From 3b1b9a32fbb24819e7d23325e6e75f2936bc11d0 Mon Sep 17 00:00:00 2001
From: Benjamin Wilkins <benjamin.wilkins@uwaterloo.ca>
Date: Wed, 3 Nov 2021 13:20:06 -0400
Subject: [PATCH] doc: Document SCByteVarGet lua function

Add documentation for accessing results from byte_extract and byte_math
in lua match functions

Issue: 2871
---
 doc/userguide/lua/lua-functions.rst | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/doc/userguide/lua/lua-functions.rst b/doc/userguide/lua/lua-functions.rst
index e4aab57e55..c5c092999c 100644
--- a/doc/userguide/lua/lua-functions.rst
+++ b/doc/userguide/lua/lua-functions.rst
@@ -1083,3 +1083,26 @@ Expose the log path.
       filename = SCLogPath() .. "/" .. name
       file = assert(io.open(filename, "a"))
   end
+
+SCByteVarGet
+~~~~~~~~~~~~
+
+Get the ByteVar at index given by the parameter. These variables are defined by
+`byte_extract` or `byte_math` in Suricata rules. Only callable from match scripts.
+
+::
+
+ function init(args)
+     local needs = {}
+     needs["bytevar"] = {"var1", "var2"}
+     return needs
+ end
+
+Here we define a register that we will be using variables `var1` and `var2`.
+The access to the Byte variables is done by index.
+
+::
+
+ function match(args)
+     var1 = SCByteVarGet(0)
+     var2 = SCByteVarGet(1)
-- 
2.47.2