Go to the documentation of this file.
70 void *state,
void *txv,
const Signature *s,
74 static void DetectLuaRegisterTests(
void);
77 static int g_lua_ja3_list_id = 0;
78 static int g_lua_ja3s_list_id = 0;
112 #define FLAG_DATATYPE_PACKET BIT_U32(0)
113 #define FLAG_DATATYPE_PAYLOAD BIT_U32(1)
114 #define FLAG_DATATYPE_STREAM BIT_U32(2)
115 #define FLAG_LIST_JA3 BIT_U32(3)
116 #define FLAG_LIST_JA3S BIT_U32(4)
117 #define FLAG_DATATYPE_BUFFER BIT_U32(22)
118 #define FLAG_ERROR_LOGGED BIT_U32(23)
119 #define FLAG_BLOCKED_FUNCTION_LOGGED BIT_U32(24)
120 #define FLAG_INSTRUCTION_LIMIT_LOGGED BIT_U32(25)
121 #define FLAG_MEMORY_LIMIT_LOGGED BIT_U32(26)
123 #define DEFAULT_LUA_ALLOC_LIMIT 500000
124 #define DEFAULT_LUA_INSTRUCTION_LIMIT 500000
129 int size = lua_gettop(state);
130 printf(
"%s: size %d\n", prefix, size);
132 for (
int i = 1; i <= size; i++) {
133 int type = lua_type(state, i);
134 printf(
"- %s: Stack size=%d, level=%d, type=%d, ", prefix, size, i,
type);
138 printf(
"function %s", lua_tostring(state, i));
141 printf(
"bool %s", lua_toboolean(state, i) ?
"true" :
"false");
144 printf(
"number %g", lua_tonumber(state, i));
147 printf(
"string `%s'", lua_tostring(state, i));
150 printf(
"table `%s'", lua_tostring(state, i));
153 printf(
"other %s", lua_typename(state,
type));
164 lua_pushlightuserdata(state, (
void *)data);
165 lua_settable(state, LUA_REGISTRYINDEX);
172 static int DetectLuaRunMatch(
178 if (lua_pcall(tlua->
luastate, 1, 1, 0) != 0) {
179 const char *reason = lua_tostring(tlua->
luastate, -1);
190 reason =
"memory limit exceeded";
198 if (!(tlua->
flags & flag)) {
199 SCLogWarning(
"Lua script failed to run successfully: %s", reason);
204 while (lua_gettop(tlua->
luastate) > 0) {
213 if (lua_gettop(tlua->
luastate) > 0) {
215 if (lua_type(tlua->
luastate, 1) == LUA_TNUMBER) {
216 lua_Integer script_ret = lua_tointeger(tlua->
luastate, 1);
222 SCLogDebug(
"Unsupported datatype returned from Lua script");
233 while (lua_gettop(tlua->
luastate) > 0) {
246 if (buffer == NULL || buffer_len == 0)
261 lua_getglobal(tlua->
luastate,
"match");
264 lua_pushliteral(tlua->
luastate,
"offset");
272 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
302 flags = STREAM_TOSERVER;
304 flags = STREAM_TOCLIENT;
315 lua_getglobal(tlua->
luastate,
"match");
318 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
337 lua_getglobal(tlua->
luastate,
"match");
340 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
356 void *state,
void *txv,
const Signature *s,
359 return DetectLuaAppMatchCommon(det_ctx, f,
flags, state, s,
ctx);
365 static const char *ut_script = NULL;
368 static void *DetectLuaThreadInit(
void *data)
395 LuaStateSetDetectLuaData(t->
luastate, lua);
399 if (ut_script != NULL) {
400 status = luaL_loadbuffer(t->
luastate, ut_script, strlen(ut_script),
"unittest");
417 if (lua_pcall(t->
luastate, 0, 0, 0) != 0) {
423 lua_getglobal(t->
luastate,
"thread_init");
424 if (lua_isfunction(t->
luastate, -1)) {
425 if (lua_pcall(t->
luastate, 0, 0, 0) != 0) {
426 SCLogError(
"couldn't run script 'thread_init' function: %s",
443 static void DetectLuaThreadFree(
void *
ctx)
471 if (strlen(
str) &&
str[0] ==
'!') {
486 DetectLuaFree(
de_ctx, lua);
495 if (luastate == NULL)
498 luaL_openlibs(luastate);
503 LuaStateSetDetectLuaData(luastate, ld);
507 if (ut_script != NULL) {
508 status = luaL_loadbuffer(luastate, ut_script, strlen(ut_script),
"unittest");
510 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
515 status = luaL_loadfile(luastate, ld->
filename);
517 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
525 if (lua_pcall(luastate, 0, 0, 0) != 0) {
526 SCLogError(
"couldn't prime file: %s", lua_tostring(luastate, -1));
530 lua_getglobal(luastate,
"init");
531 if (lua_type(luastate, -1) != LUA_TFUNCTION) {
538 lua_pushlightuserdata(luastate, (
void *)s);
540 if (lua_pcall(luastate, 1, 1, 0) != 0) {
541 SCLogError(
"couldn't run script 'init' function: %s", lua_tostring(luastate, -1));
546 if (lua_gettop(luastate) == 0) {
547 SCLogError(
"init function in script should return table, nothing returned");
550 if (lua_type(luastate, 1) != LUA_TTABLE) {
551 SCLogError(
"init function in script should return table, returned is not table");
555 lua_pushnil(luastate);
557 while (lua_next(luastate, -2)) {
558 k = lua_tostring(luastate, -2);
563 if (strcmp(k,
"flowvar") == 0) {
564 if (lua_istable(luastate, -1)) {
565 lua_pushnil(luastate);
566 while (lua_next(luastate, -2) != 0) {
568 const char *value = lua_tostring(luastate, -1);
571 lua_pop(luastate, 1);
583 lua_pop(luastate, 1);
585 }
else if (strcmp(k,
"flowint") == 0) {
586 if (lua_istable(luastate, -1)) {
587 lua_pushnil(luastate);
588 while (lua_next(luastate, -2) != 0) {
590 const char *value = lua_tostring(luastate, -1);
593 lua_pop(luastate, 1);
605 lua_pop(luastate, 1);
609 bool required = lua_toboolean(luastate, -1);
610 lua_pop(luastate, 1);
615 if (strcmp(k,
"ja3") == 0) {
617 }
else if (strcmp(k,
"ja3s") == 0) {
619 }
else if (strcmp(k,
"packet") == 0) {
621 }
else if (strcmp(k,
"payload") == 0) {
623 }
else if (strcmp(k,
"buffer") == 0) {
631 }
else if (strcmp(k,
"stream") == 0) {
640 }
else if (strncmp(k,
"http", 4) == 0 || strncmp(k,
"dns", 3) == 0 ||
641 strncmp(k,
"tls", 3) == 0 || strncmp(k,
"ssh", 3) == 0 ||
642 strncmp(k,
"smtp", 4) == 0 || strncmp(k,
"dnp3", 4) == 0) {
643 SCLogError(
"data type %s no longer supported, use rule hooks", k);
653 lua_pop(luastate, 1);
677 if (
SCConfGetBool(
"security.lua.allow-rules", &enabled) == 1 && !enabled) {
678 SCLogError(
"Lua rules disabled by security configuration: security.lua.allow-rules");
689 (void)
SCConfGetInt(
"security.lua.max-bytes", &lua_alloc_limit);
690 (void)
SCConfGetInt(
"security.lua.max-instructions", &lua_instruction_limit);
694 int allow_restricted_functions = 0;
695 (void)
SCConfGetBool(
"security.lua.allow-restricted-functions", &allow_restricted_functions);
698 if (DetectLuaSetupPrime(
de_ctx, lua, s) == -1) {
703 DetectLuaThreadInit, (
void *)lua,
704 DetectLuaThreadFree, 0);
710 if (list == -1 || (list == 0 && s->
init_data->
list == INT_MAX)) {
728 list = g_lua_ja3_list_id;
730 list = g_lua_ja3s_list_id;
742 DetectLuaFree(
de_ctx, lua);
761 for (uint16_t i = 0; i < lua->
flowints; i++) {
764 for (uint16_t i = 0; i < lua->
flowvars; i++) {
767 for (uint16_t i = 0; i < lua->
bytevars; i++) {
781 static int LuaMatchTest01(
void)
785 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
786 "function init (args)\n"
787 " flowvarlib.register(\"cnt\")\n"
790 "function thread_init (args)\n"
791 " cnt = flowvarlib.get(\"cnt\")\n"
794 "function match(args)\n"
797 " a = tostring(tonumber(a)+1)\n"
806 " print (\"pre check: \" .. (a))\n"
807 " if tonumber(a) == 2 then\n"
814 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
817 "POST / HTTP/1.1\r\n"
818 "Host: www.emergingthreats.net\r\n\r\n";
820 "POST / HTTP/1.1\r\n"
821 "Host: www.openinfosecfoundation.org\r\n\r\n";
822 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
823 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
833 memset(&th_v, 0,
sizeof(th_v));
834 memset(&f, 0,
sizeof(f));
835 memset(&ssn, 0,
sizeof(ssn));
842 f.
proto = IPPROTO_TCP;
908 static int LuaMatchTest01a(
void)
910 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
911 "function init (args)\n"
912 " flowvarlib.register(\"cnt\")\n"
915 "function thread_init (args)\n"
916 " cnt = flowvarlib.get(\"cnt\")\n"
919 "function match(args)\n"
920 " a = cnt:value(0)\n"
922 " a = tostring(tonumber(a)+1)\n"
931 " print (\"pre check: \" .. (a))\n"
932 " if tonumber(a) == 2 then\n"
939 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
941 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
942 "Host: www.emergingthreats.net\r\n\r\n";
943 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
944 "Host: www.openinfosecfoundation.org\r\n\r\n";
945 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
946 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
956 memset(&th_v, 0,
sizeof(th_v));
957 memset(&f, 0,
sizeof(f));
958 memset(&ssn, 0,
sizeof(ssn));
965 f.
proto = IPPROTO_TCP;
1032 static int LuaMatchTest02(
void)
1034 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1035 "function init (args)\n"
1036 " flowvarlib.register(\"cnt\")\n"
1037 " local needs = {}\n"
1038 " needs[\"payload\"] = tostring(true)\n"
1041 "function thread_init (args)\n"
1042 " cnt = flowvarlib.get(\"cnt\")\n"
1045 "function match(args)\n"
1046 " a = cnt:value()\n"
1048 " a = tostring(tonumber(a)+1)\n"
1052 " a = tostring(1)\n"
1057 " print (\"pre check: \" .. (a))\n"
1058 " if tonumber(a) == 2 then\n"
1059 " print \"match\"\n"
1065 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1066 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1067 "Host: www.emergingthreats.net\r\n\r\n";
1068 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1069 "Host: www.openinfosecfoundation.org\r\n\r\n";
1070 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1071 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1079 memset(&th_v, 0,
sizeof(th_v));
1080 memset(&f, 0,
sizeof(f));
1081 memset(&ssn, 0,
sizeof(ssn));
1088 f.
proto = IPPROTO_TCP;
1143 static int LuaMatchTest02a(
void)
1145 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1146 "function init (args)\n"
1147 " flowvarlib.register(\"cnt\")"
1148 " local needs = {}\n"
1149 " needs[\"payload\"] = tostring(true)\n"
1152 "function thread_init (args)\n"
1153 " cnt = flowvarlib.get(\"cnt\")"
1156 "function match(args)\n"
1157 " a = cnt:value()\n"
1159 " a = tostring(tonumber(a)+1)\n"
1163 " a = tostring(1)\n"
1168 " print (\"pre check: \" .. (a))\n"
1169 " if tonumber(a) == 2 then\n"
1170 " print \"match\"\n"
1176 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1177 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1178 "Host: www.emergingthreats.net\r\n\r\n";
1179 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1180 "Host: www.openinfosecfoundation.org\r\n\r\n";
1181 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1182 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1190 memset(&th_v, 0,
sizeof(th_v));
1191 memset(&f, 0,
sizeof(f));
1192 memset(&ssn, 0,
sizeof(ssn));
1199 f.
proto = IPPROTO_TCP;
1253 static int LuaMatchTest03(
void)
1255 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1256 "function init (args)\n"
1257 " flowvarlib.register(\"cnt\")\n"
1258 " local needs = {}\n"
1259 " needs[\"packet\"] = tostring(true)\n"
1263 "function thread_init (args)\n"
1264 " cnt = flowvarlib.get(\"cnt\")\n"
1267 "function match(args)\n"
1268 " a = cnt:value()\n"
1270 " a = tostring(tonumber(a)+1)\n"
1274 " a = tostring(1)\n"
1279 " print (\"pre check: \" .. (a))\n"
1280 " if tonumber(a) == 2 then\n"
1281 " print \"match\"\n"
1287 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1288 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1289 "Host: www.emergingthreats.net\r\n\r\n";
1290 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1291 "Host: www.openinfosecfoundation.org\r\n\r\n";
1292 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1293 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1301 memset(&th_v, 0,
sizeof(th_v));
1302 memset(&f, 0,
sizeof(f));
1303 memset(&ssn, 0,
sizeof(ssn));
1310 f.
proto = IPPROTO_TCP;
1364 static int LuaMatchTest03a(
void)
1366 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1367 "function init (args)\n"
1368 " flowvarlib.register(\"cnt\")\n"
1369 " local needs = {}\n"
1370 " needs[\"packet\"] = tostring(true)\n"
1374 "function thread_init (args)\n"
1375 " cnt = flowvarlib.get(\"cnt\")\n"
1378 "function match(args)\n"
1379 " a = cnt:value()\n"
1381 " a = tostring(tonumber(a)+1)\n"
1385 " a = tostring(1)\n"
1390 " print (\"pre check: \" .. (a))\n"
1391 " if tonumber(a) == 2 then\n"
1392 " print \"match\"\n"
1398 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1399 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1400 "Host: www.emergingthreats.net\r\n\r\n";
1401 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1402 "Host: www.openinfosecfoundation.org\r\n\r\n";
1403 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1404 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1412 memset(&th_v, 0,
sizeof(th_v));
1413 memset(&f, 0,
sizeof(f));
1414 memset(&ssn, 0,
sizeof(ssn));
1421 f.
proto = IPPROTO_TCP;
1474 static int LuaMatchTest04(
void)
1476 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1477 "function init (args)\n"
1478 " flowintlib.register(\"cnt\")\n"
1482 "function thread_init (args)\n"
1483 " cnt = flowintlib.get(\"cnt\")\n"
1486 "function match(args)\n"
1487 " print \"inspecting\""
1488 " a = cnt:value()\n"
1495 " a = cnt:value()\n"
1497 " print \"match\"\n"
1503 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1505 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1506 "Host: www.emergingthreats.net\r\n\r\n";
1507 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1508 "Host: www.openinfosecfoundation.org\r\n\r\n";
1509 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1510 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1520 memset(&th_v, 0,
sizeof(th_v));
1521 memset(&f, 0,
sizeof(f));
1522 memset(&ssn, 0,
sizeof(ssn));
1529 f.
proto = IPPROTO_TCP;
1594 static int LuaMatchTest04a(
void)
1596 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1597 "function init (args)\n"
1598 " flowintlib.register(\"cnt\")\n"
1602 "function thread_init (args)\n"
1603 " cnt = flowintlib.get(\"cnt\")\n"
1606 "function match(args)\n"
1607 " print \"inspecting\""
1608 " a = cnt:value()\n"
1615 " a = cnt:value()\n"
1617 " print \"match\"\n"
1623 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1625 uint8_t httpbuf1[] =
1626 "POST / HTTP/1.1\r\n"
1627 "Host: www.emergingthreats.net\r\n\r\n";
1628 uint8_t httpbuf2[] =
1629 "POST / HTTP/1.1\r\n"
1630 "Host: www.openinfosecfoundation.org\r\n\r\n";
1631 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1632 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1642 memset(&th_v, 0,
sizeof(th_v));
1643 memset(&f, 0,
sizeof(f));
1644 memset(&ssn, 0,
sizeof(ssn));
1651 f.
proto = IPPROTO_TCP;
1716 static int LuaMatchTest05(
void)
1718 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1719 "function init (args)\n"
1720 " flowintlib.register(\"cnt\")\n"
1724 "function thread_init (args)\n"
1725 " cnt = flowintlib.get(\"cnt\")\n"
1728 "function match(args)\n"
1729 " print \"inspecting\""
1732 " print \"match\"\n"
1738 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1740 uint8_t httpbuf1[] =
1741 "POST / HTTP/1.1\r\n"
1742 "Host: www.emergingthreats.net\r\n\r\n";
1743 uint8_t httpbuf2[] =
1744 "POST / HTTP/1.1\r\n"
1745 "Host: www.openinfosecfoundation.org\r\n\r\n";
1746 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1747 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1757 memset(&th_v, 0,
sizeof(th_v));
1758 memset(&f, 0,
sizeof(f));
1759 memset(&ssn, 0,
sizeof(ssn));
1766 f.
proto = IPPROTO_TCP;
1831 static int LuaMatchTest05a(
void)
1833 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1834 "function init (args)\n"
1835 " flowintlib.register(\"cnt\")\n"
1839 "function thread_init (args)\n"
1840 " cnt = flowintlib.get(\"cnt\")\n"
1843 "function match(args)\n"
1844 " print \"inspecting\""
1847 " print \"match\"\n"
1853 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1855 uint8_t httpbuf1[] =
1856 "POST / HTTP/1.1\r\n"
1857 "Host: www.emergingthreats.net\r\n\r\n";
1858 uint8_t httpbuf2[] =
1859 "POST / HTTP/1.1\r\n"
1860 "Host: www.openinfosecfoundation.org\r\n\r\n";
1861 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1862 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1872 memset(&th_v, 0,
sizeof(th_v));
1873 memset(&f, 0,
sizeof(f));
1874 memset(&ssn, 0,
sizeof(ssn));
1881 f.
proto = IPPROTO_TCP;
1946 static int LuaMatchTest06(
void)
1948 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1949 "function init (args)\n"
1950 " flowintlib.register(\"cnt\")\n"
1954 "function thread_init (args)\n"
1955 " cnt = flowintlib.get(\"cnt\")\n"
1958 "function match(args)\n"
1959 " print \"inspecting\""
1960 " a = cnt:value()\n"
1961 " if a == nil then\n"
1962 " print \"new var set to 2\""
1967 " print \"match\"\n"
1973 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1975 uint8_t httpbuf1[] =
1976 "POST / HTTP/1.1\r\n"
1977 "Host: www.emergingthreats.net\r\n\r\n";
1978 uint8_t httpbuf2[] =
1979 "POST / HTTP/1.1\r\n"
1980 "Host: www.openinfosecfoundation.org\r\n\r\n";
1981 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1982 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1992 memset(&th_v, 0,
sizeof(th_v));
1993 memset(&f, 0,
sizeof(f));
1994 memset(&ssn, 0,
sizeof(ssn));
2001 f.
proto = IPPROTO_TCP;
2066 static int LuaMatchTest06a(
void)
2068 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
2069 "function init (args)\n"
2070 " flowintlib.register(\"cnt\")\n"
2074 "function thread_init (args)\n"
2075 " cnt = flowintlib.get(\"cnt\")\n"
2078 "function match(args)\n"
2079 " print \"inspecting\""
2080 " a = cnt:value()\n"
2081 " if a == nil then\n"
2082 " print \"new var set to 2\""
2087 " print \"match\"\n"
2093 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
2095 uint8_t httpbuf1[] =
2096 "POST / HTTP/1.1\r\n"
2097 "Host: www.emergingthreats.net\r\n\r\n";
2098 uint8_t httpbuf2[] =
2099 "POST / HTTP/1.1\r\n"
2100 "Host: www.openinfosecfoundation.org\r\n\r\n";
2101 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2102 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2112 memset(&th_v, 0,
sizeof(th_v));
2113 memset(&f, 0,
sizeof(f));
2114 memset(&ssn, 0,
sizeof(ssn));
2121 f.
proto = IPPROTO_TCP;
2185 void DetectLuaRegisterTests(
void)
#define FLAG_MEMORY_LIMIT_LOGGED
void LuaStateSetThreadVars(lua_State *luastate, ThreadVars *tv)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
SigTableElmt * sigmatch_table
void(* Free)(DetectEngineCtx *, void *)
#define FLAG_BLOCKED_FUNCTION_LOGGED
void * DetectThreadCtxGetKeywordThreadCtx(DetectEngineThreadCtx *det_ctx, int id)
Retrieve thread local keyword ctx by id.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
SCLuaSbState * SCLuaSbGetContext(lua_State *L)
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
int allow_restricted_functions
#define FLAG_INSTRUCTION_LIMIT_LOGGED
main detection engine ctx
uint16_t lua_blocked_function_errors
#define DEFAULT_LUA_INSTRUCTION_LIMIT
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
#define DETECT_LUA_MAX_FLOWVARS
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
#define FLOW_PKT_TOSERVER
@ TLS_STATE_SERVER_HELLO_DONE
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
uint32_t flowvar[DETECT_LUA_MAX_FLOWVARS]
uint32_t VarNameStoreRegister(const char *name, const enum VarTypes type)
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
uint16_t lua_instruction_limit_errors
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define FLAG_DATATYPE_PACKET
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
struct lua_State lua_State
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
#define FLOW_INITIALIZE(f)
#define SIG_FLAG_TOSERVER
uint32_t VarNameStoreLookupByName(const char *name, const enum VarTypes type)
find name for id+type at packet time. As the active store won't be modified, we don't need locks.
#define PASS
Pass the test.
uint64_t instruction_limit
@ TLS_STATE_CLIENT_HELLO_DONE
int SCConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
AppLayerParserThreadCtx * alp_tctx
SigMatch * SCSigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Per thread variable structure.
void DetectLuaRegister(void)
Registration function for keyword: lua.
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
void VarNameStoreUnregister(const uint32_t id, const enum VarTypes type)
#define DETECT_LUA_MAX_FLOWINTS
#define FLAG_DATATYPE_PAYLOAD
#define SCLogWarning(...)
Macro used to log WARNING messages.
int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, const uint8_t *buffer, uint32_t buffer_len, uint32_t offset, Flow *f)
@ SIGNATURE_HOOK_TYPE_NOT_SET
uint16_t lua_memory_limit_errors
DetectLuaDataBytevarEntry bytevar[DETECT_LUA_MAX_BYTEVARS]
#define FLAG_DATATYPE_STREAM
void SCLuaSbStateClose(lua_State *L)
uint32_t flowint[DETECT_LUA_MAX_FLOWINTS]
#define FLAG_ERROR_LOGGED
SignatureInitData * init_data
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
void SCLuaRequirefBuiltIns(lua_State *L)
Register Suricata built-in modules for loading in a non-sandboxed environment.
bool blocked_function_error
union FlowVar_::@124 data
#define FLOW_PKT_TOCLIENT
void LuaExtensionsMatchSetup(lua_State *lua_state, DetectLuaData *ld, DetectEngineThreadCtx *det_ctx, Flow *f, Packet *p, const Signature *s, uint8_t flags)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
void LuaDumpStack(lua_State *state, const char *prefix)
dump stack from lua state to screen
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
int SCConfSetFinal(const char *name, const char *val)
Set a final configuration value.
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void SCLuaSbLoadLibs(lua_State *L)
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
int DetectBufferTypeRegister(const char *name)
void StreamTcpFreeConfig(bool quiet)
int DetectRegisterThreadCtxFuncs(DetectEngineCtx *de_ctx, const char *name, void *(*InitFunc)(void *), void *data, void(*FreeFunc)(void *), int mode)
Register Thread keyword context Funcs.
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
#define DEFAULT_LUA_ALLOC_LIMIT
enum SignatureHookType type
void SCLuaSbResetInstructionCounter(lua_State *L)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
const char luaext_key_ld[]
#define SCLogError(...)
Macro used to log ERROR messages.
#define FLAG_DATATYPE_BUFFER
#define FLOW_PKT_ESTABLISHED
DetectEngineCtx * DetectEngineCtxInit(void)
bool instruction_count_error
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
lua_State * SCLuaSbStateNew(uint64_t alloclimit, uint64_t instructionlimit)
Allocate a new Lua sandbox.
FlowVar * FlowVarGet(Flow *f, uint32_t idx)
get the flowvar with index 'idx' from the flow
int DetectUnregisterThreadCtxFuncs(DetectEngineCtx *de_ctx, void *data, const char *name)
Remove Thread keyword context registration.
AppProto alproto
application level protocol
int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
void(* RegisterTests)(void)
int LuaPushStringBuffer(lua_State *luastate, const uint8_t *input, size_t input_len)
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.