70 SCLogError(
"no Lua support built in, needed for lua/luajit keyword");
103 static void DetectLuaRegisterTests(
void);
106 static int g_smtp_generic_list_id = 0;
135 #define DATATYPE_PACKET BIT_U32(0)
136 #define DATATYPE_PAYLOAD BIT_U32(1)
137 #define DATATYPE_STREAM BIT_U32(2)
139 #define DATATYPE_HTTP_URI BIT_U32(3)
140 #define DATATYPE_HTTP_URI_RAW BIT_U32(4)
142 #define DATATYPE_HTTP_REQUEST_HEADERS BIT_U32(5)
143 #define DATATYPE_HTTP_REQUEST_HEADERS_RAW BIT_U32(6)
144 #define DATATYPE_HTTP_REQUEST_COOKIE BIT_U32(7)
145 #define DATATYPE_HTTP_REQUEST_UA BIT_U32(8)
147 #define DATATYPE_HTTP_REQUEST_LINE BIT_U32(9)
148 #define DATATYPE_HTTP_REQUEST_BODY BIT_U32(10)
150 #define DATATYPE_HTTP_RESPONSE_COOKIE BIT_U32(11)
151 #define DATATYPE_HTTP_RESPONSE_BODY BIT_U32(12)
153 #define DATATYPE_HTTP_RESPONSE_HEADERS BIT_U32(13)
154 #define DATATYPE_HTTP_RESPONSE_HEADERS_RAW BIT_U32(14)
156 #define DATATYPE_DNS_RRNAME BIT_U32(15)
157 #define DATATYPE_DNS_REQUEST BIT_U32(16)
158 #define DATATYPE_DNS_RESPONSE BIT_U32(17)
160 #define DATATYPE_TLS BIT_U32(18)
161 #define DATATYPE_SSH BIT_U32(19)
162 #define DATATYPE_SMTP BIT_U32(20)
164 #define DATATYPE_DNP3 BIT_U32(21)
166 #define DATATYPE_BUFFER BIT_U32(22)
172 int size = lua_gettop(state);
175 for (i = 1; i <= size; i++) {
176 int type = lua_type(state, i);
177 printf(
"Stack size=%d, level=%d, type=%d, ", size, i,
type);
181 printf(
"function %s", lua_tostring(state, i) ?
"true" :
"false");
184 printf(
"bool %s", lua_toboolean(state, i) ?
"true" :
"false");
187 printf(
"number %g", lua_tonumber(state, i));
190 printf(
"string `%s'", lua_tostring(state, i));
193 printf(
"table `%s'", lua_tostring(state, i));
196 printf(
"other %s", lua_typename(state,
type));
207 const uint8_t *buffer, uint32_t buffer_len, uint32_t
offset,
213 if (buffer == NULL || buffer_len == 0)
216 DetectLuaData *lua = (DetectLuaData *)smd->
ctx;
224 LuaExtensionsMatchSetup(tlua->luastate, lua, det_ctx, f, NULL, s, 0);
227 lua_getglobal(tlua->luastate,
"match");
228 lua_newtable(tlua->luastate);
230 lua_pushliteral (tlua->luastate,
"offset");
231 lua_pushnumber (tlua->luastate, (
int)(
offset + 1));
232 lua_settable(tlua->luastate, -3);
234 lua_pushstring (tlua->luastate, lua->buffername);
235 LuaPushStringBuffer(tlua->luastate, (
const uint8_t *)buffer, (
size_t)buffer_len);
236 lua_settable(tlua->luastate, -3);
238 int retval = lua_pcall(tlua->luastate, 1, 1, 0);
240 SCLogInfo(
"failed to run script: %s", lua_tostring(tlua->luastate, -1));
244 if (lua_gettop(tlua->luastate) > 0) {
246 if (lua_type(tlua->luastate, 1) == LUA_TNUMBER) {
247 double script_ret = lua_tonumber(tlua->luastate, 1);
249 lua_pop(tlua->luastate, 1);
251 if (script_ret == 1.0)
255 }
else if (lua_type(tlua->luastate, 1) == LUA_TTABLE) {
256 lua_pushnil(tlua->luastate);
258 while (lua_next(tlua->luastate, -2)) {
259 v = lua_tostring(tlua->luastate, -1);
260 lua_pop(tlua->luastate, 1);
261 k = lua_tostring(tlua->luastate, -1);
268 if (strcmp(k,
"retval") == 0) {
272 "for \"retval\" from LUA return table: '%s'",
285 lua_pop(tlua->luastate, 1);
292 while (lua_gettop(tlua->luastate) > 0) {
293 lua_pop(tlua->luastate, 1);
323 DetectLuaData *lua = (DetectLuaData *)ctx;
334 flags = STREAM_TOSERVER;
336 flags = STREAM_TOCLIENT;
338 LuaStateSetThreadVars(tlua->luastate, det_ctx->
tv);
340 LuaExtensionsMatchSetup(tlua->luastate, lua, det_ctx, p->
flow, p, s,
flags);
342 if ((tlua->flags & DATATYPE_PAYLOAD) && p->
payload_len == 0)
344 if ((tlua->flags & DATATYPE_PACKET) &&
GET_PKT_LEN(p) == 0)
351 if (tlua->alproto != alproto)
355 lua_getglobal(tlua->luastate,
"match");
356 lua_newtable(tlua->luastate);
358 if ((tlua->flags & DATATYPE_PAYLOAD) && p->
payload_len) {
359 lua_pushliteral(tlua->luastate,
"payload");
360 LuaPushStringBuffer (tlua->luastate, (
const uint8_t *)p->
payload, (
size_t)p->
payload_len);
361 lua_settable(tlua->luastate, -3);
363 if ((tlua->flags & DATATYPE_PACKET) &&
GET_PKT_LEN(p)) {
364 lua_pushliteral(tlua->luastate,
"packet");
366 lua_settable(tlua->luastate, -3);
370 if (htp_state != NULL && htp_state->
connp != NULL) {
375 for ( ; idx < total_txs; idx++) {
380 if ((tlua->flags & DATATYPE_HTTP_REQUEST_LINE) && tx->request_line != NULL &&
381 bstr_len(tx->request_line) > 0) {
382 lua_pushliteral(tlua->luastate,
"http.request_line");
383 LuaPushStringBuffer(tlua->luastate,
384 (
const uint8_t *)bstr_ptr(tx->request_line),
385 bstr_len(tx->request_line));
386 lua_settable(tlua->luastate, -3);
392 int retval = lua_pcall(tlua->luastate, 1, 1, 0);
394 SCLogInfo(
"failed to run script: %s", lua_tostring(tlua->luastate, -1));
398 if (lua_gettop(tlua->luastate) > 0) {
401 if (lua_type(tlua->luastate, 1) == LUA_TNUMBER) {
402 double script_ret = lua_tonumber(tlua->luastate, 1);
404 lua_pop(tlua->luastate, 1);
406 if (script_ret == 1.0)
410 }
else if (lua_type(tlua->luastate, 1) == LUA_TTABLE) {
411 lua_pushnil(tlua->luastate);
413 while (lua_next(tlua->luastate, -2)) {
414 v = lua_tostring(tlua->luastate, -1);
415 lua_pop(tlua->luastate, 1);
416 k = lua_tostring(tlua->luastate, -1);
423 if (strcmp(k,
"retval") == 0) {
426 (
const char *)v) < 0) {
428 "for \"retval\" from LUA return table: '%s'",
441 lua_pop(tlua->luastate, 1);
444 while (lua_gettop(tlua->luastate) > 0) {
445 lua_pop(tlua->luastate, 1);
464 DetectLuaData *lua = (DetectLuaData *)ctx;
473 LuaExtensionsMatchSetup(tlua->luastate, lua, det_ctx, f, NULL, s,
flags);
477 if (tlua->alproto != alproto)
481 lua_getglobal(tlua->luastate,
"match");
482 lua_newtable(tlua->luastate);
486 if (htp_state != NULL && htp_state->
connp != NULL) {
490 if ((tlua->flags & DATATYPE_HTTP_REQUEST_LINE) && tx->request_line != NULL &&
491 bstr_len(tx->request_line) > 0) {
492 lua_pushliteral(tlua->luastate,
"http.request_line");
493 LuaPushStringBuffer(tlua->luastate,
494 (
const uint8_t *)bstr_ptr(tx->request_line),
495 bstr_len(tx->request_line));
496 lua_settable(tlua->luastate, -3);
502 int retval = lua_pcall(tlua->luastate, 1, 1, 0);
504 SCLogInfo(
"failed to run script: %s", lua_tostring(tlua->luastate, -1));
508 if (lua_gettop(tlua->luastate) > 0) {
511 if (lua_type(tlua->luastate, 1) == LUA_TNUMBER) {
512 double script_ret = lua_tonumber(tlua->luastate, 1);
514 lua_pop(tlua->luastate, 1);
516 if (script_ret == 1.0)
520 }
else if (lua_type(tlua->luastate, 1) == LUA_TTABLE) {
521 lua_pushnil(tlua->luastate);
523 while (lua_next(tlua->luastate, -2)) {
524 v = lua_tostring(tlua->luastate, -1);
525 lua_pop(tlua->luastate, 1);
526 k = lua_tostring(tlua->luastate, -1);
533 if (strcmp(k,
"retval") == 0) {
536 (
const char *)v) < 0) {
538 "for \"retval\" from LUA return table: '%s'",
551 lua_pop(tlua->luastate, 1);
554 while (lua_gettop(tlua->luastate) > 0) {
555 lua_pop(tlua->luastate, 1);
584 return DetectLuaAppMatchCommon(det_ctx, f,
flags, state, s, ctx);
590 static const char *ut_script = NULL;
593 static void *DetectLuaThreadInit(
void *data)
596 DetectLuaData *lua = (DetectLuaData *)data;
599 DetectLuaThreadData *t =
SCMalloc(
sizeof(DetectLuaThreadData));
604 memset(t, 0x00,
sizeof(DetectLuaThreadData));
606 t->alproto = lua->alproto;
607 t->flags = lua->flags;
609 t->luastate = LuaGetState();
610 if (t->luastate == NULL) {
615 luaL_openlibs(t->luastate);
617 LuaRegisterExtensions(t->luastate);
619 lua_pushinteger(t->luastate, (lua_Integer)(lua->sid));
620 lua_setglobal(t->luastate,
"SCRuleSid");
621 lua_pushinteger(t->luastate, (lua_Integer)(lua->rev));
622 lua_setglobal(t->luastate,
"SCRuleRev");
623 lua_pushinteger(t->luastate, (lua_Integer)(lua->gid));
624 lua_setglobal(t->luastate,
"SCRuleGid");
628 if (ut_script != NULL) {
629 status = luaL_loadbuffer(t->luastate, ut_script, strlen(ut_script),
"unittest");
631 SCLogError(
"couldn't load file: %s", lua_tostring(t->luastate, -1));
636 status = luaL_loadfile(t->luastate, lua->filename);
638 SCLogError(
"couldn't load file: %s", lua_tostring(t->luastate, -1));
646 if (lua_pcall(t->luastate, 0, 0, 0) != 0) {
647 SCLogError(
"couldn't prime file: %s", lua_tostring(t->luastate, -1));
654 if (t->luastate != NULL)
655 LuaReturnState(t->luastate);
660 static void DetectLuaThreadFree(
void *ctx)
663 DetectLuaThreadData *t = (DetectLuaThreadData *)ctx;
664 if (t->luastate != NULL)
665 LuaReturnState(t->luastate);
681 DetectLuaData *lua = NULL;
684 lua =
SCMalloc(
sizeof(DetectLuaData));
688 memset(lua, 0x00,
sizeof(DetectLuaData));
690 if (strlen(
str) &&
str[0] ==
'!') {
697 if (lua->filename == NULL) {
705 DetectLuaFree(
de_ctx, lua);
714 if (luastate == NULL)
716 luaL_openlibs(luastate);
720 if (ut_script != NULL) {
721 status = luaL_loadbuffer(luastate, ut_script, strlen(ut_script),
"unittest");
723 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
728 status = luaL_loadfile(luastate, ld->filename);
730 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
738 if (lua_pcall(luastate, 0, 0, 0) != 0) {
739 SCLogError(
"couldn't prime file: %s", lua_tostring(luastate, -1));
743 lua_getglobal(luastate,
"init");
744 if (lua_type(luastate, -1) != LUA_TFUNCTION) {
749 lua_newtable(luastate);
750 if (lua_gettop(luastate) == 0 || lua_type(luastate, 2) != LUA_TTABLE) {
755 lua_pushliteral(luastate,
"script_api_ver");
756 lua_pushnumber (luastate, 1);
757 lua_settable(luastate, -3);
759 if (lua_pcall(luastate, 1, 1, 0) != 0) {
760 SCLogError(
"couldn't run script 'init' function: %s", lua_tostring(luastate, -1));
765 if (lua_gettop(luastate) == 0) {
766 SCLogError(
"init function in script should return table, nothing returned");
769 if (lua_type(luastate, 1) != LUA_TTABLE) {
770 SCLogError(
"init function in script should return table, returned is not table");
774 lua_pushnil(luastate);
776 while (lua_next(luastate, -2)) {
777 k = lua_tostring(luastate, -2);
782 if (strcmp(k,
"flowvar") == 0) {
783 if (lua_istable(luastate, -1)) {
784 lua_pushnil(luastate);
785 while (lua_next(luastate, -2) != 0) {
787 const char *value = lua_tostring(luastate, -1);
790 lua_pop(luastate, 1);
792 if (ld->flowvars == DETECT_LUAJIT_MAX_FLOWVARS) {
798 ld->flowvar[ld->flowvars++] = idx;
799 SCLogDebug(
"script uses flowvar %u with script id %u", idx, ld->flowvars - 1);
802 lua_pop(luastate, 1);
804 }
else if (strcmp(k,
"flowint") == 0) {
805 if (lua_istable(luastate, -1)) {
806 lua_pushnil(luastate);
807 while (lua_next(luastate, -2) != 0) {
809 const char *value = lua_tostring(luastate, -1);
812 lua_pop(luastate, 1);
814 if (ld->flowints == DETECT_LUAJIT_MAX_FLOWINTS) {
820 ld->flowint[ld->flowints++] = idx;
821 SCLogDebug(
"script uses flowint %u with script id %u", idx, ld->flowints - 1);
824 lua_pop(luastate, 1);
826 }
else if (strcmp(k,
"bytevar") == 0) {
827 if (lua_istable(luastate, -1)) {
828 lua_pushnil(luastate);
829 while (lua_next(luastate, -2) != 0) {
831 const char *value = lua_tostring(luastate, -1);
834 lua_pop(luastate, 1);
836 if (ld->bytevars == DETECT_LUAJIT_MAX_BYTEVARS) {
843 SCLogError(
"Unknown byte_extract or byte_math var "
844 "requested by lua script - %s",
848 ld->bytevar[ld->bytevars++] = idx;
849 SCLogDebug(
"script uses bytevar %u with script id %u", idx, ld->bytevars - 1);
852 lua_pop(luastate, 1);
856 v = lua_tostring(luastate, -1);
857 lua_pop(luastate, 1);
862 if (strcmp(k,
"packet") == 0 && strcmp(v,
"true") == 0) {
863 ld->flags |= DATATYPE_PACKET;
864 }
else if (strcmp(k,
"payload") == 0 && strcmp(v,
"true") == 0) {
865 ld->flags |= DATATYPE_PAYLOAD;
866 }
else if (strcmp(k,
"buffer") == 0 && strcmp(v,
"true") == 0) {
867 ld->flags |= DATATYPE_BUFFER;
869 ld->buffername =
SCStrdup(
"buffer");
870 if (ld->buffername == NULL) {
874 }
else if (strcmp(k,
"stream") == 0 && strcmp(v,
"true") == 0) {
875 ld->flags |= DATATYPE_STREAM;
877 ld->buffername =
SCStrdup(
"stream");
878 if (ld->buffername == NULL) {
883 }
else if (strncmp(k,
"http", 4) == 0 && strcmp(v,
"true") == 0) {
886 "can just inspect script against one app layer proto like HTTP at a time");
889 if (ld->flags != 0) {
890 SCLogError(
"when inspecting HTTP buffers only a single buffer can be inspected");
897 if (strcmp(k,
"http.uri") == 0)
898 ld->flags |= DATATYPE_HTTP_URI;
900 else if (strcmp(k,
"http.uri.raw") == 0)
901 ld->flags |= DATATYPE_HTTP_URI_RAW;
903 else if (strcmp(k,
"http.request_line") == 0)
904 ld->flags |= DATATYPE_HTTP_REQUEST_LINE;
906 else if (strcmp(k,
"http.request_headers") == 0)
907 ld->flags |= DATATYPE_HTTP_REQUEST_HEADERS;
909 else if (strcmp(k,
"http.request_headers.raw") == 0)
910 ld->flags |= DATATYPE_HTTP_REQUEST_HEADERS_RAW;
912 else if (strcmp(k,
"http.request_cookie") == 0)
913 ld->flags |= DATATYPE_HTTP_REQUEST_COOKIE;
915 else if (strcmp(k,
"http.request_user_agent") == 0)
916 ld->flags |= DATATYPE_HTTP_REQUEST_UA;
918 else if (strcmp(k,
"http.request_body") == 0)
919 ld->flags |= DATATYPE_HTTP_REQUEST_BODY;
921 else if (strcmp(k,
"http.response_body") == 0)
922 ld->flags |= DATATYPE_HTTP_RESPONSE_BODY;
924 else if (strcmp(k,
"http.response_cookie") == 0)
925 ld->flags |= DATATYPE_HTTP_RESPONSE_COOKIE;
927 else if (strcmp(k,
"http.response_headers") == 0)
928 ld->flags |= DATATYPE_HTTP_RESPONSE_HEADERS;
930 else if (strcmp(k,
"http.response_headers.raw") == 0)
931 ld->flags |= DATATYPE_HTTP_RESPONSE_HEADERS_RAW;
934 SCLogError(
"unsupported http data type %s", k);
939 if (ld->buffername == NULL) {
943 }
else if (strncmp(k,
"dns", 3) == 0 && strcmp(v,
"true") == 0) {
947 if (strcmp(k,
"dns.rrname") == 0)
948 ld->flags |= DATATYPE_DNS_RRNAME;
949 else if (strcmp(k,
"dns.request") == 0)
950 ld->flags |= DATATYPE_DNS_REQUEST;
951 else if (strcmp(k,
"dns.response") == 0)
952 ld->flags |= DATATYPE_DNS_RESPONSE;
955 SCLogError(
"unsupported dns data type %s", k);
959 if (ld->buffername == NULL) {
963 }
else if (strncmp(k,
"tls", 3) == 0 && strcmp(v,
"true") == 0) {
967 ld->flags |= DATATYPE_TLS;
969 }
else if (strncmp(k,
"ssh", 3) == 0 && strcmp(v,
"true") == 0) {
973 ld->flags |= DATATYPE_SSH;
975 }
else if (strncmp(k,
"smtp", 4) == 0 && strcmp(v,
"true") == 0) {
979 ld->flags |= DATATYPE_SMTP;
981 }
else if (strncmp(k,
"dnp3", 4) == 0 && strcmp(v,
"true") == 0) {
985 ld->flags |= DATATYPE_DNP3;
994 lua_pop(luastate, 1);
1015 DetectLuaData *lua = NULL;
1021 (void)
ConfGetBool(
"security.lua.allow-rules", &enabled);
1023 SCLogError(
"Lua rules disabled by security configuration: security.lua.allow-rules");
1031 if (DetectLuaSetupPrime(
de_ctx, lua, s) == -1) {
1036 DetectLuaThreadInit, (
void *)lua,
1037 DetectLuaThreadFree, 0);
1038 if (lua->thread_ctx_id == -1)
1059 if (lua->flags & DATATYPE_STREAM)
1062 if (lua->flags & DATATYPE_BUFFER) {
1074 if (lua->flags & DATATYPE_HTTP_RESPONSE_BODY) {
1076 }
else if (lua->flags & DATATYPE_HTTP_REQUEST_BODY) {
1078 }
else if (lua->flags & DATATYPE_HTTP_URI) {
1080 }
else if (lua->flags & DATATYPE_HTTP_URI_RAW) {
1082 }
else if (lua->flags & DATATYPE_HTTP_REQUEST_COOKIE ||
1083 lua->flags & DATATYPE_HTTP_RESPONSE_COOKIE)
1086 }
else if (lua->flags & DATATYPE_HTTP_REQUEST_UA) {
1088 }
else if (lua->flags & (DATATYPE_HTTP_REQUEST_HEADERS|DATATYPE_HTTP_RESPONSE_HEADERS)) {
1090 }
else if (lua->flags & (DATATYPE_HTTP_REQUEST_HEADERS_RAW|DATATYPE_HTTP_RESPONSE_HEADERS_RAW)) {
1096 if (lua->flags & DATATYPE_DNS_RRNAME) {
1098 }
else if (lua->flags & DATATYPE_DNS_REQUEST) {
1100 }
else if (lua->flags & DATATYPE_DNS_RESPONSE) {
1108 list = g_smtp_generic_list_id;
1127 DetectLuaFree(
de_ctx, lua);
1146 DetectLuaData *ld = (DetectLuaData *)sm->
ctx;
1162 DetectLuaData *lua = (DetectLuaData *)ptr;
1164 if (lua->buffername)
1169 for (uint16_t i = 0; i < lua->flowints; i++) {
1172 for (uint16_t i = 0; i < lua->flowvars; i++) {
1186 static int LuaMatchTest01(
void)
1190 const char script[] =
1191 "function init (args)\n"
1192 " local needs = {}\n"
1193 " needs[\"http.request_headers\"] = tostring(true)\n"
1194 " needs[\"flowvar\"] = {\"cnt\"}\n"
1198 "function match(args)\n"
1199 " a = ScFlowvarGet(0)\n"
1201 " a = tostring(tonumber(a)+1)\n"
1203 " ScFlowvarSet(0, a, #a)\n"
1205 " a = tostring(1)\n"
1207 " ScFlowvarSet(0, a, #a)\n"
1210 " print (\"pre check: \" .. (a))\n"
1211 " if tonumber(a) == 2 then\n"
1212 " print \"match\"\n"
1218 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1219 uint8_t httpbuf1[] =
1220 "POST / HTTP/1.1\r\n"
1221 "Host: www.emergingthreats.net\r\n\r\n";
1222 uint8_t httpbuf2[] =
1223 "POST / HTTP/1.1\r\n"
1224 "Host: www.openinfosecfoundation.org\r\n\r\n";
1225 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1226 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1236 memset(&th_v, 0,
sizeof(th_v));
1237 memset(&f, 0,
sizeof(f));
1238 memset(&ssn, 0,
sizeof(ssn));
1245 f.
proto = IPPROTO_TCP;
1311 static int LuaMatchTest01a(
void)
1313 const char script[] =
"function init (args)\n"
1314 " local needs = {}\n"
1315 " needs[\"http.request_headers\"] = tostring(true)\n"
1316 " needs[\"flowvar\"] = {\"cnt\"}\n"
1320 "function match(args)\n"
1321 " a = SCFlowvarGet(0)\n"
1323 " a = tostring(tonumber(a)+1)\n"
1325 " SCFlowvarSet(0, a, #a)\n"
1327 " a = tostring(1)\n"
1329 " SCFlowvarSet(0, a, #a)\n"
1332 " print (\"pre check: \" .. (a))\n"
1333 " if tonumber(a) == 2 then\n"
1334 " print \"match\"\n"
1340 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1341 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1342 "Host: www.emergingthreats.net\r\n\r\n";
1343 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1344 "Host: www.openinfosecfoundation.org\r\n\r\n";
1345 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1346 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1356 memset(&th_v, 0,
sizeof(th_v));
1357 memset(&f, 0,
sizeof(f));
1358 memset(&ssn, 0,
sizeof(ssn));
1365 f.
proto = IPPROTO_TCP;
1432 static int LuaMatchTest02(
void)
1434 const char script[] =
"function init (args)\n"
1435 " local needs = {}\n"
1436 " needs[\"payload\"] = tostring(true)\n"
1437 " needs[\"flowvar\"] = {\"cnt\"}\n"
1441 "function match(args)\n"
1442 " a = ScFlowvarGet(0)\n"
1444 " a = tostring(tonumber(a)+1)\n"
1446 " ScFlowvarSet(0, a, #a)\n"
1448 " a = tostring(1)\n"
1450 " ScFlowvarSet(0, a, #a)\n"
1453 " print (\"pre check: \" .. (a))\n"
1454 " if tonumber(a) == 2 then\n"
1455 " print \"match\"\n"
1461 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1462 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1463 "Host: www.emergingthreats.net\r\n\r\n";
1464 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1465 "Host: www.openinfosecfoundation.org\r\n\r\n";
1466 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1467 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1475 memset(&th_v, 0,
sizeof(th_v));
1476 memset(&f, 0,
sizeof(f));
1477 memset(&ssn, 0,
sizeof(ssn));
1484 f.
proto = IPPROTO_TCP;
1539 static int LuaMatchTest02a(
void)
1541 const char script[] =
"function init (args)\n"
1542 " local needs = {}\n"
1543 " needs[\"payload\"] = tostring(true)\n"
1544 " needs[\"flowvar\"] = {\"cnt\"}\n"
1548 "function match(args)\n"
1549 " a = SCFlowvarGet(0)\n"
1551 " a = tostring(tonumber(a)+1)\n"
1553 " SCFlowvarSet(0, a, #a)\n"
1555 " a = tostring(1)\n"
1557 " SCFlowvarSet(0, a, #a)\n"
1560 " print (\"pre check: \" .. (a))\n"
1561 " if tonumber(a) == 2 then\n"
1562 " print \"match\"\n"
1568 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1569 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1570 "Host: www.emergingthreats.net\r\n\r\n";
1571 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1572 "Host: www.openinfosecfoundation.org\r\n\r\n";
1573 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1574 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1582 memset(&th_v, 0,
sizeof(th_v));
1583 memset(&f, 0,
sizeof(f));
1584 memset(&ssn, 0,
sizeof(ssn));
1591 f.
proto = IPPROTO_TCP;
1645 static int LuaMatchTest03(
void)
1647 const char script[] =
"function init (args)\n"
1648 " local needs = {}\n"
1649 " needs[\"packet\"] = tostring(true)\n"
1650 " needs[\"flowvar\"] = {\"cnt\"}\n"
1654 "function match(args)\n"
1655 " a = ScFlowvarGet(0)\n"
1657 " a = tostring(tonumber(a)+1)\n"
1659 " ScFlowvarSet(0, a, #a)\n"
1661 " a = tostring(1)\n"
1663 " ScFlowvarSet(0, a, #a)\n"
1666 " print (\"pre check: \" .. (a))\n"
1667 " if tonumber(a) == 2 then\n"
1668 " print \"match\"\n"
1674 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1675 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1676 "Host: www.emergingthreats.net\r\n\r\n";
1677 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1678 "Host: www.openinfosecfoundation.org\r\n\r\n";
1679 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1680 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1688 memset(&th_v, 0,
sizeof(th_v));
1689 memset(&f, 0,
sizeof(f));
1690 memset(&ssn, 0,
sizeof(ssn));
1697 f.
proto = IPPROTO_TCP;
1751 static int LuaMatchTest03a(
void)
1753 const char script[] =
"function init (args)\n"
1754 " local needs = {}\n"
1755 " needs[\"packet\"] = tostring(true)\n"
1756 " needs[\"flowvar\"] = {\"cnt\"}\n"
1760 "function match(args)\n"
1761 " a = SCFlowvarGet(0)\n"
1763 " a = tostring(tonumber(a)+1)\n"
1765 " SCFlowvarSet(0, a, #a)\n"
1767 " a = tostring(1)\n"
1769 " SCFlowvarSet(0, a, #a)\n"
1772 " print (\"pre check: \" .. (a))\n"
1773 " if tonumber(a) == 2 then\n"
1774 " print \"match\"\n"
1780 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1781 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1782 "Host: www.emergingthreats.net\r\n\r\n";
1783 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1784 "Host: www.openinfosecfoundation.org\r\n\r\n";
1785 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1786 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1794 memset(&th_v, 0,
sizeof(th_v));
1795 memset(&f, 0,
sizeof(f));
1796 memset(&ssn, 0,
sizeof(ssn));
1803 f.
proto = IPPROTO_TCP;
1856 static int LuaMatchTest04(
void)
1858 const char script[] =
"function init (args)\n"
1859 " local needs = {}\n"
1860 " needs[\"http.request_headers\"] = tostring(true)\n"
1861 " needs[\"flowint\"] = {\"cnt\"}\n"
1865 "function match(args)\n"
1866 " print \"inspecting\""
1867 " a = ScFlowintGet(0)\n"
1869 " ScFlowintSet(0, a + 1)\n"
1871 " ScFlowintSet(0, 1)\n"
1874 " a = ScFlowintGet(0)\n"
1876 " print \"match\"\n"
1882 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1883 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1884 "Host: www.emergingthreats.net\r\n\r\n";
1885 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1886 "Host: www.openinfosecfoundation.org\r\n\r\n";
1887 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1888 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1898 memset(&th_v, 0,
sizeof(th_v));
1899 memset(&f, 0,
sizeof(f));
1900 memset(&ssn, 0,
sizeof(ssn));
1907 f.
proto = IPPROTO_TCP;
1972 static int LuaMatchTest04a(
void)
1974 const char script[] =
"function init (args)\n"
1975 " local needs = {}\n"
1976 " needs[\"http.request_headers\"] = tostring(true)\n"
1977 " needs[\"flowint\"] = {\"cnt\"}\n"
1981 "function match(args)\n"
1982 " print \"inspecting\""
1983 " a = SCFlowintGet(0)\n"
1985 " SCFlowintSet(0, a + 1)\n"
1987 " SCFlowintSet(0, 1)\n"
1990 " a = SCFlowintGet(0)\n"
1992 " print \"match\"\n"
1998 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1999 uint8_t httpbuf1[] =
2000 "POST / HTTP/1.1\r\n"
2001 "Host: www.emergingthreats.net\r\n\r\n";
2002 uint8_t httpbuf2[] =
2003 "POST / HTTP/1.1\r\n"
2004 "Host: www.openinfosecfoundation.org\r\n\r\n";
2005 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2006 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2016 memset(&th_v, 0,
sizeof(th_v));
2017 memset(&f, 0,
sizeof(f));
2018 memset(&ssn, 0,
sizeof(ssn));
2025 f.
proto = IPPROTO_TCP;
2090 static int LuaMatchTest05(
void)
2092 const char script[] =
"function init (args)\n"
2093 " local needs = {}\n"
2094 " needs[\"http.request_headers\"] = tostring(true)\n"
2095 " needs[\"flowint\"] = {\"cnt\"}\n"
2099 "function match(args)\n"
2100 " print \"inspecting\""
2101 " a = ScFlowintIncr(0)\n"
2103 " print \"match\"\n"
2109 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
2110 uint8_t httpbuf1[] =
2111 "POST / HTTP/1.1\r\n"
2112 "Host: www.emergingthreats.net\r\n\r\n";
2113 uint8_t httpbuf2[] =
2114 "POST / HTTP/1.1\r\n"
2115 "Host: www.openinfosecfoundation.org\r\n\r\n";
2116 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2117 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2127 memset(&th_v, 0,
sizeof(th_v));
2128 memset(&f, 0,
sizeof(f));
2129 memset(&ssn, 0,
sizeof(ssn));
2136 f.
proto = IPPROTO_TCP;
2201 static int LuaMatchTest05a(
void)
2203 const char script[] =
"function init (args)\n"
2204 " local needs = {}\n"
2205 " needs[\"http.request_headers\"] = tostring(true)\n"
2206 " needs[\"flowint\"] = {\"cnt\"}\n"
2210 "function match(args)\n"
2211 " print \"inspecting\""
2212 " a = SCFlowintIncr(0)\n"
2214 " print \"match\"\n"
2220 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
2221 uint8_t httpbuf1[] =
2222 "POST / HTTP/1.1\r\n"
2223 "Host: www.emergingthreats.net\r\n\r\n";
2224 uint8_t httpbuf2[] =
2225 "POST / HTTP/1.1\r\n"
2226 "Host: www.openinfosecfoundation.org\r\n\r\n";
2227 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2228 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2238 memset(&th_v, 0,
sizeof(th_v));
2239 memset(&f, 0,
sizeof(f));
2240 memset(&ssn, 0,
sizeof(ssn));
2247 f.
proto = IPPROTO_TCP;
2312 static int LuaMatchTest06(
void)
2314 const char script[] =
"function init (args)\n"
2315 " local needs = {}\n"
2316 " needs[\"http.request_headers\"] = tostring(true)\n"
2317 " needs[\"flowint\"] = {\"cnt\"}\n"
2321 "function match(args)\n"
2322 " print \"inspecting\""
2323 " a = ScFlowintGet(0)\n"
2324 " if a == nil then\n"
2325 " print \"new var set to 2\""
2326 " ScFlowintSet(0, 2)\n"
2328 " a = ScFlowintDecr(0)\n"
2330 " print \"match\"\n"
2336 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
2337 uint8_t httpbuf1[] =
2338 "POST / HTTP/1.1\r\n"
2339 "Host: www.emergingthreats.net\r\n\r\n";
2340 uint8_t httpbuf2[] =
2341 "POST / HTTP/1.1\r\n"
2342 "Host: www.openinfosecfoundation.org\r\n\r\n";
2343 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2344 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2354 memset(&th_v, 0,
sizeof(th_v));
2355 memset(&f, 0,
sizeof(f));
2356 memset(&ssn, 0,
sizeof(ssn));
2363 f.
proto = IPPROTO_TCP;
2428 static int LuaMatchTest06a(
void)
2430 const char script[] =
"function init (args)\n"
2431 " local needs = {}\n"
2432 " needs[\"http.request_headers\"] = tostring(true)\n"
2433 " needs[\"flowint\"] = {\"cnt\"}\n"
2437 "function match(args)\n"
2438 " print \"inspecting\""
2439 " a = SCFlowintGet(0)\n"
2440 " if a == nil then\n"
2441 " print \"new var set to 2\""
2442 " SCFlowintSet(0, 2)\n"
2444 " a = SCFlowintDecr(0)\n"
2446 " print \"match\"\n"
2452 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
2453 uint8_t httpbuf1[] =
2454 "POST / HTTP/1.1\r\n"
2455 "Host: www.emergingthreats.net\r\n\r\n";
2456 uint8_t httpbuf2[] =
2457 "POST / HTTP/1.1\r\n"
2458 "Host: www.openinfosecfoundation.org\r\n\r\n";
2459 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2460 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2470 memset(&th_v, 0,
sizeof(th_v));
2471 memset(&f, 0,
sizeof(f));
2472 memset(&ssn, 0,
sizeof(ssn));
2479 f.
proto = IPPROTO_TCP;
2543 void DetectLuaRegisterTests(
void)