Stream operations

Stream operations can be used to read data from the traffic stream.

The value returned by stream operations can either be written to a variable or used directly in an arithmetic operation. The stream operations are listed in the tables below.

Table 1. ASCII data variable expressions
Sequence	Description
`parse_dec(<length>)`	Parse ASCII decimal value. `<length>` is the maximum number of the characters to parse. The actual number of parsed digits is available in the variable `$parse_length@32`. If no characters could be parsed, then the variable is set to zero.
`parse_hex(<length>)`	Parse ASCII hexadecimal value. `<length>` is the maximum number of the characters to parse. The actual number of parsed digits is available in the variable `$parse_length@32`. If no characters could be parsed, then the variable is set to zero.
`parse_int(<length>)`	Parse ASCII value; parses hexadecimal if the string starts with "`0x`", octal if the string starts with zero ("`0`") and decimal otherwise. `<length>` is the maximum number of the characters to parse. The actual number of parsed digits is available in the variable `$parse_length@32`. If no characters could be parsed, then the variable is set to zero.
`parse_oct(<length>)`	Parse ASCII octal value. `<length>` is the maximum number of the characters to parse. The actual number of parsed digits is available in the variable `$parse_length@32`. If no characters could be parsed, then the variable is set to zero.

Table 2. Miscellaneous input stream operations
Sequence	Description
`CRC(<length>)`	Calculates a 32-bit CRC value starting from the current byte up to number of bytes specified by the `<length>` parameter. This function can be used as a space optimizer for probabilistically matching against a specific large binary block by its CRC. The CRC used is the 32-bit CRC with polynomial 0x104C11DB7 (used for example in Ethernet).
`skip(<length>)`	Skip `<length>` number of bytes.
`regex(<regexp>)`	Launch an independent subexpression.

The binary data from the input stream can be read into variables with the following expressions.

Table 3. Binary data variable expressions
Sequence	Description
`parse_be@<size>`	Parse big endian value. `<size>` is the size of the value to be read in bits, and it can be one of the following: 8, 16, 24, 32, 40, 48, 56 or 64.
`parse_le@<size>`	Parse little endian value. `<size>` is the size of the value to be read in bits, and it can be one of the following: 8, 16, 24, 32, 40, 48, 56 or 64.

Example of parsing a value from the traffic stream

# This regular expression finds the string "&parameter1=", parses the 
# following three bytes as an ASCII decimal number, and writes the values 
# to the "var1@8" variable
# The regular expression matches only if the number is greater than 100
(?x)
.*&parameter1=(?[var1@8=parse_dec(3), var1@8>100 -> sid()])