honeydの設定 - Narusaseの日記 -ハニポってどうよ？(仮)-

honeydの設定ファイルに関する簡易BNFを作る。
長くなるので、「続きを読む」を使ってみる。
以下、前提条件
A::=B はAはBによって定義されていることを示す。
(A) はAをくくったもので、数学的な優先順位を表す。 
(A)? はAを0〜1回、繰り返す事を表す。 　
(A)* はAを0〜任意の回数、繰り返す事を表す。 　
A | B はAかBかのいずれかを表す。
${A} は定義を表す。
<A> は中に書かれた説明Aを表す。
通常の文字 は文字列を表す。

以下、補助的な構文
${NUMBER}    ::= <整数>
${CMD_STRING}::= <コマンド名> ( <引数> )*
${INTERFACE} ::= <インターフェースの名前>
${OPTION}    ::= option <プラグインのオプションなどの文字列>

${ADDR}      ::= ${NUMBER}.${NUMBER}.${NUMBER}.${NUMBER}
${NETWORK}   ::= ${NUMBER}.${NUMBER}.${NUMBER}.${NUMBER}/${NUMBER}

${OPTIONS}   ::= latency   ${NUMBER}ms
               | loss      ( 1 | 0.${NUMBER} )
               | bandwidth ${NUMBER} ( Mbps | Kbps )
               | drop between  ${NUMBER} ms - ${NUMBER} ms
${PROTOCOL}  ::= tcp
               | udp
               | icmp

${ACTION}    ::= ( tarpit )? (   block
                               | open
                               | reset
                               | ${CMD_STRING} |
                               | internal ${CMD_STRING}
                               | proxy ${ADDR}:${NUMBER}
                             )
${OS_TYPE}   ::= "Cisco 1601R router running IOS 12.1(5)"
               | "Microsoft Windows NT 4.0 SP3"
               | "Microsoft Windows XP Professional SP1"
               | "IBM AIX 4.2"
               | random
${CONDITION}::= (   source os = ${CMD_STRING}
                  | source ip = ${ADDR} 
                  | source ip = ${NETWORK}
                  | time between timecondition ${NUMBER} - ${NUMBER}
                )

以下、メインの構文
${CONFIG}   ::= ${CREATE}
              | ${ADD}
              | ${DELETE}
              | ${BIND}
              | ${DHCP}
              | ${CLONE}
              | ${SET}
              | ${ANNOTATE}
              | ${ROUTE} ( config )?
              | ${OPTION}
${CREATE}   ::= create ( default | ( ( dynamic )? ${TEMPLATE} ) )
${ADD}      ::= add ${TEMPLATE} (   ( ${PROTOCOL} port ${NUMBER} ${ACTION} )
                                  | ( subsystem ${CMD_STRING} ( shared )?  )
                                  | ( use ${TEMPLATE}  if ${CONDITION}     )
                                )
${DELETE}   ::= delete ${TEMPLATE} ( ${PROTOCOL} port ${NUMBER} )?
${BIND}     ::= bind (   ( ${ADDR} ( ${TEMPLATE} | ( to ${INTERFACE} ) ) )
                       | ( ${CONDITION} ${ADDR} ${TEMPLATE}              )
                     )

${DHCP}     ::= dhcp  ${TEMPLATE} on ${INTERFACE} ( ethernet ${CMD_STRING} )?
${CLONE}    ::= clone ${TEMPLATE} ${TEMPLATE}

${SET}      ::= set ( ( ${TEMPLATE} 
                        (   ( default  ${PROTOCOL} action ${ACTION} )
                          | ( personality ${OS_TYPE}                )
                          | ( ethernet ${CMD_STRING}                )
                          | ( uptime   ${NUMBER}                    )
                          | ( droprate in ${NUMBER}                 )
                          | ( uid ${NUMBER} ( gid ${NUMBER} )?      )
                          | ( maxfds   ${NUMBER}                    )
                        )
                      )
                      | ( ${ADDR} uptime ${NUMBER} )
                    )
${ANNOTATE} ::= annotate ${OS_TYPE} (   ( ( no )? finscan               )
                                      | ( fragment ( drop | old | new ) )
                                    )
${ROUTE}    ::=
  route (   ( entry ${ADDR} ( network ${NETWORK} )?                             )
          | ( ${ADDR} (   ( ( link | unreach ) ${NETWORK}                       )
                        | ( add net ${NETWORK} tunnel ${ADDR}(src) ${ADDR}(dst) )
                        | ( add net ${NETWORK} ${ADDR} ${OPTIONS}               )
                      )
            )
         )