Add the capability for a lua script to ask for rrname in DNS query.
util-logopenfile-tile.h util-logopenfile-tile.c \
util-lua.c util-lua.h \
util-lua-common.c util-lua-common.h \
+util-lua-dns.c util-lua-dns.h \
util-lua-http.c util-lua-http.h \
util-magic.c util-magic.h \
util-memcmp.c util-memcmp.h \
#include "util-lua.h"
#include "util-lua-common.h"
#include "util-lua-http.h"
+#include "util-lua-dns.h"
static const char luaext_key_ld[] = "suricata:luajitdata";
static const char luaext_key_det_ctx[] = "suricata:det_ctx";
LuaRegisterFunctions(lua_state);
LuaRegisterHttpFunctions(lua_state);
+ LuaRegisterDnsFunctions(lua_state);
return 0;
}
#define DATATYPE_HTTP_RESPONSE_HEADERS (1<<13)
#define DATATYPE_HTTP_RESPONSE_HEADERS_RAW (1<<14)
+#define DATATYPE_DNS_RRNAME (1<<15)
+
#ifdef HAVE_LUAJIT
static void *LuaStatePoolAlloc(void)
{
SCLogError(SC_ERR_LUA_ERROR, "alloc error");
goto error;
}
+ } else if (strncmp(k, "dns", 3) == 0 && strcmp(v, "true") == 0) {
+
+ ld->alproto = ALPROTO_DNS;
+
+ if (strcmp(k, "dns.rrname") == 0)
+ ld->flags |= DATATYPE_DNS_RRNAME;
+ else {
+ SCLogError(SC_ERR_LUA_ERROR, "unsupported dns data type %s", k);
+ goto error;
+ }
+ ld->buffername = SCStrdup(k);
+ if (ld->buffername == NULL) {
+ SCLogError(SC_ERR_LUA_ERROR, "alloc error");
+ goto error;
+ }
} else {
SCLogError(SC_ERR_LUA_ERROR, "unsupported data type %s", k);
goto error;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HCDMATCH);
else
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
+ } else if (luajit->alproto == ALPROTO_DNS) {
+ SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNSQUERY_MATCH);
} else {
SCLogError(SC_ERR_LUA_ERROR, "luajit can't be used with protocol %s",
AppLayerGetProtoName(luajit->alproto));
--- /dev/null
+/* Copyright (C) 2014 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+
+/**
+ * \file
+ *
+ * \author Eric Leblond <eric@regit.org>
+ *
+ */
+
+#include "suricata-common.h"
+#include "debug.h"
+#include "detect.h"
+#include "pkt-var.h"
+#include "conf.h"
+
+#include "threads.h"
+#include "threadvars.h"
+#include "tm-threads.h"
+
+#include "util-print.h"
+#include "util-unittest.h"
+
+#include "util-debug.h"
+
+#include "output.h"
+#include "app-layer-dns-common.h"
+#include "app-layer.h"
+#include "app-layer-parser.h"
+#include "util-privs.h"
+#include "util-buffer.h"
+#include "util-proto-name.h"
+#include "util-logopenfile.h"
+#include "util-time.h"
+
+#ifdef HAVE_LUA
+
+#include <lua.h>
+#include <lualib.h>
+#include <lauxlib.h>
+
+#include "util-lua.h"
+#include "util-lua-common.h"
+
+static int DnsGetDnsRrname(lua_State *luastate)
+{
+ if (!(LuaStateNeedProto(luastate, ALPROTO_DNS)))
+ return LuaCallbackError(luastate, "error: protocol not dns");
+
+ DNSTransaction *tx = LuaStateGetTX(luastate);
+ if (tx == NULL)
+ return LuaCallbackError(luastate, "internal error: no tx");
+
+ DNSQueryEntry *query = NULL;
+ TAILQ_FOREACH(query, &tx->query_list, next) {
+ char *c;
+ size_t input_len;
+ c = BytesToString((uint8_t *)((uint8_t *)query + sizeof(DNSQueryEntry)), query->len);
+ if (c != NULL) {
+ int ret;
+ input_len = strlen(c);
+ /* sanity check */
+ if (input_len > (size_t)(2 * query->len)) {
+ SCFree(c);
+ return LuaCallbackError(luastate, "invalid length");
+ }
+ ret = LuaPushStringBuffer(luastate, (uint8_t *)c, input_len);
+ SCFree(c);
+ return ret;
+ }
+ }
+
+ return LuaCallbackError(luastate, "no query");
+}
+
+/** \brief register http lua extensions in a luastate */
+int LuaRegisterDnsFunctions(lua_State *luastate)
+{
+ /* registration of the callbacks */
+ lua_pushcfunction(luastate, DnsGetDnsRrname);
+ lua_setglobal(luastate, "DnsGetDnsRrname");
+ return 0;
+}
+
+#endif /* HAVE_LUA */
--- /dev/null
+/* Copyright (C) 2014 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Eric Leblond <eric@regit.org>
+ */
+
+#ifndef __UTIL_LUA_DNS_H__
+#define __UTIL_LUA_DNS_H__
+
+#ifdef HAVE_LUA
+
+int LuaRegisterDnsFunctions(lua_State *luastate);
+
+#endif /* HAVE_LUA */
+
+#endif /* __UTIL_LUA_HTTP_H__ */
projects / thirdparty / suricata.git / commitdiff
