[Oisf-devel] Lua Buffer for IPv4 headers?
Victor Julien
victor at inliniac.net
Tue May 10 21:17:38 UTC 2016
On 10-05-16 01:46, Nasir Bilal wrote:
> Hey Devs!
>
> We are looking for a way to expose the contents of the layer-3/IP
> headers to our lua script. Based on this documentation
> <https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_scripting>,
> It seems that we can only get granular HTTP headers. Are there buffers
> available specific to the IP and TCP headers? For example, to get all
> the HTTP header info, we'd need an init function like so:
>
> function init (args)
> local needs = {}
> needs["payload"] = tostring(true)
> return needs
> end
>
> So, would we build something like:
>
> function init (args)
> local needs = {}
> needs["protocol"] = "ip"
> return needs
> end
>
> Or
>
> function init (args)
> local needs = {}
> needs["ip.something"] = tostring(true)
> return needs
> end
>
> In other words, is there a more comprehensive list of the buffers
> available that includes ALL of those currently available in Suricata 3.0.1?
>
No, they are not. The closest thing is the 'packet' buffer, which gives
you the raw packet including the headers. You could decode the packet
yourself. Not ideal :)
Feel free to open feature request tickets on the redmine site.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list