# Define default protocol rules
prule tcp tcp 9:12:13:14:15:16:17:18:19:+0:+1:+2:+3:9:9:9
prule udp udp 9:12:13:14:15:16:17:18:19:+0:+1:+2:+3:9:9:9
prule icmp icmp 9:12:13:14:15:16:17:18:19:9:9:9:9:9:9:9
prule any any 9:12:13:14:15:16:17:18:19:9:9:9:9:9:9:9
# Define the internet packet header fields.
var ip.ihl 0(24)&0xf
var ip.version 0(28)&0xf
var ip.tos 1(24)&0xff
var ip.tot_len 2(16)&0xffff
var ip.id 4(16)&0xffff
var ip.frag_off 6(16)&0x3fff
var ip.ttl 8(24)&0xff
var ip.protocol 9(24)&0xff
var ip.check 10(16)&0xffff
var ip.saddr 12
var ip.daddr 16
# Define the TCP packet header fields.
var tcp.source +0(16)&0xffff
var tcp.dest +2(16)&0xffff
var tcp.seq +4
var tcp.ack_seq +8
var tcp.doff +12(28)&0xf
var tcp.fin +13(24)&0x1
var tcp.syn +13(25)&0x1
var tcp.rst +13(26)&0x1
var tcp.psh +13(27)&0x1
var tcp.ack +13(28)&0x1
var tcp.urg +13(29)&0x1
var tcp.live +127
# Define the UDP packet header fields.
var udp.source +0(16)&0xffff
var udp.dest +2(16)&0xffff
var udp.len +4(16)&0xffff
var udp.check +6(16)&0xffff
# Define the ICMP packet header fields.
var icmp.type +0(24)&0xff
var icmp.code +1(24)&0xff
var icmp.checksum +2(16)&0xffff
var icmp.echo.id +4(16)&0xffff
var icmp.echo.sequence +6(16)&0xffff
var icmp.gateway +4