The idea behind the GenericByteProtocolHandler is that you often have a binary protocol, which you don't need to be translated in detail in a data structure. You often only need a specific part of the protocol.

With the GenericByteProtocolHandler it is possible to map bits to simple data types in a schema. See the example below.




/// 1. read recorded network traffic from pcap file
pcap_input = ACCESS({
                  transport = 'file',
                  protocol = 'pcap',
                  wrapper = 'GenericPull',
                  source = 'Pcap',
                  datahandler = 'keyvalueobject',
                  options = [
                    ['filename', '${PCAP_FILE}']
/// 2. relevant block type is EnhancedPacketHeader
enhanced_packet_header = SELECT({
                              predicate = 'blocktype == "EnhancedPacketHeader"'                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        
/// 3. filter packet data and transform to tuple for further processing
packet_data_tuple = TOTUPLE({
                        schema = [['packetData', 'packetData', 'List_Byte']]                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
/// 4. Transform to list_byte
packet_data_string = MAP({
                          expressions = [
								['toByteList(packetData)', 'packetData']
/// 5. convert to ethernet objects
packet_data_itemized = CONVERTER({
                            protocol = 'GenericByteProtocol',
                            outputdatahandler = 'tuple',
                            inputdatahandler = 'tuple',
                            options = [
                              ['charset', '${ENCODING}'],
                              ['newline', 'false'],
                              ['eth_mac_destination', 48],
                              ['eth_mac_source', 48],
                              ['eth_ether_type', 16],
                              ['ip_version', 4],
                              ['ip_ihl', 4],
                              ['ip_tos', 8],
                              ['ip_total_length', 16],
                              ['ip_identification', 16],
                              ['ip_flags', 3],
                              ['ip_fragment_offset', 13],
                              ['ip_ttl', 8],
                              ['ip_protocol', 8],
                              ['ip_header_checksum', 16],
                              ['ip_source_ip_address', 32],
                              ['ip_destination_ip_address', 32],
                              ['tcp_source_port', 16],
                              ['tcp_destination_port', 16],
                              ['tcp_sequence_number', 32],
                              ['tcp_ack_number', 32],
                              ['tcp_data_offset', 4],
                              ['tcp_reserved', 6],
                              ['tcp_flags', 6],
                              ['tcp_window_size', 16],
                              ['tcp_checksum', 16],
                              ['tcp_urgentPointer', 16],
                              ['tcp_payload', -1]
                            schema = [
                              ['eth_mac_destination', 'List_Byte'],
                              ['eth_mac_source', 'List_Byte'],
                              ['eth_ether_type', 'Short'],
                              ['ip_version', 'Byte'],
                              ['ip_ihl', 'Byte'],
                              ['ip_tos', 'Byte'],
                              ['ip_total_length', 'Short'],
                              ['ip_identification', 'Short'],
                              ['ip_flags', 'Byte'],
                              ['ip_fragment_offset', 'List_Byte'],
                              ['ip_ttl', 'Byte'],
                              ['ip_protocol', 'Byte'],
                              ['ip_header_checksum', 'Short'],
                              ['ip_source_ip_address', 'List_Byte'],
                              ['ip_destination_ip_address', 'List_Byte'],
                              ['tcp_source_port', 'Short'],
                              ['tcp_destination_port', 'Short'],
                              ['tcp_sequence_number', 'Integer'],
                              ['tcp_ack_number', 'Integer'],
                              ['tcp_data_offset', 'Byte'],
                              ['tcp_reserved', 'Byte'],
                              ['tcp_flags', 'Byte'],
                              ['tcp_window_size', 'Short'],
                              ['tcp_checksum', 'Short'],
                              ['tcp_urgentPointer', 'Short'],
                              ['tcp_payload', 'List_Byte']