detect-lua: implement sticky buffer

This patch implement an option named 'buffer' that can be used in the
init function of a lua signature:

 function init (args)
     local needs = {}
     needs["buffer"] = tostring(true)
     return needs
 end

With this, the lua script will get access to the sticky buffer
content.

diff --git a/src/detect-lua.c b/src/detect-lua.c
index 082773b23c863711baf709c9a696303f1a242a42..d8c2638830327ac918791ffc52cb53829acd35fb 100644 (file)
--- a/src/detect-lua.c
+++ b/src/detect-lua.c
@@ -174,6 +174,8 @@ static int InspectSmtpGeneric(ThreadVars *tv,
 
 #define DATATYPE_DNP3                       (1<<21)
 
+#define DATATYPE_BUFFER                     (1<<22)
+
 #if 0
 /** \brief dump stack from lua state to screen */
 void LuaDumpStack(lua_State *state)
@@ -820,6 +822,14 @@ static int DetectLuaSetupPrime(DetectEngineCtx *de_ctx, DetectLuaData *ld)
             ld->flags |= DATATYPE_PACKET;
         } else if (strcmp(k, "payload") == 0 && strcmp(v, "true") == 0) {
             ld->flags |= DATATYPE_PAYLOAD;
+        } else if (strcmp(k, "buffer") == 0 && strcmp(v, "true") == 0) {
+            ld->flags |= DATATYPE_BUFFER;
+
+            ld->buffername = SCStrdup("buffer");
+            if (ld->buffername == NULL) {
+                SCLogError(SC_ERR_LUA_ERROR, "alloc error");
+                goto error;
+            }
         } else if (strcmp(k, "stream") == 0 && strcmp(v, "true") == 0) {
             ld->flags |= DATATYPE_STREAM;
 
@@ -997,8 +1007,17 @@ static int DetectLuaSetup (DetectEngineCtx *de_ctx, Signature *s, const char *st
     if (lua->alproto == ALPROTO_UNKNOWN) {
         if (lua->flags & DATATYPE_STREAM)
             list = DETECT_SM_LIST_PMATCH;
-        else
-            list = DETECT_SM_LIST_MATCH;
+        else {
+            if (lua->flags & DATATYPE_BUFFER) {
+                if (DetectBufferGetActiveList(de_ctx, s) != -1) {
+                    list = s->init_data->list;
+                } else {
+                    SCLogError(SC_ERR_LUA_ERROR, "Lua and sticky buffer failure");
+                    goto error;
+                }
+            } else
+                list = DETECT_SM_LIST_MATCH;
+        }
 
     } else if (lua->alproto == ALPROTO_HTTP) {
         if (lua->flags & DATATYPE_HTTP_RESPONSE_BODY) {