]>
Commit | Line | Data |
---|---|---|
0c4bf2d3 EL |
1 | .. _lua-scripting: |
2 | ||
3366571e | 3 | Lua Scripting |
1e6df87e JI |
4 | ============= |
5 | ||
1e6df87e JI |
6 | Syntax: |
7 | ||
8 | :: | |
9 | ||
73b355e2 | 10 | lua:[!]<scriptfilename>; |
1e6df87e JI |
11 | |
12 | The script filename will be appended to your default rules location. | |
13 | ||
14 | The script has 2 parts, an init function and a match function. First, the init. | |
15 | ||
16 | Init function | |
17 | ------------- | |
18 | ||
1e6df87e JI |
19 | .. code-block:: lua |
20 | ||
21 | function init (args) | |
22 | local needs = {} | |
23 | needs["http.request_line"] = tostring(true) | |
24 | return needs | |
25 | end | |
26 | ||
27 | The init function registers the buffer(s) that need | |
28 | inspection. Currently the following are available: | |
29 | ||
30 | * packet -- entire packet, including headers | |
31 | * payload -- packet payload (not stream) | |
360a6ace | 32 | * buffer -- the current sticky buffer |
59e5a21f JF |
33 | * stream |
34 | * dnp3 | |
35 | * dns.request | |
36 | * dns.response | |
37 | * dns.rrname | |
38 | * ssh | |
39 | * smtp | |
40 | * tls | |
1e6df87e JI |
41 | * http.uri |
42 | * http.uri.raw | |
43 | * http.request_line | |
44 | * http.request_headers | |
45 | * http.request_headers.raw | |
46 | * http.request_cookie | |
47 | * http.request_user_agent | |
48 | * http.request_body | |
49 | * http.response_headers | |
50 | * http.response_headers.raw | |
51 | * http.response_body | |
52 | * http.response_cookie | |
53 | ||
54 | All the HTTP buffers have a limitation: only one can be inspected by a | |
55 | script at a time. | |
56 | ||
57 | Match function | |
58 | -------------- | |
59 | ||
60 | .. code-block:: lua | |
61 | ||
62 | function match(args) | |
63 | a = tostring(args["http.request_line"]) | |
64 | if #a > 0 then | |
65 | if a:find("^POST%s+/.*%.php%s+HTTP/1.0$") then | |
66 | return 1 | |
67 | end | |
68 | end | |
69 | ||
70 | return 0 | |
71 | end | |
72 | ||
73 | The script can return 1 or 0. It should return 1 if the condition(s) | |
74 | it checks for match, 0 if not. | |
75 | ||
76 | Entire script: | |
77 | ||
78 | .. code-block:: lua | |
79 | ||
80 | function init (args) | |
81 | local needs = {} | |
82 | needs["http.request_line"] = tostring(true) | |
83 | return needs | |
84 | end | |
85 | ||
86 | function match(args) | |
87 | a = tostring(args["http.request_line"]) | |
88 | if #a > 0 then | |
89 | if a:find("^POST%s+/.*%.php%s+HTTP/1.0$") then | |
90 | return 1 | |
91 | end | |
92 | end | |
93 | ||
94 | return 0 | |
95 | end | |
96 | ||
97 | return 0 | |
e7f1736f JF |
98 | |
99 | A comprehensive list of existing lua functions - with examples - can be found at :ref:`lua-functions` (some of them, however, | |
100 | work only for the lua-output functionality). |