Go to the documentation of this file.
70 void *state,
void *txv,
const Signature *s,
74 static void DetectLuaRegisterTests(
void);
77 static int g_lua_ja3_list_id = 0;
78 static int g_lua_ja3s_list_id = 0;
112 #define FLAG_DATATYPE_PACKET BIT_U32(0)
113 #define FLAG_DATATYPE_PAYLOAD BIT_U32(1)
114 #define FLAG_DATATYPE_STREAM BIT_U32(2)
115 #define FLAG_LIST_JA3 BIT_U32(3)
116 #define FLAG_LIST_JA3S BIT_U32(4)
117 #define FLAG_DATATYPE_BUFFER BIT_U32(22)
118 #define FLAG_ERROR_LOGGED BIT_U32(23)
119 #define FLAG_BLOCKED_FUNCTION_LOGGED BIT_U32(24)
120 #define FLAG_INSTRUCTION_LIMIT_LOGGED BIT_U32(25)
121 #define FLAG_MEMORY_LIMIT_LOGGED BIT_U32(26)
123 #define DEFAULT_LUA_ALLOC_LIMIT 500000
124 #define DEFAULT_LUA_INSTRUCTION_LIMIT 500000
129 int size = lua_gettop(state);
130 printf(
"%s: size %d\n", prefix, size);
132 for (
int i = 1; i <= size; i++) {
133 int type = lua_type(state, i);
134 printf(
"- %s: Stack size=%d, level=%d, type=%d, ", prefix, size, i,
type);
138 printf(
"function %s", lua_tostring(state, i));
141 printf(
"bool %s", lua_toboolean(state, i) ?
"true" :
"false");
144 printf(
"number %g", lua_tonumber(state, i));
147 printf(
"string `%s'", lua_tostring(state, i));
150 printf(
"table `%s'", lua_tostring(state, i));
153 printf(
"other %s", lua_typename(state,
type));
164 lua_pushlightuserdata(state, (
void *)data);
165 lua_settable(state, LUA_REGISTRYINDEX);
172 static int DetectLuaRunMatch(
178 if (lua_pcall(tlua->
luastate, 1, 1, 0) != 0) {
179 const char *reason = lua_tostring(tlua->
luastate, -1);
190 reason =
"memory limit exceeded";
198 if (!(tlua->
flags & flag)) {
199 SCLogWarning(
"Lua script failed to run successfully: %s", reason);
204 while (lua_gettop(tlua->
luastate) > 0) {
213 if (lua_gettop(tlua->
luastate) > 0) {
215 if (lua_type(tlua->
luastate, 1) == LUA_TNUMBER) {
216 double script_ret = lua_tonumber(tlua->
luastate, 1);
220 if (script_ret == 1.0)
224 }
else if (lua_type(tlua->
luastate, 1) == LUA_TTABLE) {
227 while (lua_next(tlua->
luastate, -2)) {
228 v = lua_tostring(tlua->
luastate, -1);
230 k = lua_tostring(tlua->
luastate, -1);
237 if (strcmp(k,
"retval") == 0) {
241 "for \"retval\" from LUA return table: '%s'",
265 while (lua_gettop(tlua->
luastate) > 0) {
278 if (buffer == NULL || buffer_len == 0)
293 lua_getglobal(tlua->
luastate,
"match");
296 lua_pushliteral(tlua->
luastate,
"offset");
304 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
334 flags = STREAM_TOSERVER;
336 flags = STREAM_TOCLIENT;
347 lua_getglobal(tlua->
luastate,
"match");
350 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
369 lua_getglobal(tlua->
luastate,
"match");
372 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
388 void *state,
void *txv,
const Signature *s,
391 return DetectLuaAppMatchCommon(det_ctx, f,
flags, state, s,
ctx);
397 static const char *ut_script = NULL;
400 static void *DetectLuaThreadInit(
void *data)
427 LuaStateSetDetectLuaData(t->
luastate, lua);
431 if (ut_script != NULL) {
432 status = luaL_loadbuffer(t->
luastate, ut_script, strlen(ut_script),
"unittest");
449 if (lua_pcall(t->
luastate, 0, 0, 0) != 0) {
455 lua_getglobal(t->
luastate,
"thread_init");
456 if (lua_isfunction(t->
luastate, -1)) {
457 if (lua_pcall(t->
luastate, 0, 0, 0) != 0) {
458 SCLogError(
"couldn't run script 'thread_init' function: %s",
475 static void DetectLuaThreadFree(
void *
ctx)
503 if (strlen(
str) &&
str[0] ==
'!') {
518 DetectLuaFree(
de_ctx, lua);
527 if (luastate == NULL)
530 luaL_openlibs(luastate);
535 LuaStateSetDetectLuaData(luastate, ld);
539 if (ut_script != NULL) {
540 status = luaL_loadbuffer(luastate, ut_script, strlen(ut_script),
"unittest");
542 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
547 status = luaL_loadfile(luastate, ld->
filename);
549 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
557 if (lua_pcall(luastate, 0, 0, 0) != 0) {
558 SCLogError(
"couldn't prime file: %s", lua_tostring(luastate, -1));
562 lua_getglobal(luastate,
"init");
563 if (lua_type(luastate, -1) != LUA_TFUNCTION) {
570 lua_pushlightuserdata(luastate, (
void *)s);
572 if (lua_pcall(luastate, 1, 1, 0) != 0) {
573 SCLogError(
"couldn't run script 'init' function: %s", lua_tostring(luastate, -1));
578 if (lua_gettop(luastate) == 0) {
579 SCLogError(
"init function in script should return table, nothing returned");
582 if (lua_type(luastate, 1) != LUA_TTABLE) {
583 SCLogError(
"init function in script should return table, returned is not table");
587 lua_pushnil(luastate);
589 while (lua_next(luastate, -2)) {
590 k = lua_tostring(luastate, -2);
595 if (strcmp(k,
"flowvar") == 0) {
596 if (lua_istable(luastate, -1)) {
597 lua_pushnil(luastate);
598 while (lua_next(luastate, -2) != 0) {
600 const char *value = lua_tostring(luastate, -1);
603 lua_pop(luastate, 1);
615 lua_pop(luastate, 1);
617 }
else if (strcmp(k,
"flowint") == 0) {
618 if (lua_istable(luastate, -1)) {
619 lua_pushnil(luastate);
620 while (lua_next(luastate, -2) != 0) {
622 const char *value = lua_tostring(luastate, -1);
625 lua_pop(luastate, 1);
637 lua_pop(luastate, 1);
641 bool required = lua_toboolean(luastate, -1);
642 lua_pop(luastate, 1);
647 if (strcmp(k,
"ja3") == 0) {
649 }
else if (strcmp(k,
"ja3s") == 0) {
651 }
else if (strcmp(k,
"packet") == 0) {
653 }
else if (strcmp(k,
"payload") == 0) {
655 }
else if (strcmp(k,
"buffer") == 0) {
663 }
else if (strcmp(k,
"stream") == 0) {
672 }
else if (strncmp(k,
"http", 4) == 0 || strncmp(k,
"dns", 3) == 0 ||
673 strncmp(k,
"tls", 3) == 0 || strncmp(k,
"ssh", 3) == 0 ||
674 strncmp(k,
"smtp", 4) == 0 || strncmp(k,
"dnp3", 4) == 0) {
675 SCLogError(
"data type %s no longer supported, use rule hooks", k);
685 lua_pop(luastate, 1);
709 if (
SCConfGetBool(
"security.lua.allow-rules", &enabled) == 1 && !enabled) {
710 SCLogError(
"Lua rules disabled by security configuration: security.lua.allow-rules");
721 (void)
SCConfGetInt(
"security.lua.max-bytes", &lua_alloc_limit);
722 (void)
SCConfGetInt(
"security.lua.max-instructions", &lua_instruction_limit);
726 int allow_restricted_functions = 0;
727 (void)
SCConfGetBool(
"security.lua.allow-restricted-functions", &allow_restricted_functions);
730 if (DetectLuaSetupPrime(
de_ctx, lua, s) == -1) {
735 DetectLuaThreadInit, (
void *)lua,
736 DetectLuaThreadFree, 0);
742 if (list == -1 || (list == 0 && s->
init_data->
list == INT_MAX)) {
760 list = g_lua_ja3_list_id;
762 list = g_lua_ja3s_list_id;
774 DetectLuaFree(
de_ctx, lua);
793 for (uint16_t i = 0; i < lua->
flowints; i++) {
796 for (uint16_t i = 0; i < lua->
flowvars; i++) {
799 for (uint16_t i = 0; i < lua->
bytevars; i++) {
813 static int LuaMatchTest01(
void)
817 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
818 "function init (args)\n"
819 " flowvarlib.register(\"cnt\")\n"
822 "function thread_init (args)\n"
823 " cnt = flowvarlib.get(\"cnt\")\n"
826 "function match(args)\n"
829 " a = tostring(tonumber(a)+1)\n"
838 " print (\"pre check: \" .. (a))\n"
839 " if tonumber(a) == 2 then\n"
846 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
849 "POST / HTTP/1.1\r\n"
850 "Host: www.emergingthreats.net\r\n\r\n";
852 "POST / HTTP/1.1\r\n"
853 "Host: www.openinfosecfoundation.org\r\n\r\n";
854 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
855 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
865 memset(&th_v, 0,
sizeof(th_v));
866 memset(&f, 0,
sizeof(f));
867 memset(&ssn, 0,
sizeof(ssn));
874 f.
proto = IPPROTO_TCP;
940 static int LuaMatchTest01a(
void)
942 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
943 "function init (args)\n"
944 " flowvarlib.register(\"cnt\")\n"
947 "function thread_init (args)\n"
948 " cnt = flowvarlib.get(\"cnt\")\n"
951 "function match(args)\n"
952 " a = cnt:value(0)\n"
954 " a = tostring(tonumber(a)+1)\n"
963 " print (\"pre check: \" .. (a))\n"
964 " if tonumber(a) == 2 then\n"
971 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
973 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
974 "Host: www.emergingthreats.net\r\n\r\n";
975 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
976 "Host: www.openinfosecfoundation.org\r\n\r\n";
977 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
978 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
988 memset(&th_v, 0,
sizeof(th_v));
989 memset(&f, 0,
sizeof(f));
990 memset(&ssn, 0,
sizeof(ssn));
997 f.
proto = IPPROTO_TCP;
1064 static int LuaMatchTest02(
void)
1066 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1067 "function init (args)\n"
1068 " flowvarlib.register(\"cnt\")\n"
1069 " local needs = {}\n"
1070 " needs[\"payload\"] = tostring(true)\n"
1073 "function thread_init (args)\n"
1074 " cnt = flowvarlib.get(\"cnt\")\n"
1077 "function match(args)\n"
1078 " a = cnt:value()\n"
1080 " a = tostring(tonumber(a)+1)\n"
1084 " a = tostring(1)\n"
1089 " print (\"pre check: \" .. (a))\n"
1090 " if tonumber(a) == 2 then\n"
1091 " print \"match\"\n"
1097 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1098 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1099 "Host: www.emergingthreats.net\r\n\r\n";
1100 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1101 "Host: www.openinfosecfoundation.org\r\n\r\n";
1102 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1103 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1111 memset(&th_v, 0,
sizeof(th_v));
1112 memset(&f, 0,
sizeof(f));
1113 memset(&ssn, 0,
sizeof(ssn));
1120 f.
proto = IPPROTO_TCP;
1175 static int LuaMatchTest02a(
void)
1177 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1178 "function init (args)\n"
1179 " flowvarlib.register(\"cnt\")"
1180 " local needs = {}\n"
1181 " needs[\"payload\"] = tostring(true)\n"
1184 "function thread_init (args)\n"
1185 " cnt = flowvarlib.get(\"cnt\")"
1188 "function match(args)\n"
1189 " a = cnt:value()\n"
1191 " a = tostring(tonumber(a)+1)\n"
1195 " a = tostring(1)\n"
1200 " print (\"pre check: \" .. (a))\n"
1201 " if tonumber(a) == 2 then\n"
1202 " print \"match\"\n"
1208 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1209 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1210 "Host: www.emergingthreats.net\r\n\r\n";
1211 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1212 "Host: www.openinfosecfoundation.org\r\n\r\n";
1213 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1214 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1222 memset(&th_v, 0,
sizeof(th_v));
1223 memset(&f, 0,
sizeof(f));
1224 memset(&ssn, 0,
sizeof(ssn));
1231 f.
proto = IPPROTO_TCP;
1285 static int LuaMatchTest03(
void)
1287 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1288 "function init (args)\n"
1289 " flowvarlib.register(\"cnt\")\n"
1290 " local needs = {}\n"
1291 " needs[\"packet\"] = tostring(true)\n"
1295 "function thread_init (args)\n"
1296 " cnt = flowvarlib.get(\"cnt\")\n"
1299 "function match(args)\n"
1300 " a = cnt:value()\n"
1302 " a = tostring(tonumber(a)+1)\n"
1306 " a = tostring(1)\n"
1311 " print (\"pre check: \" .. (a))\n"
1312 " if tonumber(a) == 2 then\n"
1313 " print \"match\"\n"
1319 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1320 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1321 "Host: www.emergingthreats.net\r\n\r\n";
1322 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1323 "Host: www.openinfosecfoundation.org\r\n\r\n";
1324 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1325 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1333 memset(&th_v, 0,
sizeof(th_v));
1334 memset(&f, 0,
sizeof(f));
1335 memset(&ssn, 0,
sizeof(ssn));
1342 f.
proto = IPPROTO_TCP;
1396 static int LuaMatchTest03a(
void)
1398 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1399 "function init (args)\n"
1400 " flowvarlib.register(\"cnt\")\n"
1401 " local needs = {}\n"
1402 " needs[\"packet\"] = tostring(true)\n"
1406 "function thread_init (args)\n"
1407 " cnt = flowvarlib.get(\"cnt\")\n"
1410 "function match(args)\n"
1411 " a = cnt:value()\n"
1413 " a = tostring(tonumber(a)+1)\n"
1417 " a = tostring(1)\n"
1422 " print (\"pre check: \" .. (a))\n"
1423 " if tonumber(a) == 2 then\n"
1424 " print \"match\"\n"
1430 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1431 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1432 "Host: www.emergingthreats.net\r\n\r\n";
1433 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1434 "Host: www.openinfosecfoundation.org\r\n\r\n";
1435 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1436 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1444 memset(&th_v, 0,
sizeof(th_v));
1445 memset(&f, 0,
sizeof(f));
1446 memset(&ssn, 0,
sizeof(ssn));
1453 f.
proto = IPPROTO_TCP;
1506 static int LuaMatchTest04(
void)
1508 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1509 "function init (args)\n"
1510 " flowintlib.register(\"cnt\")\n"
1514 "function thread_init (args)\n"
1515 " cnt = flowintlib.get(\"cnt\")\n"
1518 "function match(args)\n"
1519 " print \"inspecting\""
1520 " a = cnt:value()\n"
1527 " a = cnt:value()\n"
1529 " print \"match\"\n"
1535 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1537 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1538 "Host: www.emergingthreats.net\r\n\r\n";
1539 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1540 "Host: www.openinfosecfoundation.org\r\n\r\n";
1541 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1542 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1552 memset(&th_v, 0,
sizeof(th_v));
1553 memset(&f, 0,
sizeof(f));
1554 memset(&ssn, 0,
sizeof(ssn));
1561 f.
proto = IPPROTO_TCP;
1626 static int LuaMatchTest04a(
void)
1628 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1629 "function init (args)\n"
1630 " flowintlib.register(\"cnt\")\n"
1634 "function thread_init (args)\n"
1635 " cnt = flowintlib.get(\"cnt\")\n"
1638 "function match(args)\n"
1639 " print \"inspecting\""
1640 " a = cnt:value()\n"
1647 " a = cnt:value()\n"
1649 " print \"match\"\n"
1655 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1657 uint8_t httpbuf1[] =
1658 "POST / HTTP/1.1\r\n"
1659 "Host: www.emergingthreats.net\r\n\r\n";
1660 uint8_t httpbuf2[] =
1661 "POST / HTTP/1.1\r\n"
1662 "Host: www.openinfosecfoundation.org\r\n\r\n";
1663 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1664 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1674 memset(&th_v, 0,
sizeof(th_v));
1675 memset(&f, 0,
sizeof(f));
1676 memset(&ssn, 0,
sizeof(ssn));
1683 f.
proto = IPPROTO_TCP;
1748 static int LuaMatchTest05(
void)
1750 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1751 "function init (args)\n"
1752 " flowintlib.register(\"cnt\")\n"
1756 "function thread_init (args)\n"
1757 " cnt = flowintlib.get(\"cnt\")\n"
1760 "function match(args)\n"
1761 " print \"inspecting\""
1764 " print \"match\"\n"
1770 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1772 uint8_t httpbuf1[] =
1773 "POST / HTTP/1.1\r\n"
1774 "Host: www.emergingthreats.net\r\n\r\n";
1775 uint8_t httpbuf2[] =
1776 "POST / HTTP/1.1\r\n"
1777 "Host: www.openinfosecfoundation.org\r\n\r\n";
1778 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1779 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1789 memset(&th_v, 0,
sizeof(th_v));
1790 memset(&f, 0,
sizeof(f));
1791 memset(&ssn, 0,
sizeof(ssn));
1798 f.
proto = IPPROTO_TCP;
1863 static int LuaMatchTest05a(
void)
1865 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1866 "function init (args)\n"
1867 " flowintlib.register(\"cnt\")\n"
1871 "function thread_init (args)\n"
1872 " cnt = flowintlib.get(\"cnt\")\n"
1875 "function match(args)\n"
1876 " print \"inspecting\""
1879 " print \"match\"\n"
1885 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1887 uint8_t httpbuf1[] =
1888 "POST / HTTP/1.1\r\n"
1889 "Host: www.emergingthreats.net\r\n\r\n";
1890 uint8_t httpbuf2[] =
1891 "POST / HTTP/1.1\r\n"
1892 "Host: www.openinfosecfoundation.org\r\n\r\n";
1893 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1894 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1904 memset(&th_v, 0,
sizeof(th_v));
1905 memset(&f, 0,
sizeof(f));
1906 memset(&ssn, 0,
sizeof(ssn));
1913 f.
proto = IPPROTO_TCP;
1978 static int LuaMatchTest06(
void)
1980 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1981 "function init (args)\n"
1982 " flowintlib.register(\"cnt\")\n"
1986 "function thread_init (args)\n"
1987 " cnt = flowintlib.get(\"cnt\")\n"
1990 "function match(args)\n"
1991 " print \"inspecting\""
1992 " a = cnt:value()\n"
1993 " if a == nil then\n"
1994 " print \"new var set to 2\""
1999 " print \"match\"\n"
2005 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
2007 uint8_t httpbuf1[] =
2008 "POST / HTTP/1.1\r\n"
2009 "Host: www.emergingthreats.net\r\n\r\n";
2010 uint8_t httpbuf2[] =
2011 "POST / HTTP/1.1\r\n"
2012 "Host: www.openinfosecfoundation.org\r\n\r\n";
2013 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2014 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2024 memset(&th_v, 0,
sizeof(th_v));
2025 memset(&f, 0,
sizeof(f));
2026 memset(&ssn, 0,
sizeof(ssn));
2033 f.
proto = IPPROTO_TCP;
2098 static int LuaMatchTest06a(
void)
2100 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
2101 "function init (args)\n"
2102 " flowintlib.register(\"cnt\")\n"
2106 "function thread_init (args)\n"
2107 " cnt = flowintlib.get(\"cnt\")\n"
2110 "function match(args)\n"
2111 " print \"inspecting\""
2112 " a = cnt:value()\n"
2113 " if a == nil then\n"
2114 " print \"new var set to 2\""
2119 " print \"match\"\n"
2125 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
2127 uint8_t httpbuf1[] =
2128 "POST / HTTP/1.1\r\n"
2129 "Host: www.emergingthreats.net\r\n\r\n";
2130 uint8_t httpbuf2[] =
2131 "POST / HTTP/1.1\r\n"
2132 "Host: www.openinfosecfoundation.org\r\n\r\n";
2133 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2134 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2144 memset(&th_v, 0,
sizeof(th_v));
2145 memset(&f, 0,
sizeof(f));
2146 memset(&ssn, 0,
sizeof(ssn));
2153 f.
proto = IPPROTO_TCP;
2217 void DetectLuaRegisterTests(
void)
#define FLAG_MEMORY_LIMIT_LOGGED
void LuaStateSetThreadVars(lua_State *luastate, ThreadVars *tv)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
SigTableElmt * sigmatch_table
void(* Free)(DetectEngineCtx *, void *)
#define FLAG_BLOCKED_FUNCTION_LOGGED
void * DetectThreadCtxGetKeywordThreadCtx(DetectEngineThreadCtx *det_ctx, int id)
Retrieve thread local keyword ctx by id.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
SCLuaSbState * SCLuaSbGetContext(lua_State *L)
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
int allow_restricted_functions
#define FLAG_INSTRUCTION_LIMIT_LOGGED
main detection engine ctx
uint16_t lua_blocked_function_errors
#define DEFAULT_LUA_INSTRUCTION_LIMIT
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
#define DETECT_LUA_MAX_FLOWVARS
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
#define FLOW_PKT_TOSERVER
@ TLS_STATE_SERVER_HELLO_DONE
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
uint32_t flowvar[DETECT_LUA_MAX_FLOWVARS]
int StringParseInt32(int32_t *res, int base, size_t len, const char *str)
uint32_t VarNameStoreRegister(const char *name, const enum VarTypes type)
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
uint16_t lua_instruction_limit_errors
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define FLAG_DATATYPE_PACKET
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
struct lua_State lua_State
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
#define FLOW_INITIALIZE(f)
#define SIG_FLAG_TOSERVER
uint32_t VarNameStoreLookupByName(const char *name, const enum VarTypes type)
find name for id+type at packet time.
#define PASS
Pass the test.
uint64_t instruction_limit
@ TLS_STATE_CLIENT_HELLO_DONE
int SCConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
AppLayerParserThreadCtx * alp_tctx
SigMatch * SCSigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Per thread variable structure.
void DetectLuaRegister(void)
Registration function for keyword: lua.
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
void VarNameStoreUnregister(const uint32_t id, const enum VarTypes type)
#define DETECT_LUA_MAX_FLOWINTS
#define FLAG_DATATYPE_PAYLOAD
#define SCLogWarning(...)
Macro used to log WARNING messages.
int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, const uint8_t *buffer, uint32_t buffer_len, uint32_t offset, Flow *f)
@ SIGNATURE_HOOK_TYPE_NOT_SET
uint16_t lua_memory_limit_errors
DetectLuaDataBytevarEntry bytevar[DETECT_LUA_MAX_BYTEVARS]
#define FLAG_DATATYPE_STREAM
void SCLuaSbStateClose(lua_State *L)
uint32_t flowint[DETECT_LUA_MAX_FLOWINTS]
#define FLAG_ERROR_LOGGED
SignatureInitData * init_data
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
void SCLuaRequirefBuiltIns(lua_State *L)
Register Suricata built-in modules for loading in a non-sandboxed environment.
bool blocked_function_error
union FlowVar_::@124 data
#define FLOW_PKT_TOCLIENT
void LuaExtensionsMatchSetup(lua_State *lua_state, DetectLuaData *ld, DetectEngineThreadCtx *det_ctx, Flow *f, Packet *p, const Signature *s, uint8_t flags)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
void LuaDumpStack(lua_State *state, const char *prefix)
dump stack from lua state to screen
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
int SCConfSetFinal(const char *name, const char *val)
Set a final configuration value.
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void SCLuaSbLoadLibs(lua_State *L)
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
int DetectBufferTypeRegister(const char *name)
void StreamTcpFreeConfig(bool quiet)
int DetectRegisterThreadCtxFuncs(DetectEngineCtx *de_ctx, const char *name, void *(*InitFunc)(void *), void *data, void(*FreeFunc)(void *), int mode)
Register Thread keyword context Funcs.
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
#define DEFAULT_LUA_ALLOC_LIMIT
enum SignatureHookType type
void SCLuaSbResetInstructionCounter(lua_State *L)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
const char luaext_key_ld[]
#define SCLogError(...)
Macro used to log ERROR messages.
#define FLAG_DATATYPE_BUFFER
#define FLOW_PKT_ESTABLISHED
DetectEngineCtx * DetectEngineCtxInit(void)
bool instruction_count_error
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
lua_State * SCLuaSbStateNew(uint64_t alloclimit, uint64_t instructionlimit)
Allocate a new Lua sandbox.
FlowVar * FlowVarGet(Flow *f, uint32_t idx)
get the flowvar with index 'idx' from the flow
int DetectUnregisterThreadCtxFuncs(DetectEngineCtx *de_ctx, void *data, const char *name)
Remove Thread keyword context registration.
AppProto alproto
application level protocol
int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
void(* RegisterTests)(void)
int LuaPushStringBuffer(lua_State *luastate, const uint8_t *input, size_t input_len)
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.