Parsing
Parsing in
Spicy
is centered around the unit type which in many ways looks similar to a
struct type.
A unit declares an ordered list of fields which are parsed from the input.
If a unit is public it can serve as a top-level entry point for parsing.
module foo;
public type Foo = unit {
version: uint32;
on %done { print "The version is %s." % self.version; }
};
- The parser for
Fooconsists of a single parser which extracts anuint32with the default network byte order. - The extracted
uint32is bound to a named field to store its value in the unit. - We added a unit hook which runs when the parser is done.
We can run that parser by using a driver which feeds it input (potentially incrementally).
$ printf '\x00\x00\x00\xFF' | spicy-driver -d hello.spicy
The version is 255.
We use
spicy-driver
as driver. It reads input from its stdin and feeds it to the parser, and
executes hooks.
Another driver is
spicy-dump
which prints the unit after parsing. Zeek includes its own dedicated driver for
Spicy parsers.
The major differences to struct are:
unitfields need to have a parsable type,- by default all
unitfields are&optional, i.e., aunitvalue can have any or all fields unset.