From 71c6df165525e246c0123c7d52ceaa1f97a0e8f6 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Fri, 19 May 2017 20:40:05 +0200 Subject: [PATCH] lua: add SCFlowId for getting the flow id --- doc/userguide/output/lua-output.rst | 22 ++++++++++++++++-- src/util-lua-common.c | 36 +++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 2 deletions(-) diff --git a/doc/userguide/output/lua-output.rst b/doc/userguide/output/lua-output.rst index d9b015972d..74ed1bb7f8 100644 --- a/doc/userguide/output/lua-output.rst +++ b/doc/userguide/output/lua-output.rst @@ -1,8 +1,7 @@ Lua Output ========== -Note: this page new Lua scripting available for outputs. It will be -available in 2.1. +Lua scripts can be used to generate output from Suricata. Script structure ---------------- @@ -220,6 +219,25 @@ Gets the packet and byte counts per flow. tscnt, tsbytes, tccnt, tcbytes = SCFlowStats() +SCFlowId +~~~~~~~~ + +Gets the flow id. + +:: + + id = SCFlowId() + +Note that simply printing 'id' will likely result in printing a scientific +notation. To avoid that, simply do: + +:: + + id = SCFlowId() + idstr = string.format("%.0f",id) + print ("Flow ID: " .. idstr .. "\n") + + http ---- diff --git a/src/util-lua-common.c b/src/util-lua-common.c index 0624bb0e41..2df0f6f349 100644 --- a/src/util-lua-common.c +++ b/src/util-lua-common.c @@ -514,6 +514,40 @@ static int LuaCallbackStatsFlow(lua_State *luastate) return r; } +/** \internal + * \brief fill lua stack with flow id + * \param luastate the lua state + * \param f flow, locked + * \retval cnt number of data items placed on the stack + * + * Places: flow id (number) + */ +static int LuaCallbackPushFlowIdToStackFromFlow(lua_State *luastate, const Flow *f) +{ + uint64_t id = FlowGetId(f); + /* reduce to 51 bits as Javascript and even JSON often seem to + * max out there. */ + id &= 0x7ffffffffffffLL; + lua_pushinteger(luastate, id); + return 1; +} + +/** \internal + * \brief Wrapper for getting FlowId into lua script + * \retval cnt number of items placed on the stack + */ +static int LuaCallbackFlowId(lua_State *luastate) +{ + int r = 0; + Flow *f = LuaStateGetFlow(luastate); + if (f == NULL) + return LuaCallbackError(luastate, "internal error: no flow"); + + r = LuaCallbackPushFlowIdToStackFromFlow(luastate, f); + + return r; +} + /** \internal * \brief fill lua stack with alert info * \param luastate the lua state @@ -844,6 +878,8 @@ int LuaRegisterFunctions(lua_State *luastate) lua_setglobal(luastate, "SCFlowStats"); lua_pushcfunction(luastate, LuaCallbackFlowHasAlerts); lua_setglobal(luastate, "SCFlowHasAlerts"); + lua_pushcfunction(luastate, LuaCallbackFlowId); + lua_setglobal(luastate, "SCFlowId"); lua_pushcfunction(luastate, LuaCallbackStreamingBuffer); lua_setglobal(luastate, "SCStreamingBuffer");