From: Victor Julien <victor@inliniac.net>
Date: Tue, 4 Sep 2012 16:00:56 +0000 (+0200)
Subject: luajit: stub detection keyword
X-Git-Tag: suricata-1.4beta1~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f58e828c5e54d57ce2a6cf1d05d53b7abc7da648;p=thirdparty%2Fsuricata.git

luajit: stub detection keyword
---

diff --git a/src/Makefile.am b/src/Makefile.am
index 95c5226c0e..385faa6059 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -179,6 +179,7 @@ detect-byte-extract.c detect-byte-extract.h \
 detect-app-layer-event.c detect-app-layer-event.h \
 decode-events.c decode-events.h \
 detect-replace.c detect-replace.h \
+detect-luajit.c detect-luajit.h \
 util-magic.c util-magic.h \
 util-misc.c util-misc.h \
 util-atomic.c util-atomic.h \
diff --git a/src/detect-luajit.c b/src/detect-luajit.c
new file mode 100644
index 0000000000..47b8f4b85a
--- /dev/null
+++ b/src/detect-luajit.c
@@ -0,0 +1,229 @@
+/* Copyright (C) 2007-2012 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ *
+ */
+
+#include "suricata-common.h"
+#include "threads.h"
+#include "debug.h"
+#include "decode.h"
+
+#include "detect.h"
+#include "detect-parse.h"
+
+#include "detect-engine.h"
+#include "detect-engine-mpm.h"
+#include "detect-engine-state.h"
+
+#include "flow.h"
+#include "flow-var.h"
+#include "flow-util.h"
+
+#include "util-debug.h"
+#include "util-spm-bm.h"
+#include "util-print.h"
+
+#include "util-unittest.h"
+#include "util-unittest-helper.h"
+
+#include "app-layer.h"
+
+#include "stream-tcp.h"
+
+#include "detect-luajit.h"
+
+#include "queue.h"
+
+#ifndef HAVE_LUAJIT
+
+static int DetectLuajitSetupNoSupport (DetectEngineCtx *a, Signature *b, char *c) {
+    SCLogError(SC_ERR_NO_LUAJIT_SUPPORT, "no LuaJIT support built in, needed for luajit keyword");
+    return -1;
+}
+
+/**
+ * \brief Registration function for keyword: luajit
+ */
+void DetectLuajitRegister(void) {
+    sigmatch_table[DETECT_LUAJIT].name = "luajit";
+    sigmatch_table[DETECT_LUAJIT].alproto = ALPROTO_HTTP;
+    sigmatch_table[DETECT_LUAJIT].Setup = DetectLuajitSetupNoSupport;
+    sigmatch_table[DETECT_LUAJIT].Free  = NULL;
+    sigmatch_table[DETECT_LUAJIT].RegisterTests = NULL;
+
+	SCLogDebug("registering luajit rule option");
+    return;
+}
+
+#else /* HAVE_LUAJIT */
+
+static int DetectLuajitMatch (ThreadVars *, DetectEngineThreadCtx *,
+        Packet *, Signature *, SigMatch *);
+static int DetectLuajitSetup (DetectEngineCtx *, Signature *, char *);
+static void DetectLuajitRegisterTests(void);
+static void DetectLuajitFree(void *);
+
+/**
+ * \brief Registration function for keyword: luajit
+ */
+void DetectLuajitRegister(void) {
+    sigmatch_table[DETECT_LUAJIT].name = "luajit";
+    sigmatch_table[DETECT_LUAJIT].Match = DetectLuajitMatch;
+    sigmatch_table[DETECT_LUAJIT].Setup = DetectLuajitSetup;
+    sigmatch_table[DETECT_LUAJIT].Free  = DetectLuajitFree;
+    sigmatch_table[DETECT_LUAJIT].RegisterTests = DetectLuajitRegisterTests;
+
+	SCLogDebug("registering luajit rule option");
+    return;
+}
+
+/**
+ * \brief match the specified luajit
+ *
+ * \param t thread local vars
+ * \param det_ctx pattern matcher thread local data
+ * \param p packet
+ * \param s signature being inspected
+ * \param m sigmatch that we will cast into DetectLuajitData
+ *
+ * \retval 0 no match
+ * \retval 1 match
+ */
+static int DetectLuajitMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
+        Packet *p, Signature *s, SigMatch *m)
+{
+    SCEnter();
+    int ret = 0;
+    //DetectLuajitData *luajit = (DetectLuajitData *)m->ctx;
+
+    /** \todo */
+
+    SCReturnInt(ret);
+}
+
+/**
+ * \brief Parse the luajit keyword
+ *
+ * \param idstr Pointer to the user provided option
+ *
+ * \retval luajit pointer to DetectLuajitData on success
+ * \retval NULL on failure
+ */
+static DetectLuajitData *DetectLuajitParse (char *str)
+{
+    DetectLuajitData *luajit = NULL;
+
+    /* We have a correct luajit option */
+    luajit = SCMalloc(sizeof(DetectLuajitData));
+    if (luajit == NULL)
+        goto error;
+
+    memset(luajit, 0x00, sizeof(DetectLuajitData));
+
+    if (strlen(str) && str[0] == '!') {
+        luajit->negated = 1;
+        str++;
+    }
+
+    /* get full filename */
+    char *filename = DetectLoadCompleteSigPath(str);
+    if (filename == NULL) {
+        goto error;
+    }
+
+    /** \todo open file, etc */
+
+    return luajit;
+
+error:
+    if (luajit != NULL)
+        DetectLuajitFree(luajit);
+    return NULL;
+}
+
+/**
+ * \brief this function is used to parse luajit options
+ * \brief into the current signature
+ *
+ * \param de_ctx pointer to the Detection Engine Context
+ * \param s pointer to the Current Signature
+ * \param str pointer to the user provided "luajit" option
+ *
+ * \retval 0 on Success
+ * \retval -1 on Failure
+ */
+static int DetectLuajitSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
+{
+    DetectLuajitData *luajit = NULL;
+    SigMatch *sm = NULL;
+
+    luajit = DetectLuajitParse(str);
+    if (luajit == NULL)
+        goto error;
+
+    /* Okay so far so good, lets get this into a SigMatch
+     * and put it in the Signature. */
+    sm = SigMatchAlloc();
+    if (sm == NULL)
+        goto error;
+
+    sm->type = DETECT_LUAJIT;
+    sm->ctx = (void *)luajit;
+
+    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_PMATCH);
+
+    return 0;
+
+error:
+    if (luajit != NULL)
+        DetectLuajitFree(luajit);
+    if (sm != NULL)
+        SCFree(sm);
+    return -1;
+}
+
+/**
+ * \brief this function will free memory associated with DetectLuajitData
+ *
+ * \param luajit pointer to DetectLuajitData
+ */
+static void DetectLuajitFree(void *ptr) {
+    if (ptr != NULL) {
+        DetectLuajitData *luajit = (DetectLuajitData *)ptr;
+        SCFree(luajit);
+    }
+}
+
+#ifdef UNITTESTS
+static int LuajitMatchTest01(void) {
+    return 1;
+}
+#endif
+
+void DetectLuajitRegisterTests(void) {
+#ifdef UNITTESTS
+    UtRegisterTest("LuajitMatchTest01", LuajitMatchTest01, 1);
+#endif
+}
+
+#endif /* HAVE_LUAJIT */
+
diff --git a/src/detect-luajit.h b/src/detect-luajit.h
new file mode 100644
index 0000000000..51aaed268b
--- /dev/null
+++ b/src/detect-luajit.h
@@ -0,0 +1,39 @@
+/* Copyright (C) 2007-2012 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Victor Julien <victor@inliniac.net>
+ */
+
+#ifndef __DETECT_LUAJIT_H__
+#define __DETECT_LUAJIT_H__
+
+#ifdef HAVE_LUAJIT
+#include <luajit.h>
+
+typedef struct DetectLuajitData {
+    int negated;
+    lua_State *luastate;
+} DetectLuajitData;
+#endif
+
+/* prototypes */
+void DetectLuajitRegister (void);
+
+#endif /* __DETECT_FILELUAJIT_H__ */
diff --git a/src/detect.c b/src/detect.c
index 1bc1f665d0..eade7a52f7 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -141,6 +141,7 @@
 #include "detect-replace.h"
 #include "detect-tos.h"
 #include "detect-app-layer-event.h"
+#include "detect-luajit.h"
 
 #include "util-rule-vars.h"
 
@@ -4793,6 +4794,7 @@ void SigTableSetup(void) {
     DetectFilesizeRegister();
     DetectAppLayerEventRegister();
     DetectHttpUARegister();
+    DetectLuajitRegister();
 
     uint8_t i = 0;
     for (i = 0; i < DETECT_TBLSIZE; i++) {
diff --git a/src/detect.h b/src/detect.h
index fac30bd7a4..b7d3700dcf 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -1052,6 +1052,7 @@ enum {
     DETECT_FILESIZE,
 
     DETECT_L3PROTO,
+    DETECT_LUAJIT,
 
     /* make sure this stays last */
     DETECT_TBLSIZE,
diff --git a/src/util-error.c b/src/util-error.c
index d87694e723..c5b9605f97 100644
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -231,6 +231,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_INVALID_MD5);
         CASE_CODE (SC_ERR_NO_MD5_SUPPORT);
         CASE_CODE (SC_ERR_EVENT_ENGINE);
+        CASE_CODE (SC_ERR_NO_LUAJIT_SUPPORT);
         default:
             return "UNKNOWN_ERROR";
     }
diff --git a/src/util-error.h b/src/util-error.h
index c25d70aa55..678d56f74d 100644
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -246,6 +246,7 @@ typedef enum {
     SC_ERR_INVALID_MD5,
     SC_ERR_NO_MD5_SUPPORT,
     SC_ERR_EVENT_ENGINE,
+    SC_ERR_NO_LUAJIT_SUPPORT,
 } SCError;
 
 const char *SCErrorToString(SCError);