Support #4088
closedSCPacketTuple() not return correct protocol type
Description
with this declaration
ipver, srcip, dstip, proto, sp, dp = SCPacketTuple()
I want to get the correct value from variable proto. It should return a text like "http" or "tcp" but this just return a number like "6.0". Is this a known bug ? I'm using version 6.0.0 (latest)
Updated by Jason Ish about 4 years ago
Confirmed. The Lua support code, for this, and the flow variation among others use lua_pushnumber which copies the value to Lua as a float. We should be using lua_pushinteger.
Updated by Jason Ish about 4 years ago
Arafat Ali wrote:
with this declaration
[...]
I want to get the correct value from variable proto. It should return a text like "http" or "tcp" but this just return a number like "6.0". Is this a known bug ? I'm using version 6.0.0 (latest)
Actually this should return a number like 6, 17.. Not 6.0 or 17.0. If you want to see text like "http" you should try SCFlowAppLayerProto (https://suricata.readthedocs.io/en/suricata-6.0.0/lua/lua-functions.html?highlight=scpackettuple#scflowapplayerproto).
Updated by Jason Ish about 4 years ago
- Related to Task #4182: lua: Use lua_pushinteger for pushing integer types as integers instead of floats added
Updated by Jason Ish about 4 years ago
- Tracker changed from Bug to Support
- Target version deleted (
6.0.1) - Affected Versions deleted (
6.0.0beta1)
Moving to support ticket for now.
#4182 has been created to address the float vs integer issue, but will not be done during Suricata 6.0.
Updated by Andreas Herz almost 3 years ago
- Status changed from New to Closed
Hi, we're closing this issue since there have been no further responses.
If you think this issue is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs