Go to the documentation of this file.
70 void *state,
void *txv,
const Signature *s,
74 static void DetectLuaRegisterTests(
void);
77 static int g_lua_ja3_list_id = 0;
78 static int g_lua_ja3s_list_id = 0;
112 #define FLAG_DATATYPE_PACKET BIT_U32(0)
113 #define FLAG_DATATYPE_PAYLOAD BIT_U32(1)
114 #define FLAG_DATATYPE_STREAM BIT_U32(2)
115 #define FLAG_LIST_JA3 BIT_U32(3)
116 #define FLAG_LIST_JA3S BIT_U32(4)
117 #define FLAG_DATATYPE_BUFFER BIT_U32(22)
118 #define FLAG_ERROR_LOGGED BIT_U32(23)
119 #define FLAG_BLOCKED_FUNCTION_LOGGED BIT_U32(24)
120 #define FLAG_INSTRUCTION_LIMIT_LOGGED BIT_U32(25)
121 #define FLAG_MEMORY_LIMIT_LOGGED BIT_U32(26)
123 #define DEFAULT_LUA_ALLOC_LIMIT 500000
124 #define DEFAULT_LUA_INSTRUCTION_LIMIT 500000
129 int size = lua_gettop(state);
130 printf(
"%s: size %d\n", prefix, size);
132 for (
int i = 1; i <= size; i++) {
133 int type = lua_type(state, i);
134 printf(
"- %s: Stack size=%d, level=%d, type=%d, ", prefix, size, i,
type);
138 printf(
"function %s", lua_tostring(state, i));
141 printf(
"bool %s", lua_toboolean(state, i) ?
"true" :
"false");
144 printf(
"number %g", lua_tonumber(state, i));
147 printf(
"string `%s'", lua_tostring(state, i));
150 printf(
"table `%s'", lua_tostring(state, i));
153 printf(
"other %s", lua_typename(state,
type));
164 lua_pushlightuserdata(state, (
void *)data);
165 lua_settable(state, LUA_REGISTRYINDEX);
172 static int DetectLuaRunMatch(
178 if (lua_pcall(tlua->
luastate, 1, 1, 0) != 0) {
179 const char *reason = lua_tostring(tlua->
luastate, -1);
190 reason =
"memory limit exceeded";
198 if (!(tlua->
flags & flag)) {
199 SCLogWarning(
"Lua script failed to run successfully: %s", reason);
204 while (lua_gettop(tlua->
luastate) > 0) {
213 if (lua_gettop(tlua->
luastate) > 0) {
215 if (lua_type(tlua->
luastate, 1) == LUA_TNUMBER) {
216 double script_ret = lua_tonumber(tlua->
luastate, 1);
220 if (script_ret == 1.0)
224 }
else if (lua_type(tlua->
luastate, 1) == LUA_TTABLE) {
227 while (lua_next(tlua->
luastate, -2)) {
228 v = lua_tostring(tlua->
luastate, -1);
230 k = lua_tostring(tlua->
luastate, -1);
237 if (strcmp(k,
"retval") == 0) {
241 "for \"retval\" from LUA return table: '%s'",
265 while (lua_gettop(tlua->
luastate) > 0) {
278 if (buffer == NULL || buffer_len == 0)
293 lua_getglobal(tlua->
luastate,
"match");
296 lua_pushliteral(tlua->
luastate,
"offset");
304 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
334 flags = STREAM_TOSERVER;
336 flags = STREAM_TOCLIENT;
347 lua_getglobal(tlua->
luastate,
"match");
350 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
369 lua_getglobal(tlua->
luastate,
"match");
372 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
388 void *state,
void *txv,
const Signature *s,
391 return DetectLuaAppMatchCommon(det_ctx, f,
flags, state, s,
ctx);
397 static const char *ut_script = NULL;
400 static void *DetectLuaThreadInit(
void *data)
428 LuaStateSetDetectLuaData(t->
luastate, lua);
432 if (ut_script != NULL) {
433 status = luaL_loadbuffer(t->
luastate, ut_script, strlen(ut_script),
"unittest");
450 if (lua_pcall(t->
luastate, 0, 0, 0) != 0) {
456 lua_getglobal(t->
luastate,
"thread_init");
457 if (lua_isfunction(t->
luastate, -1)) {
458 if (lua_pcall(t->
luastate, 0, 0, 0) != 0) {
459 SCLogError(
"couldn't run script 'thread_init' function: %s",
476 static void DetectLuaThreadFree(
void *
ctx)
504 if (strlen(
str) &&
str[0] ==
'!') {
519 DetectLuaFree(
de_ctx, lua);
528 if (luastate == NULL)
531 luaL_openlibs(luastate);
536 LuaStateSetDetectLuaData(luastate, ld);
540 if (ut_script != NULL) {
541 status = luaL_loadbuffer(luastate, ut_script, strlen(ut_script),
"unittest");
543 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
548 status = luaL_loadfile(luastate, ld->
filename);
550 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
558 if (lua_pcall(luastate, 0, 0, 0) != 0) {
559 SCLogError(
"couldn't prime file: %s", lua_tostring(luastate, -1));
563 lua_getglobal(luastate,
"init");
564 if (lua_type(luastate, -1) != LUA_TFUNCTION) {
569 if (lua_pcall(luastate, 0, 1, 0) != 0) {
570 SCLogError(
"couldn't run script 'init' function: %s", lua_tostring(luastate, -1));
575 if (lua_gettop(luastate) == 0) {
576 SCLogError(
"init function in script should return table, nothing returned");
579 if (lua_type(luastate, 1) != LUA_TTABLE) {
580 SCLogError(
"init function in script should return table, returned is not table");
584 lua_pushnil(luastate);
586 while (lua_next(luastate, -2)) {
587 k = lua_tostring(luastate, -2);
592 if (strcmp(k,
"flowvar") == 0) {
593 if (lua_istable(luastate, -1)) {
594 lua_pushnil(luastate);
595 while (lua_next(luastate, -2) != 0) {
597 const char *value = lua_tostring(luastate, -1);
600 lua_pop(luastate, 1);
612 lua_pop(luastate, 1);
614 }
else if (strcmp(k,
"flowint") == 0) {
615 if (lua_istable(luastate, -1)) {
616 lua_pushnil(luastate);
617 while (lua_next(luastate, -2) != 0) {
619 const char *value = lua_tostring(luastate, -1);
622 lua_pop(luastate, 1);
634 lua_pop(luastate, 1);
636 }
else if (strcmp(k,
"bytevar") == 0) {
637 if (lua_istable(luastate, -1)) {
638 lua_pushnil(luastate);
639 while (lua_next(luastate, -2) != 0) {
641 const char *value = lua_tostring(luastate, -1);
644 lua_pop(luastate, 1);
653 SCLogError(
"Unknown byte_extract or byte_math var "
654 "requested by lua script - %s",
662 lua_pop(luastate, 1);
666 bool required = lua_toboolean(luastate, -1);
667 lua_pop(luastate, 1);
672 if (strcmp(k,
"ja3") == 0) {
674 }
else if (strcmp(k,
"ja3s") == 0) {
676 }
else if (strcmp(k,
"packet") == 0) {
678 }
else if (strcmp(k,
"payload") == 0) {
680 }
else if (strcmp(k,
"buffer") == 0) {
688 }
else if (strcmp(k,
"stream") == 0) {
697 }
else if (strncmp(k,
"http", 4) == 0 || strncmp(k,
"dns", 3) == 0 ||
698 strncmp(k,
"tls", 3) == 0 || strncmp(k,
"ssh", 3) == 0 ||
699 strncmp(k,
"smtp", 4) == 0 || strncmp(k,
"dnp3", 4) == 0) {
700 SCLogError(
"data type %s no longer supported, use rule hooks", k);
710 lua_pop(luastate, 1);
734 if (
SCConfGetBool(
"security.lua.allow-rules", &enabled) == 1 && !enabled) {
735 SCLogError(
"Lua rules disabled by security configuration: security.lua.allow-rules");
746 (void)
SCConfGetInt(
"security.lua.max-bytes", &lua_alloc_limit);
747 (void)
SCConfGetInt(
"security.lua.max-instructions", &lua_instruction_limit);
751 int allow_restricted_functions = 0;
752 (void)
SCConfGetBool(
"security.lua.allow-restricted-functions", &allow_restricted_functions);
755 if (DetectLuaSetupPrime(
de_ctx, lua, s) == -1) {
760 DetectLuaThreadInit, (
void *)lua,
761 DetectLuaThreadFree, 0);
767 if (list == -1 || (list == 0 && s->
init_data->
list == INT_MAX)) {
785 list = g_lua_ja3_list_id;
787 list = g_lua_ja3s_list_id;
799 DetectLuaFree(
de_ctx, lua);
818 for (uint16_t i = 0; i < lua->
flowints; i++) {
821 for (uint16_t i = 0; i < lua->
flowvars; i++) {
835 static int LuaMatchTest01(
void)
839 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
840 "function init (args)\n"
841 " flowvarlib.register(\"cnt\")\n"
844 "function thread_init (args)\n"
845 " cnt = flowvarlib.get(\"cnt\")\n"
848 "function match(args)\n"
851 " a = tostring(tonumber(a)+1)\n"
860 " print (\"pre check: \" .. (a))\n"
861 " if tonumber(a) == 2 then\n"
868 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
871 "POST / HTTP/1.1\r\n"
872 "Host: www.emergingthreats.net\r\n\r\n";
874 "POST / HTTP/1.1\r\n"
875 "Host: www.openinfosecfoundation.org\r\n\r\n";
876 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
877 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
887 memset(&th_v, 0,
sizeof(th_v));
888 memset(&f, 0,
sizeof(f));
889 memset(&ssn, 0,
sizeof(ssn));
896 f.
proto = IPPROTO_TCP;
962 static int LuaMatchTest01a(
void)
964 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
965 "function init (args)\n"
966 " flowvarlib.register(\"cnt\")\n"
969 "function thread_init (args)\n"
970 " cnt = flowvarlib.get(\"cnt\")\n"
973 "function match(args)\n"
974 " a = cnt:value(0)\n"
976 " a = tostring(tonumber(a)+1)\n"
985 " print (\"pre check: \" .. (a))\n"
986 " if tonumber(a) == 2 then\n"
993 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
995 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
996 "Host: www.emergingthreats.net\r\n\r\n";
997 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
998 "Host: www.openinfosecfoundation.org\r\n\r\n";
999 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1000 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1010 memset(&th_v, 0,
sizeof(th_v));
1011 memset(&f, 0,
sizeof(f));
1012 memset(&ssn, 0,
sizeof(ssn));
1019 f.
proto = IPPROTO_TCP;
1086 static int LuaMatchTest02(
void)
1088 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1089 "function init (args)\n"
1090 " flowvarlib.register(\"cnt\")\n"
1091 " local needs = {}\n"
1092 " needs[\"payload\"] = tostring(true)\n"
1095 "function thread_init (args)\n"
1096 " cnt = flowvarlib.get(\"cnt\")\n"
1099 "function match(args)\n"
1100 " a = cnt:value()\n"
1102 " a = tostring(tonumber(a)+1)\n"
1106 " a = tostring(1)\n"
1111 " print (\"pre check: \" .. (a))\n"
1112 " if tonumber(a) == 2 then\n"
1113 " print \"match\"\n"
1119 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1120 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1121 "Host: www.emergingthreats.net\r\n\r\n";
1122 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1123 "Host: www.openinfosecfoundation.org\r\n\r\n";
1124 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1125 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1133 memset(&th_v, 0,
sizeof(th_v));
1134 memset(&f, 0,
sizeof(f));
1135 memset(&ssn, 0,
sizeof(ssn));
1142 f.
proto = IPPROTO_TCP;
1197 static int LuaMatchTest02a(
void)
1199 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1200 "function init (args)\n"
1201 " flowvarlib.register(\"cnt\")"
1202 " local needs = {}\n"
1203 " needs[\"payload\"] = tostring(true)\n"
1206 "function thread_init (args)\n"
1207 " cnt = flowvarlib.get(\"cnt\")"
1210 "function match(args)\n"
1211 " a = cnt:value()\n"
1213 " a = tostring(tonumber(a)+1)\n"
1217 " a = tostring(1)\n"
1222 " print (\"pre check: \" .. (a))\n"
1223 " if tonumber(a) == 2 then\n"
1224 " print \"match\"\n"
1230 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1231 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1232 "Host: www.emergingthreats.net\r\n\r\n";
1233 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1234 "Host: www.openinfosecfoundation.org\r\n\r\n";
1235 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1236 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1244 memset(&th_v, 0,
sizeof(th_v));
1245 memset(&f, 0,
sizeof(f));
1246 memset(&ssn, 0,
sizeof(ssn));
1253 f.
proto = IPPROTO_TCP;
1307 static int LuaMatchTest03(
void)
1309 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1310 "function init (args)\n"
1311 " flowvarlib.register(\"cnt\")\n"
1312 " local needs = {}\n"
1313 " needs[\"packet\"] = tostring(true)\n"
1317 "function thread_init (args)\n"
1318 " cnt = flowvarlib.get(\"cnt\")\n"
1321 "function match(args)\n"
1322 " a = cnt:value()\n"
1324 " a = tostring(tonumber(a)+1)\n"
1328 " a = tostring(1)\n"
1333 " print (\"pre check: \" .. (a))\n"
1334 " if tonumber(a) == 2 then\n"
1335 " print \"match\"\n"
1341 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1342 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1343 "Host: www.emergingthreats.net\r\n\r\n";
1344 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1345 "Host: www.openinfosecfoundation.org\r\n\r\n";
1346 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1347 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1355 memset(&th_v, 0,
sizeof(th_v));
1356 memset(&f, 0,
sizeof(f));
1357 memset(&ssn, 0,
sizeof(ssn));
1364 f.
proto = IPPROTO_TCP;
1418 static int LuaMatchTest03a(
void)
1420 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1421 "function init (args)\n"
1422 " flowvarlib.register(\"cnt\")\n"
1423 " local needs = {}\n"
1424 " needs[\"packet\"] = tostring(true)\n"
1428 "function thread_init (args)\n"
1429 " cnt = flowvarlib.get(\"cnt\")\n"
1432 "function match(args)\n"
1433 " a = cnt:value()\n"
1435 " a = tostring(tonumber(a)+1)\n"
1439 " a = tostring(1)\n"
1444 " print (\"pre check: \" .. (a))\n"
1445 " if tonumber(a) == 2 then\n"
1446 " print \"match\"\n"
1452 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1453 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1454 "Host: www.emergingthreats.net\r\n\r\n";
1455 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1456 "Host: www.openinfosecfoundation.org\r\n\r\n";
1457 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1458 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1466 memset(&th_v, 0,
sizeof(th_v));
1467 memset(&f, 0,
sizeof(f));
1468 memset(&ssn, 0,
sizeof(ssn));
1475 f.
proto = IPPROTO_TCP;
1528 static int LuaMatchTest04(
void)
1530 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1531 "function init (args)\n"
1532 " flowintlib.register(\"cnt\")\n"
1536 "function thread_init (args)\n"
1537 " cnt = flowintlib.get(\"cnt\")\n"
1540 "function match(args)\n"
1541 " print \"inspecting\""
1542 " a = cnt:value()\n"
1549 " a = cnt:value()\n"
1551 " print \"match\"\n"
1557 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1559 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1560 "Host: www.emergingthreats.net\r\n\r\n";
1561 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1562 "Host: www.openinfosecfoundation.org\r\n\r\n";
1563 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1564 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1574 memset(&th_v, 0,
sizeof(th_v));
1575 memset(&f, 0,
sizeof(f));
1576 memset(&ssn, 0,
sizeof(ssn));
1583 f.
proto = IPPROTO_TCP;
1648 static int LuaMatchTest04a(
void)
1650 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1651 "function init (args)\n"
1652 " flowintlib.register(\"cnt\")\n"
1656 "function thread_init (args)\n"
1657 " cnt = flowintlib.get(\"cnt\")\n"
1660 "function match(args)\n"
1661 " print \"inspecting\""
1662 " a = cnt:value()\n"
1669 " a = cnt:value()\n"
1671 " print \"match\"\n"
1677 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1679 uint8_t httpbuf1[] =
1680 "POST / HTTP/1.1\r\n"
1681 "Host: www.emergingthreats.net\r\n\r\n";
1682 uint8_t httpbuf2[] =
1683 "POST / HTTP/1.1\r\n"
1684 "Host: www.openinfosecfoundation.org\r\n\r\n";
1685 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1686 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1696 memset(&th_v, 0,
sizeof(th_v));
1697 memset(&f, 0,
sizeof(f));
1698 memset(&ssn, 0,
sizeof(ssn));
1705 f.
proto = IPPROTO_TCP;
1770 static int LuaMatchTest05(
void)
1772 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1773 "function init (args)\n"
1774 " flowintlib.register(\"cnt\")\n"
1778 "function thread_init (args)\n"
1779 " cnt = flowintlib.get(\"cnt\")\n"
1782 "function match(args)\n"
1783 " print \"inspecting\""
1786 " print \"match\"\n"
1792 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1794 uint8_t httpbuf1[] =
1795 "POST / HTTP/1.1\r\n"
1796 "Host: www.emergingthreats.net\r\n\r\n";
1797 uint8_t httpbuf2[] =
1798 "POST / HTTP/1.1\r\n"
1799 "Host: www.openinfosecfoundation.org\r\n\r\n";
1800 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1801 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1811 memset(&th_v, 0,
sizeof(th_v));
1812 memset(&f, 0,
sizeof(f));
1813 memset(&ssn, 0,
sizeof(ssn));
1820 f.
proto = IPPROTO_TCP;
1885 static int LuaMatchTest05a(
void)
1887 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1888 "function init (args)\n"
1889 " flowintlib.register(\"cnt\")\n"
1893 "function thread_init (args)\n"
1894 " cnt = flowintlib.get(\"cnt\")\n"
1897 "function match(args)\n"
1898 " print \"inspecting\""
1901 " print \"match\"\n"
1907 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1909 uint8_t httpbuf1[] =
1910 "POST / HTTP/1.1\r\n"
1911 "Host: www.emergingthreats.net\r\n\r\n";
1912 uint8_t httpbuf2[] =
1913 "POST / HTTP/1.1\r\n"
1914 "Host: www.openinfosecfoundation.org\r\n\r\n";
1915 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1916 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1926 memset(&th_v, 0,
sizeof(th_v));
1927 memset(&f, 0,
sizeof(f));
1928 memset(&ssn, 0,
sizeof(ssn));
1935 f.
proto = IPPROTO_TCP;
2000 static int LuaMatchTest06(
void)
2002 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
2003 "function init (args)\n"
2004 " flowintlib.register(\"cnt\")\n"
2008 "function thread_init (args)\n"
2009 " cnt = flowintlib.get(\"cnt\")\n"
2012 "function match(args)\n"
2013 " print \"inspecting\""
2014 " a = cnt:value()\n"
2015 " if a == nil then\n"
2016 " print \"new var set to 2\""
2021 " print \"match\"\n"
2027 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
2029 uint8_t httpbuf1[] =
2030 "POST / HTTP/1.1\r\n"
2031 "Host: www.emergingthreats.net\r\n\r\n";
2032 uint8_t httpbuf2[] =
2033 "POST / HTTP/1.1\r\n"
2034 "Host: www.openinfosecfoundation.org\r\n\r\n";
2035 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2036 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2046 memset(&th_v, 0,
sizeof(th_v));
2047 memset(&f, 0,
sizeof(f));
2048 memset(&ssn, 0,
sizeof(ssn));
2055 f.
proto = IPPROTO_TCP;
2120 static int LuaMatchTest06a(
void)
2122 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
2123 "function init (args)\n"
2124 " flowintlib.register(\"cnt\")\n"
2128 "function thread_init (args)\n"
2129 " cnt = flowintlib.get(\"cnt\")\n"
2132 "function match(args)\n"
2133 " print \"inspecting\""
2134 " a = cnt:value()\n"
2135 " if a == nil then\n"
2136 " print \"new var set to 2\""
2141 " print \"match\"\n"
2147 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
2149 uint8_t httpbuf1[] =
2150 "POST / HTTP/1.1\r\n"
2151 "Host: www.emergingthreats.net\r\n\r\n";
2152 uint8_t httpbuf2[] =
2153 "POST / HTTP/1.1\r\n"
2154 "Host: www.openinfosecfoundation.org\r\n\r\n";
2155 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2156 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2166 memset(&th_v, 0,
sizeof(th_v));
2167 memset(&f, 0,
sizeof(f));
2168 memset(&ssn, 0,
sizeof(ssn));
2175 f.
proto = IPPROTO_TCP;
2239 void DetectLuaRegisterTests(
void)
#define FLAG_MEMORY_LIMIT_LOGGED
union FlowVar_::@114 data
void LuaStateSetThreadVars(lua_State *luastate, ThreadVars *tv)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
SigTableElmt * sigmatch_table
void(* Free)(DetectEngineCtx *, void *)
#define FLAG_BLOCKED_FUNCTION_LOGGED
void * DetectThreadCtxGetKeywordThreadCtx(DetectEngineThreadCtx *det_ctx, int id)
Retrieve thread local keyword ctx by id.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
SCLuaSbState * SCLuaSbGetContext(lua_State *L)
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
int allow_restricted_functions
#define FLAG_INSTRUCTION_LIMIT_LOGGED
main detection engine ctx
uint16_t lua_blocked_function_errors
#define DEFAULT_LUA_INSTRUCTION_LIMIT
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
#define DETECT_LUA_MAX_FLOWVARS
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
#define FLOW_PKT_TOSERVER
@ TLS_STATE_SERVER_HELLO_DONE
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
uint32_t flowvar[DETECT_LUA_MAX_FLOWVARS]
int StringParseInt32(int32_t *res, int base, size_t len, const char *str)
uint32_t VarNameStoreRegister(const char *name, const enum VarTypes type)
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
uint16_t lua_instruction_limit_errors
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define FLAG_DATATYPE_PACKET
uint8_t DetectByteIndexType
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
struct lua_State lua_State
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
#define FLOW_INITIALIZE(f)
#define SIG_FLAG_TOSERVER
uint32_t VarNameStoreLookupByName(const char *name, const enum VarTypes type)
find name for id+type at packet time.
#define PASS
Pass the test.
uint64_t instruction_limit
@ TLS_STATE_CLIENT_HELLO_DONE
int SCConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
AppLayerParserThreadCtx * alp_tctx
SigMatch * SCSigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Per thread variable structure.
void DetectLuaRegister(void)
Registration function for keyword: lua.
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
void VarNameStoreUnregister(const uint32_t id, const enum VarTypes type)
#define DETECT_LUA_MAX_BYTEVARS
#define DETECT_LUA_MAX_FLOWINTS
#define FLAG_DATATYPE_PAYLOAD
#define SCLogWarning(...)
Macro used to log WARNING messages.
int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, const uint8_t *buffer, uint32_t buffer_len, uint32_t offset, Flow *f)
@ SIGNATURE_HOOK_TYPE_NOT_SET
uint32_t bytevar[DETECT_LUA_MAX_BYTEVARS]
uint16_t lua_memory_limit_errors
#define FLAG_DATATYPE_STREAM
void SCLuaSbStateClose(lua_State *L)
uint32_t flowint[DETECT_LUA_MAX_FLOWINTS]
#define FLAG_ERROR_LOGGED
SignatureInitData * init_data
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
void SCLuaRequirefBuiltIns(lua_State *L)
Register Suricata built-in modules for loading in a non-sandboxed environment.
bool blocked_function_error
#define FLOW_PKT_TOCLIENT
void LuaExtensionsMatchSetup(lua_State *lua_state, DetectLuaData *ld, DetectEngineThreadCtx *det_ctx, Flow *f, Packet *p, const Signature *s, uint8_t flags)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
void LuaDumpStack(lua_State *state, const char *prefix)
dump stack from lua state to screen
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
int SCConfSetFinal(const char *name, const char *val)
Set a final configuration value.
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void SCLuaSbLoadLibs(lua_State *L)
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
bool DetectByteRetrieveSMVar(const char *arg, const Signature *s, DetectByteIndexType *index)
Used to retrieve args from BM.
int DetectBufferTypeRegister(const char *name)
void StreamTcpFreeConfig(bool quiet)
int DetectRegisterThreadCtxFuncs(DetectEngineCtx *de_ctx, const char *name, void *(*InitFunc)(void *), void *data, void(*FreeFunc)(void *), int mode)
Register Thread keyword context Funcs.
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
#define DEFAULT_LUA_ALLOC_LIMIT
enum SignatureHookType type
void SCLuaSbResetInstructionCounter(lua_State *L)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
const char luaext_key_ld[]
#define SCLogError(...)
Macro used to log ERROR messages.
#define FLAG_DATATYPE_BUFFER
#define FLOW_PKT_ESTABLISHED
DetectEngineCtx * DetectEngineCtxInit(void)
int LuaRegisterExtensions(lua_State *lua_state)
Register Suricata Lua functions.
bool instruction_count_error
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
lua_State * SCLuaSbStateNew(uint64_t alloclimit, uint64_t instructionlimit)
Allocate a new Lua sandbox.
FlowVar * FlowVarGet(Flow *f, uint32_t idx)
get the flowvar with index 'idx' from the flow
int DetectUnregisterThreadCtxFuncs(DetectEngineCtx *de_ctx, void *data, const char *name)
Remove Thread keyword context registration.
AppProto alproto
application level protocol
int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
void(* RegisterTests)(void)
int LuaPushStringBuffer(lua_State *luastate, const uint8_t *input, size_t input_len)
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.