From: Eric Leblond <eric@regit.org>
Date: Sat, 18 Oct 2014 17:38:12 +0000 (+0200)
Subject: lua: add export of dns.rrname
X-Git-Tag: suricata-2.1beta2~55
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=667b9a5220bd85453f3bbbf5aadb156673a741e4;p=thirdparty%2Fsuricata.git

lua: add export of dns.rrname

Add the capability for a lua script to ask for rrname in DNS query.
---

diff --git a/src/Makefile.am b/src/Makefile.am
index 8213892f18..ee9b654e23 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -321,6 +321,7 @@ util-logopenfile.h util-logopenfile.c \
 util-logopenfile-tile.h util-logopenfile-tile.c \
 util-lua.c util-lua.h \
 util-lua-common.c util-lua-common.h \
+util-lua-dns.c util-lua-dns.h \
 util-lua-http.c util-lua-http.h \
 util-magic.c util-magic.h \
 util-memcmp.c util-memcmp.h \
diff --git a/src/detect-lua-extensions.c b/src/detect-lua-extensions.c
index 6d63e708e1..c58ffa2843 100644
--- a/src/detect-lua-extensions.c
+++ b/src/detect-lua-extensions.c
@@ -65,6 +65,7 @@
 #include "util-lua.h"
 #include "util-lua-common.h"
 #include "util-lua-http.h"
+#include "util-lua-dns.h"
 
 static const char luaext_key_ld[] = "suricata:luajitdata";
 static const char luaext_key_det_ctx[] = "suricata:det_ctx";
@@ -613,6 +614,7 @@ int LuaRegisterExtensions(lua_State *lua_state)
 
     LuaRegisterFunctions(lua_state);
     LuaRegisterHttpFunctions(lua_state);
+    LuaRegisterDnsFunctions(lua_state);
     return 0;
 }
 
diff --git a/src/detect-lua.c b/src/detect-lua.c
index 21a318104c..d711cb6eb1 100644
--- a/src/detect-lua.c
+++ b/src/detect-lua.c
@@ -155,6 +155,8 @@ void DetectLuaRegister(void)
 #define DATATYPE_HTTP_RESPONSE_HEADERS      (1<<13)
 #define DATATYPE_HTTP_RESPONSE_HEADERS_RAW  (1<<14)
 
+#define DATATYPE_DNS_RRNAME                 (1<<15)
+
 #ifdef HAVE_LUAJIT
 static void *LuaStatePoolAlloc(void)
 {
@@ -938,7 +940,22 @@ static int DetectLuaSetupPrime(DetectEngineCtx *de_ctx, DetectLuaData *ld)
                 SCLogError(SC_ERR_LUA_ERROR, "alloc error");
                 goto error;
             }
+        } else if (strncmp(k, "dns", 3) == 0 && strcmp(v, "true") == 0) {
+
+            ld->alproto = ALPROTO_DNS;
+
+            if (strcmp(k, "dns.rrname") == 0)
+                ld->flags |= DATATYPE_DNS_RRNAME;
 
+            else {
+                SCLogError(SC_ERR_LUA_ERROR, "unsupported dns data type %s", k);
+                goto error;
+            }
+            ld->buffername = SCStrdup(k);
+            if (ld->buffername == NULL) {
+                SCLogError(SC_ERR_LUA_ERROR, "alloc error");
+                goto error;
+            }
         } else {
             SCLogError(SC_ERR_LUA_ERROR, "unsupported data type %s", k);
             goto error;
@@ -1026,6 +1043,8 @@ static int DetectLuaSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
             SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HCDMATCH);
         else
             SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
+    } else if (luajit->alproto == ALPROTO_DNS) {
+        SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DNSQUERY_MATCH);
     } else {
         SCLogError(SC_ERR_LUA_ERROR, "luajit can't be used with protocol %s",
                    AppLayerGetProtoName(luajit->alproto));
diff --git a/src/util-lua-dns.c b/src/util-lua-dns.c
new file mode 100644
index 0000000000..8ac0688d01
--- /dev/null
+++ b/src/util-lua-dns.c
@@ -0,0 +1,100 @@
+/* Copyright (C) 2014 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+
+/**
+ * \file
+ *
+ * \author Eric Leblond <eric@regit.org>
+ *
+ */
+
+#include "suricata-common.h"
+#include "debug.h"
+#include "detect.h"
+#include "pkt-var.h"
+#include "conf.h"
+
+#include "threads.h"
+#include "threadvars.h"
+#include "tm-threads.h"
+
+#include "util-print.h"
+#include "util-unittest.h"
+
+#include "util-debug.h"
+
+#include "output.h"
+#include "app-layer-dns-common.h"
+#include "app-layer.h"
+#include "app-layer-parser.h"
+#include "util-privs.h"
+#include "util-buffer.h"
+#include "util-proto-name.h"
+#include "util-logopenfile.h"
+#include "util-time.h"
+
+#ifdef HAVE_LUA
+
+#include <lua.h>
+#include <lualib.h>
+#include <lauxlib.h>
+
+#include "util-lua.h"
+#include "util-lua-common.h"
+
+static int DnsGetDnsRrname(lua_State *luastate)
+{
+    if (!(LuaStateNeedProto(luastate, ALPROTO_DNS)))
+        return LuaCallbackError(luastate, "error: protocol not dns");
+
+    DNSTransaction *tx = LuaStateGetTX(luastate);
+    if (tx == NULL)
+        return LuaCallbackError(luastate, "internal error: no tx");
+
+    DNSQueryEntry *query = NULL;
+    TAILQ_FOREACH(query, &tx->query_list, next) {
+        char *c;
+        size_t input_len;
+        c = BytesToString((uint8_t *)((uint8_t *)query + sizeof(DNSQueryEntry)), query->len);
+        if (c != NULL) {
+            int ret;
+            input_len = strlen(c);
+            /* sanity check */
+            if (input_len > (size_t)(2 * query->len)) {
+                SCFree(c);
+                return LuaCallbackError(luastate, "invalid length");
+            }
+            ret = LuaPushStringBuffer(luastate, (uint8_t *)c, input_len);
+            SCFree(c);
+            return ret;
+        }
+    }
+
+    return LuaCallbackError(luastate, "no query");
+}
+
+/** \brief register http lua extensions in a luastate */
+int LuaRegisterDnsFunctions(lua_State *luastate)
+{
+    /* registration of the callbacks */
+    lua_pushcfunction(luastate, DnsGetDnsRrname);
+    lua_setglobal(luastate, "DnsGetDnsRrname");
+    return 0;
+}
+
+#endif /* HAVE_LUA */
diff --git a/src/util-lua-dns.h b/src/util-lua-dns.h
new file mode 100644
index 0000000000..582fdea757
--- /dev/null
+++ b/src/util-lua-dns.h
@@ -0,0 +1,33 @@
+/* Copyright (C) 2014 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Eric Leblond <eric@regit.org>
+ */
+
+#ifndef __UTIL_LUA_DNS_H__
+#define __UTIL_LUA_DNS_H__
+
+#ifdef HAVE_LUA
+
+int LuaRegisterDnsFunctions(lua_State *luastate);
+
+#endif /* HAVE_LUA */
+
+#endif /* __UTIL_LUA_HTTP_H__ */