Project

General

Profile

Actions

Feature #1783

open

Create Suricata buffers to expose L2, L3, and L4 headers to Lua scripts

Added by Nasir Bilal over 5 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Target version:
Effort:
medium
Difficulty:
medium
Label:

Description

Currently, the entire packet data is available as an encoded binary of some kind via the "packet" buffer:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_scripting

We'd like to see additional buffers created for the ethernet/L2, IP/L3, and TCP/UDP/L4 headers, maybe something like:
eth.type
eth.src_mac
eth.dst_mac
eth.flags
ip.ver
ip.src
ip.dst
udp.sport
udp.dport
tcp.flags
tcp.seq_num
tcp.ack_num
tcp.win_size
tcp.sport
tcp.dport

OR perhaps it would be more simpler to save buffers as large strings, similar to "payload":
packet.l2_header
packet.l3_header
packet.l4_header

Actions #1

Updated by Victor Julien about 3 years ago

  • Assignee changed from Nasir Bilal to Anonymous
  • Effort set to medium
  • Difficulty set to medium
Actions #2

Updated by Andreas Herz over 2 years ago

  • Assignee set to Community Ticket
Actions

Also available in: Atom PDF