Go to the documentation of this file.
70 void *state,
void *txv,
const Signature *s,
74 static void DetectLuaRegisterTests(
void);
77 static int g_lua_ja3_list_id = 0;
78 static int g_lua_ja3s_list_id = 0;
112 #define FLAG_DATATYPE_PACKET BIT_U32(0)
113 #define FLAG_DATATYPE_PAYLOAD BIT_U32(1)
114 #define FLAG_DATATYPE_STREAM BIT_U32(2)
115 #define FLAG_LIST_JA3 BIT_U32(3)
116 #define FLAG_LIST_JA3S BIT_U32(4)
117 #define FLAG_DATATYPE_BUFFER BIT_U32(22)
118 #define FLAG_ERROR_LOGGED BIT_U32(23)
119 #define FLAG_BLOCKED_FUNCTION_LOGGED BIT_U32(24)
120 #define FLAG_INSTRUCTION_LIMIT_LOGGED BIT_U32(25)
121 #define FLAG_MEMORY_LIMIT_LOGGED BIT_U32(26)
123 #define DEFAULT_LUA_ALLOC_LIMIT 500000
124 #define DEFAULT_LUA_INSTRUCTION_LIMIT 500000
129 int size = lua_gettop(state);
130 printf(
"%s: size %d\n", prefix, size);
132 for (
int i = 1; i <= size; i++) {
133 int type = lua_type(state, i);
134 printf(
"- %s: Stack size=%d, level=%d, type=%d, ", prefix, size, i,
type);
138 printf(
"function %s", lua_tostring(state, i));
141 printf(
"bool %s", lua_toboolean(state, i) ?
"true" :
"false");
144 printf(
"number %g", lua_tonumber(state, i));
147 printf(
"string `%s'", lua_tostring(state, i));
150 printf(
"table `%s'", lua_tostring(state, i));
153 printf(
"other %s", lua_typename(state,
type));
164 lua_pushlightuserdata(state, (
void *)data);
165 lua_settable(state, LUA_REGISTRYINDEX);
172 static int DetectLuaRunMatch(
178 if (lua_pcall(tlua->
luastate, 1, 1, 0) != 0) {
179 const char *reason = lua_tostring(tlua->
luastate, -1);
190 reason =
"memory limit exceeded";
198 if (!(tlua->
flags & flag)) {
199 SCLogWarning(
"Lua script failed to run successfully: %s", reason);
204 while (lua_gettop(tlua->
luastate) > 0) {
213 if (lua_gettop(tlua->
luastate) > 0) {
215 if (lua_type(tlua->
luastate, 1) == LUA_TNUMBER) {
216 lua_Integer script_ret = lua_tointeger(tlua->
luastate, 1);
222 SCLogDebug(
"Unsupported datatype returned from Lua script");
233 while (lua_gettop(tlua->
luastate) > 0) {
246 if (buffer == NULL || buffer_len == 0)
261 lua_getglobal(tlua->
luastate,
"match");
264 lua_pushliteral(tlua->
luastate,
"offset");
272 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
302 flags = STREAM_TOSERVER;
304 flags = STREAM_TOCLIENT;
315 lua_getglobal(tlua->
luastate,
"match");
318 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
337 lua_getglobal(tlua->
luastate,
"match");
340 SCReturnInt(DetectLuaRunMatch(det_ctx, lua, tlua));
356 void *state,
void *txv,
const Signature *s,
359 return DetectLuaAppMatchCommon(det_ctx, f,
flags, state, s,
ctx);
365 static const char *ut_script = NULL;
368 static void *DetectLuaThreadInit(
void *data)
395 LuaStateSetDetectLuaData(t->
luastate, lua);
399 if (ut_script != NULL) {
400 status = luaL_loadbuffer(t->
luastate, ut_script, strlen(ut_script),
"unittest");
417 if (lua_pcall(t->
luastate, 0, 0, 0) != 0) {
423 lua_getglobal(t->
luastate,
"thread_init");
424 if (lua_isfunction(t->
luastate, -1)) {
425 if (lua_pcall(t->
luastate, 0, 0, 0) != 0) {
426 SCLogError(
"couldn't run script 'thread_init' function: %s",
443 static void DetectLuaThreadFree(
void *
ctx)
471 if (strlen(
str) &&
str[0] ==
'!') {
486 DetectLuaFree(
de_ctx, lua);
495 if (luastate == NULL)
498 luaL_openlibs(luastate);
503 LuaStateSetDetectLuaData(luastate, ld);
507 if (ut_script != NULL) {
508 status = luaL_loadbuffer(luastate, ut_script, strlen(ut_script),
"unittest");
510 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
515 status = luaL_loadfile(luastate, ld->
filename);
517 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
525 if (lua_pcall(luastate, 0, 0, 0) != 0) {
526 SCLogError(
"couldn't prime file: %s", lua_tostring(luastate, -1));
530 lua_getglobal(luastate,
"init");
531 if (lua_type(luastate, -1) != LUA_TFUNCTION) {
538 lua_pushlightuserdata(luastate, (
void *)s);
540 if (lua_pcall(luastate, 1, 1, 0) != 0) {
541 SCLogError(
"couldn't run script 'init' function: %s", lua_tostring(luastate, -1));
546 if (lua_gettop(luastate) == 0) {
547 SCLogError(
"init function in script should return table, nothing returned");
550 if (lua_type(luastate, 1) != LUA_TTABLE) {
551 SCLogError(
"init function in script should return table, returned is not table");
555 lua_pushnil(luastate);
557 while (lua_next(luastate, -2)) {
558 k = lua_tostring(luastate, -2);
563 if (strcmp(k,
"flowvar") == 0) {
564 if (lua_istable(luastate, -1)) {
565 lua_pushnil(luastate);
566 while (lua_next(luastate, -2) != 0) {
568 const char *value = lua_tostring(luastate, -1);
571 lua_pop(luastate, 1);
583 lua_pop(luastate, 1);
585 }
else if (strcmp(k,
"flowint") == 0) {
586 if (lua_istable(luastate, -1)) {
587 lua_pushnil(luastate);
588 while (lua_next(luastate, -2) != 0) {
590 const char *value = lua_tostring(luastate, -1);
593 lua_pop(luastate, 1);
605 lua_pop(luastate, 1);
609 bool required = lua_toboolean(luastate, -1);
610 lua_pop(luastate, 1);
615 if (strcmp(k,
"ja3") == 0) {
617 }
else if (strcmp(k,
"ja3s") == 0) {
619 }
else if (strcmp(k,
"packet") == 0) {
621 }
else if (strcmp(k,
"payload") == 0) {
623 }
else if (strcmp(k,
"buffer") == 0) {
631 }
else if (strcmp(k,
"stream") == 0) {
640 }
else if (strncmp(k,
"http", 4) == 0 || strncmp(k,
"dns", 3) == 0 ||
641 strncmp(k,
"tls", 3) == 0 || strncmp(k,
"ssh", 3) == 0 ||
642 strncmp(k,
"smtp", 4) == 0 || strncmp(k,
"dnp3", 4) == 0) {
643 SCLogError(
"data type %s no longer supported, use rule hooks", k);
653 lua_pop(luastate, 1);
677 if (
SCConfGetBool(
"security.lua.allow-rules", &enabled) == 1 && !enabled) {
678 SCLogError(
"Lua rules disabled by security configuration: security.lua.allow-rules");
689 (void)
SCConfGetInt(
"security.lua.max-bytes", &lua_alloc_limit);
690 (void)
SCConfGetInt(
"security.lua.max-instructions", &lua_instruction_limit);
694 int allow_restricted_functions = 0;
695 (void)
SCConfGetBool(
"security.lua.allow-restricted-functions", &allow_restricted_functions);
698 if (DetectLuaSetupPrime(
de_ctx, lua, s) == -1) {
703 DetectLuaThreadInit, (
void *)lua,
704 DetectLuaThreadFree, 0);
710 if (list == -1 || (list == 0 && s->
init_data->
list == INT_MAX)) {
728 list = g_lua_ja3_list_id;
730 list = g_lua_ja3s_list_id;
742 DetectLuaFree(
de_ctx, lua);
761 for (uint16_t i = 0; i < lua->
flowints; i++) {
764 for (uint16_t i = 0; i < lua->
flowvars; i++) {
767 for (uint16_t i = 0; i < lua->
bytevars; i++) {
781 static int LuaMatchTest01(
void)
785 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
786 "function init (args)\n"
787 " flowvarlib.register(\"cnt\")\n"
790 "function thread_init (args)\n"
791 " cnt = flowvarlib.get(\"cnt\")\n"
794 "function match(args)\n"
797 " a = tostring(tonumber(a)+1)\n"
806 " print (\"pre check: \" .. (a))\n"
807 " if tonumber(a) == 2 then\n"
814 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
817 "POST / HTTP/1.1\r\n"
818 "Host: www.emergingthreats.net\r\n\r\n";
820 "POST / HTTP/1.1\r\n"
821 "Host: www.openinfosecfoundation.org\r\n\r\n";
822 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
823 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
833 memset(&th_v, 0,
sizeof(th_v));
834 memset(&f, 0,
sizeof(f));
835 memset(&ssn, 0,
sizeof(ssn));
842 f.
proto = IPPROTO_TCP;
906 static int LuaMatchTest01a(
void)
908 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
909 "function init (args)\n"
910 " flowvarlib.register(\"cnt\")\n"
913 "function thread_init (args)\n"
914 " cnt = flowvarlib.get(\"cnt\")\n"
917 "function match(args)\n"
918 " a = cnt:value(0)\n"
920 " a = tostring(tonumber(a)+1)\n"
929 " print (\"pre check: \" .. (a))\n"
930 " if tonumber(a) == 2 then\n"
937 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
939 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
940 "Host: www.emergingthreats.net\r\n\r\n";
941 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
942 "Host: www.openinfosecfoundation.org\r\n\r\n";
943 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
944 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
954 memset(&th_v, 0,
sizeof(th_v));
955 memset(&f, 0,
sizeof(f));
956 memset(&ssn, 0,
sizeof(ssn));
963 f.
proto = IPPROTO_TCP;
1028 static int LuaMatchTest02(
void)
1030 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1031 "function init (args)\n"
1032 " flowvarlib.register(\"cnt\")\n"
1033 " local needs = {}\n"
1034 " needs[\"payload\"] = tostring(true)\n"
1037 "function thread_init (args)\n"
1038 " cnt = flowvarlib.get(\"cnt\")\n"
1041 "function match(args)\n"
1042 " a = cnt:value()\n"
1044 " a = tostring(tonumber(a)+1)\n"
1048 " a = tostring(1)\n"
1053 " print (\"pre check: \" .. (a))\n"
1054 " if tonumber(a) == 2 then\n"
1055 " print \"match\"\n"
1061 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1062 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1063 "Host: www.emergingthreats.net\r\n\r\n";
1064 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1065 "Host: www.openinfosecfoundation.org\r\n\r\n";
1066 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1067 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1075 memset(&th_v, 0,
sizeof(th_v));
1076 memset(&f, 0,
sizeof(f));
1077 memset(&ssn, 0,
sizeof(ssn));
1084 f.
proto = IPPROTO_TCP;
1139 static int LuaMatchTest02a(
void)
1141 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1142 "function init (args)\n"
1143 " flowvarlib.register(\"cnt\")"
1144 " local needs = {}\n"
1145 " needs[\"payload\"] = tostring(true)\n"
1148 "function thread_init (args)\n"
1149 " cnt = flowvarlib.get(\"cnt\")"
1152 "function match(args)\n"
1153 " a = cnt:value()\n"
1155 " a = tostring(tonumber(a)+1)\n"
1159 " a = tostring(1)\n"
1164 " print (\"pre check: \" .. (a))\n"
1165 " if tonumber(a) == 2 then\n"
1166 " print \"match\"\n"
1172 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1173 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1174 "Host: www.emergingthreats.net\r\n\r\n";
1175 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1176 "Host: www.openinfosecfoundation.org\r\n\r\n";
1177 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1178 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1186 memset(&th_v, 0,
sizeof(th_v));
1187 memset(&f, 0,
sizeof(f));
1188 memset(&ssn, 0,
sizeof(ssn));
1195 f.
proto = IPPROTO_TCP;
1248 static int LuaMatchTest03(
void)
1250 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1251 "function init (args)\n"
1252 " flowvarlib.register(\"cnt\")\n"
1253 " local needs = {}\n"
1254 " needs[\"packet\"] = tostring(true)\n"
1258 "function thread_init (args)\n"
1259 " cnt = flowvarlib.get(\"cnt\")\n"
1262 "function match(args)\n"
1263 " a = cnt:value()\n"
1265 " a = tostring(tonumber(a)+1)\n"
1269 " a = tostring(1)\n"
1274 " print (\"pre check: \" .. (a))\n"
1275 " if tonumber(a) == 2 then\n"
1276 " print \"match\"\n"
1282 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1283 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1284 "Host: www.emergingthreats.net\r\n\r\n";
1285 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1286 "Host: www.openinfosecfoundation.org\r\n\r\n";
1287 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1288 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1296 memset(&th_v, 0,
sizeof(th_v));
1297 memset(&f, 0,
sizeof(f));
1298 memset(&ssn, 0,
sizeof(ssn));
1305 f.
proto = IPPROTO_TCP;
1357 static int LuaMatchTest03a(
void)
1359 const char script[] =
"local flowvarlib = require(\"suricata.flowvar\")\n"
1360 "function init (args)\n"
1361 " flowvarlib.register(\"cnt\")\n"
1362 " local needs = {}\n"
1363 " needs[\"packet\"] = tostring(true)\n"
1367 "function thread_init (args)\n"
1368 " cnt = flowvarlib.get(\"cnt\")\n"
1371 "function match(args)\n"
1372 " a = cnt:value()\n"
1374 " a = tostring(tonumber(a)+1)\n"
1378 " a = tostring(1)\n"
1383 " print (\"pre check: \" .. (a))\n"
1384 " if tonumber(a) == 2 then\n"
1385 " print \"match\"\n"
1391 char sig[] =
"alert tcp any any -> any any (flow:to_server; lua:unittest; sid:1;)";
1392 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1393 "Host: www.emergingthreats.net\r\n\r\n";
1394 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1395 "Host: www.openinfosecfoundation.org\r\n\r\n";
1396 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1397 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1405 memset(&th_v, 0,
sizeof(th_v));
1406 memset(&f, 0,
sizeof(f));
1407 memset(&ssn, 0,
sizeof(ssn));
1414 f.
proto = IPPROTO_TCP;
1466 static int LuaMatchTest04(
void)
1468 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1469 "function init (args)\n"
1470 " flowintlib.register(\"cnt\")\n"
1474 "function thread_init (args)\n"
1475 " cnt = flowintlib.get(\"cnt\")\n"
1478 "function match(args)\n"
1479 " print \"inspecting\""
1480 " a = cnt:value()\n"
1487 " a = cnt:value()\n"
1489 " print \"match\"\n"
1495 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1497 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n"
1498 "Host: www.emergingthreats.net\r\n\r\n";
1499 uint8_t httpbuf2[] =
"POST / HTTP/1.1\r\n"
1500 "Host: www.openinfosecfoundation.org\r\n\r\n";
1501 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1502 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1512 memset(&th_v, 0,
sizeof(th_v));
1513 memset(&f, 0,
sizeof(f));
1514 memset(&ssn, 0,
sizeof(ssn));
1521 f.
proto = IPPROTO_TCP;
1583 static int LuaMatchTest04a(
void)
1585 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1586 "function init (args)\n"
1587 " flowintlib.register(\"cnt\")\n"
1591 "function thread_init (args)\n"
1592 " cnt = flowintlib.get(\"cnt\")\n"
1595 "function match(args)\n"
1596 " print \"inspecting\""
1597 " a = cnt:value()\n"
1604 " a = cnt:value()\n"
1606 " print \"match\"\n"
1612 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1614 uint8_t httpbuf1[] =
1615 "POST / HTTP/1.1\r\n"
1616 "Host: www.emergingthreats.net\r\n\r\n";
1617 uint8_t httpbuf2[] =
1618 "POST / HTTP/1.1\r\n"
1619 "Host: www.openinfosecfoundation.org\r\n\r\n";
1620 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1621 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1631 memset(&th_v, 0,
sizeof(th_v));
1632 memset(&f, 0,
sizeof(f));
1633 memset(&ssn, 0,
sizeof(ssn));
1640 f.
proto = IPPROTO_TCP;
1702 static int LuaMatchTest05(
void)
1704 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1705 "function init (args)\n"
1706 " flowintlib.register(\"cnt\")\n"
1710 "function thread_init (args)\n"
1711 " cnt = flowintlib.get(\"cnt\")\n"
1714 "function match(args)\n"
1715 " print \"inspecting\""
1718 " print \"match\"\n"
1724 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1726 uint8_t httpbuf1[] =
1727 "POST / HTTP/1.1\r\n"
1728 "Host: www.emergingthreats.net\r\n\r\n";
1729 uint8_t httpbuf2[] =
1730 "POST / HTTP/1.1\r\n"
1731 "Host: www.openinfosecfoundation.org\r\n\r\n";
1732 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1733 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1743 memset(&th_v, 0,
sizeof(th_v));
1744 memset(&f, 0,
sizeof(f));
1745 memset(&ssn, 0,
sizeof(ssn));
1752 f.
proto = IPPROTO_TCP;
1814 static int LuaMatchTest05a(
void)
1816 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1817 "function init (args)\n"
1818 " flowintlib.register(\"cnt\")\n"
1822 "function thread_init (args)\n"
1823 " cnt = flowintlib.get(\"cnt\")\n"
1826 "function match(args)\n"
1827 " print \"inspecting\""
1830 " print \"match\"\n"
1836 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1838 uint8_t httpbuf1[] =
1839 "POST / HTTP/1.1\r\n"
1840 "Host: www.emergingthreats.net\r\n\r\n";
1841 uint8_t httpbuf2[] =
1842 "POST / HTTP/1.1\r\n"
1843 "Host: www.openinfosecfoundation.org\r\n\r\n";
1844 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1845 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1855 memset(&th_v, 0,
sizeof(th_v));
1856 memset(&f, 0,
sizeof(f));
1857 memset(&ssn, 0,
sizeof(ssn));
1864 f.
proto = IPPROTO_TCP;
1928 static int LuaMatchTest06(
void)
1930 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
1931 "function init (args)\n"
1932 " flowintlib.register(\"cnt\")\n"
1936 "function thread_init (args)\n"
1937 " cnt = flowintlib.get(\"cnt\")\n"
1940 "function match(args)\n"
1941 " print \"inspecting\""
1942 " a = cnt:value()\n"
1943 " if a == nil then\n"
1944 " print \"new var set to 2\""
1949 " print \"match\"\n"
1955 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
1957 uint8_t httpbuf1[] =
1958 "POST / HTTP/1.1\r\n"
1959 "Host: www.emergingthreats.net\r\n\r\n";
1960 uint8_t httpbuf2[] =
1961 "POST / HTTP/1.1\r\n"
1962 "Host: www.openinfosecfoundation.org\r\n\r\n";
1963 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1964 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1974 memset(&th_v, 0,
sizeof(th_v));
1975 memset(&f, 0,
sizeof(f));
1976 memset(&ssn, 0,
sizeof(ssn));
1983 f.
proto = IPPROTO_TCP;
2045 static int LuaMatchTest06a(
void)
2047 const char script[] =
"local flowintlib = require(\"suricata.flowint\")\n"
2048 "function init (args)\n"
2049 " flowintlib.register(\"cnt\")\n"
2053 "function thread_init (args)\n"
2054 " cnt = flowintlib.get(\"cnt\")\n"
2057 "function match(args)\n"
2058 " print \"inspecting\""
2059 " a = cnt:value()\n"
2060 " if a == nil then\n"
2061 " print \"new var set to 2\""
2066 " print \"match\"\n"
2072 char sig[] =
"alert http1:request_complete any any -> any any (flow:to_server; lua:unittest; "
2074 uint8_t httpbuf1[] =
2075 "POST / HTTP/1.1\r\n"
2076 "Host: www.emergingthreats.net\r\n\r\n";
2077 uint8_t httpbuf2[] =
2078 "POST / HTTP/1.1\r\n"
2079 "Host: www.openinfosecfoundation.org\r\n\r\n";
2080 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2081 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2091 memset(&th_v, 0,
sizeof(th_v));
2092 memset(&f, 0,
sizeof(f));
2093 memset(&ssn, 0,
sizeof(ssn));
2100 f.
proto = IPPROTO_TCP;
2161 void DetectLuaRegisterTests(
void)
#define FLAG_MEMORY_LIMIT_LOGGED
void LuaStateSetThreadVars(lua_State *luastate, ThreadVars *tv)
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
SigTableElmt * sigmatch_table
void(* Free)(DetectEngineCtx *, void *)
#define FLAG_BLOCKED_FUNCTION_LOGGED
void * DetectThreadCtxGetKeywordThreadCtx(DetectEngineThreadCtx *det_ctx, int id)
Retrieve thread local keyword ctx by id.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
SCLuaSbState * SCLuaSbGetContext(lua_State *L)
int PacketAlertCheck(Packet *p, uint32_t sid)
Check if a certain sid alerted, this is used in the test functions.
int allow_restricted_functions
#define FLAG_INSTRUCTION_LIMIT_LOGGED
main detection engine ctx
uint16_t lua_blocked_function_errors
#define DEFAULT_LUA_INSTRUCTION_LIMIT
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
#define DETECT_LUA_MAX_FLOWVARS
void AppLayerParserThreadCtxFree(AppLayerParserThreadCtx *tctx)
Destroys the app layer parser thread context obtained using AppLayerParserThreadCtxAlloc().
#define FLOW_PKT_TOSERVER
@ TLS_STATE_SERVER_HELLO_DONE
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Packet * UTHBuildPacket(uint8_t *payload, uint16_t payload_len, uint8_t ipproto)
UTHBuildPacket is a wrapper that build packets with default ip and port fields.
void SigMatchSignatures(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, Packet *p)
wrapper for old tests
uint32_t flowvar[DETECT_LUA_MAX_FLOWVARS]
uint32_t VarNameStoreRegister(const char *name, const enum VarTypes type)
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
uint16_t lua_instruction_limit_errors
#define SIG_FLAG_TOCLIENT
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define FLAG_DATATYPE_PACKET
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
struct lua_State lua_State
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
#define FLOW_INITIALIZE(f)
#define SIG_FLAG_TOSERVER
uint32_t VarNameStoreLookupByName(const char *name, const enum VarTypes type)
find name for id+type at packet time. As the active store won't be modified, we don't need locks.
#define PASS
Pass the test.
uint64_t instruction_limit
@ TLS_STATE_CLIENT_HELLO_DONE
int SCConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
AppLayerParserThreadCtx * alp_tctx
SigMatch * SCSigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Per thread variable structure.
void DetectLuaRegister(void)
Registration function for keyword: lua.
TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
initialize thread specific detection engine context
void VarNameStoreUnregister(const uint32_t id, const enum VarTypes type)
#define DETECT_LUA_MAX_FLOWINTS
#define FLAG_DATATYPE_PAYLOAD
#define SCLogWarning(...)
Macro used to log WARNING messages.
int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, const uint8_t *buffer, uint32_t buffer_len, uint32_t offset, Flow *f)
@ SIGNATURE_HOOK_TYPE_NOT_SET
uint16_t lua_memory_limit_errors
DetectLuaDataBytevarEntry bytevar[DETECT_LUA_MAX_BYTEVARS]
#define FLAG_DATATYPE_STREAM
void SCLuaSbStateClose(lua_State *L)
uint32_t flowint[DETECT_LUA_MAX_FLOWINTS]
union FlowVar_::@122 data
#define FLAG_ERROR_LOGGED
SignatureInitData * init_data
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
void SCLuaRequirefBuiltIns(lua_State *L)
Register Suricata built-in modules for loading in a non-sandboxed environment.
bool blocked_function_error
#define FLOW_PKT_TOCLIENT
void LuaExtensionsMatchSetup(lua_State *lua_state, DetectLuaData *ld, DetectEngineThreadCtx *det_ctx, Flow *f, Packet *p, const Signature *s, uint8_t flags)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
void LuaDumpStack(lua_State *state, const char *prefix)
dump stack from lua state to screen
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
int SCConfSetFinal(const char *name, const char *val)
Set a final configuration value.
AppLayerParserThreadCtx * AppLayerParserThreadCtxAlloc(void)
Gets a new app layer protocol's parser thread context.
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
void SCLuaSbLoadLibs(lua_State *L)
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
int DetectBufferTypeRegister(const char *name)
void StreamTcpFreeConfig(bool quiet)
int DetectRegisterThreadCtxFuncs(DetectEngineCtx *de_ctx, const char *name, void *(*InitFunc)(void *), void *data, void(*FreeFunc)(void *), int mode)
Register Thread keyword context Funcs.
int AppLayerParserParse(ThreadVars *tv, AppLayerParserThreadCtx *alp_tctx, Flow *f, AppProto alproto, uint8_t flags, const uint8_t *input, uint32_t input_len)
#define DEFAULT_LUA_ALLOC_LIMIT
enum SignatureHookType type
TmEcode DetectEngineThreadCtxDeinit(ThreadVars *tv, void *data)
void SCLuaSbResetInstructionCounter(lua_State *L)
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
const char luaext_key_ld[]
#define SCLogError(...)
Macro used to log ERROR messages.
#define FLAG_DATATYPE_BUFFER
#define FLOW_PKT_ESTABLISHED
DetectEngineCtx * DetectEngineCtxInit(void)
bool instruction_count_error
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
Registers an app inspection engine.
lua_State * SCLuaSbStateNew(uint64_t alloclimit, uint64_t instructionlimit)
Allocate a new Lua sandbox.
FlowVar * FlowVarGet(Flow *f, uint32_t idx)
get the flowvar with index 'idx' from the flow
int DetectUnregisterThreadCtxFuncs(DetectEngineCtx *de_ctx, void *data, const char *name)
Remove Thread keyword context registration.
AppProto alproto
application level protocol
int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
void StatsThreadCleanup(ThreadVars *tv)
void(* RegisterTests)(void)
int LuaPushStringBuffer(lua_State *luastate, const uint8_t *input, size_t input_len)
void UTHFreePackets(Packet **p, int numpkts)
UTHFreePackets: function to release the allocated data from UTHBuildPacket and the packet itself.