suricata
util-lua-common.c
Go to the documentation of this file.
1 /* Copyright (C) 2014-2021 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Common function for Lua Output
24  */
25 
26 #include "suricata-common.h"
27 #include "detect.h"
28 #include "pkt-var.h"
29 #include "conf.h"
30 
31 #include "threads.h"
32 #include "threadvars.h"
33 #include "tm-threads.h"
34 
35 #include "util-print.h"
36 #include "util-unittest.h"
37 
38 #include "util-debug.h"
39 
40 #include "output.h"
41 #include "app-layer-htp.h"
42 #include "app-layer.h"
43 #include "app-layer-parser.h"
44 #include "util-privs.h"
45 #include "util-buffer.h"
46 #include "util-proto-name.h"
47 #include "util-logopenfile.h"
48 #include "util-time.h"
49 #include "util-conf.h"
50 
51 #include "lua.h"
52 #include "lualib.h"
53 #include "lauxlib.h"
54 
55 #include "util-lua.h"
56 #include "util-lua-common.h"
57 #include "action-globals.h"
58 
59 int LuaCallbackError(lua_State *luastate, const char *msg)
60 {
61  lua_pushnil(luastate);
62  lua_pushstring(luastate, msg);
63  return 2;
64 }
65 
66 const char *LuaGetStringArgument(lua_State *luastate, int argc)
67 {
68  /* get argument */
69  if (!lua_isstring(luastate, argc))
70  return NULL;
71  const char *str = lua_tostring(luastate, argc);
72  if (str == NULL)
73  return NULL;
74  if (strlen(str) == 0)
75  return NULL;
76  return str;
77 }
78 
79 void LuaPushTableKeyValueInt(lua_State *luastate, const char *key, int value)
80 {
81  lua_pushstring(luastate, key);
82  lua_pushnumber(luastate, value);
83  lua_settable(luastate, -3);
84 }
85 
86 /** \brief Push a key plus string value to the stack
87  *
88  * If value is NULL, string "(null")" will be put on the stack.
89  */
90 void LuaPushTableKeyValueString(lua_State *luastate, const char *key, const char *value)
91 {
92  lua_pushstring(luastate, key);
93  lua_pushstring(luastate, value ? value : "(null)");
94  lua_settable(luastate, -3);
95 }
96 
97 void LuaPushTableKeyValueArray(lua_State *luastate, const char *key, const uint8_t *value, size_t len)
98 {
99  lua_pushstring(luastate, key);
100  LuaPushStringBuffer(luastate, value, len);
101  lua_settable(luastate, -3);
102 }
103 
104 /** \internal
105  * \brief fill lua stack with payload
106  * \param luastate the lua state
107  * \param p packet
108  * \retval cnt number of data items placed on the stack
109  *
110  * Places: payload (string), open (bool), close (bool), toserver (bool), toclient (bool)
111  */
112 static int LuaCallbackStreamingBufferPushToStack(lua_State *luastate, const LuaStreamingBuffer *b)
113 {
114  //PrintRawDataFp(stdout, (uint8_t *)b->data, b->data_len);
115  lua_pushlstring (luastate, (const char *)b->data, b->data_len);
116  lua_pushboolean (luastate, (b->flags & OUTPUT_STREAMING_FLAG_OPEN));
117  lua_pushboolean (luastate, (b->flags & OUTPUT_STREAMING_FLAG_CLOSE));
118  lua_pushboolean (luastate, (b->flags & OUTPUT_STREAMING_FLAG_TOSERVER));
119  lua_pushboolean (luastate, (b->flags & OUTPUT_STREAMING_FLAG_TOCLIENT));
120  return 5;
121 }
122 
123 /** \internal
124  * \brief Wrapper for getting payload into a lua script
125  * \retval cnt number of items placed on the stack
126  */
127 static int LuaCallbackStreamingBuffer(lua_State *luastate)
128 {
129  const LuaStreamingBuffer *b = LuaStateGetStreamingBuffer(luastate);
130  if (b == NULL)
131  return LuaCallbackError(luastate, "internal error: no buffer");
132 
133  return LuaCallbackStreamingBufferPushToStack(luastate, b);
134 }
135 
136 /** \internal
137  * \brief fill lua stack with flow timestamps
138  * \param luastate the lua state
139  * \param startts timestamp of first packet in the flow
140  * \param lastts timestamp of last packet in the flow
141  * \retval cnt number of data items placed on the stack
142  *
143  * Places: seconds (number), seconds (number), microseconds (number),
144  * microseconds (number)
145  */
146 static int LuaCallbackFlowTimestampsPushToStack(
147  lua_State *luastate, const SCTime_t startts, const SCTime_t lastts)
148 {
149  lua_pushnumber(luastate, (double)SCTIME_SECS(startts));
150  lua_pushnumber(luastate, (double)SCTIME_SECS(lastts));
151  lua_pushnumber(luastate, (double)SCTIME_USECS(startts));
152  lua_pushnumber(luastate, (double)SCTIME_USECS(lastts));
153  return 4;
154 }
155 
156 /** \internal
157  * \brief Wrapper for getting flow timestamp (as numbers) into a lua script
158  * \retval cnt number of items placed on the stack
159  */
160 static int LuaCallbackFlowTimestamps(lua_State *luastate)
161 {
162  Flow *flow = LuaStateGetFlow(luastate);
163  if (flow == NULL) {
164  return LuaCallbackError(luastate, "internal error: no flow");
165  }
166 
167  return LuaCallbackFlowTimestampsPushToStack(luastate, flow->startts, flow->lastts);
168 }
169 
170 /** \internal
171  * \brief fill lua stack with time string
172  * \param luastate the lua state
173  * \param flow flow
174  * \retval cnt number of data items placed on the stack
175  *
176  * Places: ts (string)
177  */
178 static int LuaCallbackTimeStringPushToStackFromFlow(lua_State *luastate, const Flow *flow)
179 {
180  char timebuf[64];
181  CreateTimeString(flow->startts, timebuf, sizeof(timebuf));
182  lua_pushstring (luastate, timebuf);
183  return 1;
184 }
185 
186 /** \internal
187  * \brief Wrapper for getting ts info into a lua script
188  * \retval cnt number of items placed on the stack
189  */
190 static int LuaCallbackFlowTimeString(lua_State *luastate)
191 {
192  int r = 0;
193  Flow *flow = LuaStateGetFlow(luastate);
194  if (flow == NULL)
195  return LuaCallbackError(luastate, "internal error: no flow");
196 
197  r = LuaCallbackTimeStringPushToStackFromFlow(luastate, flow);
198 
199  return r;
200 }
201 
202 /** \internal
203  * \brief fill lua stack with flow has alerts
204  * \param luastate the lua state
205  * \param flow flow
206  * \retval cnt number of data items placed on the stack
207  *
208  * Places alerts (bool)
209  */
210 static int LuaCallbackHasAlertsPushToStackFromFlow(lua_State *luastate, const Flow *flow)
211 {
212  lua_pushboolean(luastate, FlowHasAlerts(flow));
213 
214  return 1;
215 }
216 
217 /** \internal
218  * \brief Wrapper for getting flow has alerts info into a lua script
219  * \retval cnt number of items placed on the stack
220  */
221 static int LuaCallbackFlowHasAlerts(lua_State *luastate)
222 {
223  int r = 0;
224  Flow *flow = LuaStateGetFlow(luastate);
225  if (flow == NULL)
226  return LuaCallbackError(luastate, "internal error: no flow");
227 
228  r = LuaCallbackHasAlertsPushToStackFromFlow(luastate, flow);
229 
230  return r;
231 }
232 
233 /** \internal
234  * \brief fill lua stack with header info
235  * \param luastate the lua state
236  * \param f flow, locked
237  * \retval cnt number of data items placed on the stack
238  *
239  * Places: ipver (number), src ip (string), dst ip (string), protocol (number),
240  * sp or icmp type (number), dp or icmp code (number).
241  */
242 static int LuaCallbackTuplePushToStackFromFlow(lua_State *luastate, const Flow *f)
243 {
244  int ipver = 0;
245  if (FLOW_IS_IPV4(f)) {
246  ipver = 4;
247  } else if (FLOW_IS_IPV6(f)) {
248  ipver = 6;
249  }
250  lua_pushinteger(luastate, ipver);
251  if (ipver == 0)
252  return 1;
253 
254  char srcip[46] = "", dstip[46] = "";
255  if (FLOW_IS_IPV4(f)) {
256  PrintInet(AF_INET, (const void *)&(f->src.addr_data32[0]), srcip, sizeof(srcip));
257  PrintInet(AF_INET, (const void *)&(f->dst.addr_data32[0]), dstip, sizeof(dstip));
258  } else if (FLOW_IS_IPV6(f)) {
259  PrintInet(AF_INET6, (const void *)&(f->src.address), srcip, sizeof(srcip));
260  PrintInet(AF_INET6, (const void *)&(f->dst.address), dstip, sizeof(dstip));
261  }
262 
263  lua_pushstring (luastate, srcip);
264  lua_pushstring (luastate, dstip);
265 
266  /* proto and ports (or type/code) */
267  lua_pushinteger(luastate, f->proto);
268  if (f->proto == IPPROTO_TCP || f->proto == IPPROTO_UDP) {
269  lua_pushinteger(luastate, f->sp);
270  lua_pushinteger(luastate, f->dp);
271 
272  } else if (f->proto == IPPROTO_ICMP || f->proto == IPPROTO_ICMPV6) {
273  lua_pushinteger(luastate, f->icmp_s.type);
274  lua_pushinteger(luastate, f->icmp_s.code);
275  } else {
276  lua_pushinteger(luastate, 0);
277  lua_pushinteger(luastate, 0);
278  }
279 
280  return 6;
281 }
282 
283 /** \internal
284  * \brief Wrapper for getting tuple info into a lua script
285  * \retval cnt number of items placed on the stack
286  */
287 static int LuaCallbackTupleFlow(lua_State *luastate)
288 {
289  int r = 0;
290  Flow *f = LuaStateGetFlow(luastate);
291  if (f == NULL)
292  return LuaCallbackError(luastate, "internal error: no flow");
293 
294  r = LuaCallbackTuplePushToStackFromFlow(luastate, f);
295 
296  return r;
297 }
298 
299 /** \internal
300  * \brief fill lua stack with AppLayerProto
301  * \param luastate the lua state
302  * \param alproto AppProto to push to stack as string
303  * \retval cnt number of data items placed on the stack
304  *
305  * Places: alproto as string (string)
306  */
307 static int LuaCallbackAppLayerProtoPushToStackFromFlow(lua_State *luastate, const AppProto alproto)
308 {
309  const char *string = AppProtoToString(alproto);
310  if (string == NULL)
311  string = "unknown";
312  lua_pushstring(luastate, string);
313  return 1;
314 }
315 
316 /** \internal
317  * \brief Wrapper for getting AppLayerProto info into a lua script
318  * \retval cnt number of items placed on the stack
319  */
320 static int LuaCallbackAppLayerProtoFlow(lua_State *luastate)
321 {
322  int r = 0;
323  Flow *f = LuaStateGetFlow(luastate);
324  if (f == NULL)
325  return LuaCallbackError(luastate, "internal error: no flow");
326 
327  r = LuaCallbackAppLayerProtoPushToStackFromFlow(luastate, f->alproto);
328  r += LuaCallbackAppLayerProtoPushToStackFromFlow(luastate, f->alproto_ts);
329  r += LuaCallbackAppLayerProtoPushToStackFromFlow(luastate, f->alproto_tc);
330  r += LuaCallbackAppLayerProtoPushToStackFromFlow(luastate, f->alproto_orig);
331  r += LuaCallbackAppLayerProtoPushToStackFromFlow(luastate, f->alproto_expect);
332 
333  return r;
334 }
335 
336 /** \internal
337  * \brief fill lua stack with flow stats
338  * \param luastate the lua state
339  * \param f flow, locked
340  * \retval cnt number of data items placed on the stack
341  *
342  * Places: ts pkts (number), ts bytes (number), tc pkts (number), tc bytes (number)
343  */
344 static int LuaCallbackStatsPushToStackFromFlow(lua_State *luastate, const Flow *f)
345 {
346  lua_pushinteger(luastate, f->todstpktcnt);
347  lua_pushinteger(luastate, f->todstbytecnt);
348  lua_pushinteger(luastate, f->tosrcpktcnt);
349  lua_pushinteger(luastate, f->tosrcbytecnt);
350  return 4;
351 }
352 
353 /** \internal
354  * \brief Wrapper for getting AppLayerProto info into a lua script
355  * \retval cnt number of items placed on the stack
356  */
357 static int LuaCallbackStatsFlow(lua_State *luastate)
358 {
359  int r = 0;
360  Flow *f = LuaStateGetFlow(luastate);
361  if (f == NULL)
362  return LuaCallbackError(luastate, "internal error: no flow");
363 
364  r = LuaCallbackStatsPushToStackFromFlow(luastate, f);
365 
366  return r;
367 }
368 
369 /** \internal
370  * \brief fill lua stack with flow id
371  * \param luastate the lua state
372  * \param f flow, locked
373  * \retval cnt number of data items placed on the stack
374  *
375  * Places: flow id (number)
376  */
377 static int LuaCallbackPushFlowIdToStackFromFlow(lua_State *luastate, const Flow *f)
378 {
379  int64_t id = FlowGetId(f);
380  lua_pushinteger(luastate, id);
381  return 1;
382 }
383 
384 /** \internal
385  * \brief Wrapper for getting FlowId into lua script
386  * \retval cnt number of items placed on the stack
387  */
388 static int LuaCallbackFlowId(lua_State *luastate)
389 {
390  int r = 0;
391  Flow *f = LuaStateGetFlow(luastate);
392  if (f == NULL)
393  return LuaCallbackError(luastate, "internal error: no flow");
394 
395  r = LuaCallbackPushFlowIdToStackFromFlow(luastate, f);
396 
397  return r;
398 }
399 
400 /** \internal
401  * \brief fill lua stack with signature info
402  * \param luastate the lua state
403  * \param s pointer to signature struct
404  * \retval cnt number of data items placed on the stack
405  *
406  * Places: sid (number), rev (number), gid (number)
407  */
408 static int LuaCallbackRuleIdsPushToStackFromSignature(lua_State *luastate, const Signature *s)
409 {
410  lua_pushinteger(luastate, s->id);
411  lua_pushinteger(luastate, s->rev);
412  lua_pushinteger(luastate, s->gid);
413  return 3;
414 }
415 
416 /** \internal
417  * \brief Wrapper for getting tuple info into a lua script
418  * \retval cnt number of items placed on the stack
419  *
420  * Info is pulled from PacketAlert if it exists in lua registry (true for logging scripts)
421  * otherwise pulled from Signature in lua registry (for match scripts)
422  */
423 static int LuaCallbackRuleIds(lua_State *luastate)
424 {
425  const Signature *s = NULL;
426  const PacketAlert *pa = LuaStateGetPacketAlert(luastate);
427  if (pa != NULL) {
428  s = pa->s;
429  } else {
430  s = LuaStateGetSignature(luastate);
431  if (s == NULL)
432  return LuaCallbackError(luastate, "internal error: no packet alert or signature");
433  }
434  return LuaCallbackRuleIdsPushToStackFromSignature(luastate, s);
435 }
436 
437 /** \internal
438  * \brief fill lua stack with signature info
439  * \param luastate the lua state
440  * \param s pointer to signature struct
441  * \retval cnt number of data items placed on the stack
442  *
443  * Places: action (string)
444  */
445 static int LuaCallbackRuleActionPushToStackFromSignature(lua_State *luastate, const Signature *s)
446 {
447  const char *action = "";
448  if (s->action & ACTION_PASS) {
449  action = "pass";
450  } else if ((s->action & ACTION_REJECT) || (s->action & ACTION_REJECT_BOTH) ||
451  (s->action & ACTION_REJECT_DST)) {
452  action = "reject";
453  } else if (s->action & ACTION_DROP) {
454  action = "drop";
455  } else if (s->action & ACTION_ALERT) {
456  action = "alert";
457  }
458  lua_pushstring(luastate, action);
459  return 1;
460 }
461 
462 /** \internal
463  * \brief Wrapper for getting tuple info into a lua script
464  * \retval cnt number of items placed on the stack
465  *
466  * Info is pulled from PacketAlert if it exists in lua registry (true for logging scripts)
467  * otherwise pulled from Signature in lua registry (for match scripts)
468  */
469 static int LuaCallbackRuleAction(lua_State *luastate)
470 {
471  const Signature *s = NULL;
472  const PacketAlert *pa = LuaStateGetPacketAlert(luastate);
473  if (pa != NULL) {
474  s = pa->s;
475  } else {
476  s = LuaStateGetSignature(luastate);
477  if (s == NULL)
478  return LuaCallbackError(luastate, "internal error: no packet alert or signature");
479  }
480  return LuaCallbackRuleActionPushToStackFromSignature(luastate, s);
481 }
482 
483 /** \internal
484  * \brief fill lua stack with signature info
485  * \param luastate the lua state
486  * \param s pointer to signature struct
487  * \retval cnt number of data items placed on the stack
488  *
489  * Places: msg (string)
490  */
491 static int LuaCallbackRuleMsgPushToStackFromSignature(lua_State *luastate, const Signature *s)
492 {
493  lua_pushstring(luastate, s->msg);
494  return 1;
495 }
496 
497 /** \internal
498  * \brief Wrapper for getting tuple info into a lua script
499  * \retval cnt number of items placed on the stack
500  *
501  * Info is pulled from PacketAlert if it exists in lua registry (true for logging scripts)
502  * otherwise pulled from Signature in lua registry (for match scripts)
503  */
504 static int LuaCallbackRuleMsg(lua_State *luastate)
505 {
506  const Signature *s = NULL;
507  const PacketAlert *pa = LuaStateGetPacketAlert(luastate);
508  if (pa != NULL) {
509  s = pa->s;
510  } else {
511  s = LuaStateGetSignature(luastate);
512  if (s == NULL)
513  return LuaCallbackError(luastate, "internal error: no packet alert or signature");
514  }
515  return LuaCallbackRuleMsgPushToStackFromSignature(luastate, s);
516 }
517 
518 /** \internal
519  * \brief fill lua stack with signature info
520  * \param luastate the lua state
521  * \param s pointer to signature struct
522  * \retval cnt number of data items placed on the stack
523  *
524  * Places: class (string), prio (number)
525  */
526 static int LuaCallbackRuleClassPushToStackFromSignature(lua_State *luastate, const Signature *s)
527 {
528  lua_pushstring(luastate, s->class_msg);
529  lua_pushinteger(luastate, s->prio);
530  return 2;
531 }
532 
533 /** \internal
534  * \brief Wrapper for getting tuple info into a lua script
535  * \retval cnt number of items placed on the stack
536  *
537  * Info is pulled from PacketAlert if it exists in lua registry (true for logging scripts)
538  * otherwise pulled from Signature in lua registry (for match scripts)
539  */
540 static int LuaCallbackRuleClass(lua_State *luastate)
541 {
542  const Signature *s = NULL;
543  const PacketAlert *pa = LuaStateGetPacketAlert(luastate);
544  if (pa != NULL) {
545  s = pa->s;
546  } else {
547  s = LuaStateGetSignature(luastate);
548  if (s == NULL)
549  return LuaCallbackError(luastate, "internal error: no packet alert or signature");
550  }
551  return LuaCallbackRuleClassPushToStackFromSignature(luastate, s);
552 }
553 
554 static int LuaCallbackLogPath(lua_State *luastate)
555 {
556  const char *ld = ConfigGetLogDirectory();
557  if (ld == NULL)
558  return LuaCallbackError(luastate, "internal error: no log dir");
559 
560  return LuaPushStringBuffer(luastate, (const uint8_t *)ld, strlen(ld));
561 }
562 
563 static int LuaCallbackLogDebug(lua_State *luastate)
564 {
565  const char *msg = LuaGetStringArgument(luastate, 1);
566  if (msg == NULL)
567  return LuaCallbackError(luastate, "1st argument missing, empty or wrong type");
568  SCLogDebug("%s", msg);
569  return 0;
570 }
571 
572 static int LuaCallbackLogInfo(lua_State *luastate)
573 {
574  const char *msg = LuaGetStringArgument(luastate, 1);
575  if (msg == NULL)
576  return LuaCallbackError(luastate, "1st argument missing, empty or wrong type");
577 
578  lua_Debug ar;
579  lua_getstack(luastate, 1, &ar);
580  lua_getinfo(luastate, "nSl", &ar);
581  const char *funcname = ar.name ? ar.name : ar.what;
582  SCLogInfoRaw(ar.short_src, funcname, ar.currentline, "%s", msg);
583  return 0;
584 }
585 
586 static int LuaCallbackLogNotice(lua_State *luastate)
587 {
588  const char *msg = LuaGetStringArgument(luastate, 1);
589  if (msg == NULL)
590  return LuaCallbackError(luastate, "1st argument missing, empty or wrong type");
591 
592  lua_Debug ar;
593  lua_getstack(luastate, 1, &ar);
594  lua_getinfo(luastate, "nSl", &ar);
595  const char *funcname = ar.name ? ar.name : ar.what;
596  SCLogNoticeRaw(ar.short_src, funcname, ar.currentline, "%s", msg);
597  return 0;
598 }
599 
600 static int LuaCallbackLogWarning(lua_State *luastate)
601 {
602  const char *msg = LuaGetStringArgument(luastate, 1);
603  if (msg == NULL)
604  return LuaCallbackError(luastate, "1st argument missing, empty or wrong type");
605 
606  lua_Debug ar;
607  lua_getstack(luastate, 1, &ar);
608  lua_getinfo(luastate, "nSl", &ar);
609  const char *funcname = ar.name ? ar.name : ar.what;
610  SCLogWarningRaw(ar.short_src, funcname, ar.currentline, "%s", msg);
611  return 0;
612 }
613 
614 static int LuaCallbackLogError(lua_State *luastate)
615 {
616  const char *msg = LuaGetStringArgument(luastate, 1);
617  if (msg == NULL)
618  return LuaCallbackError(luastate, "1st argument missing, empty or wrong type");
619  lua_Debug ar;
620  lua_getstack(luastate, 1, &ar);
621  lua_getinfo(luastate, "nSl", &ar);
622  const char *funcname = ar.name ? ar.name : ar.what;
623  SCLogErrorRaw(ar.short_src, funcname, ar.currentline, "%s", msg);
624  return 0;
625 }
626 
627 /** \internal
628  * \brief fill lua stack with file info
629  * \param luastate the lua state
630  * \param pa pointer to packet alert struct
631  * \retval cnt number of data items placed on the stack
632  *
633  * Places: fileid (number), txid (number), name (string),
634  * size (number), magic (string), md5 in hex (string),
635  * sha1 (string), sha256 (string)
636  */
637 static int LuaCallbackFileInfoPushToStackFromFile(lua_State *luastate, const File *file)
638 {
639  char *md5ptr = NULL;
640  char *sha1ptr = NULL;
641  char *sha256ptr = NULL;
642 
643  char md5[33] = "";
644  md5ptr = md5;
645  if (file->flags & FILE_MD5) {
646  size_t x;
647  for (x = 0; x < sizeof(file->md5); x++) {
648  char one[3] = "";
649  snprintf(one, sizeof(one), "%02x", file->md5[x]);
650  strlcat(md5, one, sizeof(md5));
651  }
652  }
653  char sha1[41] = "";
654  sha1ptr = sha1;
655  if (file->flags & FILE_SHA1) {
656  size_t x;
657  for (x = 0; x < sizeof(file->sha1); x++) {
658  char one[3] = "";
659  snprintf(one, sizeof(one), "%02x", file->sha1[x]);
660  strlcat(sha1, one, sizeof(sha1));
661  }
662  }
663  char sha256[65] = "";
664  sha256ptr = sha256;
665  if (file->flags & FILE_SHA256) {
666  size_t x;
667  for (x = 0; x < sizeof(file->sha256); x++) {
668  char one[3] = "";
669  snprintf(one, sizeof(one), "%02x", file->sha256[x]);
670  strlcat(sha256, one, sizeof(sha256));
671  }
672  }
673 
674  lua_Integer tx_id = LuaStateGetTxId(luastate);
675  lua_pushinteger(luastate, file->file_store_id);
676  lua_pushinteger(luastate, tx_id);
677  lua_pushlstring(luastate, (char *)file->name, file->name_len);
678  lua_pushinteger(luastate, FileTrackedSize(file));
679  lua_pushstring (luastate,
680 #ifdef HAVE_MAGIC
681  file->magic
682 #else
683  "nomagic"
684 #endif
685  );
686  lua_pushstring(luastate, md5ptr);
687  lua_pushstring(luastate, sha1ptr);
688  lua_pushstring(luastate, sha256ptr);
689  return 8;
690 }
691 
692 /** \internal
693  * \brief Wrapper for getting tuple info into a lua script
694  * \retval cnt number of items placed on the stack
695  */
696 static int LuaCallbackFileInfo(lua_State *luastate)
697 {
698  const File *file = LuaStateGetFile(luastate);
699  if (file == NULL)
700  return LuaCallbackError(luastate, "internal error: no file");
701 
702  return LuaCallbackFileInfoPushToStackFromFile(luastate, file);
703 }
704 
705 /** \internal
706  * \brief fill lua stack with file info
707  * \param luastate the lua state
708  * \param pa pointer to packet alert struct
709  * \retval cnt number of data items placed on the stack
710  *
711  * Places: state (string), stored (bool)
712  */
713 static int LuaCallbackFileStatePushToStackFromFile(lua_State *luastate, const File *file)
714 {
715  const char *state = "UNKNOWN";
716  switch (file->state) {
717  case FILE_STATE_CLOSED:
718  state = "CLOSED";
719  break;
720  case FILE_STATE_TRUNCATED:
721  state = "TRUNCATED";
722  break;
723  case FILE_STATE_ERROR:
724  state = "ERROR";
725  break;
726  case FILE_STATE_OPENED:
727  state = "OPENED";
728  break;
729  case FILE_STATE_NONE:
730  state = "NONE";
731  break;
732  case FILE_STATE_MAX:
733  break;
734  }
735 
736  lua_pushstring (luastate, state);
737  lua_pushboolean (luastate, file->flags & FILE_STORED);
738  return 2;
739 }
740 
741 /** \internal
742  * \brief Wrapper for getting tuple info into a lua script
743  * \retval cnt number of items placed on the stack
744  */
745 static int LuaCallbackFileState(lua_State *luastate)
746 {
747  const File *file = LuaStateGetFile(luastate);
748  if (file == NULL)
749  return LuaCallbackError(luastate, "internal error: no file");
750 
751  return LuaCallbackFileStatePushToStackFromFile(luastate, file);
752 }
753 
754 /** \internal
755  * \brief fill lua stack with thread info
756  * \param luastate the lua state
757  * \param pa pointer to packet alert struct
758  * \retval cnt number of data items placed on the stack
759  *
760  * Places: thread id (number), thread name (string, thread group name (string)
761  */
762 static int LuaCallbackThreadInfoPushToStackFromThreadVars(lua_State *luastate, const ThreadVars *tv)
763 {
764  unsigned long tid = SCGetThreadIdLong();
765  lua_pushinteger (luastate, (lua_Integer)tid);
766  lua_pushstring (luastate, tv->name);
767  lua_pushstring (luastate, tv->thread_group_name);
768  return 3;
769 }
770 
771 /** \internal
772  * \brief Wrapper for getting tuple info into a lua script
773  * \retval cnt number of items placed on the stack
774  */
775 static int LuaCallbackThreadInfo(lua_State *luastate)
776 {
777  const ThreadVars *tv = LuaStateGetThreadVars(luastate);
778  if (tv == NULL)
779  return LuaCallbackError(luastate, "internal error: no tv");
780 
781  return LuaCallbackThreadInfoPushToStackFromThreadVars(luastate, tv);
782 }
783 
784 int LuaRegisterFunctions(lua_State *luastate)
785 {
786  /* registration of the callbacks */
787  lua_pushcfunction(luastate, LuaCallbackFlowTimestamps);
788  lua_setglobal(luastate, "SCFlowTimestamps");
789  lua_pushcfunction(luastate, LuaCallbackFlowTimeString);
790  lua_setglobal(luastate, "SCFlowTimeString");
791  lua_pushcfunction(luastate, LuaCallbackTupleFlow);
792  lua_setglobal(luastate, "SCFlowTuple");
793  lua_pushcfunction(luastate, LuaCallbackAppLayerProtoFlow);
794  lua_setglobal(luastate, "SCFlowAppLayerProto");
795  lua_pushcfunction(luastate, LuaCallbackStatsFlow);
796  lua_setglobal(luastate, "SCFlowStats");
797  lua_pushcfunction(luastate, LuaCallbackFlowHasAlerts);
798  lua_setglobal(luastate, "SCFlowHasAlerts");
799  lua_pushcfunction(luastate, LuaCallbackFlowId);
800  lua_setglobal(luastate, "SCFlowId");
801 
802  lua_pushcfunction(luastate, LuaCallbackStreamingBuffer);
803  lua_setglobal(luastate, "SCStreamingBuffer");
804 
805  lua_pushcfunction(luastate, LuaCallbackLogPath);
806  lua_setglobal(luastate, "SCLogPath");
807 
808  lua_pushcfunction(luastate, LuaCallbackLogDebug);
809  lua_setglobal(luastate, "SCLogDebug");
810  lua_pushcfunction(luastate, LuaCallbackLogInfo);
811  lua_setglobal(luastate, "SCLogInfo");
812  lua_pushcfunction(luastate, LuaCallbackLogNotice);
813  lua_setglobal(luastate, "SCLogNotice");
814  lua_pushcfunction(luastate, LuaCallbackLogWarning);
815  lua_setglobal(luastate, "SCLogWarning");
816  lua_pushcfunction(luastate, LuaCallbackLogError);
817  lua_setglobal(luastate, "SCLogError");
818 
819 
820  lua_pushcfunction(luastate, LuaCallbackRuleIds);
821  lua_setglobal(luastate, "SCRuleIds");
822  lua_pushcfunction(luastate, LuaCallbackRuleAction);
823  lua_setglobal(luastate, "SCRuleAction");
824  lua_pushcfunction(luastate, LuaCallbackRuleMsg);
825  lua_setglobal(luastate, "SCRuleMsg");
826  lua_pushcfunction(luastate, LuaCallbackRuleClass);
827  lua_setglobal(luastate, "SCRuleClass");
828 
829  lua_pushcfunction(luastate, LuaCallbackFileInfo);
830  lua_setglobal(luastate, "SCFileInfo");
831  lua_pushcfunction(luastate, LuaCallbackFileState);
832  lua_setglobal(luastate, "SCFileState");
833 
834  lua_pushcfunction(luastate, LuaCallbackThreadInfo);
835  lua_setglobal(luastate, "SCThreadInfo");
836  return 0;
837 }
838 
839 int LuaStateNeedProto(lua_State *luastate, AppProto alproto)
840 {
841  AppProto flow_alproto = 0;
842  Flow *flow = LuaStateGetFlow(luastate);
843  if (flow == NULL)
844  return LuaCallbackError(luastate, "internal error: no flow");
845 
846  flow_alproto = flow->alproto;
847 
848  return (alproto == flow_alproto);
849 }
tm-threads.h
len
uint8_t len
Definition: app-layer-dnp3.h:2
LuaStateGetStreamingBuffer
LuaStreamingBuffer * LuaStateGetStreamingBuffer(lua_State *luastate)
Definition: util-lua.c:254
PacketAlert_::s
const struct Signature_ * s
Definition: decode.h:243
FLOW_IS_IPV6
#define FLOW_IS_IPV6(f)
Definition: flow.h:170
ThreadVars_::name
char name[16]
Definition: threadvars.h:65
util-lua-common.h
LuaPushTableKeyValueInt
void LuaPushTableKeyValueInt(lua_State *luastate, const char *key, int value)
Definition: util-lua-common.c:79
Flow_::startts
SCTime_t startts
Definition: flow.h:488
LuaStreamingBuffer_
Definition: util-lua.h:34
SCLogWarningRaw
#define SCLogWarningRaw(file, func, line,...)
Definition: util-debug.h:251
FILE_SHA256
#define FILE_SHA256
Definition: util-file.h:52
ACTION_PASS
#define ACTION_PASS
Definition: action-globals.h:34
ACTION_REJECT
#define ACTION_REJECT
Definition: action-globals.h:31
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
LuaStateGetSignature
Signature * LuaStateGetSignature(lua_State *luastate)
get signature pointer from the lua state
Definition: util-lua.c:207
Flow_::proto
uint8_t proto
Definition: flow.h:376
util-lua.h
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:85
LuaCallbackError
int LuaCallbackError(lua_State *luastate, const char *msg)
Definition: util-lua-common.c:59
action-globals.h
threads.h
FILE_STATE_OPENED
@ FILE_STATE_OPENED
Definition: util-file.h:70
Flow_
Flow data structure.
Definition: flow.h:354
File_::state
FileState state
Definition: util-file.h:82
AppProtoToString
const char * AppProtoToString(AppProto alproto)
Maps the ALPROTO_*, to its string equivalent.
Definition: app-layer-protos.c:40
File_::file_store_id
uint32_t file_store_id
Definition: util-file.h:85
Flow_::alproto_orig
AppProto alproto_orig
Definition: flow.h:454
util-privs.h
FILE_STATE_TRUNCATED
@ FILE_STATE_TRUNCATED
Definition: util-file.h:73
Flow_::dp
Port dp
Definition: flow.h:370
File_::sha1
uint8_t sha1[SC_SHA1_LEN]
Definition: util-file.h:96
Flow_::icmp_s
struct Flow_::@114::@120 icmp_s
util-unittest.h
lua_State
struct lua_State lua_State
Definition: suricata-common.h:515
Signature_::gid
uint32_t gid
Definition: detect.h:650
File_::name_len
uint16_t name_len
Definition: util-file.h:81
ACTION_REJECT_DST
#define ACTION_REJECT_DST
Definition: action-globals.h:32
Flow_::tosrcbytecnt
uint64_t tosrcbytecnt
Definition: flow.h:493
Flow_::dst
FlowAddress dst
Definition: flow.h:357
LuaStateGetThreadVars
ThreadVars * LuaStateGetThreadVars(lua_State *luastate)
get tv pointer from the lua state
Definition: util-lua.c:102
app-layer-htp.h
File_::md5
uint8_t md5[SC_MD5_LEN]
Definition: util-file.h:94
util-debug.h
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
Flow_::todstpktcnt
uint32_t todstpktcnt
Definition: flow.h:490
Flow_::lastts
SCTime_t lastts
Definition: flow.h:408
util-print.h
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:231
pkt-var.h
FileTrackedSize
uint64_t FileTrackedSize(const File *file)
get the size of the file
Definition: util-file.c:343
util-time.h
app-layer-parser.h
Flow_::todstbytecnt
uint64_t todstbytecnt
Definition: flow.h:492
FLOW_IS_IPV4
#define FLOW_IS_IPV4(f)
Definition: flow.h:168
Signature_::action
uint8_t action
Definition: detect.h:629
ACTION_ALERT
#define ACTION_ALERT
Definition: action-globals.h:29
conf.h
ThreadVars_::thread_group_name
char * thread_group_name
Definition: threadvars.h:67
SCTime_t
Definition: util-time.h:40
FILE_STATE_MAX
@ FILE_STATE_MAX
Definition: util-file.h:76
File_::name
uint8_t * name
Definition: util-file.h:88
util-proto-name.h
Flow_::alproto_expect
AppProto alproto_expect
Definition: flow.h:457
Flow_::src
FlowAddress src
Definition: flow.h:357
SCGetThreadIdLong
#define SCGetThreadIdLong(...)
Definition: threads.h:255
Signature_::class_msg
char * class_msg
Definition: detect.h:675
ACTION_REJECT_BOTH
#define ACTION_REJECT_BOTH
Definition: action-globals.h:33
File_::flags
uint16_t flags
Definition: util-file.h:80
FILE_STATE_CLOSED
@ FILE_STATE_CLOSED
Definition: util-file.h:71
File_
Definition: util-file.h:79
LuaPushTableKeyValueArray
void LuaPushTableKeyValueArray(lua_State *luastate, const char *key, const uint8_t *value, size_t len)
Definition: util-lua-common.c:97
util-conf.h
LuaStateGetTxId
uint64_t LuaStateGetTxId(lua_State *luastate)
get tx id from the lua state
Definition: util-lua.c:143
suricata-common.h
OUTPUT_STREAMING_FLAG_OPEN
#define OUTPUT_STREAMING_FLAG_OPEN
Definition: output-streaming.h:29
LuaStreamingBuffer_::data_len
uint32_t data_len
Definition: util-lua.h:36
LuaStateGetPacketAlert
PacketAlert * LuaStateGetPacketAlert(lua_State *luastate)
get packet alert pointer from the lua state
Definition: util-lua.c:191
LuaStreamingBuffer_::data
const uint8_t * data
Definition: util-lua.h:35
FILE_STORED
#define FILE_STORED
Definition: util-file.h:56
ACTION_DROP
#define ACTION_DROP
Definition: action-globals.h:30
SCTIME_SECS
#define SCTIME_SECS(t)
Definition: util-time.h:57
FILE_MD5
#define FILE_MD5
Definition: util-file.h:48
Signature_::rev
uint32_t rev
Definition: detect.h:651
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
File_::sha256
uint8_t sha256[SC_SHA256_LEN]
Definition: util-file.h:98
Signature_::prio
int prio
Definition: detect.h:652
threadvars.h
ConfigGetLogDirectory
const char * ConfigGetLogDirectory(void)
Definition: util-conf.c:38
OUTPUT_STREAMING_FLAG_TOSERVER
#define OUTPUT_STREAMING_FLAG_TOSERVER
Definition: output-streaming.h:31
str
#define str(s)
Definition: suricata-common.h:300
Flow_::alproto_ts
AppProto alproto_ts
Definition: flow.h:449
SCLogNoticeRaw
#define SCLogNoticeRaw(file, func, line,...)
Definition: util-debug.h:239
util-logopenfile.h
Signature_::id
uint32_t id
Definition: detect.h:649
LuaStateGetFile
File * LuaStateGetFile(lua_State *luastate)
get file pointer from the lua state
Definition: util-lua.c:223
util-buffer.h
Signature_
Signature container.
Definition: detect.h:614
LuaStateGetFlow
Flow * LuaStateGetFlow(lua_State *luastate)
get flow pointer from lua state
Definition: util-lua.c:161
OUTPUT_STREAMING_FLAG_CLOSE
#define OUTPUT_STREAMING_FLAG_CLOSE
Definition: output-streaming.h:30
FILE_SHA1
#define FILE_SHA1
Definition: util-file.h:50
OUTPUT_STREAMING_FLAG_TOCLIENT
#define OUTPUT_STREAMING_FLAG_TOCLIENT
Definition: output-streaming.h:32
SCLogInfoRaw
#define SCLogInfoRaw(file, func, line,...)
Definition: util-debug.h:225
PacketAlert_
Definition: decode.h:239
LuaGetStringArgument
const char * LuaGetStringArgument(lua_State *luastate, int argc)
Definition: util-lua-common.c:66
FlowHasAlerts
int FlowHasAlerts(const Flow *f)
Check if flow has alerts.
Definition: flow.c:162
Flow_::sp
Port sp
Definition: flow.h:359
LuaPushTableKeyValueString
void LuaPushTableKeyValueString(lua_State *luastate, const char *key, const char *value)
Push a key plus string value to the stack.
Definition: util-lua-common.c:90
Signature_::msg
char * msg
Definition: detect.h:672
SCLogErrorRaw
#define SCLogErrorRaw(file, func, line,...)
Definition: util-debug.h:263
Flow_::alproto_tc
AppProto alproto_tc
Definition: flow.h:450
msg
const char * msg
Definition: app-layer-htp.c:559
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:448
FILE_STATE_ERROR
@ FILE_STATE_ERROR
Definition: util-file.h:75
LuaRegisterFunctions
int LuaRegisterFunctions(lua_State *luastate)
Definition: util-lua-common.c:784
LuaStateNeedProto
int LuaStateNeedProto(lua_State *luastate, AppProto alproto)
Definition: util-lua-common.c:839
FlowAddress_::address
union FlowAddress_::@113 address
Flow_::tosrcpktcnt
uint32_t tosrcpktcnt
Definition: flow.h:491
CreateTimeString
void CreateTimeString(const SCTime_t ts, char *str, size_t size)
Definition: util-time.c:272
LuaStreamingBuffer_::flags
uint8_t flags
Definition: util-lua.h:37
output.h
FILE_STATE_NONE
@ FILE_STATE_NONE
Definition: util-file.h:69
LuaPushStringBuffer
int LuaPushStringBuffer(lua_State *luastate, const uint8_t *input, size_t input_len)
Definition: util-lua.c:319
app-layer.h
SCTIME_USECS
#define SCTIME_USECS(t)
Definition: util-time.h:56