From: Benjamin Wilkins <benjamin.wilkins@uwaterloo.ca>
Date: Wed, 3 Nov 2021 17:20:06 +0000 (-0400)
Subject: doc: Document SCByteVarGet lua function
X-Git-Tag: suricata-7.0.0-beta1~299
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b1b9a32fbb24819e7d23325e6e75f2936bc11d0;p=thirdparty%2Fsuricata.git

doc: Document SCByteVarGet lua function

Add documentation for accessing results from byte_extract and byte_math
in lua match functions

Issue: 2871
---

diff --git a/doc/userguide/lua/lua-functions.rst b/doc/userguide/lua/lua-functions.rst
index e4aab57e55..c5c092999c 100644
--- a/doc/userguide/lua/lua-functions.rst
+++ b/doc/userguide/lua/lua-functions.rst
@@ -1083,3 +1083,26 @@ Expose the log path.
       filename = SCLogPath() .. "/" .. name
       file = assert(io.open(filename, "a"))
   end
+
+SCByteVarGet
+~~~~~~~~~~~~
+
+Get the ByteVar at index given by the parameter. These variables are defined by
+`byte_extract` or `byte_math` in Suricata rules. Only callable from match scripts.
+
+::
+
+ function init(args)
+     local needs = {}
+     needs["bytevar"] = {"var1", "var2"}
+     return needs
+ end
+
+Here we define a register that we will be using variables `var1` and `var2`.
+The access to the Byte variables is done by index.
+
+::
+
+ function match(args)
+     var1 = SCByteVarGet(0)
+     var2 = SCByteVarGet(1)