From: Victor Julien Date: Thu, 22 Dec 2016 12:29:07 +0000 (+0100) Subject: lua: convert lua output to be tx aware X-Git-Tag: suricata-4.0.0-beta1~349 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96b8100a511b7abeca5a2b801ba26e8a7daef892;p=thirdparty%2Fsuricata.git lua: convert lua output to be tx aware --- diff --git a/src/app-layer-ssh.h b/src/app-layer-ssh.h index bf8d50b94c..7fa368812b 100644 --- a/src/app-layer-ssh.h +++ b/src/app-layer-ssh.h @@ -32,8 +32,6 @@ * must be ciphered, so the parsing finish here */ #define SSH_FLAG_PARSER_DONE 0x02 -#define SSH_FLAG_STATE_LOGGED_LUA 0x08 - /* MSG_CODE */ #define SSH_MSG_NEWKEYS 21 diff --git a/src/output-lua.c b/src/output-lua.c index d9a6dc497a..081a0bd441 100644 --- a/src/output-lua.c +++ b/src/output-lua.c @@ -236,81 +236,6 @@ static int LuaPacketConditionAlerts(ThreadVars *tv, const Packet *p) return FALSE; } -/** \internal - * \brief Packet Logger for lua scripts, for ssh - * - * A single call to this function will run one script for a single - * packet. If it is called, it means that the registered condition - * function has returned TRUE. - * - * The script is called once for each packet. - */ -static int LuaPacketLoggerSsh(ThreadVars *tv, void *thread_data, const Packet *p) -{ - LogLuaThreadCtx *td = (LogLuaThreadCtx *)thread_data; - - char timebuf[64]; - CreateTimeString(&p->ts, timebuf, sizeof(timebuf)); - - SCMutexLock(&td->lua_ctx->m); - - lua_getglobal(td->lua_ctx->luastate, "log"); - - LuaStateSetThreadVars(td->lua_ctx->luastate, tv); - LuaStateSetPacket(td->lua_ctx->luastate, (Packet *)p); - LuaStateSetFlow(td->lua_ctx->luastate, p->flow); - - int retval = lua_pcall(td->lua_ctx->luastate, 0, 0, 0); - if (retval != 0) { - SCLogInfo("failed to run script: %s", lua_tostring(td->lua_ctx->luastate, -1)); - } - - SCMutexUnlock(&td->lua_ctx->m); - - SshState *ssh_state = (SshState *)FlowGetAppState(p->flow); - if (ssh_state != NULL) - ssh_state->cli_hdr.flags |= SSH_FLAG_STATE_LOGGED_LUA; - - SCReturnInt(0); -} - -static int LuaPacketConditionSsh(ThreadVars *tv, const Packet *p) -{ - if (p->flow == NULL) { - return FALSE; - } - - if (!(PKT_IS_IPV4(p)) && !(PKT_IS_IPV6(p))) { - return FALSE; - } - - if (!(PKT_IS_TCP(p))) { - return FALSE; - } - - uint16_t proto = FlowGetAppProtocol(p->flow); - if (proto != ALPROTO_SSH) - goto dontlog; - - SshState *ssh_state = (SshState *)FlowGetAppState(p->flow); - if (ssh_state == NULL) { - SCLogDebug("no ssh state, so no request logging"); - goto dontlog; - } - - if (ssh_state->cli_hdr.software_version == NULL || - ssh_state->srv_hdr.software_version == NULL) - goto dontlog; - - /* We only log the state once */ - if (ssh_state->cli_hdr.flags & SSH_FLAG_STATE_LOGGED_LUA) - goto dontlog; - - return TRUE; -dontlog: - return FALSE; -} - /** \internal * \brief Packet Logger for lua scripts, for packets * @@ -883,8 +808,10 @@ static OutputCtx *OutputLuaLogInit(ConfNode *conf) AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DNS); AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DNS); } else if (opts.alproto == ALPROTO_SSH) { - om->PacketLogFunc = LuaPacketLoggerSsh; - om->PacketConditionFunc = LuaPacketConditionSsh; + om->TxLogFunc = LuaTxLogger; + om->alproto = ALPROTO_SSH; + om->tc_log_progress = SSH_STATE_BANNER_DONE; + om->ts_log_progress = SSH_STATE_BANNER_DONE; } else if (opts.alproto == ALPROTO_SMTP) { om->TxLogFunc = LuaTxLogger; om->alproto = ALPROTO_SMTP;