70 SCLogError(
"no Lua support built in, needed for lua/luajit keyword");
103 static void DetectLuaRegisterTests(
void);
106 static int g_smtp_generic_list_id = 0;
135 #define DATATYPE_PACKET BIT_U32(0)
136 #define DATATYPE_PAYLOAD BIT_U32(1)
137 #define DATATYPE_STREAM BIT_U32(2)
139 #define DATATYPE_HTTP_URI BIT_U32(3)
140 #define DATATYPE_HTTP_URI_RAW BIT_U32(4)
142 #define DATATYPE_HTTP_REQUEST_HEADERS BIT_U32(5)
143 #define DATATYPE_HTTP_REQUEST_HEADERS_RAW BIT_U32(6)
144 #define DATATYPE_HTTP_REQUEST_COOKIE BIT_U32(7)
145 #define DATATYPE_HTTP_REQUEST_UA BIT_U32(8)
147 #define DATATYPE_HTTP_REQUEST_LINE BIT_U32(9)
148 #define DATATYPE_HTTP_REQUEST_BODY BIT_U32(10)
150 #define DATATYPE_HTTP_RESPONSE_COOKIE BIT_U32(11)
151 #define DATATYPE_HTTP_RESPONSE_BODY BIT_U32(12)
153 #define DATATYPE_HTTP_RESPONSE_HEADERS BIT_U32(13)
154 #define DATATYPE_HTTP_RESPONSE_HEADERS_RAW BIT_U32(14)
156 #define DATATYPE_DNS_RRNAME BIT_U32(15)
157 #define DATATYPE_DNS_REQUEST BIT_U32(16)
158 #define DATATYPE_DNS_RESPONSE BIT_U32(17)
160 #define DATATYPE_TLS BIT_U32(18)
161 #define DATATYPE_SSH BIT_U32(19)
162 #define DATATYPE_SMTP BIT_U32(20)
164 #define DATATYPE_DNP3 BIT_U32(21)
166 #define DATATYPE_BUFFER BIT_U32(22)
172 int size = lua_gettop(state);
175 for (i = 1; i <= size; i++) {
176 int type = lua_type(state, i);
177 printf(
"Stack size=%d, level=%d, type=%d, ", size, i,
type);
181 printf(
"function %s", lua_tostring(state, i) ?
"true" :
"false");
184 printf(
"bool %s", lua_toboolean(state, i) ?
"true" :
"false");
187 printf(
"number %g", lua_tonumber(state, i));
190 printf(
"string `%s'", lua_tostring(state, i));
193 printf(
"table `%s'", lua_tostring(state, i));
196 printf(
"other %s", lua_typename(state,
type));
207 const uint8_t *buffer, uint32_t buffer_len, uint32_t
offset,
213 if (buffer == NULL || buffer_len == 0)
216 DetectLuaData *lua = (DetectLuaData *)smd->
ctx;
224 LuaExtensionsMatchSetup(tlua->luastate, lua, det_ctx, f, NULL, s, 0);
227 lua_getglobal(tlua->luastate,
"match");
228 lua_newtable(tlua->luastate);
230 lua_pushliteral (tlua->luastate,
"offset");
231 lua_pushnumber (tlua->luastate, (
int)(
offset + 1));
232 lua_settable(tlua->luastate, -3);
234 lua_pushstring (tlua->luastate, lua->buffername);
235 LuaPushStringBuffer(tlua->luastate, (
const uint8_t *)buffer, (
size_t)buffer_len);
236 lua_settable(tlua->luastate, -3);
238 int retval = lua_pcall(tlua->luastate, 1, 1, 0);
240 SCLogInfo(
"failed to run script: %s", lua_tostring(tlua->luastate, -1));
244 if (lua_gettop(tlua->luastate) > 0) {
246 if (lua_type(tlua->luastate, 1) == LUA_TNUMBER) {
247 double script_ret = lua_tonumber(tlua->luastate, 1);
249 lua_pop(tlua->luastate, 1);
251 if (script_ret == 1.0)
255 }
else if (lua_type(tlua->luastate, 1) == LUA_TTABLE) {
256 lua_pushnil(tlua->luastate);
258 while (lua_next(tlua->luastate, -2)) {
259 v = lua_tostring(tlua->luastate, -1);
260 lua_pop(tlua->luastate, 1);
261 k = lua_tostring(tlua->luastate, -1);
268 if (strcmp(k,
"retval") == 0) {
272 "for \"retval\" from LUA return table: '%s'",
285 lua_pop(tlua->luastate, 1);
292 while (lua_gettop(tlua->luastate) > 0) {
293 lua_pop(tlua->luastate, 1);
323 DetectLuaData *lua = (DetectLuaData *)ctx;
334 flags = STREAM_TOSERVER;
336 flags = STREAM_TOCLIENT;
338 LuaStateSetThreadVars(tlua->luastate, det_ctx->
tv);
340 LuaExtensionsMatchSetup(tlua->luastate, lua, det_ctx, p->
flow, p, s,
flags);
342 if ((tlua->flags & DATATYPE_PAYLOAD) && p->
payload_len == 0)
344 if ((tlua->flags & DATATYPE_PACKET) &&
GET_PKT_LEN(p) == 0)
351 if (tlua->alproto != alproto)
355 lua_getglobal(tlua->luastate,
"match");
356 lua_newtable(tlua->luastate);
358 if ((tlua->flags & DATATYPE_PAYLOAD) && p->
payload_len) {
359 lua_pushliteral(tlua->luastate,
"payload");
360 LuaPushStringBuffer (tlua->luastate, (
const uint8_t *)p->
payload, (
size_t)p->
payload_len);
361 lua_settable(tlua->luastate, -3);
363 if ((tlua->flags & DATATYPE_PACKET) &&
GET_PKT_LEN(p)) {
364 lua_pushliteral(tlua->luastate,
"packet");
366 lua_settable(tlua->luastate, -3);
370 if (htp_state != NULL && htp_state->
connp != NULL) {
375 for ( ; idx < total_txs; idx++) {
380 if ((tlua->flags & DATATYPE_HTTP_REQUEST_LINE) && tx->request_line != NULL &&
381 bstr_len(tx->request_line) > 0) {
382 lua_pushliteral(tlua->luastate,
"http.request_line");
383 LuaPushStringBuffer(tlua->luastate,
384 (
const uint8_t *)bstr_ptr(tx->request_line),
385 bstr_len(tx->request_line));
386 lua_settable(tlua->luastate, -3);
392 int retval = lua_pcall(tlua->luastate, 1, 1, 0);
394 SCLogInfo(
"failed to run script: %s", lua_tostring(tlua->luastate, -1));
398 if (lua_gettop(tlua->luastate) > 0) {
401 if (lua_type(tlua->luastate, 1) == LUA_TNUMBER) {
402 double script_ret = lua_tonumber(tlua->luastate, 1);
404 lua_pop(tlua->luastate, 1);
406 if (script_ret == 1.0)
410 }
else if (lua_type(tlua->luastate, 1) == LUA_TTABLE) {
411 lua_pushnil(tlua->luastate);
413 while (lua_next(tlua->luastate, -2)) {
414 v = lua_tostring(tlua->luastate, -1);
415 lua_pop(tlua->luastate, 1);
416 k = lua_tostring(tlua->luastate, -1);
423 if (strcmp(k,
"retval") == 0) {
426 (
const char *)v) < 0) {
428 "for \"retval\" from LUA return table: '%s'",
441 lua_pop(tlua->luastate, 1);
444 while (lua_gettop(tlua->luastate) > 0) {
445 lua_pop(tlua->luastate, 1);
464 DetectLuaData *lua = (DetectLuaData *)ctx;
473 LuaExtensionsMatchSetup(tlua->luastate, lua, det_ctx, f, NULL, s,
flags);
477 if (tlua->alproto != alproto)
481 lua_getglobal(tlua->luastate,
"match");
482 lua_newtable(tlua->luastate);
486 if (htp_state != NULL && htp_state->
connp != NULL) {
490 if ((tlua->flags & DATATYPE_HTTP_REQUEST_LINE) && tx->request_line != NULL &&
491 bstr_len(tx->request_line) > 0) {
492 lua_pushliteral(tlua->luastate,
"http.request_line");
493 LuaPushStringBuffer(tlua->luastate,
494 (
const uint8_t *)bstr_ptr(tx->request_line),
495 bstr_len(tx->request_line));
496 lua_settable(tlua->luastate, -3);
502 int retval = lua_pcall(tlua->luastate, 1, 1, 0);
504 SCLogInfo(
"failed to run script: %s", lua_tostring(tlua->luastate, -1));
508 if (lua_gettop(tlua->luastate) > 0) {
511 if (lua_type(tlua->luastate, 1) == LUA_TNUMBER) {
512 double script_ret = lua_tonumber(tlua->luastate, 1);
514 lua_pop(tlua->luastate, 1);
516 if (script_ret == 1.0)
520 }
else if (lua_type(tlua->luastate, 1) == LUA_TTABLE) {
521 lua_pushnil(tlua->luastate);
523 while (lua_next(tlua->luastate, -2)) {
524 v = lua_tostring(tlua->luastate, -1);
525 lua_pop(tlua->luastate, 1);
526 k = lua_tostring(tlua->luastate, -1);
533 if (strcmp(k,
"retval") == 0) {
536 (
const char *)v) < 0) {
538 "for \"retval\" from LUA return table: '%s'",
551 lua_pop(tlua->luastate, 1);
554 while (lua_gettop(tlua->luastate) > 0) {
555 lua_pop(tlua->luastate, 1);
584 return DetectLuaAppMatchCommon(det_ctx, f,
flags, state, s, ctx);
590 static const char *ut_script = NULL;
593 static void *DetectLuaThreadInit(
void *data)
596 DetectLuaData *lua = (DetectLuaData *)data;
599 DetectLuaThreadData *t =
SCCalloc(1,
sizeof(DetectLuaThreadData));
605 t->alproto = lua->alproto;
606 t->flags = lua->flags;
608 t->luastate = LuaGetState();
609 if (t->luastate == NULL) {
614 luaL_openlibs(t->luastate);
616 LuaRegisterExtensions(t->luastate);
618 lua_pushinteger(t->luastate, (lua_Integer)(lua->sid));
619 lua_setglobal(t->luastate,
"SCRuleSid");
620 lua_pushinteger(t->luastate, (lua_Integer)(lua->rev));
621 lua_setglobal(t->luastate,
"SCRuleRev");
622 lua_pushinteger(t->luastate, (lua_Integer)(lua->gid));
623 lua_setglobal(t->luastate,
"SCRuleGid");
627 if (ut_script != NULL) {
628 status = luaL_loadbuffer(t->luastate, ut_script, strlen(ut_script),
"unittest");
630 SCLogError(
"couldn't load file: %s", lua_tostring(t->luastate, -1));
635 status = luaL_loadfile(t->luastate, lua->filename);
637 SCLogError(
"couldn't load file: %s", lua_tostring(t->luastate, -1));
645 if (lua_pcall(t->luastate, 0, 0, 0) != 0) {
646 SCLogError(
"couldn't prime file: %s", lua_tostring(t->luastate, -1));
653 if (t->luastate != NULL)
654 LuaReturnState(t->luastate);
659 static void DetectLuaThreadFree(
void *ctx)
662 DetectLuaThreadData *t = (DetectLuaThreadData *)ctx;
663 if (t->luastate != NULL)
664 LuaReturnState(t->luastate);
680 DetectLuaData *lua = NULL;
683 lua =
SCCalloc(1,
sizeof(DetectLuaData));
687 if (strlen(
str) &&
str[0] ==
'!') {
694 if (lua->filename == NULL) {
702 DetectLuaFree(
de_ctx, lua);
711 if (luastate == NULL)
713 luaL_openlibs(luastate);
717 if (ut_script != NULL) {
718 status = luaL_loadbuffer(luastate, ut_script, strlen(ut_script),
"unittest");
720 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
725 status = luaL_loadfile(luastate, ld->filename);
727 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
735 if (lua_pcall(luastate, 0, 0, 0) != 0) {
736 SCLogError(
"couldn't prime file: %s", lua_tostring(luastate, -1));
740 lua_getglobal(luastate,
"init");
741 if (lua_type(luastate, -1) != LUA_TFUNCTION) {
746 lua_newtable(luastate);
747 if (lua_gettop(luastate) == 0 || lua_type(luastate, 2) != LUA_TTABLE) {
752 lua_pushliteral(luastate,
"script_api_ver");
753 lua_pushnumber (luastate, 1);
754 lua_settable(luastate, -3);
756 if (lua_pcall(luastate, 1, 1, 0) != 0) {
757 SCLogError(
"couldn't run script 'init' function: %s", lua_tostring(luastate, -1));
762 if (lua_gettop(luastate) == 0) {
763 SCLogError(
"init function in script should return table, nothing returned");
766 if (lua_type(luastate, 1) != LUA_TTABLE) {
767 SCLogError(
"init function in script should return table, returned is not table");
771 lua_pushnil(luastate);
773 while (lua_next(luastate, -2)) {
774 k = lua_tostring(luastate, -2);
779 if (strcmp(k,
"flowvar") == 0) {
780 if (lua_istable(luastate, -1)) {
781 lua_pushnil(luastate);
782 while (lua_next(luastate, -2) != 0) {
784 const char *value = lua_tostring(luastate, -1);
787 lua_pop(luastate, 1);
789 if (ld->flowvars == DETECT_LUAJIT_MAX_FLOWVARS) {
795 ld->flowvar[ld->flowvars++] = idx;
796 SCLogDebug(
"script uses flowvar %u with script id %u", idx, ld->flowvars - 1);
799 lua_pop(luastate, 1);
801 }
else if (strcmp(k,
"flowint") == 0) {
802 if (lua_istable(luastate, -1)) {
803 lua_pushnil(luastate);
804 while (lua_next(luastate, -2) != 0) {
806 const char *value = lua_tostring(luastate, -1);
809 lua_pop(luastate, 1);
811 if (ld->flowints == DETECT_LUAJIT_MAX_FLOWINTS) {
817 ld->flowint[ld->flowints++] = idx;
818 SCLogDebug(
"script uses flowint %u with script id %u", idx, ld->flowints - 1);
821 lua_pop(luastate, 1);
823 }
else if (strcmp(k,
"bytevar") == 0) {
824 if (lua_istable(luastate, -1)) {
825 lua_pushnil(luastate);
826 while (lua_next(luastate, -2) != 0) {
828 const char *value = lua_tostring(luastate, -1);
831 lua_pop(luastate, 1);
833 if (ld->bytevars == DETECT_LUAJIT_MAX_BYTEVARS) {
840 SCLogError(
"Unknown byte_extract or byte_math var "
841 "requested by lua script - %s",
845 ld->bytevar[ld->bytevars++] = idx;
846 SCLogDebug(
"script uses bytevar %u with script id %u", idx, ld->bytevars - 1);
849 lua_pop(luastate, 1);
853 v = lua_tostring(luastate, -1);
854 lua_pop(luastate, 1);
859 if (strcmp(k,
"packet") == 0 && strcmp(v,
"true") == 0) {
860 ld->flags |= DATATYPE_PACKET;
861 }
else if (strcmp(k,
"payload") == 0 && strcmp(v,
"true") == 0) {
862 ld->flags |= DATATYPE_PAYLOAD;
863 }
else if (strcmp(k,
"buffer") == 0 && strcmp(v,
"true") == 0) {
864 ld->flags |= DATATYPE_BUFFER;
866 ld->buffername =
SCStrdup(
"buffer");
867 if (ld->buffername == NULL) {
871 }
else if (strcmp(k,
"stream") == 0 && strcmp(v,
"true") == 0) {
872 ld->flags |= DATATYPE_STREAM;
874 ld->buffername =
SCStrdup(
"stream");
875 if (ld->buffername == NULL) {
880 }
else if (strncmp(k,
"http", 4) == 0 && strcmp(v,
"true") == 0) {
883 "can just inspect script against one app layer proto like HTTP at a time");
886 if (ld->flags != 0) {
887 SCLogError(
"when inspecting HTTP buffers only a single buffer can be inspected");
894 if (strcmp(k,
"http.uri") == 0)
895 ld->flags |= DATATYPE_HTTP_URI;
897 else if (strcmp(k,
"http.uri.raw") == 0)
898 ld->flags |= DATATYPE_HTTP_URI_RAW;
900 else if (strcmp(k,
"http.request_line") == 0)
901 ld->flags |= DATATYPE_HTTP_REQUEST_LINE;
903 else if (strcmp(k,
"http.request_headers") == 0)
904 ld->flags |= DATATYPE_HTTP_REQUEST_HEADERS;
906 else if (strcmp(k,
"http.request_headers.raw") == 0)
907 ld->flags |= DATATYPE_HTTP_REQUEST_HEADERS_RAW;
909 else if (strcmp(k,
"http.request_cookie") == 0)
910 ld->flags |= DATATYPE_HTTP_REQUEST_COOKIE;
912 else if (strcmp(k,
"http.request_user_agent") == 0)
913 ld->flags |= DATATYPE_HTTP_REQUEST_UA;
915 else if (strcmp(k,
"http.request_body") == 0)
916 ld->flags |= DATATYPE_HTTP_REQUEST_BODY;
918 else if (strcmp(k,
"http.response_body") == 0)
919 ld->flags |= DATATYPE_HTTP_RESPONSE_BODY;
921 else if (strcmp(k,
"http.response_cookie") == 0)
922 ld->flags |= DATATYPE_HTTP_RESPONSE_COOKIE;
924 else if (strcmp(k,
"http.response_headers") == 0)
925 ld->flags |= DATATYPE_HTTP_RESPONSE_HEADERS;
927 else if (strcmp(k,
"http.response_headers.raw") == 0)
928 ld->flags |= DATATYPE_HTTP_RESPONSE_HEADERS_RAW;
931 SCLogError(
"unsupported http data type %s", k);
936 if (ld->buffername == NULL) {
940 }
else if (strncmp(k,
"dns", 3) == 0 && strcmp(v,
"true") == 0) {
944 if (strcmp(k,
"dns.rrname") == 0)
945 ld->flags |= DATATYPE_DNS_RRNAME;
946 else if (strcmp(k,
"dns.request") == 0)
947 ld->flags |= DATATYPE_DNS_REQUEST;
948 else if (strcmp(k,
"dns.response") == 0)
949 ld->flags |= DATATYPE_DNS_RESPONSE;
952 SCLogError(
"unsupported dns data type %s", k);
956 if (ld->buffername == NULL) {
960 }
else if (strncmp(k,
"tls", 3) == 0 && strcmp(v,
"true") == 0) {
964 ld->flags |= DATATYPE_TLS;
966 }
else if (strncmp(k,
"ssh", 3) == 0 && strcmp(v,
"true") == 0) {
970 ld->flags |= DATATYPE_SSH;
972 }
else if (strncmp(k,
"smtp", 4) == 0 && strcmp(v,
"true") == 0) {
976 ld->flags |= DATATYPE_SMTP;
978 }
else if (strncmp(k,
"dnp3", 4) == 0 && strcmp(v,
"true") == 0) {
982 ld->flags |= DATATYPE_DNP3;
991 lua_pop(luastate, 1);
1012 DetectLuaData *lua = NULL;
1017 (void)
ConfGetBool(
"security.lua.allow-rules", &enabled);
1019 SCLogError(
"Lua rules disabled by security configuration: security.lua.allow-rules");
1027 if (DetectLuaSetupPrime(
de_ctx, lua, s) == -1) {
1032 DetectLuaThreadInit, (
void *)lua,
1033 DetectLuaThreadFree, 0);
1034 if (lua->thread_ctx_id == -1)
1049 if (lua->flags & DATATYPE_STREAM)
1052 if (lua->flags & DATATYPE_BUFFER) {
1064 if (lua->flags & DATATYPE_HTTP_RESPONSE_BODY) {
1066 }
else if (lua->flags & DATATYPE_HTTP_REQUEST_BODY) {
1068 }
else if (lua->flags & DATATYPE_HTTP_URI) {
1070 }
else if (lua->flags & DATATYPE_HTTP_URI_RAW) {
1072 }
else if (lua->flags & DATATYPE_HTTP_REQUEST_COOKIE ||
1073 lua->flags & DATATYPE_HTTP_RESPONSE_COOKIE)
1076 }
else if (lua->flags & DATATYPE_HTTP_REQUEST_UA) {
1078 }
else if (lua->flags & (DATATYPE_HTTP_REQUEST_HEADERS|DATATYPE_HTTP_RESPONSE_HEADERS)) {
1080 }
else if (lua->flags & (DATATYPE_HTTP_REQUEST_HEADERS_RAW|DATATYPE_HTTP_RESPONSE_HEADERS_RAW)) {
1086 if (lua->flags & DATATYPE_DNS_RRNAME) {
1088 }
else if (lua->flags & DATATYPE_DNS_REQUEST) {
1090 }
else if (lua->flags & DATATYPE_DNS_RESPONSE) {
1098 list = g_smtp_generic_list_id;
1119 DetectLuaFree(
de_ctx, lua);
1136 DetectLuaData *ld = (DetectLuaData *)sm->
ctx;
1152 DetectLuaData *lua = (DetectLuaData *)ptr;
1154 if (lua->buffername)
1159 for (uint16_t i = 0; i < lua->flowints; i++) {
1162 for (uint16_t i = 0; i < lua->flowvars; i++) {
1176 static int LuaMatchTest01(
void)
1180 const char script[] =
1181 "function init (args)\n"
1182 " local needs = {}\n"
1183 " needs[\"http.request_headers\"] = tostring(true)\n"
1184 " needs[\"flowvar\"] = {\"cnt\"}\n"
1188 "function match(args)\n"
1189 " a = ScFlowvarGet(0)\n"
1191 " a = tostring(tonumber(a)+1)\n"
1193 " ScFlowvarSet(0, a, #a)\n"
1195 " a = tostring(1)\n"
1197 " ScFlowvarSet(0, a, #a)\n"
1200 " print (\"pre check: \" .. (a))\n"
1201 " if tonumber(a) == 2 then\n"
1202 " print \"match\"\n"
1208 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1209 uint8_t httpbuf1[] =
1210 "POST / HTTP/1.1\r\n"
1211 "Host: www.emergingthreats.net\r\n\r\n";
1212 uint8_t httpbuf2[] =
1213 "POST / HTTP/1.1\r\n"
1214 "Host: www.openinfosecfoundation.org\r\n\r\n";
1215 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1216 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1226 memset(&th_v, 0,
sizeof(th_v));
1227 memset(&f, 0,
sizeof(f));
1228 memset(&ssn, 0,
sizeof(ssn));
1235 f.
proto = IPPROTO_TCP;
1301 static int LuaMatchTest01a(
void)
1303 const char script[] =
"function init (args)\n"
1304 " local needs = {}\n"
1305 " needs[\"http.request_headers\"] = tostring(true)\n"
1306 " needs[\"flowvar\"] = {\"cnt\"}\n"
1310 "function match(args)\n"
1311 " a = SCFlowvarGet(0)\n"
1313 " a = tostring(tonumber(a)+1)\n"
1315 " SCFlowvarSet(0, a, #a)\n"
1317 " a = tostring(1)\n"
1319 " SCFlowvarSet(0, a, #a)\n"
1322 " print (\"pre check: \" .. (a))\n"
1323 " if tonumber(a) == 2 then\n"
1324 " print \"match\"\n"
1330 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1331 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1332 "Host: www.emergingthreats.net\r\n\r\n";
1333 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1334 "Host: www.openinfosecfoundation.org\r\n\r\n";
1335 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1336 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1346 memset(&th_v, 0,
sizeof(th_v));
1347 memset(&f, 0,
sizeof(f));
1348 memset(&ssn, 0,
sizeof(ssn));
1355 f.
proto = IPPROTO_TCP;
1422 static int LuaMatchTest02(
void)
1424 const char script[] =
"function init (args)\n"
1425 " local needs = {}\n"
1426 " needs[\"payload\"] = tostring(true)\n"
1427 " needs[\"flowvar\"] = {\"cnt\"}\n"
1431 "function match(args)\n"
1432 " a = ScFlowvarGet(0)\n"
1434 " a = tostring(tonumber(a)+1)\n"
1436 " ScFlowvarSet(0, a, #a)\n"
1438 " a = tostring(1)\n"
1440 " ScFlowvarSet(0, a, #a)\n"
1443 " print (\"pre check: \" .. (a))\n"
1444 " if tonumber(a) == 2 then\n"
1445 " print \"match\"\n"
1451 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1452 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1453 "Host: www.emergingthreats.net\r\n\r\n";
1454 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1455 "Host: www.openinfosecfoundation.org\r\n\r\n";
1456 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1457 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1465 memset(&th_v, 0,
sizeof(th_v));
1466 memset(&f, 0,
sizeof(f));
1467 memset(&ssn, 0,
sizeof(ssn));
1474 f.
proto = IPPROTO_TCP;
1529 static int LuaMatchTest02a(
void)
1531 const char script[] =
"function init (args)\n"
1532 " local needs = {}\n"
1533 " needs[\"payload\"] = tostring(true)\n"
1534 " needs[\"flowvar\"] = {\"cnt\"}\n"
1538 "function match(args)\n"
1539 " a = SCFlowvarGet(0)\n"
1541 " a = tostring(tonumber(a)+1)\n"
1543 " SCFlowvarSet(0, a, #a)\n"
1545 " a = tostring(1)\n"
1547 " SCFlowvarSet(0, a, #a)\n"
1550 " print (\"pre check: \" .. (a))\n"
1551 " if tonumber(a) == 2 then\n"
1552 " print \"match\"\n"
1558 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1559 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1560 "Host: www.emergingthreats.net\r\n\r\n";
1561 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1562 "Host: www.openinfosecfoundation.org\r\n\r\n";
1563 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1564 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1572 memset(&th_v, 0,
sizeof(th_v));
1573 memset(&f, 0,
sizeof(f));
1574 memset(&ssn, 0,
sizeof(ssn));
1581 f.
proto = IPPROTO_TCP;
1635 static int LuaMatchTest03(
void)
1637 const char script[] =
"function init (args)\n"
1638 " local needs = {}\n"
1639 " needs[\"packet\"] = tostring(true)\n"
1640 " needs[\"flowvar\"] = {\"cnt\"}\n"
1644 "function match(args)\n"
1645 " a = ScFlowvarGet(0)\n"
1647 " a = tostring(tonumber(a)+1)\n"
1649 " ScFlowvarSet(0, a, #a)\n"
1651 " a = tostring(1)\n"
1653 " ScFlowvarSet(0, a, #a)\n"
1656 " print (\"pre check: \" .. (a))\n"
1657 " if tonumber(a) == 2 then\n"
1658 " print \"match\"\n"
1664 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1665 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1666 "Host: www.emergingthreats.net\r\n\r\n";
1667 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1668 "Host: www.openinfosecfoundation.org\r\n\r\n";
1669 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1670 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1678 memset(&th_v, 0,
sizeof(th_v));
1679 memset(&f, 0,
sizeof(f));
1680 memset(&ssn, 0,
sizeof(ssn));
1687 f.
proto = IPPROTO_TCP;
1741 static int LuaMatchTest03a(
void)
1743 const char script[] =
"function init (args)\n"
1744 " local needs = {}\n"
1745 " needs[\"packet\"] = tostring(true)\n"
1746 " needs[\"flowvar\"] = {\"cnt\"}\n"
1750 "function match(args)\n"
1751 " a = SCFlowvarGet(0)\n"
1753 " a = tostring(tonumber(a)+1)\n"
1755 " SCFlowvarSet(0, a, #a)\n"
1757 " a = tostring(1)\n"
1759 " SCFlowvarSet(0, a, #a)\n"
1762 " print (\"pre check: \" .. (a))\n"
1763 " if tonumber(a) == 2 then\n"
1764 " print \"match\"\n"
1770 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1771 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1772 "Host: www.emergingthreats.net\r\n\r\n";
1773 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1774 "Host: www.openinfosecfoundation.org\r\n\r\n";
1775 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1776 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1784 memset(&th_v, 0,
sizeof(th_v));
1785 memset(&f, 0,
sizeof(f));
1786 memset(&ssn, 0,
sizeof(ssn));
1793 f.
proto = IPPROTO_TCP;
1846 static int LuaMatchTest04(
void)
1848 const char script[] =
"function init (args)\n"
1849 " local needs = {}\n"
1850 " needs[\"http.request_headers\"] = tostring(true)\n"
1851 " needs[\"flowint\"] = {\"cnt\"}\n"
1855 "function match(args)\n"
1856 " print \"inspecting\""
1857 " a = ScFlowintGet(0)\n"
1859 " ScFlowintSet(0, a + 1)\n"
1861 " ScFlowintSet(0, 1)\n"
1864 " a = ScFlowintGet(0)\n"
1866 " print \"match\"\n"
1872 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1873 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1874 "Host: www.emergingthreats.net\r\n\r\n";
1875 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1876 "Host: www.openinfosecfoundation.org\r\n\r\n";
1877 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1878 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1888 memset(&th_v, 0,
sizeof(th_v));
1889 memset(&f, 0,
sizeof(f));
1890 memset(&ssn, 0,
sizeof(ssn));
1897 f.
proto = IPPROTO_TCP;
1962 static int LuaMatchTest04a(
void)
1964 const char script[] =
"function init (args)\n"
1965 " local needs = {}\n"
1966 " needs[\"http.request_headers\"] = tostring(true)\n"
1967 " needs[\"flowint\"] = {\"cnt\"}\n"
1971 "function match(args)\n"
1972 " print \"inspecting\""
1973 " a = SCFlowintGet(0)\n"
1975 " SCFlowintSet(0, a + 1)\n"
1977 " SCFlowintSet(0, 1)\n"
1980 " a = SCFlowintGet(0)\n"
1982 " print \"match\"\n"
1988 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1989 uint8_t httpbuf1[] =
1990 "POST / HTTP/1.1\r\n"
1991 "Host: www.emergingthreats.net\r\n\r\n";
1992 uint8_t httpbuf2[] =
1993 "POST / HTTP/1.1\r\n"
1994 "Host: www.openinfosecfoundation.org\r\n\r\n";
1995 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1996 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2006 memset(&th_v, 0,
sizeof(th_v));
2007 memset(&f, 0,
sizeof(f));
2008 memset(&ssn, 0,
sizeof(ssn));
2015 f.
proto = IPPROTO_TCP;
2080 static int LuaMatchTest05(
void)
2082 const char script[] =
"function init (args)\n"
2083 " local needs = {}\n"
2084 " needs[\"http.request_headers\"] = tostring(true)\n"
2085 " needs[\"flowint\"] = {\"cnt\"}\n"
2089 "function match(args)\n"
2090 " print \"inspecting\""
2091 " a = ScFlowintIncr(0)\n"
2093 " print \"match\"\n"
2099 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
2100 uint8_t httpbuf1[] =
2101 "POST / HTTP/1.1\r\n"
2102 "Host: www.emergingthreats.net\r\n\r\n";
2103 uint8_t httpbuf2[] =
2104 "POST / HTTP/1.1\r\n"
2105 "Host: www.openinfosecfoundation.org\r\n\r\n";
2106 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2107 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2117 memset(&th_v, 0,
sizeof(th_v));
2118 memset(&f, 0,
sizeof(f));
2119 memset(&ssn, 0,
sizeof(ssn));
2126 f.
proto = IPPROTO_TCP;
2191 static int LuaMatchTest05a(
void)
2193 const char script[] =
"function init (args)\n"
2194 " local needs = {}\n"
2195 " needs[\"http.request_headers\"] = tostring(true)\n"
2196 " needs[\"flowint\"] = {\"cnt\"}\n"
2200 "function match(args)\n"
2201 " print \"inspecting\""
2202 " a = SCFlowintIncr(0)\n"
2204 " print \"match\"\n"
2210 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
2211 uint8_t httpbuf1[] =
2212 "POST / HTTP/1.1\r\n"
2213 "Host: www.emergingthreats.net\r\n\r\n";
2214 uint8_t httpbuf2[] =
2215 "POST / HTTP/1.1\r\n"
2216 "Host: www.openinfosecfoundation.org\r\n\r\n";
2217 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2218 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2228 memset(&th_v, 0,
sizeof(th_v));
2229 memset(&f, 0,
sizeof(f));
2230 memset(&ssn, 0,
sizeof(ssn));
2237 f.
proto = IPPROTO_TCP;
2302 static int LuaMatchTest06(
void)
2304 const char script[] =
"function init (args)\n"
2305 " local needs = {}\n"
2306 " needs[\"http.request_headers\"] = tostring(true)\n"
2307 " needs[\"flowint\"] = {\"cnt\"}\n"
2311 "function match(args)\n"
2312 " print \"inspecting\""
2313 " a = ScFlowintGet(0)\n"
2314 " if a == nil then\n"
2315 " print \"new var set to 2\""
2316 " ScFlowintSet(0, 2)\n"
2318 " a = ScFlowintDecr(0)\n"
2320 " print \"match\"\n"
2326 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
2327 uint8_t httpbuf1[] =
2328 "POST / HTTP/1.1\r\n"
2329 "Host: www.emergingthreats.net\r\n\r\n";
2330 uint8_t httpbuf2[] =
2331 "POST / HTTP/1.1\r\n"
2332 "Host: www.openinfosecfoundation.org\r\n\r\n";
2333 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2334 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2344 memset(&th_v, 0,
sizeof(th_v));
2345 memset(&f, 0,
sizeof(f));
2346 memset(&ssn, 0,
sizeof(ssn));
2353 f.
proto = IPPROTO_TCP;
2418 static int LuaMatchTest06a(
void)
2420 const char script[] =
"function init (args)\n"
2421 " local needs = {}\n"
2422 " needs[\"http.request_headers\"] = tostring(true)\n"
2423 " needs[\"flowint\"] = {\"cnt\"}\n"
2427 "function match(args)\n"
2428 " print \"inspecting\""
2429 " a = SCFlowintGet(0)\n"
2430 " if a == nil then\n"
2431 " print \"new var set to 2\""
2432 " SCFlowintSet(0, 2)\n"
2434 " a = SCFlowintDecr(0)\n"
2436 " print \"match\"\n"
2442 char sig[] =
"alert http any any -> any any (flow:to_server; lua:unittest; sid:1;)";
2443 uint8_t httpbuf1[] =
2444 "POST / HTTP/1.1\r\n"
2445 "Host: www.emergingthreats.net\r\n\r\n";
2446 uint8_t httpbuf2[] =
2447 "POST / HTTP/1.1\r\n"
2448 "Host: www.openinfosecfoundation.org\r\n\r\n";
2449 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2450 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2460 memset(&th_v, 0,
sizeof(th_v));
2461 memset(&f, 0,
sizeof(f));
2462 memset(&ssn, 0,
sizeof(ssn));
2469 f.
proto = IPPROTO_TCP;
2533 void DetectLuaRegisterTests(
void)