From: Victor Julien <victor@inliniac.net>
Date: Mon, 17 Mar 2014 17:44:09 +0000 (+0100)
Subject: output-lua: rule info callback
X-Git-Tag: suricata-2.1beta2~140
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3dfd3cd8e2d209f316a555865fe6c146b1eaf2b;p=thirdparty%2Fsuricata.git

output-lua: rule info callback

SCRuleIds(): returns sid, rev, gid:

    function log(args)
        sid, rev, gid = SCRuleIds()

SCRuleMsg(): returns msg

    function log(args)
        msg = SCRuleMsg()

SCRuleClass(): returns class msg and prio:

    function log(args)
        class, prio = SCRuleClass()
        if class == nil then
            class = "unknown"
        end
---

diff --git a/lua/fast.lua b/lua/fast.lua
index 4cb0e307d3..f31616dcc9 100644
--- a/lua/fast.lua
+++ b/lua/fast.lua
@@ -12,18 +12,14 @@ function setup (args)
 end
 
 function log(args)
-    sid = args['sid'];
-    rev = args['rev'];
-    gid = args['gid'];
-    msg = args['msg'];
-    srcip = args['srcip'];
-    dstip = args['dstip'];
+    sid, rev, gid = SCRuleIds()
+    ipver, srcip, dstip, proto, sp, dp = SCPacketTuple()
+    msg = SCRuleMsg()
+    class, prio = SCRuleClass()
+    if class == nil then
+        class = "unknown"
+    end
     ts = args['ts'];
-    class = args['class'];
-    prio = args['priority'];
-    proto = args['ipproto'];
-    sp = args['sp'];
-    dp = args['dp'];
 
     print (ts .. "  [**] [" .. gid .. ":" .. sid .. ":" .. rev .. "] " ..
            msg .. " [**] [Classification: " .. class .. "] [Priority: " ..
diff --git a/src/output-lua-common.c b/src/output-lua-common.c
index d3dae9ec99..c6e27f6120 100644
--- a/src/output-lua-common.c
+++ b/src/output-lua-common.c
@@ -253,6 +253,90 @@ static int LuaCallbackTupleFlow(lua_State *luastate)
     return r;
 }
 
+/** \internal
+ *  \brief fill lua stack with alert info
+ *  \param luastate the lua state
+ *  \param pa pointer to packet alert struct
+ *  \retval cnt number of data items placed on the stack
+ *
+ *  Places: sid (number), rev (number), gid (number)
+ */
+static int LuaCallbackRuleIdsPushToStackFromPacketAlert(lua_State *luastate, const PacketAlert *pa)
+{
+    lua_pushnumber (luastate, pa->s->id);
+    lua_pushnumber (luastate, pa->s->rev);
+    lua_pushnumber (luastate, pa->s->gid);
+    return 3;
+}
+
+/** \internal
+ *  \brief Wrapper for getting tuple info into a lua script
+ *  \retval cnt number of items placed on the stack
+ */
+static int LuaCallbackRuleIds(lua_State *luastate)
+{
+    const PacketAlert *pa = LuaStateGetPacketAlert(luastate);
+    if (pa == NULL)
+        return LuaCallbackError(luastate, "internal error: no packet");
+
+    return LuaCallbackRuleIdsPushToStackFromPacketAlert(luastate, pa);
+}
+
+/** \internal
+ *  \brief fill lua stack with alert info
+ *  \param luastate the lua state
+ *  \param pa pointer to packet alert struct
+ *  \retval cnt number of data items placed on the stack
+ *
+ *  Places: msg (string)
+ */
+static int LuaCallbackRuleMsgPushToStackFromPacketAlert(lua_State *luastate, const PacketAlert *pa)
+{
+    lua_pushstring (luastate, pa->s->msg);
+    return 1;
+}
+
+/** \internal
+ *  \brief Wrapper for getting tuple info into a lua script
+ *  \retval cnt number of items placed on the stack
+ */
+static int LuaCallbackRuleMsg(lua_State *luastate)
+{
+    const PacketAlert *pa = LuaStateGetPacketAlert(luastate);
+    if (pa == NULL)
+        return LuaCallbackError(luastate, "internal error: no packet");
+
+    return LuaCallbackRuleMsgPushToStackFromPacketAlert(luastate, pa);
+}
+
+/** \internal
+ *  \brief fill lua stack with alert info
+ *  \param luastate the lua state
+ *  \param pa pointer to packet alert struct
+ *  \retval cnt number of data items placed on the stack
+ *
+ *  Places: class (string), prio (number)
+ */
+static int LuaCallbackRuleClassPushToStackFromPacketAlert(lua_State *luastate, const PacketAlert *pa)
+{
+    lua_pushstring (luastate, pa->s->class_msg);
+    lua_pushnumber (luastate, pa->s->prio);
+    return 2;
+}
+
+/** \internal
+ *  \brief Wrapper for getting tuple info into a lua script
+ *  \retval cnt number of items placed on the stack
+ */
+static int LuaCallbackRuleClass(lua_State *luastate)
+{
+    const PacketAlert *pa = LuaStateGetPacketAlert(luastate);
+    if (pa == NULL)
+        return LuaCallbackError(luastate, "internal error: no packet");
+
+    return LuaCallbackRuleClassPushToStackFromPacketAlert(luastate, pa);
+}
+
 static int LuaCallbackLogPath(lua_State *luastate)
 {
     const char *ld = ConfigGetLogDirectory();
@@ -327,6 +411,14 @@ int LogLuaRegisterFunctions(lua_State *luastate)
     lua_setglobal(luastate, "SCLogWarning");
     lua_pushcfunction(luastate, LuaCallbackLogError);
     lua_setglobal(luastate, "SCLogError");
+
+
+    lua_pushcfunction(luastate, LuaCallbackRuleIds);
+    lua_setglobal(luastate, "SCRuleIds");
+    lua_pushcfunction(luastate, LuaCallbackRuleMsg);
+    lua_setglobal(luastate, "SCRuleMsg");
+    lua_pushcfunction(luastate, LuaCallbackRuleClass);
+    lua_setglobal(luastate, "SCRuleClass");
     return 0;
 }
 
diff --git a/src/output-lua.c b/src/output-lua.c
index 918a6a48ed..e8580b22d7 100644
--- a/src/output-lua.c
+++ b/src/output-lua.c
@@ -121,14 +121,7 @@ static int LuaPacketLoggerAlerts(ThreadVars *tv, void *thread_data, const Packet
     char timebuf[64];
     CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
 
-    char srcip[46], dstip[46];
-    if (PKT_IS_IPV4(p)) {
-        PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
-        PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));
-    } else if (PKT_IS_IPV6(p)) {
-        PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip));
-        PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip));
-    } else {
+    if (!(PKT_IS_IPV4(p)) && !(PKT_IS_IPV6(p))) {
         /* decoder event */
         goto not_supported;
     }
@@ -153,26 +146,12 @@ static int LuaPacketLoggerAlerts(ThreadVars *tv, void *thread_data, const Packet
 
         LuaStateSetPacket(td->lua_ctx->luastate, (Packet *)p);
         LuaStateSetFlow(td->lua_ctx->luastate, p->flow, /* unlocked */TRUE);
+        LuaStateSetPacketAlert(td->lua_ctx->luastate, (PacketAlert *)pa);
 
         /* prepare data to pass to script */
         lua_newtable(td->lua_ctx->luastate);
 
-        LogLuaPushTableKeyValueInt(td->lua_ctx->luastate, "sid", pa->s->id);
-        LogLuaPushTableKeyValueInt(td->lua_ctx->luastate, "gid", pa->s->gid);
-        LogLuaPushTableKeyValueInt(td->lua_ctx->luastate, "rev", pa->s->rev);
-        LogLuaPushTableKeyValueInt(td->lua_ctx->luastate, "priority", pa->s->prio);
-
-        if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP) {
-            LogLuaPushTableKeyValueInt(td->lua_ctx->luastate, "sp", p->sp);
-            LogLuaPushTableKeyValueInt(td->lua_ctx->luastate, "dp", p->dp);
-        }
-
-        LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "msg", pa->s->msg);
-        LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "srcip", srcip);
-        LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "dstip", dstip);
         LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "ts", timebuf);
-        LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "ipproto", proto);
-        LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "class", pa->s->class_msg);
 
         int retval = lua_pcall(td->lua_ctx->luastate, 1, 0, 0);
         if (retval != 0) {
diff --git a/src/util-lua.c b/src/util-lua.c
index 5035ae6123..7fae979ac8 100644
--- a/src/util-lua.c
+++ b/src/util-lua.c
@@ -63,6 +63,9 @@ const char lua_ext_key_flow[] = "suricata:lua:flow:ptr";
 /* key for flow lock hint bool */
 const char lua_ext_key_flow_lock_hint[] = "suricata:lua:flow:lock_hint";
 
+/* key for pa (packet alert) pointer */
+const char lua_ext_key_pa[] = "suricata:lua:pkt:alert:ptr";
+
 /** \brief get packet pointer from the lua state */
 Packet *LuaStateGetPacket(lua_State *luastate)
 {
@@ -126,6 +129,22 @@ void LuaStateSetFlow(lua_State *luastate, Flow *f, int need_flow_lock)
     lua_settable(luastate, LUA_REGISTRYINDEX);
 }
 
+/** \brief get packet alert pointer from the lua state */
+PacketAlert *LuaStateGetPacketAlert(lua_State *luastate)
+{
+    lua_pushlightuserdata(luastate, (void *)&lua_ext_key_pa);
+    lua_gettable(luastate, LUA_REGISTRYINDEX);
+    void *pa = lua_touserdata(luastate, -1);
+    return (PacketAlert *)pa;
+}
+
+void LuaStateSetPacketAlert(lua_State *luastate, PacketAlert *pa)
+{
+    lua_pushlightuserdata(luastate, (void *)&lua_ext_key_pa);
+    lua_pushlightuserdata(luastate, (void *)pa);
+    lua_settable(luastate, LUA_REGISTRYINDEX);
+}
+
 /** \brief dump stack from lua state to screen */
 void LuaPrintStack(lua_State *state) {
     int size = lua_gettop(state);
diff --git a/src/util-lua.h b/src/util-lua.h
index 4bf1bd3734..d68970f354 100644
--- a/src/util-lua.h
+++ b/src/util-lua.h
@@ -40,6 +40,8 @@ void *LuaStateGetTX(lua_State *luastate);
  */
 Flow *LuaStateGetFlow(lua_State *luastate, int *lock_hint);
 
+PacketAlert *LuaStateGetPacketAlert(lua_State *luastate);
+
 /* sets */
 
 void LuaStateSetPacket(lua_State *luastate, Packet *p);
@@ -53,6 +55,8 @@ void LuaStateSetTX(lua_State *luastate, void *tx);
  */
 void LuaStateSetFlow(lua_State *luastate, Flow *f, int need_flow_lock);
 
+void LuaStateSetPacketAlert(lua_State *luastate, PacketAlert *pa);
+
 void LuaPrintStack(lua_State *state);
 
 #endif /* HAVE_LUA */