From: Mats Klepsland Date: Fri, 10 Mar 2017 06:07:09 +0000 (+0100) Subject: lua: add SCFlowTimestamps function X-Git-Tag: suricata-4.0.0-beta1~242 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=365aa1f3e5a149e74ef4cd18f3c755dea68f9a92;p=thirdparty%2Fsuricata.git lua: add SCFlowTimestamps function Add SCFlowTimestamps() to return startts and lastts as seconds and microseconds from flow. Examples: startts, lastts = SCFlowTimestamps() startts_s, lastts_s, startts_us, lastts_us = SCFlowTimestamps() --- diff --git a/src/util-lua-common.c b/src/util-lua-common.c index cb3d2dac4d..8cf564274d 100644 --- a/src/util-lua-common.c +++ b/src/util-lua-common.c @@ -215,6 +215,42 @@ static int LuaCallbackPacketTimeString(lua_State *luastate) return LuaCallbackTimeStringPushToStackFromPacket(luastate, p); } +/** \internal + * \brief fill lua stack with flow timestamps + * \param luastate the lua state + * \param startts timestamp of first packet in the flow + * \param lastts timestamp of last packet in the flow + * \retval cnt number of data items placed on the stack + * + * Places: seconds (number), seconds (number), microseconds (number), + * microseconds (number) + */ +static int LuaCallbackFlowTimestampsPushToStack(lua_State *luastate, + const struct timeval *startts, + const struct timeval *lastts) +{ + lua_pushnumber(luastate, (double)startts->tv_sec); + lua_pushnumber(luastate, (double)lastts->tv_sec); + lua_pushnumber(luastate, (double)startts->tv_usec); + lua_pushnumber(luastate, (double)lastts->tv_usec); + return 4; +} + +/** \internal + * \brief Wrapper for getting flow timestamp (as numbers) into a lua script + * \retval cnt number of items placed on the stack + */ +static int LuaCallbackFlowTimestamps(lua_State *luastate) +{ + Flow *flow = LuaStateGetFlow(luastate); + if (flow == NULL) { + return LuaCallbackError(luastate, "internal error: no flow"); + } + + return LuaCallbackFlowTimestampsPushToStack(luastate, &flow->startts, + &flow->lastts); +} + /** \internal * \brief fill lua stack with time string * \param luastate the lua state @@ -791,6 +827,8 @@ int LuaRegisterFunctions(lua_State *luastate) lua_pushcfunction(luastate, LuaCallbackTuple); lua_setglobal(luastate, "SCPacketTuple"); + lua_pushcfunction(luastate, LuaCallbackFlowTimestamps); + lua_setglobal(luastate, "SCFlowTimestamps"); lua_pushcfunction(luastate, LuaCallbackFlowTimeString); lua_setglobal(luastate, "SCFlowTimeString"); lua_pushcfunction(luastate, LuaCallbackTupleFlow);