suricata
util-lua-flowvarlib.c
Go to the documentation of this file.
1 /* Copyright (C) 2025 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 #include "app-layer-protos.h"
20 #include "flow-var.h"
21 #include "lauxlib.h"
22 #include "util-debug.h"
23 #include "util-lua-common.h"
24 #include "util-lua-flowvarlib.h"
25 #include "util-lua.h"
26 #include "util-var-name.h"
27 #include "detect-lua.h"
28 #include "detect-lua-extensions.h"
29 
30 static const char suricata_flowvar_mt[] = "suricata:flowvar:mt";
31 
32 static DetectLuaData *GetLuaData(lua_State *luastate)
33 {
34  DetectLuaData *ld;
35  lua_pushlightuserdata(luastate, (void *)&luaext_key_ld);
36  lua_gettable(luastate, LUA_REGISTRYINDEX);
37  ld = lua_touserdata(luastate, -1);
38  return ld;
39 }
40 
41 /**
42  * \brief Register a flowvar.
43  *
44  * Ensures that a flowvar exists for the provided name, will be
45  * created if needed.
46  *
47  * The flowvar ID is returned, however as this is most likely to be
48  * used in the scripts "init" method, this ID is unlikely to be used.
49  */
50 static int LuaFlowvarRegister(lua_State *L)
51 {
52  DetectLuaData *ld = GetLuaData(L);
53  const char *name = luaL_checkstring(L, 1);
54  uint32_t *flowvar_id = lua_newuserdata(L, sizeof(*flowvar_id));
55  *flowvar_id = VarNameStoreRegister(name, VAR_TYPE_FLOW_VAR);
56  if (*flowvar_id == 0) {
57  return luaL_error(L, "failed to register flowvar");
58  }
59  if (ld->flowvars >= DETECT_LUA_MAX_FLOWVARS) {
60  return luaL_error(L, "too many flowvars registered");
61  }
62  ld->flowvar[ld->flowvars++] = *flowvar_id;
63 
64  luaL_getmetatable(L, suricata_flowvar_mt);
65  lua_setmetatable(L, -2);
66 
67  return 1;
68 }
69 
70 static int LuaFlowvarGet(lua_State *L)
71 {
72  const char *name = luaL_checkstring(L, 1);
73  uint32_t *flowvar_id = lua_newuserdata(L, sizeof(*flowvar_id));
74  *flowvar_id = VarNameStoreLookupByName(name, VAR_TYPE_FLOW_VAR);
75  if (*flowvar_id == 0) {
76  return luaL_error(L, "flowvar does not exist");
77  }
78 
79  luaL_getmetatable(L, suricata_flowvar_mt);
80  lua_setmetatable(L, -2);
81 
82  return 1;
83 }
84 
85 static int LuaFlowvarValue(lua_State *L)
86 {
87  uint32_t *flowvar_id = luaL_checkudata(L, 1, suricata_flowvar_mt);
88  Flow *f = LuaStateGetFlow(L);
89  if (f == NULL) {
90  return LuaCallbackError(L, "flow is NULL");
91  }
92  FlowVar *fv = FlowVarGet(f, *flowvar_id);
93  if (fv == NULL) {
94  lua_pushnil(L);
95  } else {
96  LuaPushStringBuffer(
97  L, (const uint8_t *)fv->data.fv_str.value, (size_t)fv->data.fv_str.value_len);
98  }
99  return 1;
100 }
101 
102 static int LuaFlowvarSet(lua_State *L)
103 {
104  const char *value = luaL_checkstring(L, 2);
105  const int len = (int)luaL_checkinteger(L, 3);
106  uint32_t *flowvar_id = luaL_checkudata(L, 1, suricata_flowvar_mt);
107  Flow *f = LuaStateGetFlow(L);
108  if (f == NULL) {
109  return luaL_error(L, "no flow");
110  }
111 
112  uint8_t *buf = SCMalloc(len + 1);
113  if (buf == NULL) {
114  return luaL_error(L, "alloc failure");
115  }
116  memcpy(buf, value, len);
117  buf[len] = '\0';
118  FlowVarAddIdValue(f, *flowvar_id, buf, (uint16_t)len);
119 
120  return 1;
121 }
122 
123 static const luaL_Reg flowvarlib[] = {
124  // clang-format off
125  { "register", LuaFlowvarRegister, },
126  { "get", LuaFlowvarGet },
127  { NULL, NULL, },
128  // clang-format on
129 };
130 
131 static const luaL_Reg flowvarmt[] = {
132  // clang-format off
133  { "value", LuaFlowvarValue, },
134  { "set", LuaFlowvarSet, },
135  { NULL, NULL, },
136  // clang-format on
137 };
138 
139 int LuaLoadFlowvarLib(lua_State *L)
140 {
141  luaL_newmetatable(L, suricata_flowvar_mt);
142  lua_pushvalue(L, -1);
143  lua_setfield(L, -2, "__index");
144  luaL_setfuncs(L, flowvarmt, 0);
145 
146  luaL_newlib(L, flowvarlib);
147  return 1;
148 }
DetectLuaData
Definition: detect-lua.h:44
len
uint8_t len
Definition: app-layer-dnp3.h:2
util-lua-common.h
name
const char * name
Definition: detect-engine-proto.c:48
util-lua.h
LuaCallbackError
int LuaCallbackError(lua_State *luastate, const char *msg)
Definition: util-lua-common.c:39
FlowVarTypeStr::value_len
uint16_t value_len
Definition: flow-var.h:41
Flow_
Flow data structure.
Definition: flow.h:349
FlowVar_::fv_str
FlowVarTypeStr fv_str
Definition: flow-var.h:64
detect-lua.h
DETECT_LUA_MAX_FLOWVARS
#define DETECT_LUA_MAX_FLOWVARS
Definition: detect-lua.h:35
util-var-name.h
DetectLuaData::flowvar
uint32_t flowvar[DETECT_LUA_MAX_FLOWVARS]
Definition: detect-lua.h:53
VarNameStoreRegister
uint32_t VarNameStoreRegister(const char *name, const enum VarTypes type)
Definition: util-var-name.c:155
lua_State
struct lua_State lua_State
Definition: suricata-common.h:528
VarNameStoreLookupByName
uint32_t VarNameStoreLookupByName(const char *name, const enum VarTypes type)
find name for id+type at packet time. As the active store won't be modified, we don't need locks.
Definition: util-var-name.c:326
util-debug.h
FlowVarAddIdValue
void FlowVarAddIdValue(Flow *f, uint32_t idx, uint8_t *value, uint16_t size)
Definition: flow-var.c:120
LuaFlow::f
Flow * f
Definition: util-lua-flowlib.c:41
FlowVarTypeStr::value
uint8_t * value
Definition: flow-var.h:40
detect-lua-extensions.h
suricata-common.h
LuaLoadFlowvarLib
int LuaLoadFlowvarLib(lua_State *L)
Definition: util-lua-flowvarlib.c:139
FlowVar_::data
union FlowVar_::@116 data
DetectLuaData::flowvars
uint16_t flowvars
Definition: detect-lua.h:52
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
luaext_key_ld
const char luaext_key_ld[]
Definition: detect-lua-extensions.c:45
VAR_TYPE_FLOW_VAR
@ VAR_TYPE_FLOW_VAR
Definition: util-var.h:39
LuaStateGetFlow
Flow * LuaStateGetFlow(lua_State *luastate)
get flow pointer from lua state
Definition: util-lua.c:161
app-layer-protos.h
util-lua-flowvarlib.h
FlowVarGet
FlowVar * FlowVarGet(Flow *f, uint32_t idx)
get the flowvar with index 'idx' from the flow
Definition: flow-var.c:84
flow-var.h
FlowVar_
Definition: flow-var.h:55
LuaPushStringBuffer
int LuaPushStringBuffer(lua_State *luastate, const uint8_t *input, size_t input_len)
Definition: util-lua.c:319