Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Runtime Regexp Generation

by l2kashe (Deacon)
on Apr 14, 2003 at 18:35 UTC ( [id://250370]=note: print w/replies, xml ) Need Help??


in reply to Runtime Regexp Generation

Personal preference is when regexen get this large to either A) build them in steps, or B) use something else.. here is a basic filter using basic logic and tests... 
#!/usr/bin/perl

push(@foo, 
   '1 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 80 [SYN]',
   '2 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 113 [SYN]',
   '3 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 123 [SYN]',
   '4 120 2.3.4.5 -> 5.4.3.2 ICMP ? > ? echo (ping) reply',
   '5 120 2.3.4.5 -> 5.4.3.2 ICMP ? > ? echo (ping) request',
   '6 120 2.3.4.5 -> 5.4.3.2 ICMP ? > ? echo (ping) reply',
   '7 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 562 [RST]',
   '8 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 36 [RST]',
   '9 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 90 [RST]',
);

# assume that when split the fields are as follows..
#line  = '0';
#size  = '1';
#src   = '2';
#dest  = '4';
#proto = '5';
#port  = '8';

# here is what we will test on.. this could be altered to be
# collected via flags, shifted off of ARGV, or passed as 
# params to a CGI easily...
print "proto: ";
chomp(my $i_proto=<>);

print "port: ";
chomp(my $i_port=<>);

# loop over our data set, this could just as easily be a 
# socket or filehandle.. 
for ( @foo ) {

   my @line = split(/\s+/);

   if ($i_proto) {
      (my $tmp = $i_proto) =~ s/^!//;

      if ($i_proto =~ /^!/) {
         next if ($line[5] =~ /$tmp/);

      } else {
         next if ($line[5] !~ /$tmp/);
      }
   }

   if ($i_port) {
      (my $tmp = $i_port) =~ s/^!//;

      if ($i_port =~ /^!/) {
         next if ($line[8] =~ /$tmp/);

      } else {
         next if ($line[8] !~ /$tmp/);
      }
   }

   print "$_\n";
}

[download]
I usually place a sample data line or 2 in my source file, so that people who come along after me know what elements im working on, or they can compare the data being passed to the code, vs the data the code is assuming it is receiving and go "duh.. we upgraded app X, need to alter the filter.."

I know the question was how to get a regex to match, but personally in this situation, I think it might be better to move away from the regex, as it makes the code clearer and easier to maintain..

almost update:
I guess you could also alter the split to only return the items you will ever search on, but I tend to attempt to not dictate what possible uses the code may have in the future.. A slightly better split might be something like 
# @data now contains src_addr, dest_addr, proto, and port
   @data = ( split(/\s+/) )[2,4,5,8]

# later test elem 3 instead of 5.. yada yada

[download]


MMMMM... Chocolaty Perl Goodness.....

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://250370]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (1)
As of 2024-04-25 02:03 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found