suricata
detect-lua-extensions.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Functions to expose to the lua scripts.
24  */
25 
26 #include "suricata-common.h"
27 #include "conf.h"
28 
29 #include "threads.h"
30 #include "decode.h"
31 
32 #include "detect.h"
33 #include "detect-parse.h"
34 #include "detect-flowvar.h"
35 
36 #include "detect-engine.h"
37 #include "detect-engine-mpm.h"
38 #include "detect-engine-state.h"
39 
40 #include "flow.h"
41 #include "flow-var.h"
42 #include "flow-util.h"
43 
44 #include "util-debug.h"
45 #include "util-spm-bm.h"
46 #include "util-print.h"
47 
48 #include "util-unittest.h"
49 #include "util-unittest-helper.h"
50 
51 #include "app-layer.h"
52 
53 #include "stream-tcp.h"
54 
55 #include "detect-lua.h"
56 
57 #include "queue.h"
58 #include "util-cpu.h"
59 
60 #include "app-layer-parser.h"
61 
62 #include "util-lua.h"
63 #include "util-lua-common.h"
64 #include "util-lua-http.h"
65 #include "util-lua-dns.h"
66 #include "util-lua-ja3.h"
67 #include "util-lua-tls.h"
68 #include "util-lua-ssh.h"
69 #include "util-lua-hassh.h"
70 #include "util-lua-smtp.h"
71 #include "util-lua-dnp3.h"
72 #include "detect-lua-extensions.h"
73 
74 static const char luaext_key_ld[] = "suricata:luadata";
75 
76 /* hack to please scan-build. Even though LuaCallbackError *always*
77  * returns 2, scan-build doesn't accept it and generates false
78  * positives */
79 #define LUA_ERROR(msg) \
80  LuaCallbackError(luastate, (msg)); \
81  return 2
82 
83 static int GetLuaData(lua_State *luastate, DetectLuaData **ret_ld)
84 {
85  *ret_ld = NULL;
86 
87  DetectLuaData *ld;
88  lua_pushlightuserdata(luastate, (void *)&luaext_key_ld);
89  lua_gettable(luastate, LUA_REGISTRYINDEX);
90  ld = lua_touserdata(luastate, -1);
91  if (ld == NULL) {
92  LUA_ERROR("internal error: no ld");
93  }
94  *ret_ld = ld;
95  return 0;
96 }
97 
98 static int GetFlow(lua_State *luastate, Flow **ret_f)
99 {
100  Flow *f = LuaStateGetFlow(luastate);
101  if (f == NULL) {
102  LUA_ERROR("no flow");
103  }
104  *ret_f = f;
105  return 0;
106 }
107 
108 static int GetFlowVarById(lua_State *luastate, Flow *f,
109  FlowVar **ret_fv, bool fv_may_be_null, uint32_t *ret_idx)
110 {
111  DetectLuaData *ld = NULL;
112  if (ret_idx)
113  *ret_idx = 0;
114  *ret_fv = NULL;
115 
116  /* need lua data for id -> idx conversion */
117  int ret = GetLuaData(luastate, &ld);
118  if (ret != 0)
119  return ret;
120 
121  if (!lua_isnumber(luastate, 1)) {
122  LUA_ERROR("flowvar id not a number");
123  }
124  int id = lua_tonumber(luastate, 1);
125  if (id < 0 || id >= DETECT_LUA_MAX_FLOWVARS) {
126  LUA_ERROR("flowvar id out of range");
127  }
128  uint32_t idx = ld->flowvar[id];
129  if (idx == 0) {
130  LUA_ERROR("flowvar id uninitialized");
131  }
132  FlowVar *fv = FlowVarGet(f, idx);
133  if (!fv_may_be_null && fv == NULL) {
134  LUA_ERROR("no flow var");
135  }
136  *ret_fv = fv;
137  if (ret_idx)
138  *ret_idx = idx;
139  return 0;
140 }
141 
142 static int GetFlowVarByKey(lua_State *luastate, Flow *f, FlowVar **ret_fv)
143 {
144  *ret_fv = NULL;
145 
146  if (!lua_isstring(luastate, 1)) {
147  LUA_ERROR("flowvar key not a string");
148  }
149  const char *keystr = lua_tostring(luastate, 1);
150  if (keystr == NULL) {
151  LUA_ERROR("key is null");
152  }
153  if (!lua_isnumber(luastate, 2)) {
154  LUA_ERROR("key length not specified");
155  }
156  int keylen = lua_tonumber(luastate, 2);
157  if (keylen < 0 || keylen > 0xff) {
158  LUA_ERROR("key len out of range: max 256");
159  }
160 
161  FlowVar *fv = FlowVarGetByKey(f, (const uint8_t *)keystr, (uint16_t)keylen);
162  if (fv == NULL) {
163  LUA_ERROR("no flow var");
164  }
165  *ret_fv = fv;
166  return 0;
167 }
168 
169 static int GetFlowIntById(lua_State *luastate, Flow *f,
170  FlowVar **ret_fv, bool fv_may_be_null, uint32_t *ret_idx)
171 {
172  DetectLuaData *ld = NULL;
173  if (ret_idx)
174  *ret_idx = 0;
175  *ret_fv = NULL;
176 
177  /* need lua data for id -> idx conversion */
178  int ret = GetLuaData(luastate, &ld);
179  if (ret != 0)
180  return ret;
181 
182  if (!lua_isnumber(luastate, 1)) {
183  LUA_ERROR("flowvar id not a number");
184  }
185  int id = lua_tonumber(luastate, 1);
186  if (id < 0 || id >= DETECT_LUA_MAX_FLOWVARS) {
187  LUA_ERROR("flowvar id out of range");
188  }
189  uint32_t idx = ld->flowint[id];
190  if (idx == 0) {
191  LUA_ERROR("flowvar id uninitialized");
192  }
193  FlowVar *fv = FlowVarGet(f, idx);
194  if (!fv_may_be_null && fv == NULL) {
195  LUA_ERROR("no flow var");
196  }
197  *ret_fv = fv;
198  if (ret_idx)
199  *ret_idx = idx;
200  return 0;
201 }
202 
203 static int LuaGetFlowvar(lua_State *luastate)
204 {
205  Flow *f;
206  FlowVar *fv;
207  int ret;
208 
209  /* need flow */
210  ret = GetFlow(luastate, &f);
211  if (ret != 0)
212  return ret;
213 
214  if (lua_isnumber(luastate, 1)) {
215  ret = GetFlowVarById(luastate, f, &fv, false, NULL);
216  if (ret != 0 || fv == NULL)
217  return ret;
218  } else if (lua_isstring(luastate, 1)) {
219  ret = GetFlowVarByKey(luastate, f, &fv);
220  if (ret != 0 || fv == NULL)
221  return ret;
222  } else {
223  LUA_ERROR("invalid data type as first argument");
224  }
225 
226  LuaPushStringBuffer(luastate,
227  (const uint8_t *)fv->data.fv_str.value,
228  (size_t)fv->data.fv_str.value_len);
229  return 1;
230 }
231 
232 static int LuaSetFlowvarById(lua_State *luastate)
233 {
234  uint32_t idx = 0;
235  Flow *f;
236  const char *str;
237  int len;
238  uint8_t *buffer;
239  FlowVar *fv = NULL;
240 
241  /* need flow */
242  int ret = GetFlow(luastate, &f);
243  if (ret != 0)
244  return ret;
245 
246  ret = GetFlowVarById(luastate, f, &fv, true, &idx);
247  if (ret != 0)
248  return ret;
249 
250  if (!lua_isstring(luastate, 2)) {
251  LUA_ERROR("buffer not a string");
252  }
253  str = lua_tostring(luastate, 2);
254  if (str == NULL) {
255  LUA_ERROR("buffer is null");
256  }
257 
258  if (!lua_isnumber(luastate, 3)) {
259  LUA_ERROR("buffer length not specified");
260  }
261  len = lua_tonumber(luastate, 3);
262  if (len < 0 || len > 0xffff) {
263  LUA_ERROR("len out of range: max 64k");
264  }
265 
266  buffer = SCMalloc(len+1);
267  if (unlikely(buffer == NULL)) {
268  LUA_ERROR("out of memory");
269  }
270  memcpy(buffer, str, len);
271  buffer[len] = '\0';
272 
273  FlowVarAddIdValue(f, idx, buffer, (uint16_t)len);
274  return 0;
275 }
276 
277 static int LuaSetFlowvarByKey(lua_State *luastate)
278 {
279  Flow *f;
280  const char *str;
281  int len;
282  uint8_t *buffer;
283 
284  /* need flow */
285  int ret = GetFlow(luastate, &f);
286  if (ret != 0)
287  return ret;
288 
289  const char *keystr = NULL;
290  int keylen = 0;
291 
292  keystr = lua_tostring(luastate, 1);
293  if (keystr == NULL) {
294  LUA_ERROR("key is null");
295  }
296  if (!lua_isnumber(luastate, 2)) {
297  LUA_ERROR("key length not specified");
298  }
299  keylen = lua_tonumber(luastate, 2);
300  if (keylen < 0 || keylen > 0xff) {
301  LUA_ERROR("key len out of range: max 256");
302  }
303 
304  if (!lua_isstring(luastate, 3)) {
305  LUA_ERROR("buffer not a string");
306  }
307  str = lua_tostring(luastate, 3);
308  if (str == NULL) {
309  LUA_ERROR("buffer is null");
310  }
311 
312  if (!lua_isnumber(luastate, 4)) {
313  LUA_ERROR("buffer length not specified");
314  }
315  len = lua_tonumber(luastate, 4);
316  if (len < 0 || len > 0xffff) {
317  LUA_ERROR("len out of range: max 64k");
318  }
319 
320  buffer = SCMalloc(len+1);
321  if (unlikely(buffer == NULL)) {
322  LUA_ERROR("out of memory");
323  }
324  memcpy(buffer, str, len);
325  buffer[len] = '\0';
326 
327  uint8_t *keybuf = SCMalloc(keylen+1);
328  if (unlikely(keybuf == NULL)) {
329  SCFree(buffer);
330  LUA_ERROR("out of memory");
331  }
332  memcpy(keybuf, keystr, keylen);
333  keybuf[keylen] = '\0';
334  FlowVarAddKeyValue(f, keybuf, (uint16_t)keylen, buffer, (uint16_t)len);
335 
336  return 0;
337 }
338 
339 static int LuaSetFlowvar(lua_State *luastate)
340 {
341  if (lua_isnumber(luastate, 1)) {
342  return LuaSetFlowvarById(luastate);
343  } else {
344  return LuaSetFlowvarByKey(luastate);
345  }
346 }
347 
348 static int LuaGetFlowint(lua_State *luastate)
349 {
350  Flow *f;
351  FlowVar *fv;
352  uint32_t number;
353 
354  /* need flow */
355  int ret = GetFlow(luastate, &f);
356  if (ret != 0)
357  return ret;
358 
359  ret = GetFlowIntById(luastate, f, &fv, false, NULL);
360  if (ret != 0)
361  return ret;
362 
363  number = fv->data.fv_int.value;
364 
365  /* return value through luastate, as a luanumber */
366  lua_pushnumber(luastate, (lua_Number)number);
367  return 1;
368 
369 }
370 
371 static int LuaSetFlowint(lua_State *luastate)
372 {
373  uint32_t idx;
374  Flow *f;
375  DetectLuaData *ld;
376 
377  /* need lua data for id -> idx conversion */
378  int ret = GetLuaData(luastate, &ld);
379  if (ret != 0)
380  return ret;
381 
382  /* need flow */
383  ret = GetFlow(luastate, &f);
384  if (ret != 0)
385  return ret;
386 
387  /* need flowint idx */
388  if (!lua_isnumber(luastate, 1)) {
389  LUA_ERROR("1st arg not a number");
390  }
391  int id = lua_tonumber(luastate, 1);
392  if (id < 0 || id >= DETECT_LUA_MAX_FLOWVARS) {
393  LUA_ERROR("flowint id out of range");
394  }
395 
396  if (!lua_isnumber(luastate, 2)) {
397  LUA_ERROR("2nd arg not a number");
398  }
399  lua_Number luanumber = lua_tonumber(luastate, 2);
400  if (luanumber < 0 || id > (double)UINT_MAX) {
401  LUA_ERROR("value out of range, "
402  "value must be unsigned 32bit int");
403  }
404  uint32_t number = (uint32_t)luanumber;
405 
406  idx = ld->flowint[id];
407  if (idx == 0) {
408  LUA_ERROR("flowint id uninitialized");
409  }
410 
411  FlowVarAddInt(f, idx, number);
412 
413  SCLogDebug("stored flow:%p idx:%u value:%u", f, idx, number);
414  return 0;
415 }
416 
417 static int LuaIncrFlowint(lua_State *luastate)
418 {
419  uint32_t idx;
420  Flow *f;
421  FlowVar *fv;
422  uint32_t number;
423 
424  /* need flow */
425  int ret = GetFlow(luastate, &f);
426  if (ret != 0)
427  return ret;
428 
429  ret = GetFlowIntById(luastate, f, &fv, true, &idx);
430  if (ret != 0)
431  return ret;
432 
433  if (fv == NULL) {
434  number = 1;
435  } else {
436  number = fv->data.fv_int.value;
437  if (number < UINT_MAX)
438  number++;
439  }
440  FlowVarAddIntNoLock(f, idx, number);
441 
442  /* return value through luastate, as a luanumber */
443  lua_pushnumber(luastate, (lua_Number)number);
444  SCLogDebug("incremented flow:%p idx:%u value:%u", f, idx, number);
445  return 1;
446 
447 }
448 
449 static int LuaDecrFlowint(lua_State *luastate)
450 {
451  uint32_t idx;
452  Flow *f;
453  FlowVar *fv;
454  uint32_t number;
455 
456  /* need flow */
457  int ret = GetFlow(luastate, &f);
458  if (ret != 0)
459  return ret;
460 
461  ret = GetFlowIntById(luastate, f, &fv, true, &idx);
462  if (ret != 0)
463  return ret;
464 
465  if (fv == NULL) {
466  number = 0;
467  } else {
468  number = fv->data.fv_int.value;
469  if (number > 0)
470  number--;
471  }
472  FlowVarAddIntNoLock(f, idx, number);
473 
474  /* return value through luastate, as a luanumber */
475  lua_pushnumber(luastate, (lua_Number)number);
476  SCLogDebug("decremented flow:%p idx:%u value:%u", f, idx, number);
477  return 1;
478 
479 }
480 
481 static int LuaGetByteVar(lua_State *luastate)
482 {
483  DetectLuaData *ld = NULL;
484  DetectEngineThreadCtx *det_ctx = LuaStateGetDetCtx(luastate);
485 
486  if (det_ctx == NULL)
487  return LuaCallbackError(luastate, "internal error: no ldet_ctx");
488 
489  int ret = GetLuaData(luastate, &ld);
490  if (ret != 0)
491  return ret;
492 
493  if (!lua_isnumber(luastate, 1)) {
494  LUA_ERROR("bytevar id not a number");
495  }
496  int id = lua_tonumber(luastate, 1);
497  if (id < 0 || id >= DETECT_LUA_MAX_BYTEVARS) {
498  LUA_ERROR("bytevar id out of range");
499  }
500  uint32_t idx = ld->bytevar[id];
501 
502  lua_pushinteger(luastate, det_ctx->byte_values[idx]);
503 
504  return 1;
505 }
506 
507 void LuaExtensionsMatchSetup(lua_State *lua_state, DetectLuaData *ld,
508  DetectEngineThreadCtx *det_ctx, Flow *f, Packet *p, const Signature *s, uint8_t flags)
509 {
510  SCLogDebug("det_ctx %p, f %p", det_ctx, f);
511 
512  /* lua keyword data */
513  lua_pushlightuserdata(lua_state, (void *)&luaext_key_ld);
514  lua_pushlightuserdata(lua_state, (void *)ld);
515  lua_settable(lua_state, LUA_REGISTRYINDEX);
516 
517  LuaStateSetSignature(lua_state, s);
518 
519  LuaStateSetFlow(lua_state, f);
520  LuaStateSetDetCtx(lua_state, det_ctx);
521 
522  if (det_ctx->tx_id_set) {
523  if (f && f->alstate) {
524  void *txptr = AppLayerParserGetTx(f->proto, f->alproto, f->alstate, det_ctx->tx_id);
525  if (txptr) {
526  LuaStateSetTX(lua_state, txptr, det_ctx->tx_id);
527  }
528  }
529  }
530 
531  if (p != NULL)
532  LuaStateSetPacket(lua_state, p);
533 
534  LuaStateSetDirection(lua_state, (flags & STREAM_TOSERVER));
535 }
536 
537 /**
538  * \brief Register Suricata Lua functions
539  */
540 int LuaRegisterExtensions(lua_State *lua_state)
541 {
542  lua_pushcfunction(lua_state, LuaGetFlowvar);
543  lua_setglobal(lua_state, "ScFlowvarGet");
544 
545  lua_pushcfunction(lua_state, LuaGetFlowvar);
546  lua_setglobal(lua_state, "SCFlowvarGet");
547 
548  lua_pushcfunction(lua_state, LuaSetFlowvar);
549  lua_setglobal(lua_state, "ScFlowvarSet");
550 
551  lua_pushcfunction(lua_state, LuaSetFlowvar);
552  lua_setglobal(lua_state, "SCFlowvarSet");
553 
554  lua_pushcfunction(lua_state, LuaGetFlowint);
555  lua_setglobal(lua_state, "ScFlowintGet");
556 
557  lua_pushcfunction(lua_state, LuaGetFlowint);
558  lua_setglobal(lua_state, "SCFlowintGet");
559 
560  lua_pushcfunction(lua_state, LuaSetFlowint);
561  lua_setglobal(lua_state, "ScFlowintSet");
562 
563  lua_pushcfunction(lua_state, LuaSetFlowint);
564  lua_setglobal(lua_state, "SCFlowintSet");
565 
566  lua_pushcfunction(lua_state, LuaIncrFlowint);
567  lua_setglobal(lua_state, "ScFlowintIncr");
568 
569  lua_pushcfunction(lua_state, LuaIncrFlowint);
570  lua_setglobal(lua_state, "SCFlowintIncr");
571 
572  lua_pushcfunction(lua_state, LuaDecrFlowint);
573  lua_setglobal(lua_state, "ScFlowintDecr");
574 
575  lua_pushcfunction(lua_state, LuaDecrFlowint);
576  lua_setglobal(lua_state, "SCFlowintDecr");
577 
578  lua_pushcfunction(lua_state, LuaGetByteVar);
579  lua_setglobal(lua_state, "SCByteVarGet");
580 
581  LuaRegisterFunctions(lua_state);
582  LuaRegisterHttpFunctions(lua_state);
583  LuaRegisterDnsFunctions(lua_state);
584  LuaRegisterJa3Functions(lua_state);
585  LuaRegisterTlsFunctions(lua_state);
586  LuaRegisterSshFunctions(lua_state);
587  LuaRegisterHasshFunctions(lua_state);
588  LuaRegisterSmtpFunctions(lua_state);
589  LuaRegisterDNP3Functions(lua_state);
590  return 0;
591 }
DetectEngineThreadCtx_::byte_values
uint64_t * byte_values
Definition: detect.h:1133
LuaStateSetTX
void LuaStateSetTX(lua_State *luastate, void *txptr, const uint64_t tx_id)
Definition: util-lua.c:150
LuaStateSetPacket
void LuaStateSetPacket(lua_State *luastate, Packet *p)
Definition: util-lua.c:126
DetectLuaData
Definition: detect-lua.h:40
len
uint8_t len
Definition: app-layer-dnp3.h:2
detect-engine.h
FlowVar_::data
union FlowVar_::@109 data
util-lua-ssh.h
util-lua-hassh.h
util-lua-common.h
flow-util.h
FlowVarAddKeyValue
void FlowVarAddKeyValue(Flow *f, uint8_t *key, uint16_t keysize, uint8_t *value, uint16_t size)
Definition: flow-var.c:94
stream-tcp.h
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
LuaRegisterDNP3Functions
int LuaRegisterDNP3Functions(lua_State *luastate)
Definition: util-lua-dnp3.c:191
Flow_::proto
uint8_t proto
Definition: flow.h:378
util-lua.h
LuaCallbackError
int LuaCallbackError(lua_State *luastate, const char *msg)
Definition: util-lua-common.c:59
DetectEngineThreadCtx_::tx_id
uint64_t tx_id
Definition: detect.h:1174
FlowVarTypeStr::value_len
uint16_t value_len
Definition: flow-var.h:39
threads.h
Flow_
Flow data structure.
Definition: flow.h:356
util-lua-ja3.h
LuaRegisterDnsFunctions
int LuaRegisterDnsFunctions(lua_State *luastate)
register http lua extensions in a luastate
Definition: util-lua-dns.c:134
FlowVar_::fv_str
FlowVarTypeStr fv_str
Definition: flow-var.h:57
LuaRegisterSshFunctions
int LuaRegisterSshFunctions(lua_State *luastate)
register ssh lua extensions in a luastate
Definition: util-lua-ssh.c:199
detect-lua.h
DETECT_LUA_MAX_FLOWVARS
#define DETECT_LUA_MAX_FLOWVARS
Definition: detect-lua.h:36
DetectLuaData::flowvar
uint32_t flowvar[DETECT_LUA_MAX_FLOWVARS]
Definition: detect-lua.h:50
LuaStateSetFlow
void LuaStateSetFlow(lua_State *luastate, Flow *f)
set a flow pointer in the lua state
Definition: util-lua.c:176
LuaStateGetDetCtx
DetectEngineThreadCtx * LuaStateGetDetCtx(lua_State *luastate)
get DetectEngineThreadCtx pointer from the lua state
Definition: util-lua.c:239
util-unittest.h
LUA_ERROR
#define LUA_ERROR(msg)
Definition: detect-lua-extensions.c:79
util-unittest-helper.h
detect-flowvar.h
lua_State
struct lua_State lua_State
Definition: suricata-common.h:506
FlowVar_::fv_int
FlowVarTypeInt fv_int
Definition: flow-var.h:58
LuaRegisterHttpFunctions
int LuaRegisterHttpFunctions(lua_State *luastate)
register http lua extensions in a luastate
Definition: util-lua-http.c:318
decode.h
util-debug.h
FlowVarGetByKey
FlowVar * FlowVarGetByKey(Flow *f, const uint8_t *key, uint16_t keylen)
get the flowvar with index 'idx' from the flow
Definition: flow-var.c:54
LuaRegisterHasshFunctions
int LuaRegisterHasshFunctions(lua_State *luastate)
Register Hassh Lua extensions.
Definition: util-lua-hassh.c:199
DetectEngineThreadCtx_
Definition: detect.h:1093
util-cpu.h
util-print.h
detect-engine-mpm.h
detect.h
DETECT_LUA_MAX_BYTEVARS
#define DETECT_LUA_MAX_BYTEVARS
Definition: detect-lua.h:38
app-layer-parser.h
DetectLuaData::bytevar
uint32_t bytevar[DETECT_LUA_MAX_BYTEVARS]
Definition: detect-lua.h:52
LuaStateSetDetCtx
void LuaStateSetDetCtx(lua_State *luastate, DetectEngineThreadCtx *det_ctx)
Definition: util-lua.c:247
Packet_
Definition: decode.h:473
DetectLuaData::flowint
uint32_t flowint[DETECT_LUA_MAX_FLOWINTS]
Definition: detect-lua.h:47
conf.h
util-lua-dnp3.h
FlowVarAddIdValue
void FlowVarAddIdValue(Flow *f, uint32_t idx, uint8_t *value, uint16_t size)
Definition: flow-var.c:113
detect-engine-state.h
Data structures and function prototypes for keeping state for the detection engine.
LuaRegisterTlsFunctions
int LuaRegisterTlsFunctions(lua_State *luastate)
register tls lua extensions in a luastate
Definition: util-lua-tls.c:338
queue.h
LuaExtensionsMatchSetup
void LuaExtensionsMatchSetup(lua_State *lua_state, DetectLuaData *ld, DetectEngineThreadCtx *det_ctx, Flow *f, Packet *p, const Signature *s, uint8_t flags)
Definition: detect-lua-extensions.c:507
AppLayerParserGetTx
void * AppLayerParserGetTx(uint8_t ipproto, AppProto alproto, void *alstate, uint64_t tx_id)
Definition: app-layer-parser.c:1087
FlowVarTypeInt_::value
uint32_t value
Definition: flow-var.h:44
LuaRegisterJa3Functions
int LuaRegisterJa3Functions(lua_State *luastate)
Register JA3 Lua extensions.
Definition: util-lua-ja3.c:153
util-lua-smtp.h
FlowVarTypeStr::value
uint8_t * value
Definition: flow-var.h:38
flags
uint8_t flags
Definition: decode-gre.h:0
detect-lua-extensions.h
suricata-common.h
util-lua-dns.h
util-spm-bm.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
str
#define str(s)
Definition: suricata-common.h:291
LuaStateSetDirection
void LuaStateSetDirection(lua_State *luastate, int direction)
Definition: util-lua.c:278
SCFree
#define SCFree(p)
Definition: util-mem.h:61
Flow_::alstate
void * alstate
Definition: flow.h:481
FlowVarAddInt
void FlowVarAddInt(Flow *f, uint32_t idx, uint32_t value)
Definition: flow-var.c:156
detect-parse.h
Signature_
Signature container.
Definition: detect.h:601
LuaStateGetFlow
Flow * LuaStateGetFlow(lua_State *luastate)
get flow pointer from lua state
Definition: util-lua.c:161
FlowVarAddIntNoLock
void FlowVarAddIntNoLock(Flow *f, uint32_t idx, uint32_t value)
Definition: flow-var.c:135
util-lua-tls.h
DetectEngineThreadCtx_::tx_id_set
bool tx_id_set
Definition: detect.h:1172
LuaRegisterExtensions
int LuaRegisterExtensions(lua_State *lua_state)
Register Suricata Lua functions.
Definition: detect-lua-extensions.c:540
util-lua-http.h
FlowVarGet
FlowVar * FlowVarGet(Flow *f, uint32_t idx)
get the flowvar with index 'idx' from the flow
Definition: flow-var.c:78
LuaRegisterSmtpFunctions
int LuaRegisterSmtpFunctions(lua_State *luastate)
Definition: util-lua-smtp.c:315
flow.h
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:455
flow-var.h
LuaStateSetSignature
void LuaStateSetSignature(lua_State *luastate, const Signature *s)
Definition: util-lua.c:215
FlowVar_
Definition: flow-var.h:48
LuaRegisterFunctions
int LuaRegisterFunctions(lua_State *luastate)
Definition: util-lua-common.c:931
LuaPushStringBuffer
int LuaPushStringBuffer(lua_State *luastate, const uint8_t *input, size_t input_len)
Definition: util-lua.c:319
app-layer.h