return needs
end
-SCFlowTimestamps
-~~~~~~~~~~~~~~~~
-
-Get timestamps (seconds and microseconds) of the first and the last packet from
-the flow.
-
-::
-
- startts, lastts = SCFlowTimestamps()
- startts_s, lastts_s, startts_us, lastts_us = SCFlowTimestamps()
-
-SCFlowTimeString
-~~~~~~~~~~~~~~~~
-
-::
-
- startts = SCFlowTimeString()
-
-SCFlowTuple
-~~~~~~~~~~~
-
-::
-
- ipver, srcip, dstip, proto, sp, dp = SCFlowTuple()
-
-SCFlowAppLayerProto
-~~~~~~~~~~~~~~~~~~~
-
-Get alproto as a string from the flow. If a alproto is not (yet) known, it
-returns "unknown".
-
-Example:
-
-::
-
- function log(args)
- alproto = SCFlowAppLayerProto()
- if alproto ~= nil then
- print (alproto)
- end
- end
-
-Returns 5 values: <alproto> <alproto_ts> <alproto_tc> <alproto_orig> <alproto_expect>
-
-Orig and expect are used when changing and upgrading protocols. In a SMTP STARTTLS
-case, orig would normally be set to "smtp" and expect to "tls".
-
-
-SCFlowHasAlerts
-~~~~~~~~~~~~~~~
-
-Returns true if flow has alerts.
-
-Example:
-
-::
-
- function log(args)
- has_alerts = SCFlowHasAlerts()
- if has_alerts then
- -- do something
- end
- end
-
-SCFlowStats
-~~~~~~~~~~~
-
-Gets the packet and byte counts per flow.
-
-::
-
- tscnt, tsbytes, tccnt, tcbytes = SCFlowStats()
-
-SCFlowId
-~~~~~~~~
-
-Gets the flow id.
-
-::
-
- id = SCFlowId()
-
-Note that simply printing 'id' will likely result in printing a scientific
-notation. To avoid that, simply do:
-
-::
-
- id = SCFlowId()
- idstr = string.format("%.0f",id)
- print ("Flow ID: " .. idstr .. "\n")
-
-
http
----
projects / thirdparty / suricata.git / commitdiff
