[Oisf-devel] Lua Buffer for IPv4 headers?
Nasir Bilal
bilalbox at gmail.com
Mon May 9 23:46:38 UTC 2016
Hey Devs!
We are looking for a way to expose the contents of the layer-3/IP headers
to our lua script. Based on this documentation
<https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_scripting>,
It seems that we can only get granular HTTP headers. Are there buffers
available specific to the IP and TCP headers? For example, to get all the
HTTP header info, we'd need an init function like so:
function init (args)
local needs = {}
needs["payload"] = tostring(true)
return needs
end
So, would we build something like:
function init (args)
local needs = {}
needs["protocol"] = "ip"
return needs
end
Or
function init (args)
local needs = {}
needs["ip.something"] = tostring(true)
return needs
end
In other words, is there a more comprehensive list of the buffers available
that includes ALL of those currently available in Suricata 3.0.1?
-Nasir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20160509/e99728b7/attachment.html>
More information about the Oisf-devel
mailing list