suricata
Data Structures | Typedefs | Functions
util-lua-sandbox.h File Reference
#include "lua.h"
#include "suricata-common.h"
Include dependency graph for util-lua-sandbox.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  SCLuaSbState
 

Typedefs

typedef struct SCLuaSbState SCLuaSbState
 

Functions

lua_StateSCLuaSbStateNew (uint64_t alloclimit, uint64_t instructionlimit)
 Allocate a new Lua sandbox. More...
 
void SCLuaSbStateClose (lua_State *sb)
 
SCLuaSbStateSCLuaSbGetContext (lua_State *L)
 
void SCLuaSbResetInstructionCounter (lua_State *sb)
 
void SCLuaSbLoadLibs (lua_State *L)
 
uint64_t SCLuaSbResetBytesLimit (lua_State *L)
 
void SCLuaSbUpdateBytesLimit (lua_State *L)
 
void SCLuaSbRestoreBytesLimit (lua_State *L, const uint64_t cfg_limit)
 

Detailed Description

Author
Jo Johnson pyroj.nosp@m.oe31.nosp@m.4@gma.nosp@m.il.c.nosp@m.om

Definition in file util-lua-sandbox.h.

Typedef Documentation

◆ SCLuaSbState

typedef struct SCLuaSbState SCLuaSbState

Function Documentation

◆ SCLuaSbGetContext()

SCLuaSbState* SCLuaSbGetContext ( lua_State L)

Retreive the SCLuaSbState from a lua_State.

Get the Suricata Lua sandbox context from the lua_State.

Note: May return null if this Lua state was not allocated from the sandbox.

Definition at line 352 of file util-lua-sandbox.c.

References ctx, and SANDBOX_CTX.

Referenced by SCLuaSbResetBytesLimit(), SCLuaSbResetInstructionCounter(), SCLuaSbRestoreBytesLimit(), SCLuaSbStateClose(), and SCLuaSbUpdateBytesLimit().

Here is the caller graph for this function:

◆ SCLuaSbLoadLibs()

void SCLuaSbLoadLibs ( lua_State L)

Load allowed Lua libraries into the state.

Functions from each library that are not in the allowed list are replaced with LuaBlockedFunction.

Definition at line 280 of file util-lua-sandbox.c.

◆ SCLuaSbResetBytesLimit()

uint64_t SCLuaSbResetBytesLimit ( lua_State L)

Definition at line 385 of file util-lua-sandbox.c.

References SCLuaSbState::alloc_limit, and SCLuaSbGetContext().

Referenced by DetectLuaMatchBuffer().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SCLuaSbResetInstructionCounter()

void SCLuaSbResetInstructionCounter ( lua_State L)

Reset the instruction counter for the provided state.

Definition at line 415 of file util-lua-sandbox.c.

References SCLuaSbState::blocked_function_error, SCLuaSbState::instruction_count, SCLuaSbState::instruction_count_error, and SCLuaSbGetContext().

Here is the call graph for this function:

◆ SCLuaSbRestoreBytesLimit()

void SCLuaSbRestoreBytesLimit ( lua_State L,
const uint64_t  cfg_limit 
)

Definition at line 404 of file util-lua-sandbox.c.

References SCLuaSbState::alloc_limit, and SCLuaSbGetContext().

Referenced by DetectLuaMatchBuffer().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SCLuaSbStateClose()

void SCLuaSbStateClose ( lua_State sb)

Definition at line 361 of file util-lua-sandbox.c.

References SCLuaSbState::alloc_bytes, BUG_ON, SCLuaSbState::L, SCFree, and SCLuaSbGetContext().

Here is the call graph for this function:

◆ SCLuaSbStateNew()

lua_State* SCLuaSbStateNew ( uint64_t  alloclimit,
uint64_t  instructionlimit 
)

Allocate a new Lua sandbox.

Returns
An allocated sandbox state or NULL if memory allocation fails.

Definition at line 320 of file util-lua-sandbox.c.

References SCLuaSbState::alloc_bytes, SCLuaSbState::alloc_limit, SCLuaSbState::hook_instruction_count, SCLuaSbState::instruction_limit, SCLuaSbState::L, and SCCalloc.

◆ SCLuaSbUpdateBytesLimit()

void SCLuaSbUpdateBytesLimit ( lua_State L)

Definition at line 396 of file util-lua-sandbox.c.

References SCLuaSbState::alloc_bytes, SCLuaSbState::alloc_limit, and SCLuaSbGetContext().

Referenced by DetectLuaMatchBuffer().

Here is the call graph for this function:
Here is the caller graph for this function: