RFC 2723 (rfc2723) - Page 2 of 22
SRL: A Language for Describing Traffic Flows and Specifying Actions for Flow Groups
Alternative Format: Original Text Document
RFC 2723 SRL: A Traffic Flow Language October 1999
3.3.3 EXIT Statement . . . . . . . . . . . . . . . . . . 10
3.3.4 IGNORE Statement . . . . . . . . . . . . . . . . . 10
3.3.5 NOMATCH Statement . . . . . . . . . . . . . . . . . 10
3.3.6 STORE Statement . . . . . . . . . . . . . . . . . . 11
3.3.7 RETURN Statement . . . . . . . . . . . . . . . . . 11
3.4 Subroutine_declaration . . . . . . . . . . . . . . . . . 11
3.5 CALL_statement . . . . . . . . . . . . . . . . . . . . . 12
4 Example Programs . . . . . . . . . . . . . . . . . . . . . . 13
4.1 Classify IP Port Numbers . . . . . . . . . . . . . . . . 13
4.2 Classify Traffic into Groups of Networks . . . . . . . . 14
5 Security Considerations . . . . . . . . . . . . . . . . . . . 15
6 IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
7 APPENDICES . . . . . . . . . . . . . . . . . . . . . . . . . 16
7.1 Appendix A: SRL Syntax in BNF . . . . . . . . . . . . . . 16
7.2 Appendix B: Syntax for Values and Masks . . . . . . . . . 18
7.3 Appendix C: RTFM Attribute Information . . . . . . . . . 19
8 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20
9 References . . . . . . . . . . . . . . . . . . . . . . . . . 20
10 Author's Address . . . . . . . . . . . . . . . . . . . . . . 21
11 Full Copyright Statement . . . . . . . . . . . . . . . . . . 22
1 Purpose and Scope
A ruleset for an RTFM Meter is a sequence of instructions to be
executed by the meter's Pattern Matching Engine (PME). The form of
these instructions is described in detail in the 'RTFM Architecture'
and 'RTFM Meter MIB' documents [RTFM-ARC, RTFM-MIB], but most users -
at least initially - find them confusing and difficult to write,
mainly because the effect of each instruction is strongly dependent
on the state of the meter's Packet Matching Engine at the moment of
its execution.
SRL (the Simple Ruleset Language) is a procedural language for
creating RTFM rulesets. It has been designed to be simple for people
to understand, using statements which help to clarify the execution
context in which they operate. SRL programs will be compiled into
rulesets which can then be downloaded to RTFM meters.
An SRL compiler is available as part of NeTraMet (a free-software
implementation of the RTFM meter and manager), version 4.2
[NETRAMET].
1.1 RTFM Meters and Traffic Flows
The RTFM Architecture [RTFM-ARC] defines a set of 'attributes' which
apply to network traffic. Among the attributes are 'address
attributes,' such as PeerType, PeerAddress, TransType and
TransAddress, which have meaning for many protocols, e.g. for IPv4
Brownlee Informational