Using lua script to change srcIp or dstIp

sipcapture / heplify-server

HEP Capture Server for HOMER

https://sipcapture.org

GNU Affero General Public License v3.0

184 stars 85 forks source link

Using lua script to change srcIp or dstIp #428

Closed flantel closed 4 years ago

flantel commented 4 years ago

Hi,

We have some systems on AWS, and the capture will always show the ptivateAWS IP rather than the external public IP. I would like to automatically change this to the external IP only.

I know I can use a lua scriptto do this, but I am not sure of the syntax to do so.

Basically I want to do:

if srcIp == 'xxx.xxx.xxx.xxx'
    srcIp = 'yyy.yyy.yyy.yyy'
end

...however, I don't know whether this needs to be done in checkRAW of checkSIP nor what prefix.srcIp I need to use.

Thanks

flantel commented 4 years ago

OK, got it working. For anyone in the future, here is the lua script I used.

function checkSIP()

        local protoType = GetHEPProtoType()

        -- get the parsed HEP struct
        local hep = GetHEPStruct()

        -- a struct can be nil so better check it
        if (hep == nil or hep == '') then
                return
        end

        if hep.SrcIP == "xxx.xxx.xxx.xxx" then
                SetHEPField("SrcIP", "yyy.yyy.yyy.yyy") 
        end
        if hep.DstIP == "xxx.xxx.xxx.xxx" then                                                                                                                
                SetHEPField("DstIP","yyy.yyy.yyy.yyy")
        end 

        return 

end

adubovikov commented 4 years ago

super, thank you for sharing!