即SAVE或SAVE;)保存语句中给定的属性、掩码和值。如果If表达式测试多个属性,则会保存所有匹配属性的掩码和值。对于语句中的每个值列表,保存的值就是数据包实际匹配的值。有关SAVE语句的详细说明,请参见下文。
Other actions are described in detail under "Imperative statements" below. Note that the RETURN action is valid only within subroutines.
下面的“命令性声明”详细描述了其他操作。请注意,返回操作仅在子例程中有效。
An ELSE Clause provides a statement which will be executed if the IF's test fails. The statement following ELSE will often be another IF statement, providing SRL's version of a 'select' statement. Note that an ELSE clause always matches the immediately preceding IF.
ELSE子句提供一条语句,如果if的测试失败,将执行该语句。ELSE后面的语句通常是另一个IF语句,提供SRL版本的“select”语句。请注意,ELSE子句始终与前面的IF匹配。
-------+-------------+----- { ---+---- Statement ----+--- } ------- | | | | +-- label : --+ +--------<----------+
-------+-------------+----- { ---+---- Statement ----+--- } ------- | | | | +-- label : --+ +--------<----------+
A compound statement is a sequence of statements enclosed in braces. Each statement will terminate with a semicolon, unless it is another compound statement (which terminates with a right brace).
复合语句是用大括号括起来的一系列语句。每个语句将以分号结尾,除非它是另一个复合语句(以右大括号结尾)。
A compound statement may be labelled, i.e. preceded by an identifier followed by a semi-colon. Each statement inside the braces is executed in sequence unless an EXIT statement is performed, as explained below.
复合语句可以加上标签,即前面是标识符,后面是分号。除非执行EXIT语句,否则大括号内的每个语句都会按顺序执行,如下所述。
Labels have a well-defined scope, within which they must be unique. Labels within a subroutine (i.e. between a SUBROUTINE and its matching ENDSUB) are local to that subroutine and are not visible outside it. Labels outside subroutines are part of a program's outer block.
标签有一个定义良好的范围,在这个范围内它们必须是唯一的。子例程内的标签(即子例程与其匹配的ENDSUB之间)是该子例程的本地标签,在该子例程外不可见。子例程外部的标签是程序外部块的一部分。
------+---------------------------------------------------+------ ; | | +-- SAVE attrib --+--+-----------+--+---------------+ | | | | | | | | +- / width -+ | | | | | | | | | | +- & mask --+ | | | | | | | +--- = operand ---+ | | | +-- COUNT ------------------------------------------+ | | +-- EXIT label ------------------------------------+ | | +-- IGNORE -----------------------------------------+ | | +-- NOMATCH ----------------------------------------+ | | +-- RETURN --+-------+------------------------------+ | | | | | +-- n --+ | | | +-- STORE variable := value ------------------------+
------+---------------------------------------------------+------ ; | | +-- SAVE attrib --+--+-----------+--+---------------+ | | | | | | | | +- / width -+ | | | | | | | | | | +- & mask --+ | | | | | | | +--- = operand ---+ | | | +-- COUNT ------------------------------------------+ | | +-- EXIT label ------------------------------------+ | | +-- IGNORE -----------------------------------------+ | | +-- NOMATCH ----------------------------------------+ | | +-- RETURN --+-------+------------------------------+ | | | | | +-- n --+ | | | +-- STORE variable := value ------------------------+
The SAVE statement saves information which will (later) identify the flow in the meter's flow table. It does not actually record anything in the table; this is done when a subsequent COUNT statement executes.
SAVE语句保存(稍后)在流量计流量表中识别流量的信息。它实际上没有在表中记录任何内容;这是在执行后续COUNT语句时完成的。
SAVE has two possible forms:
SAVE有两种可能的形式:
SAVE attrib = operand ; saves the attribute, mask and value as given in the statement. This form of the SAVE statement is similar to that allowed in an IF statement, except that - since imperative statements do not perform a test - you may save an arbitrary value.
SAVE attrib=操作数;保存语句中给定的属性、掩码和值。这种形式的SAVE语句类似于IF语句中允许的形式,不同之处在于——由于命令式语句不执行测试——您可以保存任意值。
SAVE attrib ; SAVE attrib / width ; SAVE attrib & mask ; saves the attribute and mask from the statement, and the value resulting from their application to the current packet. This is most useful when used to save a value with a wider mask than than was used to select the packet. For example:
SAVE attrib ; SAVE attrib / width ; SAVE attrib & mask ; saves the attribute and mask from the statement, and the value resulting from their application to the current packet. This is most useful when used to save a value with a wider mask than than was used to select the packet. For example:
IF DestPeerAddress == 130.216/16 NOMATCH; ELSE IF SourcePeerAddress == 130.216/16 { SAVE SourcePeerAddress /24; COUNT; } ELSE IGNORE;
IF DestPeerAddress == 130.216/16 NOMATCH; ELSE IF SourcePeerAddress == 130.216/16 { SAVE SourcePeerAddress /24; COUNT; } ELSE IGNORE;
The COUNT statement appears after all testing and saving is complete; it instructs the PME to build the flow identifier from the attributes which have been SAVEd, find it in the meter's flow table (creating a new entry if this is the first packet observed for the flow), and increment its counters. The meter then moves on to examine the next incoming packet.
所有测试和保存完成后出现COUNT语句;它指示PME根据已保存的属性构建流标识符,在流量计的流表中找到它(如果这是观察到的流的第一个数据包,则创建一个新条目),并增加其计数器。然后,仪表继续检查下一个传入的数据包。
The EXIT statement exits a labelled compound statement. The next statement to be executed will be the one following that compound statement. This provides a well-defined way to jump to a clearly identified point in a program. For example:
EXIT语句退出带标签的复合语句。下一个要执行的语句将是该复合语句后面的语句。这提供了一种定义良好的方法,可以跳转到程序中明确标识的点。例如:
outer: { ... if SourcePeerAddress == 192.168/16 exit outer; # exits the statement labelled 'outer' ... } # execution resumes here
outer: { ... if SourcePeerAddress == 192.168/16 exit outer; # exits the statement labelled 'outer' ... } # execution resumes here
In practice the language provides sufficient logical structure that one seldom - if ever - needs to use the EXIT statement.
在实践中,该语言提供了足够的逻辑结构,很少(如果有的话)需要使用EXIT语句。
The IGNORE statement terminates examination of the current packet without saving any information from it. The meter then moves on to examine the next incoming packet, beginning again at the first statement of its program.
IGNORE语句终止对当前数据包的检查,而不保存其中的任何信息。然后,仪表继续检查下一个传入的数据包,再次从其程序的第一个语句开始。
The NOMATCH statement indicates that matching has failed for this execution of the program. If it is executed when a packet is being processed with its addresses in 'on the wire' order, the PME will
NOMATCH语句表示此程序执行的匹配失败。如果在处理数据包时以“在线”顺序处理其地址,则PME将
perform the program again from the beginning with source and destination addresses interchanged. If it is executed following such an interchange, the packet will be IGNOREd.
在源地址和目标地址互换的情况下,从头开始重新执行程序。如果在这种交换之后执行,则该数据包将被忽略。
NOMATCH is illustrated in the SAVE example (section 3.3.1), where it is used to ensure that flows having 130.216/16 as an end-point are counted as though 130.216 had been those flows' source peer (IP) address.
NOMATCH在SAVE示例(第3.3.1节)中进行了说明,其中它用于确保将130.216/16作为端点的流计算在内,就像130.216是这些流的源对等(IP)地址一样。
The STORE statement assigns a value to an SRL variable and SAVEs it. There are six SRL variables:
STORE语句为SRL变量赋值并保存。有六个SRL变量:
SourceClass SourceKind DestClass DestKind FlowClass FlowKind
SourceClass SourceKind DestClass DestKind FlowClass FlowKind
Their names have no particular significance; they were arbitrarily chosen as likely RTFM attributes but can be used to store any single-byte integer values. Their values are set to zero each time examination of a new packet begins. For example:
他们的名字没有特别的意义;它们被任意选择为可能的RTFM属性,但可用于存储任何单字节整数值。每次开始检查新数据包时,它们的值都设置为零。例如:
STORE SourceClass := 3; STORE FlowKind := 'W'
STORE SourceClass := 3; STORE FlowKind := 'W'
The RETURN statement is used to return from subroutines and can be used only within the context of a subroutine. It is described in detail below (CALL statement).
RETURN语句用于从子例程返回,并且只能在子例程的上下文中使用。下面详细描述(调用语句)。
-- SUBROUTINE subname ( --+-----------------------------+-- ) --> | | +--+-- ADDRESS --- pname --+--+ | | +-- VARIABLE -- pname --+ | | +------<------- , ------+
-- SUBROUTINE subname ( --+-----------------------------+-- ) --> | | +--+-- ADDRESS --- pname --+--+ | | +-- VARIABLE -- pname --+ | | +------<------- , ------+
>------+-------- Statement ---------+----- ENDSUB -------- ; | | +-------------<--------------+
>------+-------- Statement ---------+----- ENDSUB -------- ; | | +-------------<--------------+
A Subroutine declaration has three parts:
子例程声明有三个部分:
the subname is an identifier, used to name the subroutine.
子名称是一个标识符,用于命名子例程。
the parameter list specifies the subroutine's parameters. Each parameter is preceded with a keyword indicating its type - VARIABLE indicates an SRL variable (see the STORE statement above), ADDRESS indicates any other RTFM attribute. A parameter name may be any identifier, and its scope is limited to the subroutine's body.
参数列表指定子例程的参数。每个参数前面都有一个表示其类型的关键字-VARIABLE表示SRL变量(参见上面的STORE语句),ADDRESS表示任何其他RTFM属性。参数名可以是任何标识符,其范围仅限于子例程的主体。
the body specifies what processing the subroutine will perform. This is simply a sequence of Statements, terminated by the ENDSUB keyword.
主体指定子例程将执行的处理。这只是一个语句序列,以ENDSUB关键字结尾。
Note that EXITs in a subroutine may not refer to labels outside it. The only way to leave a subroutine is via a RETURN statement.
请注意,子例程中的出口可能不会引用它外部的标签。离开子例程的唯一方法是通过RETURN语句。
---- CALL subname ( --+---------------------+-- ) ----> | | +--+-- parameter --+--+ | | +----<--- , ----+
---- CALL subname ( --+---------------------+-- ) ----> | | +--+-- parameter --+--+ | | +----<--- , ----+
>---+-------------------------------------+--- ENDCALL ---- ; | | +---+--+-- n : --+--- Statement --+---+ | | | | | +----<----+ | | | +--------------<--------------+
>---+-------------------------------------+--- ENDCALL ---- ; | | +---+--+-- n : --+--- Statement --+---+ | | | | | +----<----+ | | | +--------------<--------------+
The CALL statement invokes an SRL subroutine. The parameters are SRL variables or other RTFM attributes, and their types must match those in the subroutine declaration. Following the parameters is a sequence of statements, each preceded by an integer label. These labels will normally be 1:, 2:, 3:, etc, but they do not have to be contiguous, nor in any particular order. They are referred to in RETURN statements within the subroutine body.
CALL语句调用SRL子例程。参数是SRL变量或其他RTFM属性,其类型必须与子例程声明中的类型匹配。参数后面是一系列语句,每个语句前面都有一个整数标签。这些标签通常为1:、2:、3:,等等,但它们不必是连续的,也不必按任何特定顺序排列。它们在子程序体中的返回语句中引用。
e.g. RETURN 2; would return to the statement labelled 2: within in the CALL statement.
e、 g.返回2;将返回CALL语句中标记为2:INTERNAIN的语句。
Execution of the labelled statement completes the CALL.
执行标记语句完成调用。
If the return statement does not specify a return label, the first statement executed after RETURN will be the statement immediately following ENDCALL.
如果return语句没有指定return标签,则return之后执行的第一条语句将是ENDCALL后面的语句。
4 Example Programs
4个示例程序
# # Classify IP port numbers # define IPv4 = 1; # Address Family number from [ASG-NBR] # define ftp = (20, 21); # Well-Known Port numbers from [ASG-NBR] define telnet = 23; define www = 80; # define tcp = 6; # Protocol numbers from [ASG-NBR] define udp = 17; # if SourcePeerType == IPv4 save; else ignore; # Not an IPv4 packet # if (SourceTransType == tcp || SourceTransType == udp) save, { if SourceTransAddress == (www, ftp, telnet) nomatch; # We want the well-known port as Dest # if DestTransAddress == telnet save, store FlowKind := 'T'; else if DestTransAddress == www save, store FlowKind := 'W'; else if DestTransAddress == ftp save, store FlowKind := 'F'; else { save DestTransAddress; store FlowKind := '?'; } } else save SourceTransType = 0; # save SourcePeerAddress /32; save DestPeerAddress /32; count; #
# # Classify IP port numbers # define IPv4 = 1; # Address Family number from [ASG-NBR] # define ftp = (20, 21); # Well-Known Port numbers from [ASG-NBR] define telnet = 23; define www = 80; # define tcp = 6; # Protocol numbers from [ASG-NBR] define udp = 17; # if SourcePeerType == IPv4 save; else ignore; # Not an IPv4 packet # if (SourceTransType == tcp || SourceTransType == udp) save, { if SourceTransAddress == (www, ftp, telnet) nomatch; # We want the well-known port as Dest # if DestTransAddress == telnet save, store FlowKind := 'T'; else if DestTransAddress == www save, store FlowKind := 'W'; else if DestTransAddress == ftp save, store FlowKind := 'F'; else { save DestTransAddress; store FlowKind := '?'; } } else save SourceTransType = 0; # save SourcePeerAddress /32; save DestPeerAddress /32; count; #
This program counts only IP packets, saving SourceTransType (tcp, udp or 0), Source- and DestPeerAddress (32-bit IP addresses) and FlowKind ('W' for www, 'F' for ftp, 'T' for telnet, '?' for unclassified). The program uses a NOMATCH action to specify the packet direction - its resulting flows will have the well-known ports as their destination.
此程序仅统计IP数据包,保存SourceTransType(tcp、udp或0)、Source和DestPeeradAddress(32位IP地址)以及FlowKind(“W”表示www,“F”表示ftp,“T”表示telnet,“T”表示未分类”)。该程序使用NOMATCH操作来指定数据包的方向——其结果流将以众所周知的端口作为其目的地。
# # SRL program to classify traffic into network groups # define my_net = 130.216/16; define k_nets = ( 130.217/16, 130.123/16, 130.195/16, 132.181/16, 138.75/16, 139.80/16 ); # call net_kind (SourcePeerAddress, SourceKind) endcall; call net_kind (DestPeerAddress, DestKind) endcall; count; # subroutine net_kind (address addr, variable net) if addr == my_net save, { store net := 10; return 1; } else if addr == k_nets save, { store net := 20; return 2; } save addr/24; # Not my_net or in k_nets store net := 30; return 3; endsub; #
# # SRL program to classify traffic into network groups # define my_net = 130.216/16; define k_nets = ( 130.217/16, 130.123/16, 130.195/16, 132.181/16, 138.75/16, 139.80/16 ); # call net_kind (SourcePeerAddress, SourceKind) endcall; call net_kind (DestPeerAddress, DestKind) endcall; count; # subroutine net_kind (address addr, variable net) if addr == my_net save, { store net := 10; return 1; } else if addr == k_nets save, { store net := 20; return 2; } save addr/24; # Not my_net or in k_nets store net := 30; return 3; endsub; #
The net_kind subroutine determines whether addr is my network (130.216), one of the Kawaihiko networks (in the k_nets list), or some other network. It saves the network address from addr (16 bits for my_net and the k_net networks, 24 bits for others), stores a value of 10, 20 or 30 in net, and returns to 1:, 2: or 3:. Note that the network numbers used are contained within the two DEFINEs, making them easy to change.
net_kind子例程确定addr是我的网络(130.216)、Kawaihiko网络之一(在k_网络列表中)还是其他网络。它从addr保存网络地址(对于my_net和k_net网络为16位,对于其他网络为24位),在net中存储10、20或30的值,并返回到1:、2:或3:。请注意,使用的网络号包含在两个定义中,便于更改。
net_kind is called twice, saving Source- and DestPeerAddress and Source- and DestKind; the COUNT statement produces flows identified by these four RTFM attributes, with no particular source-dest ordering.
net_kind被调用两次,以节省源代码-和destPeeradAddress以及源代码-和DestKind;COUNT语句生成由这四个RTFM属性标识的流,没有特定的源dest顺序。
In the program no use is made of return numbers and they could have been omitted. However, we might wish to re-use the subroutine in another program doing different things for different return numbers, as in the version below.
在这个程序中,没有使用返回号,它们可以被省略。但是,我们可能希望在另一个程序中重复使用该子例程,对不同的返回号执行不同的操作,如下所示。
call net_kind (DestPeerAddress, DestKind) 1: nomatch; # We want my_net as source endcall; call net_kind (SourcePeerAddress, SourceKind) 1: count; # my_net -> other networks endcall; save SourcePeerAddress /24; save DestPeerAddress /24; count;
call net_kind (DestPeerAddress, DestKind) 1: nomatch; # We want my_net as source endcall; call net_kind (SourcePeerAddress, SourceKind) 1: count; # my_net -> other networks endcall; save SourcePeerAddress /24; save DestPeerAddress /24; count;
This version uses a NOMATCH statement to ensure that its resulting flows have my_net as their source. The NOMATCH also rejects my_net -> my_net traffic. Traffic which doesn't have my_net as source or destination saves 24 bits of its peer addresses (the subroutine might only have saved 16) before counting such an unusual flow.
这个版本使用NOMATCH语句来确保其结果流的源是my_net。NOMATCH还拒绝my_net->my_net流量。没有my_net作为源或目标的流量在计算这种异常流量之前会保存其对等地址的24位(子例程可能只保存了16位)。
5 Security Considerations
5安全考虑
SRL is a language for creating rulesets (i.e. configuration files) for RTFM Traffic Meters - it does not present any security issues in itself.
SRL是一种为RTFM流量表创建规则集(即配置文件)的语言-它本身不存在任何安全问题。
On the other hand, flow data gathered using such rulesets may well be valuable. It is therefore important to take proper precautions to ensure that access to the meter and its data is secure. Ways to achieve this are discussed in detail in the Architecture and Meter MIB documents [RTFM-ARC, RTFM-MIB].
另一方面,使用此类规则集收集的流数据可能很有价值。因此,必须采取适当的预防措施,以确保对电表及其数据的访问是安全的。体系结构和仪表MIB文档[RTFM-ARC,RTFM-MIB]详细讨论了实现这一点的方法。
6 IANA Considerations
6 IANA考虑因素
Appendix C below lists the RTFM attributes by name. Since SRL only refers to attributes by name, SRL users do not have to know the attribute numbers.
下面的附录C按名称列出了RTFM属性。由于SRL仅按名称引用属性,因此SRL用户不必知道属性编号。
The size (in bytes) of the various attribute values is also listed in Appendix C. These sizes reflect the object sizes for the attribute values as they are stored in the RTFM Meter MIB [RTFM-MIB].
附录C中还列出了各种属性值的大小(字节)。这些大小反映了属性值的对象大小,因为它们存储在RTFM仪表MIB[RTFM-MIB]中。
IANA considerations for allocating new attributes are discussed in detail in the RTFM Architecture document [RTFM-ARC].
分配新属性的IANA注意事项在RTFM体系结构文档[RTFM-ARC]中进行了详细讨论。
7 APPENDICES
7附录
<SRL program> ::= <S or D> | <SRL program> <S or D>
<SRL program> ::= <S or D> | <SRL program> <S or D>
<S or D> ::= <statement> | <declaration>
<S or D> ::= <statement> | <declaration>
<declaration> ::= <Subroutine declaration>
<declaration> ::= <Subroutine declaration>
<statement> ::= <IF statement> | <Compound statement> | <Imperative statement> | <CALL statement>
<statement> ::= <IF statement> | <Compound statement> | <Imperative statement> | <CALL statement>
<IF statement> ::= IF <expression> <if action> <opt else>
<IF statement> ::= IF <expression> <if action> <opt else>
<if action> ::= SAVE ; | SAVE , <statement> | <statement>
<if action> ::= SAVE ; | SAVE , <statement> | <statement>
<opt else> ::= <null> | ELSE <statement>
<opt else> ::= <null> | ELSE <statement>
<expression> ::= <term> | <term> || <term>
<expression> ::= <term> | <term> || <term>
<term> ::= <factor> | <factor> && <factor>
<term> ::= <factor> | <factor> && <factor>
<factor> ::= <attribute> == <operand list> | ( <expression> )
<factor> ::= <attribute> == <operand list> | ( <expression> )
<operand list> ::= <operand> | ( <actual operand list> )
<operand list> ::= <operand> | ( <actual operand list> )
<actual operand list> ::= <operand> | <actual operand list> , <operand>
<actual operand list> ::= <operand> | <actual operand list> , <operand>
<operand> ::= <value> | <value> / <width> | <value> & <mask>
<operand> ::= <value> | <value> / <width> | <value> & <mask>
<Compound statement> ::= <opt label> { <statement seq> }
<Compound statement> ::= <opt label> { <statement seq> }
<opt label> ::= <null> | <identifier> :
<opt label> ::= <null> | <identifier> :
<statement seq> ::= <statement> | <statement seq> <statement>
<statement seq> ::= <statement> | <statement seq> <statement>
<Imperative statement> ::= ; |
<Imperative statement> ::= ; |
SAVE <attribute> <opt operand> ; | COUNT ; | EXIT <label> ; | IGNORE ; | NOMATCH ; | RETURN <integer> ; | RETURN ; | STORE <variable> := <value> ;
SAVE <attribute> <opt operand> ; | COUNT ; | EXIT <label> ; | IGNORE ; | NOMATCH ; | RETURN <integer> ; | RETURN ; | STORE <variable> := <value> ;
<opt operand> ::= <null> | <width or mask> | = <operand>
<opt operand> ::= <null> | <width or mask> | = <operand>
<width or mask> ::= / <width> | & <mask>
<width or mask> ::= / <width> | & <mask>
<Subroutine declaration> ::= SUBROUTINE <sub header> <sub body> ENDSUB ;
<Subroutine declaration> ::= SUBROUTINE <sub header> <sub body> ENDSUB ;
<sub header> ::= <subname> ( ) | <subname> ( <sub param list> )
<sub header> ::= <subname> ( ) | <subname> ( <sub param list> )
<sub param list> ::= <sub param> | <sub param list> , <sub param>
<sub param list> ::= <sub param> | <sub param list> , <sub param>
<sub param> ::= ADDRESS <pname> | VARIABLE <pname>
<sub param> ::= ADDRESS <pname> | VARIABLE <pname>
<pname> ::= <identifier>
<pname> ::= <identifier>
<sub body> ::= <statement sequence>
<sub body> ::= <statement sequence>
<CALL statement> ::= CALL <call header> <opt call body> ENDCALL ;
<CALL statement> ::= CALL <call header> <opt call body> ENDCALL ;
<call header> ::= <subname> ( ) | <subname> ( <call param list> )
<call header> ::= <subname> ( ) | <subname> ( <call param list> )
<call param list> ::= <call param> | <call param list> , <call param>
<call param list> ::= <call param> | <call param list> , <call param>
<call param> ::= <attribute> | <variable>
<call param> ::= <attribute> | <variable>
<opt call body> ::= <null> | <actual call body>
<opt call body> ::= <null> | <actual call body>
<actual call body> ::= <numbered statement> | <actual call body> <numbered statement>
<actual call body> ::= <numbered statement> | <actual call body> <numbered statement>
<numbered statement> ::= <int label seq> <statement>
<numbered statement> ::= <int label seq> <statement>
<int label seq> ::= <integer> : | <int label seq> <integer> :
<int label seq> ::= <integer> : | <int label seq> <integer> :
The following are terminals, recognised by the scanner:
以下是扫描仪识别的终端:
<identifier> Described in section 2 <integer> A decimal integer
<identifier> Described in section 2 <integer> A decimal integer
<attribute> Attribute name, as listed in Appendix C
<attribute>属性名称,如附录C所列
<value>, <mask> Described in section 5.2
<value>, <mask> Described in section 5.2
<width> ::= <integer> <label> ::= <identifier>
<width> ::= <integer> <label> ::= <identifier>
<variable> ::= SourceClass | DestClass | FlowClass | SourceKind | DestKind | FlowKind
<variable> ::= SourceClass | DestClass | FlowClass | SourceKind | DestKind | FlowKind
Values and masks consist of sequences of numeric fields, each of one or more bytes. The non-blank character following a field indicates the field width, and whether the number is decimal or hexadecimal. These 'field type' characters may be:
值和掩码由一个或多个字节的数字字段序列组成。字段后面的非空字符表示字段宽度,以及数字是十进制还是十六进制。这些“字段类型”字符可以是:
. period decimal, single byte - minus hex, single byte ! exclaim decimal, two bytes
. 句点十进制,单字节-减去十六进制,单字节!感叹号十进制,两个字节
For example, 130.216.0.0 is an IP address (in dotted decimal), and FF-FF-00-00 is an IP address in hexadecimal.
例如,130.216.0.0是IP地址(以点十进制表示),FF-FF-00-00是十六进制表示的IP地址。
The last field of a value or mask has no field width character. Instead it takes the same width as the preceding field. For example, 1.3.10!50 and 1.3.0.10.0.50 are two different ways to specify the same value.
值或掩码的最后一个字段没有字段宽度字符。相反,它的宽度与前面的字段相同。例如,1.3.10!50和1.3.0.10.0.50是指定相同值的两种不同方式。
Unspecified fields (at the right-hand side of a value or mask) are set to zero, i.e. 130.216 is the same as 130.216.0.0.
未指定字段(在值或掩码的右侧)设置为零,即130.216与130.216.0.0相同。
If only a single field is specified (no field width character), the value given fills the whole field. For example, 23 and 0.23 specify the same value for a SourceTransAddress operand. For variables (which have one-byte values) a C-style character constant may also be used.
如果只指定了一个字段(没有字段宽度字符),则给定的值将填充整个字段。例如,23和0.23为SourceTransAddress操作数指定相同的值。对于变量(具有一个字节的值),也可以使用C样式的字符常量。
IPv6 addresses and masks may also be used, following the conventions set out in the IP Version 6 Addressing Architecture RFC [V6-ADR].
也可以使用IPv6地址和掩码,遵循IP版本6寻址体系结构RFC[V6-ADR]中规定的约定。
The following attributes may be tested in an IF statement, and their values may be SAVEd (except for MatchingStoD). Their maximum size (in bytes) is shown to the left, and a brief description is given for each. The names given here are reserved words in SRL (they are <attribute> terminals in the grammar given in Appendix A).
可以在IF语句中测试以下属性,并保存它们的值(MatchingStoD除外)。它们的最大大小(以字节为单位)显示在左侧,并对每种大小进行了简要说明。这里给出的名称是SRL中的保留字(它们是附录A中给出的语法中的<attribute>终端)。
Note that this table gives only a very brief summary. The Meter MIB [RTFM-MIB] provides the definitive specification of attributes and their allowed values. The MIB variables which represent flow attributes have 'flowData' prepended to their names to indicate that they belong to the MIB's flowData table.
请注意,此表仅给出了一个非常简短的摘要。Meter MIB[RTFM-MIB]提供了属性及其允许值的最终规范。表示流属性的MIB变量的名称前面有“flowData”,表示它们属于MIB的flowData表。
1 SourceInterface, DestInterface Interface(s) on which the flow was observed
1个SourceInterface,在其上观察到流的DestinInterface接口
1 SourceAdjacentType, DestAdjacentType Indicates the interface type(s), i.e. an ifType from [ASG-NBR], or an Address Family Number (if metering within a tunnel)
1 SourceAdjacentType、DestAdjacentType表示接口类型,即来自[ASG-NBR]的ifType或地址族编号(如果在隧道内计量)
0 SourceAdjacentAddress, DestAdjacentAddress For IEEE 802.x interfaces, the MAC addresses for the flow
0 SourceAdjaceAddress,IEEE 802.x接口的DestAdjaceAddress,流的MAC地址
1 SourcePeerType, DestPeerType Peer protocol types, i.e. Address Family Number from [ASG-NBR], such as IPv4, Novell, Ethertalk, ..
1 SourcePeerType、DestPeerType对等协议类型,即[ASG-NBR]中的地址系列号,如IPv4、Novell、Ethertalk等。。
0 SourcePeerAddress, DestPeerAddress Peer Addresses (size varies, e.g. 4 for IPv4, 3 for Ethertalk))
0 SourcePeeradAddress、DestPeeradAddress对等地址(大小不同,例如IPv4为4,Ethertalk为3))
1 SourceTransType, DestTransType Transport layer type, i.e. Protocol Number from [ASG-NBR] such as tcp(6), udp(17), ospf(89), ..
1 SourceTransType、DestTransType传输层类型,即来自[ASG-NBR]的协议编号,如tcp(6)、udp(17)、ospf(89)。。
2 SourceTransAddress, DestTransAddress Transport layer addresses (e.g. port numbers for TCP and UDP)
2个SourceTransAddress、DestTransAddress传输层地址(例如TCP和UDP的端口号)
1 FlowRuleset Rule set number for the flow
1流的FlowRuleset规则集编号
1 MatchingStoD Indicates whether the packet is being matched with its addresses in 'wire order.' See [RTFM-ARC] for details.
1 MatchingStoD表示数据包是否与“线路顺序”中的地址匹配。有关详细信息,请参阅[RTFM-ARC]。
The following variables may be tested in an IF, and their values may be set by a STORE. They all have one-byte values.
以下变量可在IF中测试,其值可由存储设置。它们都有一个字节的值。
SourceClass, DestClass, FlowClass, SourceKind, DestKind, FlowKind
SourceClass,DestClass,FlowClass,SourceKind,DestKind,FlowKind
The following RTFM attributes are not address attributes - they are measured attributes of a flow. Their values may be read from an RTFM meter. (For example, NeTraMet uses a FORMAT statement to specify which attribute values are to be read from the meter.)
以下RTFM属性不是地址属性-它们是流的测量属性。它们的值可以从RTFM仪表中读取。(例如,NeTraMet使用FORMAT语句指定要从仪表读取的属性值。)
8 ToOctets, FromOctets Total number of octets seen for each direction of the flow
8 ToOctets,FromOctets每个流向看到的八位字节总数
8 ToPDUs, FromPDUs Total number of PDUs seen for each direction of the flow
8 ToPDUs,从PDU到每个流向的PDU总数
4 FirstTime, LastActiveTime Time (in centiseconds) that first and last PDUs were seen for the flow
4 FirstTime、LastActiveTime为流看到第一个和最后一个PDU的时间(以厘米为单位)
Other attributes will be defined by the RTFM working group from time to time.
RTFM工作组将不时定义其他属性。
8 Acknowledgments
8致谢
The SRL language is part of the RTFM Working Group's efforts to make the RTFM traffic measurement system easier to use. Initial work on the language was done by Cyndi Mills and Brad Frazee in Boston. SRL was developed in Auckland; it was greatly assisted by detailed discussion with John White and Russell Fulton. Discussion has continued on the RTFM and NeTraMet mailing lists.
SRL语言是RTFM工作组努力使RTFM交通测量系统更易于使用的一部分。波士顿的辛迪·米尔斯(Cyndi Mills)和布拉德·弗雷泽(Brad Frazee)对该语言进行了初步研究。SRL是在奥克兰开发的;与约翰·怀特和罗素·富尔顿的详细讨论极大地帮助了这一进程。关于RTFM和NeTraMet邮件列表的讨论仍在继续。
9 References
9参考文献
[ASG-NBR] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700, October 1994.
[ASG-NBR]Reynolds,J.和J.Postel,“指定编号”,标准2,RFC 1700,1994年10月。
[NETRAMET] Brownlee, N., NeTraMet home page, http://www.auckland.ac.nz/net/NeTraMet
[NETRAMET] Brownlee, N., NeTraMet home page, http://www.auckland.ac.nz/net/NeTraMet
[RTFM-ARC] Brownlee, N., Mills, C. and G. Ruth, "Traffic Flow Measurement: Architecture", RFC 2722, October 1999.
[RTFM-ARC]Brownlee,N.,Mills,C.和G.Ruth,“交通流测量:架构”,RFC2721999年10月。
[RTFM-MIB] Brownlee, N., "Traffic Flow Measurement: Meter MIB", RFC 2720, October 1999.
[RTFM-MIB]北布朗利,“交通流量测量:米MIB”,RFC2720,1999年10月。
[V6-ADDR] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture," RFC 2373, July 1998.
[V6-ADDR]Hinden,R.和S.Deering,“IP版本6寻址体系结构”,RFC 2373,1998年7月。
10 Author's Address
10作者地址
Nevil Brownlee Information Technology Systems & Services The University of Auckland Private Bag 92-019 Auckland, New Zealand
NevelBrnnLee信息技术系统与服务奥克兰大学奥克兰私人包92-019,新西兰
Phone: +64 9 373 7599 x8941 EMail: n.brownlee@auckland.ac.nz
Phone: +64 9 373 7599 x8941 EMail: n.brownlee@auckland.ac.nz
11 Full Copyright Statement
11完整版权声明
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。