Generic TCP Decoder rules
The decoding engine implemented in the Generic TCP Module takes the provided rules and attempts to match incoming data from the Web Response Time Module API against those rules. When rules are matched successfully, the engine passes the matched data back to the Generic TCP Module, which processes and associates action sections against the matched rule. The actions accumulate the matched data until a completed transaction is observed, and the data can be published to the Web Response Time Module API as context.
ABNF rule definition
The Generic TCP Decoder uses ABNF syntax and defines protocol structure in a normalized way. The decoder supports ABNF syntax as defined in RFC 5234. This section describes where the decoder syntax deviates from the standard.
Rules for the decoder are listed in the rules section of the config block. Each rule has a name and a series of elements and is terminated by the end of line. RFC 5234 defines a rule as being terminated by an internet standard newline (commonly referred to as CRLF). An internet standard newline is a carriage return (character 0x0d) followed by a line feed (character 0x0a). The Generic TCP Decoder differs from RFC 5234 in that it allows both CRLF and single LF termination of rules. When the next rule line is not a rule definition, the line is interpreted as a continuation of the current rule.
RuleA = DIGIT OCTETRuleA = DIGIT
OCTETRuleA = DIGIT OCTET ; A single digit followed by an octet
RuleA = DIGIT ; A single digit
OCTET ; Followed by an octetBasic rules
rulename = rule-elements- A terminal value (that is, a specific character, byte or string)
- The name of another rule
- A repetition of rule-elements
- A sequence of rule-elements
- A choice of alternative rule-elements