end
function log(args)
- sid = args['sid'];
- rev = args['rev'];
- gid = args['gid'];
- msg = args['msg'];
- srcip = args['srcip'];
- dstip = args['dstip'];
+ sid, rev, gid = SCRuleIds()
+ ipver, srcip, dstip, proto, sp, dp = SCPacketTuple()
+ msg = SCRuleMsg()
+ class, prio = SCRuleClass()
+ if class == nil then
+ class = "unknown"
+ end
ts = args['ts'];
- class = args['class'];
- prio = args['priority'];
- proto = args['ipproto'];
- sp = args['sp'];
- dp = args['dp'];
print (ts .. " [**] [" .. gid .. ":" .. sid .. ":" .. rev .. "] " ..
msg .. " [**] [Classification: " .. class .. "] [Priority: " ..
return r;
}
+/** \internal
+ * \brief fill lua stack with alert info
+ * \param luastate the lua state
+ * \param pa pointer to packet alert struct
+ * \retval cnt number of data items placed on the stack
+ *
+ * Places: sid (number), rev (number), gid (number)
+ */
+static int LuaCallbackRuleIdsPushToStackFromPacketAlert(lua_State *luastate, const PacketAlert *pa)
+{
+ lua_pushnumber (luastate, pa->s->id);
+ lua_pushnumber (luastate, pa->s->rev);
+ lua_pushnumber (luastate, pa->s->gid);
+ return 3;
+}
+
+/** \internal
+ * \brief Wrapper for getting tuple info into a lua script
+ * \retval cnt number of items placed on the stack
+ */
+static int LuaCallbackRuleIds(lua_State *luastate)
+{
+ const PacketAlert *pa = LuaStateGetPacketAlert(luastate);
+ if (pa == NULL)
+ return LuaCallbackError(luastate, "internal error: no packet");
+
+ return LuaCallbackRuleIdsPushToStackFromPacketAlert(luastate, pa);
+}
+
+/** \internal
+ * \brief fill lua stack with alert info
+ * \param luastate the lua state
+ * \param pa pointer to packet alert struct
+ * \retval cnt number of data items placed on the stack
+ *
+ * Places: msg (string)
+ */
+static int LuaCallbackRuleMsgPushToStackFromPacketAlert(lua_State *luastate, const PacketAlert *pa)
+{
+ lua_pushstring (luastate, pa->s->msg);
+ return 1;
+}
+
+/** \internal
+ * \brief Wrapper for getting tuple info into a lua script
+ * \retval cnt number of items placed on the stack
+ */
+static int LuaCallbackRuleMsg(lua_State *luastate)
+{
+ const PacketAlert *pa = LuaStateGetPacketAlert(luastate);
+ if (pa == NULL)
+ return LuaCallbackError(luastate, "internal error: no packet");
+
+ return LuaCallbackRuleMsgPushToStackFromPacketAlert(luastate, pa);
+}
+
+/** \internal
+ * \brief fill lua stack with alert info
+ * \param luastate the lua state
+ * \param pa pointer to packet alert struct
+ * \retval cnt number of data items placed on the stack
+ *
+ * Places: class (string), prio (number)
+ */
+static int LuaCallbackRuleClassPushToStackFromPacketAlert(lua_State *luastate, const PacketAlert *pa)
+{
+ lua_pushstring (luastate, pa->s->class_msg);
+ lua_pushnumber (luastate, pa->s->prio);
+ return 2;
+}
+
+/** \internal
+ * \brief Wrapper for getting tuple info into a lua script
+ * \retval cnt number of items placed on the stack
+ */
+static int LuaCallbackRuleClass(lua_State *luastate)
+{
+ const PacketAlert *pa = LuaStateGetPacketAlert(luastate);
+ if (pa == NULL)
+ return LuaCallbackError(luastate, "internal error: no packet");
+
+ return LuaCallbackRuleClassPushToStackFromPacketAlert(luastate, pa);
+}
+
static int LuaCallbackLogPath(lua_State *luastate)
{
const char *ld = ConfigGetLogDirectory();
lua_setglobal(luastate, "SCLogWarning");
lua_pushcfunction(luastate, LuaCallbackLogError);
lua_setglobal(luastate, "SCLogError");
+
+
+ lua_pushcfunction(luastate, LuaCallbackRuleIds);
+ lua_setglobal(luastate, "SCRuleIds");
+ lua_pushcfunction(luastate, LuaCallbackRuleMsg);
+ lua_setglobal(luastate, "SCRuleMsg");
+ lua_pushcfunction(luastate, LuaCallbackRuleClass);
+ lua_setglobal(luastate, "SCRuleClass");
return 0;
}
char timebuf[64];
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
- char srcip[46], dstip[46];
- if (PKT_IS_IPV4(p)) {
- PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
- PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));
- } else if (PKT_IS_IPV6(p)) {
- PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip));
- PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip));
- } else {
+ if (!(PKT_IS_IPV4(p)) && !(PKT_IS_IPV6(p))) {
/* decoder event */
goto not_supported;
}
LuaStateSetPacket(td->lua_ctx->luastate, (Packet *)p);
LuaStateSetFlow(td->lua_ctx->luastate, p->flow, /* unlocked */TRUE);
+ LuaStateSetPacketAlert(td->lua_ctx->luastate, (PacketAlert *)pa);
/* prepare data to pass to script */
lua_newtable(td->lua_ctx->luastate);
- LogLuaPushTableKeyValueInt(td->lua_ctx->luastate, "sid", pa->s->id);
- LogLuaPushTableKeyValueInt(td->lua_ctx->luastate, "gid", pa->s->gid);
- LogLuaPushTableKeyValueInt(td->lua_ctx->luastate, "rev", pa->s->rev);
- LogLuaPushTableKeyValueInt(td->lua_ctx->luastate, "priority", pa->s->prio);
-
- if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP) {
- LogLuaPushTableKeyValueInt(td->lua_ctx->luastate, "sp", p->sp);
- LogLuaPushTableKeyValueInt(td->lua_ctx->luastate, "dp", p->dp);
- }
-
- LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "msg", pa->s->msg);
- LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "srcip", srcip);
- LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "dstip", dstip);
LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "ts", timebuf);
- LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "ipproto", proto);
- LogLuaPushTableKeyValueString(td->lua_ctx->luastate, "class", pa->s->class_msg);
int retval = lua_pcall(td->lua_ctx->luastate, 1, 0, 0);
if (retval != 0) {
/* key for flow lock hint bool */
const char lua_ext_key_flow_lock_hint[] = "suricata:lua:flow:lock_hint";
+/* key for pa (packet alert) pointer */
+const char lua_ext_key_pa[] = "suricata:lua:pkt:alert:ptr";
+
/** \brief get packet pointer from the lua state */
Packet *LuaStateGetPacket(lua_State *luastate)
{
lua_settable(luastate, LUA_REGISTRYINDEX);
}
+/** \brief get packet alert pointer from the lua state */
+PacketAlert *LuaStateGetPacketAlert(lua_State *luastate)
+{
+ lua_pushlightuserdata(luastate, (void *)&lua_ext_key_pa);
+ lua_gettable(luastate, LUA_REGISTRYINDEX);
+ void *pa = lua_touserdata(luastate, -1);
+ return (PacketAlert *)pa;
+}
+
+void LuaStateSetPacketAlert(lua_State *luastate, PacketAlert *pa)
+{
+ lua_pushlightuserdata(luastate, (void *)&lua_ext_key_pa);
+ lua_pushlightuserdata(luastate, (void *)pa);
+ lua_settable(luastate, LUA_REGISTRYINDEX);
+}
+
/** \brief dump stack from lua state to screen */
void LuaPrintStack(lua_State *state) {
int size = lua_gettop(state);
*/
Flow *LuaStateGetFlow(lua_State *luastate, int *lock_hint);
+PacketAlert *LuaStateGetPacketAlert(lua_State *luastate);
+
/* sets */
void LuaStateSetPacket(lua_State *luastate, Packet *p);
*/
void LuaStateSetFlow(lua_State *luastate, Flow *f, int need_flow_lock);
+void LuaStateSetPacketAlert(lua_State *luastate, PacketAlert *pa);
+
void LuaPrintStack(lua_State *state);
#endif /* HAVE_LUA */
projects / thirdparty / suricata.git / commitdiff
