RE: Index based on multiple fields, was Re: Adding comparision function

["Milano Carvalho" <milanogc@...>]

You was trying to use tables as tuples. But each time you index the table 
with an anonymous table it adds a new entry. A way to solve this is to use a 
variable that points to the table with the parameters.

params = {
	proto = "tcp",
	source_ip = "1.2.3.4",
	source_port = "123",
	dest_ip = "3.4.5.6",
	dest_port = "567"
}

connection_record[params] = something
-- update the params table here
connection_record[params] = something_else



> From: Jim Mellander <jmellander@lbl.gov>
> Reply-To: Lua list <lua@bazar2.conectiva.com.br>
> To: lua@bazar2.conectiva.com.br
> Subject: Index based on multiple fields, was Re: Adding comparision 
> function
> Date: Thu, 02 Mar 2006 09:15:03 -0800
>
> I think I'm over the optional comparison function hurdle, I'm trying 
> something like:
>
> function abc(x,f)
> 	...
> 	f = f or function(a,b) return ( a > b ) end
>
> 	....
>
> and use f to compare...
>
>
> I have another question which may be of more interest to the group (I got 
> the feeling my previous question was responded to with a silent RTFM - if 
> so, I apologize to the group):
>
> I'm indexing a table on the following parameters:
>
> 1. Proto (i.e. tcp, udp, etc.)
> 2. Source IP
> 3. Source port
> 4. Destination IP
> 5. Destination port
>
> I originally tried indexing with an anonymous table as the key, ie
>
> connection_record[ {proto="tcp", source_ip="1.2.3.4", source_port="123", 
> dest_ip="3.4.5.6", dest_port="567"} ] = whatever
>
> When I want to update the table I tried constructing another anonymous 
> table with the exact same keys & values.  This didn't work, I presume due 
> to the fact that they pointed to different tables, albeit with the same 
> values.
>
> So what I did was borrow from awk, and create a string key, i.e.:
>
> connection_record[ 
> "tcp"..SUBSEP.."1.2.3.4"..SUBSEP.."123"..SUBSEP.."3.4.5.6"..SUBSEP..567" ] 
> = whatever
>
>
> where SUBSEP is a character guaranteed to not be in the fields making up 
> the key.
>
> This, however, seems kludgy.  Is there a "lua" way to accomplish this task 
> more elegantly?
>
>
>
>
> Jim Mellander wrote:
> > Hi everyone:
> >
> > For a custom application (parsing netflow data into input records for a 
> > custom IDS called Bro), I embarked on a search for the proverbial 
> > "language that didn't suck", which would combine performance with simple 
> > syntax and ease of use and understanding....
> >
> > So I found lua....  In a week and a half, from a standing start, I've 
> > written a prototype application that uses the socket library, parses input 
> > records, pastes the (possible) two sides of netflow data into a connection 
> > record with a timeout, along with heuristics for determining 
> > source/destination of the traffic.  The only real stumbling block has been 
> > (aside from learning lua - not a steep learning curve at all!) the lack of 
> > built-in libraries for common tasks - although I soon found the libraries 
> > I needed, and added them in.
> >
> > I've attached a simple binary-heap priority queue implementation I wrote 
> > for the timeouts, but would like to generalize it, ala lua sort, by 
> > allowing an optional comparison function -- Can anyone help??
> >
> > BTW - I spent a fair amount of time optimizing the code, and I eschewed 
> > the use of table.getn after looking at the C code for the lua interpreter, 
> > since table.getn appears to be using a binary search function to find the 
> > size of the table - so, I just store the size as a specific key whic is 
> > incremented/decremented as needed - any comments on that?
>
>
> --
> Jim Mellander
> Incident Response Manager
> Computer Protection Program
> Lawrence Berkeley National Laboratory
> (510) 486-7204
>
> Your fortune for today is:
>
> life, n.:
> 	A whim of several billion cells to be you for a while.