Go to the documentation of this file.
69 void *state,
void *txv,
const Signature *s,
73 static void DetectLuaRegisterTests(
void);
76 static int g_lua_ja3_list_id = 0;
77 static int g_lua_ja3s_list_id = 0;
111 #define FLAG_DATATYPE_PACKET BIT_U32(0)
112 #define FLAG_DATATYPE_PAYLOAD BIT_U32(1)
113 #define FLAG_DATATYPE_STREAM BIT_U32(2)
114 #define FLAG_LIST_JA3 BIT_U32(3)
115 #define FLAG_LIST_JA3S BIT_U32(4)
116 #define FLAG_DATATYPE_BUFFER BIT_U32(22)
117 #define FLAG_ERROR_LOGGED BIT_U32(23)
118 #define FLAG_BLOCKED_FUNCTION_LOGGED BIT_U32(24)
119 #define FLAG_INSTRUCTION_LIMIT_LOGGED BIT_U32(25)
120 #define FLAG_MEMORY_LIMIT_LOGGED BIT_U32(26)
122 #define DEFAULT_LUA_ALLOC_LIMIT 500000
123 #define DEFAULT_LUA_INSTRUCTION_LIMIT 500000
128 int size = lua_gettop(state);
129 printf(
"%s: size %d\n", prefix, size);
131 for (
int i = 1; i <= size; i++) {
132 int type = lua_type(state, i);
133 printf(
"- %s: Stack size=%d, level=%d, type=%d, ", prefix, size, i,
type);
137 printf(
"function %s", lua_tostring(state, i));
140 printf(
"bool %s", lua_toboolean(state, i) ?
"true" :
"false");
143 printf(
"number %g", lua_tonumber(state, i));
146 printf(
"string `%s'", lua_tostring(state, i));
149 printf(
"table `%s'", lua_tostring(state, i));
152 printf(
"other %s", lua_typename(state,
type));
163 lua_pushlightuserdata(state, (
void *)data);
164 lua_settable(state, LUA_REGISTRYINDEX);
171 static int DetectLuaRunMatch(
177 if (lua_pcall(tlua->
luastate, 1, 1, 0) != 0) {
178 const char *reason = lua_tostring(tlua->
luastate, -1);
189 reason =
"memory limit exceeded";
197 if (!(tlua->
flags & flag)) {
198 SCLogWarning(
"Lua script failed to run successfully: %s", reason);
203 while (lua_gettop(tlua->
luastate) > 0) {
212 if (lua_gettop(tlua->
luastate) > 0) {
214 if (lua_type(tlua->
luastate, 1) == LUA_TNUMBER) {
215 double script_ret = lua_tonumber(tlua->
luastate, 1);
219 if (script_ret == 1.0)
223 }
else if (lua_type(tlua->
luastate, 1) == LUA_TTABLE) {
226 while (lua_next(tlua->
luastate, -2)) {
227 v = lua_tostring(tlua->
luastate, -1);
229 k = lua_tostring(tlua->
luastate, -1);
236 if (strcmp(k,
"retval") == 0) {
240 "for \"retval\" from LUA return table: '%s'",
264 while (lua_gettop(tlua->
luastate) > 0) {
277 if (buffer == NULL || buffer_len == 0)
292 lua_getglobal(tlua->
luastate,
"match");
295 lua_pushliteral(tlua->
luastate,
"offset");
303 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
333 flags = STREAM_TOSERVER;
335 flags = STREAM_TOCLIENT;
346 lua_getglobal(tlua->
luastate,
"match");
349 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
368 lua_getglobal(tlua->
luastate,
"match");
371 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
387 void *state,
void *txv,
const Signature *s,
390 return DetectLuaAppMatchCommon(det_ctx, f,
flags, state, s,
ctx);
396 static const char *ut_script = NULL;
399 static void *DetectLuaThreadInit(
void *data)
427 LuaStateSetDetectLuaData(t->
luastate, lua);
431 if (ut_script != NULL) {
432 status = luaL_loadbuffer(t->
luastate, ut_script, strlen(ut_script),
"unittest");
449 if (lua_pcall(t->
luastate, 0, 0, 0) != 0) {
455 lua_getglobal(t->
luastate,
"thread_init");
456 if (lua_isfunction(t->
luastate, -1)) {
457 if (lua_pcall(t->
luastate, 0, 0, 0) != 0) {
458 SCLogError(
"couldn't run script 'thread_init' function: %s",
475 static void DetectLuaThreadFree(
void *
ctx)
503 if (strlen(
str) &&
str[0] ==
'!') {
518 DetectLuaFree(
de_ctx, lua);
527 if (luastate == NULL)
530 luaL_openlibs(luastate);
535 LuaStateSetDetectLuaData(luastate, ld);
539 if (ut_script != NULL) {
540 status = luaL_loadbuffer(luastate, ut_script, strlen(ut_script),
"unittest");
542 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
547 status = luaL_loadfile(luastate, ld->
filename);
549 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
557 if (lua_pcall(luastate, 0, 0, 0) != 0) {
558 SCLogError(
"couldn't prime file: %s", lua_tostring(luastate, -1));
562 lua_getglobal(luastate,
"init");
563 if (lua_type(luastate, -1) != LUA_TFUNCTION) {
568 if (lua_pcall(luastate, 0, 1, 0) != 0) {
569 SCLogError(
"couldn't run script 'init' function: %s", lua_tostring(luastate, -1));
574 if (lua_gettop(luastate) == 0) {
575 SCLogError(
"init function in script should return table, nothing returned");
578 if (lua_type(luastate, 1) != LUA_TTABLE) {
579 SCLogError(
"init function in script should return table, returned is not table");
583 lua_pushnil(luastate);
585 while (lua_next(luastate, -2)) {
586 k = lua_tostring(luastate, -2);
591 if (strcmp(k,
"flowvar") == 0) {
592 if (lua_istable(luastate, -1)) {
593 lua_pushnil(luastate);
594 while (lua_next(luastate, -2) != 0) {
596 const char *value = lua_tostring(luastate, -1);
599 lua_pop(luastate, 1);
611 lua_pop(luastate, 1);
613 }
else if (strcmp(k,
"flowint") == 0) {
614 if (lua_istable(luastate, -1)) {
615 lua_pushnil(luastate);
616 while (lua_next(luastate, -2) != 0) {
618 const char *value = lua_tostring(luastate, -1);
621 lua_pop(luastate, 1);
633 lua_pop(luastate, 1);
635 }
else if (strcmp(k,
"bytevar") == 0) {
636 if (lua_istable(luastate, -1)) {
637 lua_pushnil(luastate);
638 while (lua_next(luastate, -2) != 0) {
640 const char *value = lua_tostring(luastate, -1);
643 lua_pop(luastate, 1);
652 SCLogError(
"Unknown byte_extract or byte_math var "
653 "requested by lua script - %s",
661 lua_pop(luastate, 1);
665 bool required = lua_toboolean(luastate, -1);
666 lua_pop(luastate, 1);
671 if (strcmp(k,
"ja3") == 0) {
673 }
else if (strcmp(k,
"ja3s") == 0) {
675 }
else if (strcmp(k,
"packet") == 0) {
677 }
else if (strcmp(k,
"payload") == 0) {
679 }
else if (strcmp(k,
"buffer") == 0) {
687 }
else if (strcmp(k,
"stream") == 0) {
696 }
else if (strncmp(k,
"http", 4) == 0 || strncmp(k,
"dns", 3) == 0 ||
697 strncmp(k,
"tls", 3) == 0 || strncmp(k,
"ssh", 3) == 0 ||
698 strncmp(k,
"smtp", 4) == 0 || strncmp(k,
"dnp3", 4) == 0) {
699 SCLogError(
"data type %s no longer supported, use rule hooks", k);
709 lua_pop(luastate, 1);
733 if (
SCConfGetBool(
"security.lua.allow-rules", &enabled) == 1 && !enabled) {
734 SCLogError(
"Lua rules disabled by security configuration: security.lua.allow-rules");
745 (void)
SCConfGetInt(
"security.lua.max-bytes", &lua_alloc_limit);
746 (void)
SCConfGetInt(
"security.lua.max-instructions", &lua_instruction_limit);
750 int allow_restricted_functions = 0;
751 (void)
SCConfGetBool(
"security.lua.allow-restricted-functions", &allow_restricted_functions);
754 if (DetectLuaSetupPrime(
de_ctx, lua, s) == -1) {
759 DetectLuaThreadInit, (
void *)lua,
760 DetectLuaThreadFree, 0);
766 if (list == -1 || (list == 0 && s->
init_data->
list == INT_MAX)) {
784 list = g_lua_ja3_list_id;
786 list = g_lua_ja3s_list_id;
798 DetectLuaFree(
de_ctx, lua);
817 for (uint16_t i = 0; i < lua->
flowints; i++) {
820 for (uint16_t i = 0; i < lua->
flowvars; i++) {
834 static int LuaMatchTest01(
void)
838 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
839 "function init (args)\n"
840 " flowvarlib.register(\"cnt\")\n"
843 "function thread_init (args)\n"
844 " cnt = flowvarlib.get(\"cnt\")\n"
847 "function match(args)\n"
850 " a = tostring(tonumber(a)+1)\n"
859 " print (\"pre check: \" .. (a))\n"
860 " if tonumber(a) == 2 then\n"
867 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
870 "POST / HTTP/1.1\r\n"
871 "Host: www.emergingthreats.net\r\n\r\n";
873 "POST / HTTP/1.1\r\n"
874 "Host: www.openinfosecfoundation.org\r\n\r\n";
875 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
876 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
886 memset(&th_v, 0,
sizeof(th_v));
887 memset(&f, 0,
sizeof(f));
888 memset(&ssn, 0,
sizeof(ssn));
895 f.
proto = IPPROTO_TCP;
961 static int LuaMatchTest01a(
void)
963 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
964 "function init (args)\n"
965 " flowvarlib.register(\"cnt\")\n"
968 "function thread_init (args)\n"
969 " cnt = flowvarlib.get(\"cnt\")\n"
972 "function match(args)\n"
973 " a = cnt:value(0)\n"
975 " a = tostring(tonumber(a)+1)\n"
984 " print (\"pre check: \" .. (a))\n"
985 " if tonumber(a) == 2 then\n"
992 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
994 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
995 "Host: www.emergingthreats.net\r\n\r\n";
996 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
997 "Host: www.openinfosecfoundation.org\r\n\r\n";
998 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
999 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1009 memset(&th_v, 0,
sizeof(th_v));
1010 memset(&f, 0,
sizeof(f));
1011 memset(&ssn, 0,
sizeof(ssn));
1018 f.
proto = IPPROTO_TCP;
1085 static int LuaMatchTest02(
void)
1087 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1088 "function init (args)\n"
1089 " flowvarlib.register(\"cnt\")\n"
1090 " local needs = {}\n"
1091 " needs[\"payload\"] = tostring(true)\n"
1094 "function thread_init (args)\n"
1095 " cnt = flowvarlib.get(\"cnt\")\n"
1098 "function match(args)\n"
1099 " a = cnt:value()\n"
1101 " a = tostring(tonumber(a)+1)\n"
1105 " a = tostring(1)\n"
1110 " print (\"pre check: \" .. (a))\n"
1111 " if tonumber(a) == 2 then\n"
1112 " print \"match\"\n"
1118 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1119 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1120 "Host: www.emergingthreats.net\r\n\r\n";
1121 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1122 "Host: www.openinfosecfoundation.org\r\n\r\n";
1123 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1124 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1132 memset(&th_v, 0,
sizeof(th_v));
1133 memset(&f, 0,
sizeof(f));
1134 memset(&ssn, 0,
sizeof(ssn));
1141 f.
proto = IPPROTO_TCP;
1196 static int LuaMatchTest02a(
void)
1198 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1199 "function init (args)\n"
1200 " flowvarlib.register(\"cnt\")"
1201 " local needs = {}\n"
1202 " needs[\"payload\"] = tostring(true)\n"
1205 "function thread_init (args)\n"
1206 " cnt = flowvarlib.get(\"cnt\")"
1209 "function match(args)\n"
1210 " a = cnt:value()\n"
1212 " a = tostring(tonumber(a)+1)\n"
1216 " a = tostring(1)\n"
1221 " print (\"pre check: \" .. (a))\n"
1222 " if tonumber(a) == 2 then\n"
1223 " print \"match\"\n"
1229 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1230 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1231 "Host: www.emergingthreats.net\r\n\r\n";
1232 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1233 "Host: www.openinfosecfoundation.org\r\n\r\n";
1234 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1235 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1243 memset(&th_v, 0,
sizeof(th_v));
1244 memset(&f, 0,
sizeof(f));
1245 memset(&ssn, 0,
sizeof(ssn));
1252 f.
proto = IPPROTO_TCP;
1306 static int LuaMatchTest03(
void)
1308 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1309 "function init (args)\n"
1310 " flowvarlib.register(\"cnt\")\n"
1311 " local needs = {}\n"
1312 " needs[\"packet\"] = tostring(true)\n"
1316 "function thread_init (args)\n"
1317 " cnt = flowvarlib.get(\"cnt\")\n"
1320 "function match(args)\n"
1321 " a = cnt:value()\n"
1323 " a = tostring(tonumber(a)+1)\n"
1327 " a = tostring(1)\n"
1332 " print (\"pre check: \" .. (a))\n"
1333 " if tonumber(a) == 2 then\n"
1334 " print \"match\"\n"
1340 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1341 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1342 "Host: www.emergingthreats.net\r\n\r\n";
1343 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1344 "Host: www.openinfosecfoundation.org\r\n\r\n";
1345 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1346 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1354 memset(&th_v, 0,
sizeof(th_v));
1355 memset(&f, 0,
sizeof(f));
1356 memset(&ssn, 0,
sizeof(ssn));
1363 f.
proto = IPPROTO_TCP;
1417 static int LuaMatchTest03a(
void)
1419 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1420 "function init (args)\n"
1421 " flowvarlib.register(\"cnt\")\n"
1422 " local needs = {}\n"
1423 " needs[\"packet\"] = tostring(true)\n"
1427 "function thread_init (args)\n"
1428 " cnt = flowvarlib.get(\"cnt\")\n"
1431 "function match(args)\n"
1432 " a = cnt:value()\n"
1434 " a = tostring(tonumber(a)+1)\n"
1438 " a = tostring(1)\n"
1443 " print (\"pre check: \" .. (a))\n"
1444 " if tonumber(a) == 2 then\n"
1445 " print \"match\"\n"
1451 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1452 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1453 "Host: www.emergingthreats.net\r\n\r\n";
1454 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1455 "Host: www.openinfosecfoundation.org\r\n\r\n";
1456 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1457 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1465 memset(&th_v, 0,
sizeof(th_v));
1466 memset(&f, 0,
sizeof(f));
1467 memset(&ssn, 0,
sizeof(ssn));
1474 f.
proto = IPPROTO_TCP;
1527 static int LuaMatchTest04(
void)
1529 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1530 "function init (args)\n"
1531 " flowintlib.register(\"cnt\")\n"
1535 "function thread_init (args)\n"
1536 " cnt = flowintlib.get(\"cnt\")\n"
1539 "function match(args)\n"
1540 " print \"inspecting\""
1541 " a = cnt:value()\n"
1548 " a = cnt:value()\n"
1550 " print \"match\"\n"
1556 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1558 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1559 "Host: www.emergingthreats.net\r\n\r\n";
1560 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1561 "Host: www.openinfosecfoundation.org\r\n\r\n";
1562 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1563 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1573 memset(&th_v, 0,
sizeof(th_v));
1574 memset(&f, 0,
sizeof(f));
1575 memset(&ssn, 0,
sizeof(ssn));
1582 f.
proto = IPPROTO_TCP;
1647 static int LuaMatchTest04a(
void)
1649 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1650 "function init (args)\n"
1651 " flowintlib.register(\"cnt\")\n"
1655 "function thread_init (args)\n"
1656 " cnt = flowintlib.get(\"cnt\")\n"
1659 "function match(args)\n"
1660 " print \"inspecting\""
1661 " a = cnt:value()\n"
1668 " a = cnt:value()\n"
1670 " print \"match\"\n"
1676 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1678 uint8_t httpbuf1[] =
1679 "POST / HTTP/1.1\r\n"
1680 "Host: www.emergingthreats.net\r\n\r\n";
1681 uint8_t httpbuf2[] =
1682 "POST / HTTP/1.1\r\n"
1683 "Host: www.openinfosecfoundation.org\r\n\r\n";
1684 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1685 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1695 memset(&th_v, 0,
sizeof(th_v));
1696 memset(&f, 0,
sizeof(f));
1697 memset(&ssn, 0,
sizeof(ssn));
1704 f.
proto = IPPROTO_TCP;
1769 static int LuaMatchTest05(
void)
1771 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1772 "function init (args)\n"
1773 " flowintlib.register(\"cnt\")\n"
1777 "function thread_init (args)\n"
1778 " cnt = flowintlib.get(\"cnt\")\n"
1781 "function match(args)\n"
1782 " print \"inspecting\""
1785 " print \"match\"\n"
1791 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1793 uint8_t httpbuf1[] =
1794 "POST / HTTP/1.1\r\n"
1795 "Host: www.emergingthreats.net\r\n\r\n";
1796 uint8_t httpbuf2[] =
1797 "POST / HTTP/1.1\r\n"
1798 "Host: www.openinfosecfoundation.org\r\n\r\n";
1799 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1800 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1810 memset(&th_v, 0,
sizeof(th_v));
1811 memset(&f, 0,
sizeof(f));
1812 memset(&ssn, 0,
sizeof(ssn));
1819 f.
proto = IPPROTO_TCP;
1884 static int LuaMatchTest05a(
void)
1886 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1887 "function init (args)\n"
1888 " flowintlib.register(\"cnt\")\n"
1892 "function thread_init (args)\n"
1893 " cnt = flowintlib.get(\"cnt\")\n"
1896 "function match(args)\n"
1897 " print \"inspecting\""
1900 " print \"match\"\n"
1906 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1908 uint8_t httpbuf1[] =
1909 "POST / HTTP/1.1\r\n"
1910 "Host: www.emergingthreats.net\r\n\r\n";
1911 uint8_t httpbuf2[] =
1912 "POST / HTTP/1.1\r\n"
1913 "Host: www.openinfosecfoundation.org\r\n\r\n";
1914 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1915 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1925 memset(&th_v, 0,
sizeof(th_v));
1926 memset(&f, 0,
sizeof(f));
1927 memset(&ssn, 0,
sizeof(ssn));
1934 f.
proto = IPPROTO_TCP;
1999 static int LuaMatchTest06(
void)
2001 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
2002 "function init (args)\n"
2003 " flowintlib.register(\"cnt\")\n"
2007 "function thread_init (args)\n"
2008 " cnt = flowintlib.get(\"cnt\")\n"
2011 "function match(args)\n"
2012 " print \"inspecting\""
2013 " a = cnt:value()\n"
2014 " if a == nil then\n"
2015 " print \"new var set to 2\""
2020 " print \"match\"\n"
2026 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
2028 uint8_t httpbuf1[] =
2029 "POST / HTTP/1.1\r\n"
2030 "Host: www.emergingthreats.net\r\n\r\n";
2031 uint8_t httpbuf2[] =
2032 "POST / HTTP/1.1\r\n"
2033 "Host: www.openinfosecfoundation.org\r\n\r\n";
2034 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2035 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2045 memset(&th_v, 0,
sizeof(th_v));
2046 memset(&f, 0,
sizeof(f));
2047 memset(&ssn, 0,
sizeof(ssn));
2054 f.
proto = IPPROTO_TCP;
2119 static int LuaMatchTest06a(
void)
2121 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
2122 "function init (args)\n"
2123 " flowintlib.register(\"cnt\")\n"
2127 "function thread_init (args)\n"
2128 " cnt = flowintlib.get(\"cnt\")\n"
2131 "function match(args)\n"
2132 " print \"inspecting\""
2133 " a = cnt:value()\n"
2134 " if a == nil then\n"
2135 " print \"new var set to 2\""
2140 " print \"match\"\n"
2146 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
2148 uint8_t httpbuf1[] =
2149 "POST / HTTP/1.1\r\n"
2150 "Host: www.emergingthreats.net\r\n\r\n";
2151 uint8_t httpbuf2[] =
2152 "POST / HTTP/1.1\r\n"
2153 "Host: www.openinfosecfoundation.org\r\n\r\n";
2154 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2155 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2165 memset(&th_v, 0,
sizeof(th_v));
2166 memset(&f, 0,
sizeof(f));
2167 memset(&ssn, 0,
sizeof(ssn));
2174 f.
proto = IPPROTO_TCP;
2238 void DetectLuaRegisterTests(
void)
#define FLAG_MEMORY_LIMIT_LOGGED
void LuaStateSetThreadVars(lua_State *luastate, ThreadVars *tv)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
SigTableElmt * sigmatch_table
void(* Free)(DetectEngineCtx *, void *)
#define FLAG_BLOCKED_FUNCTION_LOGGED
void * DetectThreadCtxGetKeywordThreadCtx(DetectEngineThreadCtx *det_ctx, int id)
Retrieve thread local keyword ctx by id.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
SCLuaSbState * SCLuaSbGetContext(lua_State *L)
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
int allow_restricted_functions
#define FLAG_INSTRUCTION_LIMIT_LOGGED
main detection engine ctx
uint16_t lua_blocked_function_errors
#define DEFAULT_LUA_INSTRUCTION_LIMIT
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
#define DETECT_LUA_MAX_FLOWVARS
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
#define FLOW_PKT_TOSERVER
@ TLS_STATE_SERVER_HELLO_DONE
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
uint32_t flowvar[DETECT_LUA_MAX_FLOWVARS]
int StringParseInt32(int32_t *res, int base, size_t len, const char *str)
uint32_t VarNameStoreRegister(const char *name, const enum VarTypes type)
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
uint16_t lua_instruction_limit_errors
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define FLAG_DATATYPE_PACKET
uint8_t DetectByteIndexType
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
struct lua_State lua_State
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
#define FLOW_INITIALIZE(f)
#define SIG_FLAG_TOSERVER
uint32_t VarNameStoreLookupByName(const char *name, const enum VarTypes type)
find name for id+type at packet time.
#define PASS
Pass the test.
uint64_t instruction_limit
@ TLS_STATE_CLIENT_HELLO_DONE
int SCConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
AppLayerParserThreadCtx * alp_tctx
Per thread variable structure.
void DetectLuaRegister(void)
Registration function for keyword: lua.
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
void VarNameStoreUnregister(const uint32_t id, const enum VarTypes type)
#define DETECT_LUA_MAX_BYTEVARS
#define DETECT_LUA_MAX_FLOWINTS
#define FLAG_DATATYPE_PAYLOAD
#define SCLogWarning(...)
Macro used to log WARNING messages.
int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, const uint8_t *buffer, uint32_t buffer_len, uint32_t offset, Flow *f)
@ SIGNATURE_HOOK_TYPE_NOT_SET
uint32_t bytevar[DETECT_LUA_MAX_BYTEVARS]
uint16_t lua_memory_limit_errors
#define FLAG_DATATYPE_STREAM
void SCLuaSbStateClose(lua_State *L)
uint32_t flowint[DETECT_LUA_MAX_FLOWINTS]
#define FLAG_ERROR_LOGGED
SignatureInitData * init_data
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
void SCLuaRequirefBuiltIns(lua_State *L)
Register Suricata built-in modules for loading in a non-sandboxed environment.
bool blocked_function_error
#define FLOW_PKT_TOCLIENT
void LuaExtensionsMatchSetup(lua_State *lua_state, DetectLuaData *ld, DetectEngineThreadCtx *det_ctx, Flow *f, Packet *p, const Signature *s, uint8_t flags)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
void LuaDumpStack(lua_State *state, const char *prefix)
dump stack from lua state to screen
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
int SCConfSetFinal(const char *name, const char *val)
Set a final configuration value.
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void SCLuaSbLoadLibs(lua_State *L)
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
bool DetectByteRetrieveSMVar(const char *arg, const Signature *s, DetectByteIndexType *index)
Used to retrieve args from BM.
int DetectBufferTypeRegister(const char *name)
void StreamTcpFreeConfig(bool quiet)
int DetectRegisterThreadCtxFuncs(DetectEngineCtx *de_ctx, const char *name, void *(*InitFunc)(void *), void *data, void(*FreeFunc)(void *), int mode)
Register Thread keyword context Funcs.
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
#define DEFAULT_LUA_ALLOC_LIMIT
enum SignatureHookType type
void SCLuaSbResetInstructionCounter(lua_State *L)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
const char luaext_key_ld[]
#define SCLogError(...)
Macro used to log ERROR messages.
#define FLAG_DATATYPE_BUFFER
#define FLOW_PKT_ESTABLISHED
DetectEngineCtx * DetectEngineCtxInit(void)
int LuaRegisterExtensions(lua_State *lua_state)
Register Suricata Lua functions.
bool instruction_count_error
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
lua_State * SCLuaSbStateNew(uint64_t alloclimit, uint64_t instructionlimit)
Allocate a new Lua sandbox.
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
FlowVar * FlowVarGet(Flow *f, uint32_t idx)
get the flowvar with index 'idx' from the flow
int DetectUnregisterThreadCtxFuncs(DetectEngineCtx *de_ctx, void *data, const char *name)
Remove Thread keyword context registration.
AppProto alproto
application level protocol
int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
void(* RegisterTests)(void)
union FlowVar_::@113 data
int LuaPushStringBuffer(lua_State *luastate, const uint8_t *input, size_t input_len)
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.