From: Victor Julien <victor@inliniac.net>
Date: Tue, 29 Jul 2014 15:36:42 +0000 (+0200)
Subject: output lua: expose flow logging api
X-Git-Tag: suricata-2.1beta2~127
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=46ac85dea61ed680e0508f294099310efc44c194;p=thirdparty%2Fsuricata.git

output lua: expose flow logging api

Allow use of the Flow Logging API through Lua scripts.

Minimal script:

function init (args)
    local needs = {}
    needs["type"] = "flow"
    return needs
end

function setup (args)
end

function log(args)
    startts = SCFlowTimeString()
    ipver, srcip, dstip, proto, sp, dp = SCFlowTuple()
    print ("Flow IPv" .. ipver .. " src " .. srcip .. " dst " .. dstip ..
            " proto " .. proto .. " sp " .. sp .. " dp " .. dp)
end

function deinit (args)
end
---

diff --git a/src/output-lua.c b/src/output-lua.c
index d8787c272e..d54df43a14 100644
--- a/src/output-lua.c
+++ b/src/output-lua.c
@@ -319,6 +319,36 @@ static int LuaFileLogger(ThreadVars *tv, void *thread_data, const Packet *p, con
     return 0;
 }
 
+/** \internal
+ *  \brief Flow API Logger function for Lua scripts
+ *
+ *  Executes a script once for one flow
+ *
+ *  Note: flow 'f' is locked
+ */
+static int LuaFlowLogger(ThreadVars *tv, void *thread_data, Flow *f)
+{
+    SCEnter();
+    LogLuaThreadCtx *td = (LogLuaThreadCtx *)thread_data;
+
+    SCLogDebug("f %p", f);
+
+    SCMutexLock(&td->lua_ctx->m);
+
+    LuaStateSetThreadVars(td->lua_ctx->luastate, tv);
+    LuaStateSetFlow(td->lua_ctx->luastate, f, /* locked */LUA_FLOW_LOCKED_BY_PARENT);
+
+    /* get the lua function to call */
+    lua_getglobal(td->lua_ctx->luastate, "log");
+
+    int retval = lua_pcall(td->lua_ctx->luastate, 0, 0, 0);
+    if (retval != 0) {
+        SCLogInfo("failed to run script: %s", lua_tostring(td->lua_ctx->luastate, -1));
+    }
+    SCMutexUnlock(&td->lua_ctx->m);
+    return 0;
+}
+
 typedef struct LogLuaScriptOptions_ {
     AppProto alproto;
     int packet;
@@ -327,6 +357,7 @@ typedef struct LogLuaScriptOptions_ {
     int streaming;
     int tcp_data;
     int http_body;
+    int flow;
 } LogLuaScriptOptions;
 
 /** \brief load and evaluate the script
@@ -427,6 +458,8 @@ static int LuaScriptInit(const char *filename, LogLuaScriptOptions *options) {
             options->file = 1;
         else if (strcmp(k, "type") == 0 && strcmp(v, "streaming") == 0)
             options->streaming = 1;
+        else if (strcmp(k, "type") == 0 && strcmp(v, "flow") == 0)
+            options->flow = 1;
         else if (strcmp(k, "filter") == 0 && strcmp(v, "tcp") == 0)
             options->tcp_data = 1;
         else
@@ -632,6 +665,8 @@ static OutputCtx *OutputLuaLogInit(ConfNode *conf)
             om->FileLogFunc = LuaFileLogger;
         } else if (opts.streaming && opts.tcp_data) {
             om->StreamingLogFunc = LuaStreamingLogger;
+        } else if (opts.flow) {
+            om->FlowLogFunc = LuaFlowLogger;
         } else {
             SCLogError(SC_ERR_LUAJIT_ERROR, "failed to setup thread module");
             SCFree(om);