lua: extend SCFlowAppLayerProto

Change SCFlowAppLayerProto to return 5 values: <alproto> <alproto_ts> <alproto_tc> <alproto_orig> <alproto_expect>: alproto: detected protocol alproto_ts: detected protocol in toserver direction alproto_tc: detected protocol in toclient direction alproto_orig: pre-change/upgrade protocol alproto_expected: expected protocol in change/upgrade Orig and expect are used when changing and upgrading protocols. In a SMTP STARTTLS case, orig would normally be set to "smtp" and expect to "tls".
8 years ago · f6e3755b5c
parent 9c071d1724
commit f6e3755b5c
2 changed files with 15 additions and 5 deletions
--- a/doc/userguide/output/lua-output.rst
+++ b/doc/userguide/output/lua-output.rst
@ -175,7 +175,7 @@ SCFlowTuple
 SCFlowAppLayerProto
 ~~~~~~~~~~~~~~~~~~~

-Get alproto as string from the flow. If alproto is not (yet) known, it
+Get alprotos as string from the flow. If a alproto is not (yet) known, it
 returns "unknown".

 Example:
@ -189,6 +189,12 @@ Example:
      end
  end

+Returns 5 values: <alproto> <alproto_ts> <alproto_tc> <alproto_orig> <alproto_expect>
+
+Orig and expect are used when changing and upgrading protocols. In a SMTP STARTTLS
+case, orig would normally be set to "smtp" and expect to "tls".
+
+
 SCFlowHasAlerts
 ~~~~~~~~~~~~~~~

--- a/src/util-lua-common.c
+++ b/src/util-lua-common.c
@ -447,14 +447,14 @@ static int LuaCallbackTupleFlow(lua_State *luastate)
 /** \internal
 *  \brief fill lua stack with AppLayerProto
 *  \param luastate the lua state
- *  \param f flow, locked
+ *  \param alproto AppProto to push to stack as string
 *  \retval cnt number of data items placed on the stack
 *
 *  Places: alproto as string (string)
 */
-static int LuaCallbackAppLayerProtoPushToStackFromFlow(lua_State *luastate, const Flow *f)
+static int LuaCallbackAppLayerProtoPushToStackFromFlow(lua_State *luastate, const AppProto alproto)
 {
-    const char *string = AppProtoToString(f->alproto);
+    const char *string = AppProtoToString(alproto);
    if (string == NULL)
        string = "unknown";
    lua_pushstring(luastate, string);
@ -472,7 +472,11 @@ static int LuaCallbackAppLayerProtoFlow(lua_State *luastate)
    if (f == NULL)
        return LuaCallbackError(luastate, "internal error: no flow");

-    r = LuaCallbackAppLayerProtoPushToStackFromFlow(luastate, f);
+    r = LuaCallbackAppLayerProtoPushToStackFromFlow(luastate, f->alproto);
+    r += LuaCallbackAppLayerProtoPushToStackFromFlow(luastate, f->alproto_ts);
+    r += LuaCallbackAppLayerProtoPushToStackFromFlow(luastate, f->alproto_tc);
+    r += LuaCallbackAppLayerProtoPushToStackFromFlow(luastate, f->alproto_orig);
+    r += LuaCallbackAppLayerProtoPushToStackFromFlow(luastate, f->alproto_expect);

    return r;
 }