70 SCLogError(
"no Lua support built in, needed for lua/luajit keyword");
103 static void DetectLuaRegisterTests(
void);
106 static int g_smtp_generic_list_id = 0;
135 #define DATATYPE_PACKET BIT_U32(0)
136 #define DATATYPE_PAYLOAD BIT_U32(1)
137 #define DATATYPE_STREAM BIT_U32(2)
139 #define DATATYPE_HTTP_URI BIT_U32(3)
140 #define DATATYPE_HTTP_URI_RAW BIT_U32(4)
142 #define DATATYPE_HTTP_REQUEST_HEADERS BIT_U32(5)
143 #define DATATYPE_HTTP_REQUEST_HEADERS_RAW BIT_U32(6)
144 #define DATATYPE_HTTP_REQUEST_COOKIE BIT_U32(7)
145 #define DATATYPE_HTTP_REQUEST_UA BIT_U32(8)
147 #define DATATYPE_HTTP_REQUEST_LINE BIT_U32(9)
148 #define DATATYPE_HTTP_REQUEST_BODY BIT_U32(10)
150 #define DATATYPE_HTTP_RESPONSE_COOKIE BIT_U32(11)
151 #define DATATYPE_HTTP_RESPONSE_BODY BIT_U32(12)
153 #define DATATYPE_HTTP_RESPONSE_HEADERS BIT_U32(13)
154 #define DATATYPE_HTTP_RESPONSE_HEADERS_RAW BIT_U32(14)
156 #define DATATYPE_DNS_RRNAME BIT_U32(15)
157 #define DATATYPE_DNS_REQUEST BIT_U32(16)
158 #define DATATYPE_DNS_RESPONSE BIT_U32(17)
160 #define DATATYPE_TLS BIT_U32(18)
161 #define DATATYPE_SSH BIT_U32(19)
162 #define DATATYPE_SMTP BIT_U32(20)
164 #define DATATYPE_DNP3 BIT_U32(21)
166 #define DATATYPE_BUFFER BIT_U32(22)
172 int size = lua_gettop(state);
175 for (i = 1; i <= size; i++) {
176 int type = lua_type(state, i);
177 printf(
"Stack size=%d, level=%d, type=%d, ", size, i,
type);
181 printf(
"function %s", lua_tostring(state, i) ?
"true" :
"false");
184 printf(
"bool %s", lua_toboolean(state, i) ?
"true" :
"false");
187 printf(
"number %g", lua_tonumber(state, i));
190 printf(
"string `%s'", lua_tostring(state, i));
193 printf(
"table `%s'", lua_tostring(state, i));
196 printf(
"other %s", lua_typename(state,
type));
207 const uint8_t *buffer, uint32_t buffer_len, uint32_t
offset,
213 if (buffer == NULL || buffer_len == 0)
216 DetectLuaData *lua = (DetectLuaData *)smd->
ctx;
224 LuaExtensionsMatchSetup(tlua->luastate, lua, det_ctx, f, NULL, s, 0);
227 lua_getglobal(tlua->luastate,
"match");
228 lua_newtable(tlua->luastate);
230 lua_pushliteral (tlua->luastate,
"offset");
231 lua_pushnumber (tlua->luastate, (
int)(
offset + 1));
232 lua_settable(tlua->luastate, -3);
234 lua_pushstring (tlua->luastate, lua->buffername);
235 LuaPushStringBuffer(tlua->luastate, (
const uint8_t *)buffer, (
size_t)buffer_len);
236 lua_settable(tlua->luastate, -3);
238 int retval = lua_pcall(tlua->luastate, 1, 1, 0);
240 SCLogInfo(
"failed to run script: %s", lua_tostring(tlua->luastate, -1));
244 if (lua_gettop(tlua->luastate) > 0) {
246 if (lua_type(tlua->luastate, 1) == LUA_TNUMBER) {
247 double script_ret = lua_tonumber(tlua->luastate, 1);
249 lua_pop(tlua->luastate, 1);
251 if (script_ret == 1.0)
255 }
else if (lua_type(tlua->luastate, 1) == LUA_TTABLE) {
256 lua_pushnil(tlua->luastate);
258 while (lua_next(tlua->luastate, -2)) {
259 v = lua_tostring(tlua->luastate, -1);
260 lua_pop(tlua->luastate, 1);
261 k = lua_tostring(tlua->luastate, -1);
268 if (strcmp(k,
"retval") == 0) {
272 "for \"retval\" from LUA return table: '%s'",
285 lua_pop(tlua->luastate, 1);
292 while (lua_gettop(tlua->luastate) > 0) {
293 lua_pop(tlua->luastate, 1);
323 DetectLuaData *lua = (DetectLuaData *)ctx;
334 flags = STREAM_TOSERVER;
336 flags = STREAM_TOCLIENT;
338 LuaStateSetThreadVars(tlua->luastate, det_ctx->
tv);
340 LuaExtensionsMatchSetup(tlua->luastate, lua, det_ctx, p->
flow, p, s,
flags);
342 if ((tlua->flags & DATATYPE_PAYLOAD) && p->
payload_len == 0)
344 if ((tlua->flags & DATATYPE_PACKET) &&
GET_PKT_LEN(p) == 0)
351 if (tlua->alproto != alproto)
355 lua_getglobal(tlua->luastate,
"match");
356 lua_newtable(tlua->luastate);
358 if ((tlua->flags & DATATYPE_PAYLOAD) && p->
payload_len) {
359 lua_pushliteral(tlua->luastate,
"payload");
360 LuaPushStringBuffer (tlua->luastate, (
const uint8_t *)p->
payload, (
size_t)p->
payload_len);
361 lua_settable(tlua->luastate, -3);
363 if ((tlua->flags & DATATYPE_PACKET) &&
GET_PKT_LEN(p)) {
364 lua_pushliteral(tlua->luastate,
"packet");
366 lua_settable(tlua->luastate, -3);
370 if (htp_state != NULL && htp_state->
connp != NULL) {
375 for ( ; idx < total_txs; idx++) {
380 if ((tlua->flags & DATATYPE_HTTP_REQUEST_LINE) && tx->request_line != NULL &&
381 bstr_len(tx->request_line) > 0) {
382 lua_pushliteral(tlua->luastate,
"http.request_line");
383 LuaPushStringBuffer(tlua->luastate,
384 (
const uint8_t *)bstr_ptr(tx->request_line),
385 bstr_len(tx->request_line));
386 lua_settable(tlua->luastate, -3);
392 int retval = lua_pcall(tlua->luastate, 1, 1, 0);
394 SCLogInfo(
"failed to run script: %s", lua_tostring(tlua->luastate, -1));
398 if (lua_gettop(tlua->luastate) > 0) {
401 if (lua_type(tlua->luastate, 1) == LUA_TNUMBER) {
402 double script_ret = lua_tonumber(tlua->luastate, 1);
404 lua_pop(tlua->luastate, 1);
406 if (script_ret == 1.0)
410 }
else if (lua_type(tlua->luastate, 1) == LUA_TTABLE) {
411 lua_pushnil(tlua->luastate);
413 while (lua_next(tlua->luastate, -2)) {
414 v = lua_tostring(tlua->luastate, -1);
415 lua_pop(tlua->luastate, 1);
416 k = lua_tostring(tlua->luastate, -1);
423 if (strcmp(k,
"retval") == 0) {
426 (
const char *)v) < 0) {
428 "for \"retval\" from LUA return table: '%s'",
441 lua_pop(tlua->luastate, 1);
444 while (lua_gettop(tlua->luastate) > 0) {
445 lua_pop(tlua->luastate, 1);
464 DetectLuaData *lua = (DetectLuaData *)ctx;
473 LuaExtensionsMatchSetup(tlua->luastate, lua, det_ctx, f, NULL, s,
flags);
477 if (tlua->alproto != alproto)
481 lua_getglobal(tlua->luastate,
"match");
482 lua_newtable(tlua->luastate);
486 if (htp_state != NULL && htp_state->
connp != NULL) {
490 if ((tlua->flags & DATATYPE_HTTP_REQUEST_LINE) && tx->request_line != NULL &&
491 bstr_len(tx->request_line) > 0) {
492 lua_pushliteral(tlua->luastate,
"http.request_line");
493 LuaPushStringBuffer(tlua->luastate,
494 (
const uint8_t *)bstr_ptr(tx->request_line),
495 bstr_len(tx->request_line));
496 lua_settable(tlua->luastate, -3);
502 int retval = lua_pcall(tlua->luastate, 1, 1, 0);
504 SCLogInfo(
"failed to run script: %s", lua_tostring(tlua->luastate, -1));
508 if (lua_gettop(tlua->luastate) > 0) {
511 if (lua_type(tlua->luastate, 1) == LUA_TNUMBER) {
512 double script_ret = lua_tonumber(tlua->luastate, 1);
514 lua_pop(tlua->luastate, 1);
516 if (script_ret == 1.0)
520 }
else if (lua_type(tlua->luastate, 1) == LUA_TTABLE) {
521 lua_pushnil(tlua->luastate);
523 while (lua_next(tlua->luastate, -2)) {
524 v = lua_tostring(tlua->luastate, -1);
525 lua_pop(tlua->luastate, 1);
526 k = lua_tostring(tlua->luastate, -1);
533 if (strcmp(k,
"retval") == 0) {
536 (
const char *)v) < 0) {
538 "for \"retval\" from LUA return table: '%s'",
551 lua_pop(tlua->luastate, 1);
554 while (lua_gettop(tlua->luastate) > 0) {
555 lua_pop(tlua->luastate, 1);
584 return DetectLuaAppMatchCommon(det_ctx, f,
flags, state, s, ctx);
590 static const char *ut_script = NULL;
593 static void *DetectLuaThreadInit(
void *data)
596 DetectLuaData *lua = (DetectLuaData *)data;
599 DetectLuaThreadData *t =
SCMalloc(
sizeof(DetectLuaThreadData));
604 memset(t, 0x00,
sizeof(DetectLuaThreadData));
606 t->alproto = lua->alproto;
607 t->flags = lua->flags;
609 t->luastate = LuaGetState();
610 if (t->luastate == NULL) {
615 luaL_openlibs(t->luastate);
617 LuaRegisterExtensions(t->luastate);
619 lua_pushinteger(t->luastate, (lua_Integer)(lua->sid));
620 lua_setglobal(t->luastate,
"SCRuleSid");
621 lua_pushinteger(t->luastate, (lua_Integer)(lua->rev));
622 lua_setglobal(t->luastate,
"SCRuleRev");
623 lua_pushinteger(t->luastate, (lua_Integer)(lua->gid));
624 lua_setglobal(t->luastate,
"SCRuleGid");
628 if (ut_script != NULL) {
629 status = luaL_loadbuffer(t->luastate, ut_script, strlen(ut_script),
"unittest");
631 SCLogError(
"couldn't load file: %s", lua_tostring(t->luastate, -1));
636 status = luaL_loadfile(t->luastate, lua->filename);
638 SCLogError(
"couldn't load file: %s", lua_tostring(t->luastate, -1));
646 if (lua_pcall(t->luastate, 0, 0, 0) != 0) {
647 SCLogError(
"couldn't prime file: %s", lua_tostring(t->luastate, -1));
654 if (t->luastate != NULL)
655 LuaReturnState(t->luastate);
660 static void DetectLuaThreadFree(
void *ctx)
663 DetectLuaThreadData *t = (DetectLuaThreadData *)ctx;
664 if (t->luastate != NULL)
665 LuaReturnState(t->luastate);
681 DetectLuaData *lua = NULL;
684 lua =
SCMalloc(
sizeof(DetectLuaData));
688 memset(lua, 0x00,
sizeof(DetectLuaData));
690 if (strlen(
str) &&
str[0] ==
'!') {
697 if (lua->filename == NULL) {
705 DetectLuaFree(
de_ctx, lua);
714 if (luastate == NULL)
716 luaL_openlibs(luastate);
720 if (ut_script != NULL) {
721 status = luaL_loadbuffer(luastate, ut_script, strlen(ut_script),
"unittest");
723 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
728 status = luaL_loadfile(luastate, ld->filename);
730 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
738 if (lua_pcall(luastate, 0, 0, 0) != 0) {
739 SCLogError(
"couldn't prime file: %s", lua_tostring(luastate, -1));
743 lua_getglobal(luastate,
"init");
744 if (lua_type(luastate, -1) != LUA_TFUNCTION) {
749 lua_newtable(luastate);
750 if (lua_gettop(luastate) == 0 || lua_type(luastate, 2) != LUA_TTABLE) {
755 lua_pushliteral(luastate,
"script_api_ver");
756 lua_pushnumber (luastate, 1);
757 lua_settable(luastate, -3);
759 if (lua_pcall(luastate, 1, 1, 0) != 0) {
760 SCLogError(
"couldn't run script 'init' function: %s", lua_tostring(luastate, -1));
765 if (lua_gettop(luastate) == 0) {
766 SCLogError(
"init function in script should return table, nothing returned");
769 if (lua_type(luastate, 1) != LUA_TTABLE) {
770 SCLogError(
"init function in script should return table, returned is not table");
774 lua_pushnil(luastate);
776 while (lua_next(luastate, -2)) {
777 k = lua_tostring(luastate, -2);
782 if (strcmp(k,
"flowvar") == 0) {
783 if (lua_istable(luastate, -1)) {
784 lua_pushnil(luastate);
785 while (lua_next(luastate, -2) != 0) {
787 const char *value = lua_tostring(luastate, -1);
790 lua_pop(luastate, 1);
792 if (ld->flowvars == DETECT_LUAJIT_MAX_FLOWVARS) {
798 ld->flowvar[ld->flowvars++] = idx;
799 SCLogDebug(
"script uses flowvar %u with script id %u", idx, ld->flowvars - 1);
802 lua_pop(luastate, 1);
804 }
else if (strcmp(k,
"flowint") == 0) {
805 if (lua_istable(luastate, -1)) {
806 lua_pushnil(luastate);
807 while (lua_next(luastate, -2) != 0) {
809 const char *value = lua_tostring(luastate, -1);
812 lua_pop(luastate, 1);
814 if (ld->flowints == DETECT_LUAJIT_MAX_FLOWINTS) {
820 ld->flowint[ld->flowints++] = idx;
821 SCLogDebug(
"script uses flowint %u with script id %u", idx, ld->flowints - 1);
824 lua_pop(luastate, 1);
826 }
else if (strcmp(k,
"bytevar") == 0) {
827 if (lua_istable(luastate, -1)) {
828 lua_pushnil(luastate);
829 while (lua_next(luastate, -2) != 0) {
831 const char *value = lua_tostring(luastate, -1);
834 lua_pop(luastate, 1);
836 if (ld->bytevars == DETECT_LUAJIT_MAX_BYTEVARS) {
843 SCLogError(
"Unknown byte_extract or byte_math var "
844 "requested by lua script - %s",
848 ld->bytevar[ld->bytevars++] = idx;
849 SCLogDebug(
"script uses bytevar %u with script id %u", idx, ld->bytevars - 1);
852 lua_pop(luastate, 1);
856 v = lua_tostring(luastate, -1);
857 lua_pop(luastate, 1);
862 if (strcmp(k,
"packet") == 0 && strcmp(v,
"true") == 0) {
863 ld->flags |= DATATYPE_PACKET;
864 }
else if (strcmp(k,
"payload") == 0 && strcmp(v,
"true") == 0) {
865 ld->flags |= DATATYPE_PAYLOAD;
866 }
else if (strcmp(k,
"buffer") == 0 && strcmp(v,
"true") == 0) {
867 ld->flags |= DATATYPE_BUFFER;
869 ld->buffername =
SCStrdup(
"buffer");
870 if (ld->buffername == NULL) {
874 }
else if (strcmp(k,
"stream") == 0 && strcmp(v,
"true") == 0) {
875 ld->flags |= DATATYPE_STREAM;
877 ld->buffername =
SCStrdup(
"stream");
878 if (ld->buffername == NULL) {
883 }
else if (strncmp(k,
"http", 4) == 0 && strcmp(v,
"true") == 0) {
886 "can just inspect script against one app layer proto like HTTP at a time");
889 if (ld->flags != 0) {
890 SCLogError(
"when inspecting HTTP buffers only a single buffer can be inspected");
897 if (strcmp(k,
"http.uri") == 0)
898 ld->flags |= DATATYPE_HTTP_URI;
900 else if (strcmp(k,
"http.uri.raw") == 0)
901 ld->flags |= DATATYPE_HTTP_URI_RAW;
903 else if (strcmp(k,
"http.request_line") == 0)
904 ld->flags |= DATATYPE_HTTP_REQUEST_LINE;
906 else if (strcmp(k,
"http.request_headers") == 0)
907 ld->flags |= DATATYPE_HTTP_REQUEST_HEADERS;
909 else if (strcmp(k,
"http.request_headers.raw") == 0)
910 ld->flags |= DATATYPE_HTTP_REQUEST_HEADERS_RAW;
912 else if (strcmp(k,
"http.request_cookie") == 0)
913 ld->flags |= DATATYPE_HTTP_REQUEST_COOKIE;
915 else if (strcmp(k,
"http.request_user_agent") == 0)
916 ld->flags |= DATATYPE_HTTP_REQUEST_UA;
918 else if (strcmp(k,
"http.request_body") == 0)
919 ld->flags |= DATATYPE_HTTP_REQUEST_BODY;
921 else if (strcmp(k,
"http.response_body") == 0)
922 ld->flags |= DATATYPE_HTTP_RESPONSE_BODY;
924 else if (strcmp(k,
"http.response_cookie") == 0)
925 ld->flags |= DATATYPE_HTTP_RESPONSE_COOKIE;
927 else if (strcmp(k,
"http.response_headers") == 0)
928 ld->flags |= DATATYPE_HTTP_RESPONSE_HEADERS;
930 else if (strcmp(k,
"http.response_headers.raw") == 0)
931 ld->flags |= DATATYPE_HTTP_RESPONSE_HEADERS_RAW;
934 SCLogError(
"unsupported http data type %s", k);
939 if (ld->buffername == NULL) {
943 }
else if (strncmp(k,
"dns", 3) == 0 && strcmp(v,
"true") == 0) {
947 if (strcmp(k,
"dns.rrname") == 0)
948 ld->flags |= DATATYPE_DNS_RRNAME;
949 else if (strcmp(k,
"dns.request") == 0)
950 ld->flags |= DATATYPE_DNS_REQUEST;
951 else if (strcmp(k,
"dns.response") == 0)
952 ld->flags |= DATATYPE_DNS_RESPONSE;
955 SCLogError(
"unsupported dns data type %s", k);
959 if (ld->buffername == NULL) {
963 }
else if (strncmp(k,
"tls", 3) == 0 && strcmp(v,
"true") == 0) {
967 ld->flags |= DATATYPE_TLS;
969 }
else if (strncmp(k,
"ssh", 3) == 0 && strcmp(v,
"true") == 0) {
973 ld->flags |= DATATYPE_SSH;
975 }
else if (strncmp(k,
"smtp", 4) == 0 && strcmp(v,
"true") == 0) {
979 ld->flags |= DATATYPE_SMTP;
981 }
else if (strncmp(k,
"dnp3", 4) == 0 && strcmp(v,
"true") == 0) {
985 ld->flags |= DATATYPE_DNP3;
994 lua_pop(luastate, 1);
1015 DetectLuaData *lua = NULL;
1022 if (DetectLuaSetupPrime(
de_ctx, lua, s) == -1) {
1027 DetectLuaThreadInit, (
void *)lua,
1028 DetectLuaThreadFree, 0);
1029 if (lua->thread_ctx_id == -1)
1050 if (lua->flags & DATATYPE_STREAM)
1053 if (lua->flags & DATATYPE_BUFFER) {
1065 if (lua->flags & DATATYPE_HTTP_RESPONSE_BODY) {
1067 }
else if (lua->flags & DATATYPE_HTTP_REQUEST_BODY) {
1069 }
else if (lua->flags & DATATYPE_HTTP_URI) {
1071 }
else if (lua->flags & DATATYPE_HTTP_URI_RAW) {
1073 }
else if (lua->flags & DATATYPE_HTTP_REQUEST_COOKIE ||
1074 lua->flags & DATATYPE_HTTP_RESPONSE_COOKIE)
1077 }
else if (lua->flags & DATATYPE_HTTP_REQUEST_UA) {
1079 }
else if (lua->flags & (DATATYPE_HTTP_REQUEST_HEADERS|DATATYPE_HTTP_RESPONSE_HEADERS)) {
1081 }
else if (lua->flags & (DATATYPE_HTTP_REQUEST_HEADERS_RAW|DATATYPE_HTTP_RESPONSE_HEADERS_RAW)) {
1087 if (lua->flags & DATATYPE_DNS_RRNAME) {
1089 }
else if (lua->flags & DATATYPE_DNS_REQUEST) {
1091 }
else if (lua->flags & DATATYPE_DNS_RESPONSE) {
1099 list = g_smtp_generic_list_id;
1118 DetectLuaFree(
de_ctx, lua);
1137 DetectLuaData *ld = (DetectLuaData *)sm->
ctx;
1153 DetectLuaData *lua = (DetectLuaData *)ptr;
1155 if (lua->buffername)
1170 static int LuaMatchTest01(
void)
1172 const char script[] =
1173 "function init (args)\n"
1174 " local needs = {}\n"
1175 " needs[\"http.request_headers\"] = tostring(true)\n"
1176 " needs[\"flowvar\"] = {\"cnt\"}\n"
1180 "function match(args)\n"
1181 " a = ScFlowvarGet(0)\n"
1183 " a = tostring(tonumber(a)+1)\n"
1185 " ScFlowvarSet(0, a, #a)\n"
1187 " a = tostring(1)\n"
1189 " ScFlowvarSet(0, a, #a)\n"
1192 " print (\"pre check: \" .. (a))\n"
1193 " if tonumber(a) == 2 then\n"
1194 " print \"match\"\n"
1200 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1201 uint8_t httpbuf1[] =
1202 "POST / HTTP/1.1\r\n"
1203 "Host: www.emergingthreats.net\r\n\r\n";
1204 uint8_t httpbuf2[] =
1205 "POST / HTTP/1.1\r\n"
1206 "Host: www.openinfosecfoundation.org\r\n\r\n";
1207 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1208 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1218 memset(&th_v, 0,
sizeof(th_v));
1219 memset(&f, 0,
sizeof(f));
1220 memset(&ssn, 0,
sizeof(ssn));
1227 f.
proto = IPPROTO_TCP;
1290 static int LuaMatchTest01a(
void)
1292 const char script[] =
"function init (args)\n"
1293 " local needs = {}\n"
1294 " needs[\"http.request_headers\"] = tostring(true)\n"
1295 " needs[\"flowvar\"] = {\"cnt\"}\n"
1299 "function match(args)\n"
1300 " a = SCFlowvarGet(0)\n"
1302 " a = tostring(tonumber(a)+1)\n"
1304 " SCFlowvarSet(0, a, #a)\n"
1306 " a = tostring(1)\n"
1308 " SCFlowvarSet(0, a, #a)\n"
1311 " print (\"pre check: \" .. (a))\n"
1312 " if tonumber(a) == 2 then\n"
1313 " print \"match\"\n"
1319 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1320 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1321 "Host: www.emergingthreats.net\r\n\r\n";
1322 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1323 "Host: www.openinfosecfoundation.org\r\n\r\n";
1324 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1325 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1335 memset(&th_v, 0,
sizeof(th_v));
1336 memset(&f, 0,
sizeof(f));
1337 memset(&ssn, 0,
sizeof(ssn));
1344 f.
proto = IPPROTO_TCP;
1408 static int LuaMatchTest02(
void)
1410 const char script[] =
"function init (args)\n"
1411 " local needs = {}\n"
1412 " needs[\"payload\"] = tostring(true)\n"
1413 " needs[\"flowvar\"] = {\"cnt\"}\n"
1417 "function match(args)\n"
1418 " a = ScFlowvarGet(0)\n"
1420 " a = tostring(tonumber(a)+1)\n"
1422 " ScFlowvarSet(0, a, #a)\n"
1424 " a = tostring(1)\n"
1426 " ScFlowvarSet(0, a, #a)\n"
1429 " print (\"pre check: \" .. (a))\n"
1430 " if tonumber(a) == 2 then\n"
1431 " print \"match\"\n"
1437 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1438 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1439 "Host: www.emergingthreats.net\r\n\r\n";
1440 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1441 "Host: www.openinfosecfoundation.org\r\n\r\n";
1442 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1443 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1451 memset(&th_v, 0,
sizeof(th_v));
1452 memset(&f, 0,
sizeof(f));
1453 memset(&ssn, 0,
sizeof(ssn));
1460 f.
proto = IPPROTO_TCP;
1512 static int LuaMatchTest02a(
void)
1514 const char script[] =
"function init (args)\n"
1515 " local needs = {}\n"
1516 " needs[\"payload\"] = tostring(true)\n"
1517 " needs[\"flowvar\"] = {\"cnt\"}\n"
1521 "function match(args)\n"
1522 " a = SCFlowvarGet(0)\n"
1524 " a = tostring(tonumber(a)+1)\n"
1526 " SCFlowvarSet(0, a, #a)\n"
1528 " a = tostring(1)\n"
1530 " SCFlowvarSet(0, a, #a)\n"
1533 " print (\"pre check: \" .. (a))\n"
1534 " if tonumber(a) == 2 then\n"
1535 " print \"match\"\n"
1541 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1542 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1543 "Host: www.emergingthreats.net\r\n\r\n";
1544 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1545 "Host: www.openinfosecfoundation.org\r\n\r\n";
1546 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1547 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1555 memset(&th_v, 0,
sizeof(th_v));
1556 memset(&f, 0,
sizeof(f));
1557 memset(&ssn, 0,
sizeof(ssn));
1564 f.
proto = IPPROTO_TCP;
1615 static int LuaMatchTest03(
void)
1617 const char script[] =
"function init (args)\n"
1618 " local needs = {}\n"
1619 " needs[\"packet\"] = tostring(true)\n"
1620 " needs[\"flowvar\"] = {\"cnt\"}\n"
1624 "function match(args)\n"
1625 " a = ScFlowvarGet(0)\n"
1627 " a = tostring(tonumber(a)+1)\n"
1629 " ScFlowvarSet(0, a, #a)\n"
1631 " a = tostring(1)\n"
1633 " ScFlowvarSet(0, a, #a)\n"
1636 " print (\"pre check: \" .. (a))\n"
1637 " if tonumber(a) == 2 then\n"
1638 " print \"match\"\n"
1644 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1645 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1646 "Host: www.emergingthreats.net\r\n\r\n";
1647 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1648 "Host: www.openinfosecfoundation.org\r\n\r\n";
1649 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1650 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1658 memset(&th_v, 0,
sizeof(th_v));
1659 memset(&f, 0,
sizeof(f));
1660 memset(&ssn, 0,
sizeof(ssn));
1667 f.
proto = IPPROTO_TCP;
1718 static int LuaMatchTest03a(
void)
1720 const char script[] =
"function init (args)\n"
1721 " local needs = {}\n"
1722 " needs[\"packet\"] = tostring(true)\n"
1723 " needs[\"flowvar\"] = {\"cnt\"}\n"
1727 "function match(args)\n"
1728 " a = SCFlowvarGet(0)\n"
1730 " a = tostring(tonumber(a)+1)\n"
1732 " SCFlowvarSet(0, a, #a)\n"
1734 " a = tostring(1)\n"
1736 " SCFlowvarSet(0, a, #a)\n"
1739 " print (\"pre check: \" .. (a))\n"
1740 " if tonumber(a) == 2 then\n"
1741 " print \"match\"\n"
1747 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1748 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1749 "Host: www.emergingthreats.net\r\n\r\n";
1750 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1751 "Host: www.openinfosecfoundation.org\r\n\r\n";
1752 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1753 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1761 memset(&th_v, 0,
sizeof(th_v));
1762 memset(&f, 0,
sizeof(f));
1763 memset(&ssn, 0,
sizeof(ssn));
1770 f.
proto = IPPROTO_TCP;
1820 static int LuaMatchTest04(
void)
1822 const char script[] =
"function init (args)\n"
1823 " local needs = {}\n"
1824 " needs[\"http.request_headers\"] = tostring(true)\n"
1825 " needs[\"flowint\"] = {\"cnt\"}\n"
1829 "function match(args)\n"
1830 " print \"inspecting\""
1831 " a = ScFlowintGet(0)\n"
1833 " ScFlowintSet(0, a + 1)\n"
1835 " ScFlowintSet(0, 1)\n"
1838 " a = ScFlowintGet(0)\n"
1840 " print \"match\"\n"
1846 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1847 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1848 "Host: www.emergingthreats.net\r\n\r\n";
1849 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1850 "Host: www.openinfosecfoundation.org\r\n\r\n";
1851 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1852 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1862 memset(&th_v, 0,
sizeof(th_v));
1863 memset(&f, 0,
sizeof(f));
1864 memset(&ssn, 0,
sizeof(ssn));
1871 f.
proto = IPPROTO_TCP;
1933 static int LuaMatchTest04a(
void)
1935 const char script[] =
"function init (args)\n"
1936 " local needs = {}\n"
1937 " needs[\"http.request_headers\"] = tostring(true)\n"
1938 " needs[\"flowint\"] = {\"cnt\"}\n"
1942 "function match(args)\n"
1943 " print \"inspecting\""
1944 " a = SCFlowintGet(0)\n"
1946 " SCFlowintSet(0, a + 1)\n"
1948 " SCFlowintSet(0, 1)\n"
1951 " a = SCFlowintGet(0)\n"
1953 " print \"match\"\n"
1959 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1960 uint8_t httpbuf1[] =
1961 "POST / HTTP/1.1\r\n"
1962 "Host: www.emergingthreats.net\r\n\r\n";
1963 uint8_t httpbuf2[] =
1964 "POST / HTTP/1.1\r\n"
1965 "Host: www.openinfosecfoundation.org\r\n\r\n";
1966 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1967 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1977 memset(&th_v, 0,
sizeof(th_v));
1978 memset(&f, 0,
sizeof(f));
1979 memset(&ssn, 0,
sizeof(ssn));
1986 f.
proto = IPPROTO_TCP;
2048 static int LuaMatchTest05(
void)
2050 const char script[] =
"function init (args)\n"
2051 " local needs = {}\n"
2052 " needs[\"http.request_headers\"] = tostring(true)\n"
2053 " needs[\"flowint\"] = {\"cnt\"}\n"
2057 "function match(args)\n"
2058 " print \"inspecting\""
2059 " a = ScFlowintIncr(0)\n"
2061 " print \"match\"\n"
2067 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
2068 uint8_t httpbuf1[] =
2069 "POST / HTTP/1.1\r\n"
2070 "Host: www.emergingthreats.net\r\n\r\n";
2071 uint8_t httpbuf2[] =
2072 "POST / HTTP/1.1\r\n"
2073 "Host: www.openinfosecfoundation.org\r\n\r\n";
2074 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2075 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2085 memset(&th_v, 0,
sizeof(th_v));
2086 memset(&f, 0,
sizeof(f));
2087 memset(&ssn, 0,
sizeof(ssn));
2094 f.
proto = IPPROTO_TCP;
2156 static int LuaMatchTest05a(
void)
2158 const char script[] =
"function init (args)\n"
2159 " local needs = {}\n"
2160 " needs[\"http.request_headers\"] = tostring(true)\n"
2161 " needs[\"flowint\"] = {\"cnt\"}\n"
2165 "function match(args)\n"
2166 " print \"inspecting\""
2167 " a = SCFlowintIncr(0)\n"
2169 " print \"match\"\n"
2175 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
2176 uint8_t httpbuf1[] =
2177 "POST / HTTP/1.1\r\n"
2178 "Host: www.emergingthreats.net\r\n\r\n";
2179 uint8_t httpbuf2[] =
2180 "POST / HTTP/1.1\r\n"
2181 "Host: www.openinfosecfoundation.org\r\n\r\n";
2182 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2183 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2193 memset(&th_v, 0,
sizeof(th_v));
2194 memset(&f, 0,
sizeof(f));
2195 memset(&ssn, 0,
sizeof(ssn));
2202 f.
proto = IPPROTO_TCP;
2264 static int LuaMatchTest06(
void)
2266 const char script[] =
"function init (args)\n"
2267 " local needs = {}\n"
2268 " needs[\"http.request_headers\"] = tostring(true)\n"
2269 " needs[\"flowint\"] = {\"cnt\"}\n"
2273 "function match(args)\n"
2274 " print \"inspecting\""
2275 " a = ScFlowintGet(0)\n"
2276 " if a == nil then\n"
2277 " print \"new var set to 2\""
2278 " ScFlowintSet(0, 2)\n"
2280 " a = ScFlowintDecr(0)\n"
2282 " print \"match\"\n"
2288 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
2289 uint8_t httpbuf1[] =
2290 "POST / HTTP/1.1\r\n"
2291 "Host: www.emergingthreats.net\r\n\r\n";
2292 uint8_t httpbuf2[] =
2293 "POST / HTTP/1.1\r\n"
2294 "Host: www.openinfosecfoundation.org\r\n\r\n";
2295 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2296 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2306 memset(&th_v, 0,
sizeof(th_v));
2307 memset(&f, 0,
sizeof(f));
2308 memset(&ssn, 0,
sizeof(ssn));
2315 f.
proto = IPPROTO_TCP;
2377 static int LuaMatchTest06a(
void)
2379 const char script[] =
"function init (args)\n"
2380 " local needs = {}\n"
2381 " needs[\"http.request_headers\"] = tostring(true)\n"
2382 " needs[\"flowint\"] = {\"cnt\"}\n"
2386 "function match(args)\n"
2387 " print \"inspecting\""
2388 " a = SCFlowintGet(0)\n"
2389 " if a == nil then\n"
2390 " print \"new var set to 2\""
2391 " SCFlowintSet(0, 2)\n"
2393 " a = SCFlowintDecr(0)\n"
2395 " print \"match\"\n"
2401 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
2402 uint8_t httpbuf1[] =
2403 "POST / HTTP/1.1\r\n"
2404 "Host: www.emergingthreats.net\r\n\r\n";
2405 uint8_t httpbuf2[] =
2406 "POST / HTTP/1.1\r\n"
2407 "Host: www.openinfosecfoundation.org\r\n\r\n";
2408 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2409 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2419 memset(&th_v, 0,
sizeof(th_v));
2420 memset(&f, 0,
sizeof(f));
2421 memset(&ssn, 0,
sizeof(ssn));
2428 f.
proto = IPPROTO_TCP;
2489 void DetectLuaRegisterTests(
void)