suricata
util-lua-rule.c
Go to the documentation of this file.
1 /* Copyright (C) 2025 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 #include "action-globals.h"
20 #include "app-layer.h"
21 #include "util-lua-rule.h"
22 #include "util-lua-common.h"
23 #include "util-lua.h"
24 
25 #include "lauxlib.h"
26 
27 static const char suricata_rule_mt[] = "suricata:rule:mt";
28 
29 static int LuaRuleGetRule(lua_State *L)
30 {
31  const PacketAlert *pa = LuaStateGetPacketAlert(L);
32  const Signature *s = NULL;
33  if (pa != NULL) {
34  s = pa->s;
35  } else {
36  s = LuaStateGetSignature(L);
37  }
38  if (s == NULL) {
39  return LuaCallbackError(L, "internal error: no packet alert or signature");
40  }
41 
42  void **p = lua_newuserdata(L, sizeof(*p));
43  if (p == NULL) {
44  return LuaCallbackError(L, "error: failed to allocate user data");
45  }
46  *p = (void *)s;
47 
48  luaL_getmetatable(L, suricata_rule_mt);
49  lua_setmetatable(L, -2);
50 
51  return 1;
52 }
53 
54 static int LuaRuleGetSid(lua_State *L)
55 {
56  void **data = luaL_testudata(L, 1, suricata_rule_mt);
57  if (data == NULL) {
58  lua_pushnil(L);
59  return 1;
60  }
61  const Signature *s = *data;
62  lua_pushinteger(L, s->id);
63  return 1;
64 }
65 
66 static int LuaRuleGetGid(lua_State *L)
67 {
68  void **data = luaL_testudata(L, 1, suricata_rule_mt);
69  if (data == NULL) {
70  lua_pushnil(L);
71  return 1;
72  }
73  const Signature *s = *data;
74  lua_pushinteger(L, s->gid);
75  return 1;
76 }
77 
78 static int LuaRuleGetRev(lua_State *L)
79 {
80  void **data = luaL_testudata(L, 1, suricata_rule_mt);
81  if (data == NULL) {
82  lua_pushnil(L);
83  return 1;
84  }
85  const Signature *s = *data;
86  lua_pushinteger(L, s->rev);
87  return 1;
88 }
89 
90 static int LuaRuleGetAction(lua_State *L)
91 {
92  void **data = luaL_testudata(L, 1, suricata_rule_mt);
93  if (data == NULL) {
94  lua_pushnil(L);
95  return 1;
96  }
97  const Signature *s = *data;
98 
99  const char *action = "";
100  if (s->action & ACTION_PASS) {
101  action = "pass";
102  } else if ((s->action & ACTION_REJECT) || (s->action & ACTION_REJECT_BOTH) ||
103  (s->action & ACTION_REJECT_DST)) {
104  action = "reject";
105  } else if (s->action & ACTION_DROP) {
106  action = "drop";
107  } else if (s->action & ACTION_ALERT) {
108  action = "alert";
109  }
110  lua_pushstring(L, action);
111  return 1;
112 }
113 
114 static int LuaRuleGetMsg(lua_State *L)
115 {
116  void **data = luaL_testudata(L, 1, suricata_rule_mt);
117  if (data == NULL) {
118  lua_pushnil(L);
119  return 1;
120  }
121  const Signature *s = *data;
122  lua_pushstring(L, s->msg);
123  return 1;
124 }
125 
126 static int LuaRuleGetClassDescription(lua_State *L)
127 {
128  void **data = luaL_testudata(L, 1, suricata_rule_mt);
129  if (data == NULL) {
130  lua_pushnil(L);
131  return 1;
132  }
133  const Signature *s = *data;
134  lua_pushstring(L, s->class_msg);
135  return 1;
136 }
137 
138 static int LuaRuleGetPriority(lua_State *L)
139 {
140  void **data = luaL_testudata(L, 1, suricata_rule_mt);
141  if (data == NULL) {
142  lua_pushnil(L);
143  return 1;
144  }
145  const Signature *s = *data;
146  lua_pushinteger(L, s->prio);
147  return 1;
148 }
149 
150 static const struct luaL_Reg rulemt[] = {
151  // clang-format off
152  { "action", LuaRuleGetAction },
153  { "class_description", LuaRuleGetClassDescription, },
154  { "gid", LuaRuleGetGid, },
155  { "msg", LuaRuleGetMsg },
156  { "priority", LuaRuleGetPriority },
157  { "rev", LuaRuleGetRev, },
158  { "sid", LuaRuleGetSid, },
159  { NULL, NULL },
160  // clang-format on
161 };
162 
163 static const struct luaL_Reg rulelib[] = {
164  // clang-format off
165  { "get_rule", LuaRuleGetRule, },
166  { NULL, NULL, }
167  // clang-format on
168 };
169 
170 int SCLuaLoadRuleLib(lua_State *L)
171 {
172  luaL_newmetatable(L, suricata_rule_mt);
173  lua_pushvalue(L, -1);
174  lua_setfield(L, -2, "__index");
175  luaL_setfuncs(L, rulemt, 0);
176 
177  luaL_newlib(L, rulelib);
178 
179  return 1;
180 }
PacketAlert_::s
const struct Signature_ * s
Definition: decode.h:247
util-lua-common.h
ACTION_PASS
#define ACTION_PASS
Definition: action-globals.h:34
ACTION_REJECT
#define ACTION_REJECT
Definition: action-globals.h:31
LuaStateGetSignature
Signature * LuaStateGetSignature(lua_State *luastate)
get signature pointer from the lua state
Definition: util-lua.c:207
util-lua.h
LuaCallbackError
int LuaCallbackError(lua_State *luastate, const char *msg)
Definition: util-lua-common.c:59
action-globals.h
LuaPacket::p
Packet * p
Definition: util-lua-packetlib.c:41
lua_State
struct lua_State lua_State
Definition: suricata-common.h:523
Signature_::gid
uint32_t gid
Definition: detect.h:716
ACTION_REJECT_DST
#define ACTION_REJECT_DST
Definition: action-globals.h:32
Signature_::action
uint8_t action
Definition: detect.h:685
ACTION_ALERT
#define ACTION_ALERT
Definition: action-globals.h:29
Signature_::class_msg
char * class_msg
Definition: detect.h:741
ACTION_REJECT_BOTH
#define ACTION_REJECT_BOTH
Definition: action-globals.h:33
suricata-common.h
LuaStateGetPacketAlert
PacketAlert * LuaStateGetPacketAlert(lua_State *luastate)
get packet alert pointer from the lua state
Definition: util-lua.c:191
ACTION_DROP
#define ACTION_DROP
Definition: action-globals.h:30
Signature_::rev
uint32_t rev
Definition: detect.h:717
Signature_::prio
int prio
Definition: detect.h:718
Signature_::id
uint32_t id
Definition: detect.h:715
util-lua-rule.h
Signature_
Signature container.
Definition: detect.h:670
PacketAlert_
Definition: decode.h:243
Signature_::msg
char * msg
Definition: detect.h:738
SCLuaLoadRuleLib
int SCLuaLoadRuleLib(lua_State *L)
Definition: util-lua-rule.c:170
app-layer.h