< Home

Configuring a User-Defined Application

This section describes how to configure a user-defined application.

Context

Generally, the service awareness signature database of the system can identify various common applications. For applications that are not included in the predefined applications, you can create new applications based on the signatures of the applications.

You can create rules by 3-tuple, keyword, or both. The 3-tuple includes the IP address, protocol, and port of the server. The keyword refers to the feature of data packets or data flows of an application. The feature can uniquely identify the application.

If the IP address, protocol, and port of the server are fixed, you can create rules by 3-tuple. If they are not fixed, create rules by keyword. If the server uses one port to provide two or more types of services, create rules by 3-tuple and keyword.

Procedure

  1. Access the SA view from the system view.

    sa

  2. Create a user-defined application and access the user-defined application view.

    user-defined-application name name

  3. Optional: Configure a description for the user-defined application.

    description description

  4. Configure basic attributes for the user-defined application.

    Item

    Command

    Configure the category and subcategory.

    category category sub-category sub-category

    Configure a data model.

    data-model { unassigned | client-server | browser-based | networking | peer-to-peer }

    Configure a label.

    label label-name &<1-8>

  5. Configure a user-defined application rule.
    1. Create a user-defined application rule and access the user-defined application rule view.

      rule name name

    2. Optional: Configure a description for the user-defined application rule.

      description description

    3. Configure the user-defined application rule.

      Item

      Command

      Configure an IPv4 address.

      ip-address ip-address [ mask | mask-length ]

      Configure an IPv6 address.

      ipv6-address ipv6-address [ mprefix-length ]

      Configure a transport-layer protocol type.

      protocol { tcp | udp }

      Configure a port number.

      port port

      Configure a signature.

      signature context { flow | packet } direction { request | response | both } { plain-string plain-string | regular-expression regular-expression } [ field field ]

      When the protocol is TCP and the matching mode is Regular Expression, the following fields can be set: General-payload, HTTP.Body, HTTP.Content-Type, HTTP.Cookie, HTTP.Host, HTTP.Method, HTTP.URI, and HTTP.User-Agent.

      Regular expressions contain dedicated characters that have special meaning, that is, metacharacters. For a description of metacharacters, see Metacharacters in User-Defined Applications. For HTTP.Content-Type, HTTP.Cookie, HTTP.Host, HTTP.Method, HTTP.URI, and HTTP.User-Agent, the use of metacharacters must comply with the following rules:
      • HTTP.Method: supports only three types of metacharacters "()|" and does not support any characters other than English letters.
      • HTTP.Content-Type, HTTP.Cookie, HTTP.Host, HTTP.URI, and HTTP.User-Agent: supports only four types of metacharacters "*()|".
        NOTE:

        When * is used in these protocol fields, it indicates any non-line-feed characters of any length. When * is used in other fields, it indicates the previous character appears zero or several consecutive times in the target object. For example, in HTTP.Host, abcd* can match abcd, abcdef, and abcdddddd; in HTTP.Body, abcd* can match abc, abcd, and abcdddd.

  6. Commit the configuration in the system view.

    engine configuration commit

    After a user-defined application is created or modified, the configuration takes effect only after being committed. To save time, you can commit the configuration after all user-defined application operations are complete.

Metacharacters in User-Defined Applications

This section describes how to use metacharacters in regular expressions when you configure a user-defined application rule.

Note the following items when you configure regular expressions for user-defined applications:

  • Regular expressions in user-defined application rules are case-sensitive.
  • The character string must start with three consecutive exact characters. For example, character string abcd* meets the requirement, but ab* does not meet the requirement because * is not an exact character.
  • {} can be applied only to {n, m} and {n}.
  • A comma (,) can be used only in {} or follow a backslash (\) if the comma appears in any other place.
  • Modifiers include +, *, ?, and {} and follow normal characters.
  • (), [], and {} must be used in pair.
  • When the protocol type is TCP/UDP and the protocol field is General-payload, there are some restrictions on the regular expression. For example, abc* does not meet the requirement.
  • When the protocol type is TCP and the protocol field is HTTP.Body or General-payload or the protocol type is UDP and the protocol field is General-payload, do not use the regular expression in {m} or {m,n} in case of three consecutive characters (some of these characters are repeated). For example, use abccccc instead of abc{5} and use the comment string format of abc{0,6} after identifying the number of repeated characters.

The common requirements on the regular expressions of user-defined applications are provided, which are subject to the actual situation.

Table 1 Metacharacter

Metacharacter

Meaning

Remarks

^

Matches the beginning of the entered string in single line mode.

Matches all strings behind newline character \n in multi-line mode.
For example, if the entered regular expression is ^abcdefg and a packet containing the abcdefg\nabcdefgxxx field is detected:
  • In single line mode, the first abcdefg, that is, the bold characters in abcdefg\nabcdefgxxx, is matched.
  • In multi-line mode, the abcdefg behind \n, that is, the bold characters in abcdefg\nabcdefgxxx, is matched.

$

Matches the end of the entered string in single line mode.

Matches the string prior to \n.
For example, if the entered regular expression is abcdefg$ and a packet contains a defabcdefg\nxxabcdefg field, the regular expression matches the following bold characters:
  • defabcdefg\nxxabcdefg in single line mode
  • defabcdefg\nxxabcdefg in multi-line mode

[]

Matches any single character that is contained within the brackets.

An hyphen (-) can be used to specify a range of characters. Special characters listed in Table 2 are not supported.
  • [xyz] is a positive character set. For example, regular expression abcdefg[abc] matches abcdefga, abcdefgb or abcdefgc.
  • [^xyz] is an invert character set. For example, regular expression abcdefg[^ab] matches any character, but not abcdefga or bcdefgb.
  • [x-y] is a range character set. For example, regular expression abcdefg[a-c] can match abcdefga, abcdefgb, and abcdefgc.

()

Indicates the beginning and end of a subexpression.
  • The regular expression cannot contain character strings, such as (?=), (?!), (?<=), (?<!), (?i), (?s), (?m), (?x), (?@0), (?s), (?:), or (?.=[xyz]).
  • The regular expression cannot be in (xyz)*, (xyz){…}, or (xyz)+ format.

.

Matches any single character, but not \n.

For example, regular expression abcdefg.h matches abcdefgah, abcdefgbh, and abcdefgch, but not abcdefgaah.

|

Indicates that characters on both sides of the vertical bar (|) are logically ORed.

Characters or expressions must be added on both sides of the vertical bar (|). For example, regular expression ab| is incorrect.

For example, regular expression abcdefg(a|b) matches abcdefga or abcdefgb.

\

Indicates an escape character.

Added prior to metacharacters to be matched. For example, regular expression \\ matches a backslash (\).

  • An escape character cannot be followed by b, B, Q, E, 1, 2, 3, 4, 5, 6, 7, 8, or 9.
  • If an escape character is followed by character x, \x{ cannot be used. If an escape character is followed by a hexadecimal value, the format must be \xhh.
  • If an escape character is followed by character d, D, h, H, s, S, v, V, w, or W, these characters are not used for matching as exact characters.

-

An hyphen (-) can be used to specify a range of characters.

For example, regular expression abcdefg[a-c] can match abcdefga, abcdefgb, and abcdefgc.

*

Matches zero or more occurrences of the preceding character in the target object.

The following restrictions apply to the preceding character or character string:

  • The preceding string cannot be a subexpression. For example, (abcdefg)* is not supported.
  • The numbers of characters in {} and [] are less than or equal to 64.
  • .*, *?, and *+ are not supported.

For example, regular expression abcdefg* matches abcdef, abcdefg, and abcdefggg.

+

Matches one or more occurrences of the preceding character in the target object.
Requirements are as follows:

  • The preceding string cannot be a subexpression. For example, (abcdefg)+ is not supported.

  • The numbers of characters in {} and [] are less than or equal to 64.
  • .+, +?, and ++ are not supported.

For example, regular expression abcdefg+ matches abcdefg, abcdefgg, and abcdefggg.

?

Matches zero or one occurrence of the preceding character.

For example, regular expression abcdefg? matches abcdef, and abcdefg.

?? and ?+ are not supported.

{n}

Matches a specific number (n) of instances of the preceding character.

Requirements are as follows:

  • n must be less than or equal to 64.
  • The preceding string cannot be a subexpression. For example, (abcdefg){n} is not supported.

For example, regular expression abcdefg{3} matches abcdefggg.

{n,m}

Matches a specific range (n through m) of instances of the preceding character.

Requirements are as follows:

  • n must be less than or equal to m.
  • m must be less than or equal to 64.
  • The preceding string cannot be a subexpression. For example, (abcdefg){n,m} is not supported.

For example, regular expression abcdefg{0,8} has a minimum of 0 gs and a maximum of 8 gs.
Table 2 Special characters

Pattern

Meaning

Remarks

\a

Bell character (hex 07)

-

\d

Decimal digits 0 through 9

Matches 0, 1, 2, 3, 4, 5, 6,7, 8, and 9.

\D

Characters except for decimal digits

-

\e

Escape character (hex 1B)

-

\f

Form feed character (hex 0C)

-

\h

SPACE or TAB character

Only the USG6510E/6510E-POE, USG6530E, USG6515E/6550E/6560E/6580E and USG6525E/6555E/6565E/6575E-B/6585E/6605E-B do not support \h.

\H

Characters except for SPACE and TAB characters

Only the USG6510E/6510E-POE, USG6530E, USG6515E/6550E/6560E/6580E and USG6525E/6555E/6565E/6575E-B/6585E/6605E-B do not support \H.

\n

Newline character (hex 0A)

-

\r

Carriage return (CR) character (hex 0D)

-

\s

SPACE, TAB, carriage return (CR), or line feed (LF) character

-

\S

Characters except for SPACE, TAB, CR, and LF characters

-

\t

Tab character (hex 09)

-

\v

CR or LF character

-

\V

Characters except for CR and LF characters

-

\w

underscore (_), a-z, A-Z, 0-9

-

\W

Characters except for underscore (_), a-z, A-Z, and 0-9

-

\xhh

Hexadecimal digits hh

For example, \x5A matches Z, \x20 matches a space, and \x22 matches straight quotation marks.

Follow-up Procedure

After configuring user-defined applications, you can adjust them as follows:

  • In the user-defined application view, run the rename new-name command to rename the user-defined application.
  • In the user-defined application rule view, run the rename new-name command to rename the user-defined application rule.
Parent Topic: Configuring Applications and Application Groups Using the CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >