[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Index based on multiple fields, was Re: Adding comparision function
- From: Jim Mellander <jmellander@...>
- Date: Thu, 02 Mar 2006 09:15:03 -0800
I think I'm over the optional comparison function hurdle, I'm trying
something like:
function abc(x,f)
...
f = f or function(a,b) return ( a > b ) end
....
and use f to compare...
I have another question which may be of more interest to the group (I
got the feeling my previous question was responded to with a silent RTFM
- if so, I apologize to the group):
I'm indexing a table on the following parameters:
1. Proto (i.e. tcp, udp, etc.)
2. Source IP
3. Source port
4. Destination IP
5. Destination port
I originally tried indexing with an anonymous table as the key, ie
connection_record[ {proto="tcp", source_ip="1.2.3.4", source_port="123",
dest_ip="3.4.5.6", dest_port="567"} ] = whatever
When I want to update the table I tried constructing another anonymous
table with the exact same keys & values. This didn't work, I presume
due to the fact that they pointed to different tables, albeit with the
same values.
So what I did was borrow from awk, and create a string key, i.e.:
connection_record[
"tcp"..SUBSEP.."1.2.3.4"..SUBSEP.."123"..SUBSEP.."3.4.5.6"..SUBSEP..567"
] = whatever
where SUBSEP is a character guaranteed to not be in the fields making up
the key.
This, however, seems kludgy. Is there a "lua" way to accomplish this
task more elegantly?
Jim Mellander wrote:
Hi everyone:
For a custom application (parsing netflow data into input records for a
custom IDS called Bro), I embarked on a search for the proverbial
"language that didn't suck", which would combine performance with simple
syntax and ease of use and understanding....
So I found lua.... In a week and a half, from a standing start, I've
written a prototype application that uses the socket library, parses
input records, pastes the (possible) two sides of netflow data into a
connection record with a timeout, along with heuristics for determining
source/destination of the traffic. The only real stumbling block has
been (aside from learning lua - not a steep learning curve at all!) the
lack of built-in libraries for common tasks - although I soon found the
libraries I needed, and added them in.
I've attached a simple binary-heap priority queue implementation I wrote
for the timeouts, but would like to generalize it, ala lua sort, by
allowing an optional comparison function -- Can anyone help??
BTW - I spent a fair amount of time optimizing the code, and I eschewed
the use of table.getn after looking at the C code for the lua
interpreter, since table.getn appears to be using a binary search
function to find the size of the table - so, I just store the size as a
specific key whic is incremented/decremented as needed - any comments on
that?
--
Jim Mellander
Incident Response Manager
Computer Protection Program
Lawrence Berkeley National Laboratory
(510) 486-7204
Your fortune for today is:
life, n.:
A whim of several billion cells to be you for a while.
