From: Victor Julien Date: Tue, 11 Feb 2014 13:44:21 +0000 (+0100) Subject: output: Lua HTTP log initial implementation X-Git-Tag: suricata-2.1beta2~161 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=db30ed8c3e6cc3ac6fa6fff1eacb4ca58fab3e0c;p=thirdparty%2Fsuricata.git output: Lua HTTP log initial implementation Initial version of a HTTP LUA logger. Execute lua scripts from the Tx-log API. --- diff --git a/src/Makefile.am b/src/Makefile.am index b20d6c15ed..3aad3466a7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -226,6 +226,8 @@ output-json-netflow.c output-json-netflow.h \ output-json-http.c output-json-http.h \ output-json-ssh.c output-json-ssh.h \ output-json-tls.c output-json-tls.h \ +output-lua.c output-lua.h \ +output-lua-http.c output-lua-http.h \ output-packet.c output-packet.h \ output-streaming.c output-streaming.h \ output-tx.c output-tx.h \ diff --git a/src/output-lua-http.c b/src/output-lua-http.c new file mode 100644 index 0000000000..09564d3744 --- /dev/null +++ b/src/output-lua-http.c @@ -0,0 +1,291 @@ +/* Copyright (C) 2014 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + * + */ + +#include "suricata-common.h" +#include "debug.h" +#include "detect.h" +#include "pkt-var.h" +#include "conf.h" + +#include "threads.h" +#include "threadvars.h" +#include "tm-threads.h" + +#include "util-print.h" +#include "util-unittest.h" + +#include "util-debug.h" + +#include "output.h" +#include "app-layer-htp.h" +#include "app-layer.h" +#include "app-layer-parser.h" +#include "util-privs.h" +#include "util-buffer.h" +#include "util-proto-name.h" +#include "util-logopenfile.h" +#include "util-time.h" + +#ifdef HAVE_LUA + +#include +#include +#include + +extern const char lualog_ext_key_tx; + +static void *LuaStateGetTX(lua_State *luastate) +{ + lua_pushlightuserdata(luastate, (void *)&lualog_ext_key_tx); + lua_gettable(luastate, LUA_REGISTRYINDEX); + void *tx = lua_touserdata(luastate, -1); + return tx; +} + +static int LuaCallbackError(lua_State *luastate, const char *msg) +{ + lua_pushnil(luastate); + lua_pushstring(luastate, msg); + return 2; +} + +static int LuaReturnStringBuffer(lua_State *luastate, uint8_t *input, size_t input_len) +{ + /* we're using a buffer sized at a multiple of 4 as lua_pushlstring generates + * invalid read errors in valgrind otherwise. Adding in a nul to be sure. + * + * Buffer size = len + 1 (for nul) + whatever makes it a multiple of 4 */ + size_t buflen = input_len + 1 + ((input_len + 1) % 4); + uint8_t buf[buflen]; + memset(buf, 0x00, buflen); + memcpy(buf, input, input_len); + buf[input_len] = '\0'; + + /* return value through luastate, as a luastring */ + lua_pushlstring(luastate, (char *)buf, input_len); + return 1; +} + +const char *LuaGetStringArgument(lua_State *luastate, int argc) +{ + /* get argument */ + if (!lua_isstring(luastate, argc)) + return NULL; + const char *str = lua_tostring(luastate, 1); + if (str == NULL) + return NULL; + if (strlen(str) == 0) + return NULL; + return str; +} + +static int HttpGetRequestUriRaw(lua_State *luastate) +{ + htp_tx_t *tx = LuaStateGetTX(luastate); + if (tx == NULL) + return LuaCallbackError(luastate, "internal error: no tx"); + + return LuaReturnStringBuffer(luastate, + bstr_ptr(tx->request_uri), bstr_len(tx->request_uri)); +} + +static int HttpGetRequestUriNormalized(lua_State *luastate) +{ + htp_tx_t *tx = LuaStateGetTX(luastate); + if (tx == NULL) + return LuaCallbackError(luastate, "internal error: no tx"); + + HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); + if (htud == NULL) + return LuaCallbackError(luastate, "no htud in tx"); + + if (htud->request_uri_normalized == NULL || + bstr_ptr(htud->request_uri_normalized) == NULL || + bstr_len(htud->request_uri_normalized) == 0) + return LuaCallbackError(luastate, "no normalized uri"); + + return LuaReturnStringBuffer(luastate, + bstr_ptr(htud->request_uri_normalized), + bstr_len(htud->request_uri_normalized)); +} + +static int HttpGetRequestLine(lua_State *luastate) +{ + htp_tx_t *tx = LuaStateGetTX(luastate); + if (tx == NULL) + return LuaCallbackError(luastate, "internal error: no tx"); + + if (tx->request_line == NULL) + return LuaCallbackError(luastate, "no request_line"); + + return LuaReturnStringBuffer(luastate, + bstr_ptr(tx->request_line), bstr_len(tx->request_line)); +} + +static int HttpGetResponseLine(lua_State *luastate) +{ + htp_tx_t *tx = LuaStateGetTX(luastate); + if (tx == NULL) + return LuaCallbackError(luastate, "internal error: no tx"); + + if (tx->response_line == NULL) + return LuaCallbackError(luastate, "no response_line"); + + return LuaReturnStringBuffer(luastate, + bstr_ptr(tx->response_line), bstr_len(tx->response_line)); +} + +static int HttpGetHeader(lua_State *luastate, int dir) +{ + htp_tx_t *tx = LuaStateGetTX(luastate); + if (tx == NULL) + return LuaCallbackError(luastate, "internal error: no tx"); + + const char *name = LuaGetStringArgument(luastate, 1); + if (name == NULL) + return LuaCallbackError(luastate, "1st argument missing, empty or wrong type"); + + htp_table_t *headers = tx->request_headers; + if (dir == 1) + headers = tx->response_headers; + if (headers == NULL) + return LuaCallbackError(luastate, "tx has no headers"); + + htp_header_t *h = (htp_header_t *)htp_table_get_c(headers, name); + if (h == NULL || bstr_len(h->value) == 0) + return LuaCallbackError(luastate, "header not found"); + + return LuaReturnStringBuffer(luastate, + bstr_ptr(h->value), bstr_len(h->value)); +} + +static int HttpGetRequestHeader(lua_State *luastate) +{ + return HttpGetHeader(luastate, 0 /* request */); +} + +static int HttpGetResponseHeader(lua_State *luastate) +{ + return HttpGetHeader(luastate, 1 /* response */); +} + +static int HttpGetRawHeaders(lua_State *luastate, int dir) +{ + htp_tx_t *tx = LuaStateGetTX(luastate); + if (tx == NULL) + return LuaCallbackError(luastate, "internal error: no tx"); + + HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx); + if (htud == NULL) + return LuaCallbackError(luastate, "no htud in tx"); + + uint8_t *raw = htud->request_headers_raw; + uint32_t raw_len = htud->request_headers_raw_len; + if (dir == 1) { + raw = htud->response_headers_raw; + raw_len = htud->response_headers_raw_len; + } + + if (raw == NULL || raw_len == 0) + return LuaCallbackError(luastate, "no raw headers"); + + return LuaReturnStringBuffer(luastate, raw, raw_len); +} + +static int HttpGetRawRequestHeaders(lua_State *luastate) +{ + return HttpGetRawHeaders(luastate, 0); +} + +static int HttpGetRawResponseHeaders(lua_State *luastate) +{ + return HttpGetRawHeaders(luastate, 1); +} + + +static int HttpGetHeaders(lua_State *luastate, int dir) +{ + htp_tx_t *tx = LuaStateGetTX(luastate); + if (tx == NULL) + return LuaCallbackError(luastate, "internal error: no tx"); + + htp_table_t *table = tx->request_headers; + if (dir == 1) + table = tx->response_headers; + if (tx->request_headers == NULL) + return LuaCallbackError(luastate, "no headers"); + + lua_newtable(luastate); + htp_header_t *h = NULL; + size_t i = 0; + size_t no_of_headers = htp_table_size(table); + for (; i < no_of_headers; i++) { + h = htp_table_get_index(table, i, NULL); + LuaReturnStringBuffer(luastate, bstr_ptr(h->name), bstr_len(h->name)); + LuaReturnStringBuffer(luastate, bstr_ptr(h->value), bstr_len(h->value)); + lua_settable(luastate, -3); + } + return 1; +} + +/** \brief return request headers as lua table */ +static int HttpGetRequestHeaders(lua_State *luastate) +{ + return HttpGetHeaders(luastate, 0); +} + +/** \brief return response headers as lua table */ +static int HttpGetResponseHeaders(lua_State *luastate) +{ + return HttpGetHeaders(luastate, 1); +} + +/** \brief register http lua extensions in a luastate */ +int LogLuaRegisterHttpFunctions(lua_State *luastate) +{ + /* registration of the callbacks */ + lua_pushcfunction(luastate, HttpGetRequestHeader); + lua_setglobal(luastate, "HttpGetRequestHeader"); + lua_pushcfunction(luastate, HttpGetResponseHeader); + lua_setglobal(luastate, "HttpGetResponseHeader"); + lua_pushcfunction(luastate, HttpGetRequestLine); + lua_setglobal(luastate, "HttpGetRequestLine"); + lua_pushcfunction(luastate, HttpGetResponseLine); + lua_setglobal(luastate, "HttpGetResponseLine"); + lua_pushcfunction(luastate, HttpGetRawRequestHeaders); + lua_setglobal(luastate, "HttpGetRawRequestHeaders"); + lua_pushcfunction(luastate, HttpGetRawResponseHeaders); + lua_setglobal(luastate, "HttpGetRawResponseHeaders"); + lua_pushcfunction(luastate, HttpGetRequestUriRaw); + lua_setglobal(luastate, "HttpGetRequestUriRaw"); + lua_pushcfunction(luastate, HttpGetRequestUriNormalized); + lua_setglobal(luastate, "HttpGetRequestUriNormalized"); + lua_pushcfunction(luastate, HttpGetRequestHeaders); + lua_setglobal(luastate, "HttpGetRequestHeaders"); + lua_pushcfunction(luastate, HttpGetResponseHeaders); + lua_setglobal(luastate, "HttpGetResponseHeaders"); + return 0; +} + +#endif /* HAVE_LUA */ diff --git a/src/output-lua-http.h b/src/output-lua-http.h new file mode 100644 index 0000000000..5778476bb8 --- /dev/null +++ b/src/output-lua-http.h @@ -0,0 +1,33 @@ +/* Copyright (C) 2014 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + */ + +#ifndef __OUTPUT_LUA_HTTP_H__ +#define __OUTPUT_LUA_HTTP_H__ + +#ifdef HAVE_LUA + +int LogLuaRegisterHttpFunctions(lua_State *luastate); + +#endif /* HAVE_LUA */ + +#endif /* __OUTPUT_LUA_HTTP_H__ */ diff --git a/src/output-lua.c b/src/output-lua.c new file mode 100644 index 0000000000..f166113cda --- /dev/null +++ b/src/output-lua.c @@ -0,0 +1,475 @@ +/* Copyright (C) 2014 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + * + */ + +#include "suricata-common.h" +#include "debug.h" +#include "detect.h" +#include "pkt-var.h" +#include "conf.h" + +#include "threads.h" +#include "threadvars.h" +#include "tm-threads.h" + +#include "util-print.h" +#include "util-unittest.h" + +#include "util-debug.h" + +#include "output.h" +#include "app-layer-htp.h" +#include "app-layer.h" +#include "app-layer-parser.h" +#include "util-privs.h" +#include "util-buffer.h" +#include "util-proto-name.h" +#include "util-logopenfile.h" +#include "util-time.h" + +#ifdef HAVE_LUA + +#include +#include +#include + +#include "output-lua-http.h" + +#define MODULE_NAME "LuaLog" + +typedef struct LogLuaCtx_ { + SCMutex m; + lua_State *luastate; + int deinit_once; +} LogLuaCtx; + +typedef struct LogLuaThreadCtx_ { + LogLuaCtx *lua_ctx; +} LogLuaThreadCtx; + +const char lualog_ext_key_tx[] = "suricata:lualog:tx:ptr"; + +static int LuaTxLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id) +{ + SCEnter(); + + LogLuaThreadCtx *td = (LogLuaThreadCtx *)thread_data; + + SCMutexLock(&td->lua_ctx->m); + + /* we need the tx in our callbacks */ + lua_pushlightuserdata(td->lua_ctx->luastate, (void *)&lualog_ext_key_tx); + lua_pushlightuserdata(td->lua_ctx->luastate, (void *)txptr); + lua_settable(td->lua_ctx->luastate, LUA_REGISTRYINDEX); + + /* prepare data to pass to script */ + lua_getglobal(td->lua_ctx->luastate, "log"); + lua_newtable(td->lua_ctx->luastate); /* stack at -1 */ + lua_pushliteral (td->lua_ctx->luastate, "tx_id"); /* stack at -2 */ + lua_pushnumber (td->lua_ctx->luastate, (int)(tx_id)); + lua_settable(td->lua_ctx->luastate, -3); + + int retval = lua_pcall(td->lua_ctx->luastate, 1, 0, 0); + if (retval != 0) { + SCLogInfo("failed to run script: %s", lua_tostring(td->lua_ctx->luastate, -1)); + } + + SCMutexUnlock(&td->lua_ctx->m); + SCReturnInt(0); +} + +/** \brief dump stack from lua state to screen */ +void LuaPrintStack(lua_State *state) { + int size = lua_gettop(state); + int i; + + for (i = 1; i <= size; i++) { + int type = lua_type(state, i); + printf("Stack size=%d, level=%d, type=%d, ", size, i, type); + + switch (type) { + case LUA_TFUNCTION: + printf("function %s", lua_tostring(state, i) ? "true" : "false"); + break; + case LUA_TBOOLEAN: + printf("bool %s", lua_toboolean(state, i) ? "true" : "false"); + break; + case LUA_TNUMBER: + printf("number %g", lua_tonumber(state, i)); + break; + case LUA_TSTRING: + printf("string `%s'", lua_tostring(state, i)); + break; + case LUA_TTABLE: + printf("table `%s'", lua_tostring(state, i)); + break; + default: + printf("other %s", lua_typename(state, type)); + break; + + } + printf("\n"); + } +} + +/** \brief load and evaluate the script + * + * This function parses the script, checks if all the required functions + * are defined and runs the 'init' function. The init function will inform + * us what the scripts needs are. + */ +static int LuaScriptInit(const char *filename) { + int status; +// AppProto alproto = ALPROTO_UNKNOWN; + + lua_State *luastate = luaL_newstate(); + if (luastate == NULL) + goto error; + luaL_openlibs(luastate); + + /* hackish, needed to allow unittests to pass buffers as scripts instead of files */ +#if 0//def UNITTESTS + if (ut_script != NULL) { + status = luaL_loadbuffer(luastate, ut_script, strlen(ut_script), "unittest"); + if (status) { + SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't load file: %s", lua_tostring(luastate, -1)); + goto error; + } + } else { +#endif + status = luaL_loadfile(luastate, filename); + if (status) { + SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't load file: %s", lua_tostring(luastate, -1)); + goto error; + } +#if 0//def UNITTESTS + } +#endif + + /* prime the script (or something) */ + if (lua_pcall(luastate, 0, 0, 0) != 0) { + SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't prime file: %s", lua_tostring(luastate, -1)); + goto error; + } + + lua_getglobal(luastate, "init"); + if (lua_type(luastate, -1) != LUA_TFUNCTION) { + SCLogError(SC_ERR_LUAJIT_ERROR, "no init function in script"); + goto error; + } + + lua_newtable(luastate); /* stack at -1 */ + if (lua_gettop(luastate) == 0 || lua_type(luastate, 2) != LUA_TTABLE) { + SCLogError(SC_ERR_LUAJIT_ERROR, "no table setup"); + goto error; + } + + lua_pushliteral(luastate, "script_api_ver"); /* stack at -2 */ + lua_pushnumber (luastate, 1); /* stack at -3 */ + lua_settable(luastate, -3); + + if (lua_pcall(luastate, 1, 1, 0) != 0) { + SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't run script 'init' function: %s", lua_tostring(luastate, -1)); + goto error; + } + + /* process returns from script */ + if (lua_gettop(luastate) == 0) { + SCLogError(SC_ERR_LUAJIT_ERROR, "init function in script should return table, nothing returned"); + goto error; + } + if (lua_type(luastate, 1) != LUA_TTABLE) { + SCLogError(SC_ERR_LUAJIT_ERROR, "init function in script should return table, returned is not table"); + goto error; + } + + lua_pushnil(luastate); + const char *k, *v; + while (lua_next(luastate, -2)) { + k = lua_tostring(luastate, -2); + if (k == NULL) + continue; + + v = lua_tostring(luastate, -1); + lua_pop(luastate, 1); + if (v == NULL) + continue; + + SCLogDebug("k='%s', v='%s'", k, v); + +// if (strcmp(k,"protocol") == 0 && strcmp(v, "http") == 0) +// alproto = ALPROTO_HTTP; + } + //SCLogInfo("alproto %u", alproto); + + lua_getglobal(luastate, "setup"); + if (lua_type(luastate, -1) != LUA_TFUNCTION) { + SCLogError(SC_ERR_LUAJIT_ERROR, "no setup function in script"); + goto error; + } + + lua_getglobal(luastate, "log"); + if (lua_type(luastate, -1) != LUA_TFUNCTION) { + SCLogError(SC_ERR_LUAJIT_ERROR, "no log function in script"); + goto error; + } + + lua_getglobal(luastate, "deinit"); + if (lua_type(luastate, -1) != LUA_TFUNCTION) { + SCLogError(SC_ERR_LUAJIT_ERROR, "no deinit function in script"); + goto error; + } + + /* pop the table */ + lua_pop(luastate, 1); + lua_close(luastate); + return 0; +error: + lua_close(luastate); + return -1; +} + +/** \brief setup a luastate for use at runtime + * + * This loads the script, primes it and then runs the 'setup' function. + */ +static lua_State *LuaScriptSetup(const char *filename) +{ + lua_State *luastate = luaL_newstate(); + if (luastate == NULL) { + SCLogError(SC_ERR_LUAJIT_ERROR, "luaL_newstate failed"); + goto error; + } + + luaL_openlibs(luastate); + + int status; + /* hackish, needed to allow unittests to pass buffers as scripts instead of files */ +#if 0//def UNITTESTS + if (ut_script != NULL) { + status = luaL_loadbuffer(t->luastate, ut_script, strlen(ut_script), "unittest"); + if (status) { + SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't load file: %s", lua_tostring(t->luastate, -1)); + goto error; + } + } else { +#endif + status = luaL_loadfile(luastate, filename); + if (status) { + SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't load file: %s", lua_tostring(luastate, -1)); + goto error; + } +#if 0//def UNITTESTS + } +#endif + + /* prime the script (or something) */ + if (lua_pcall(luastate, 0, 0, 0) != 0) { + SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't prime file: %s", lua_tostring(luastate, -1)); + goto error; + } + + lua_getglobal(luastate, "setup"); + if (lua_type(luastate, -1) != LUA_TFUNCTION) { + SCLogError(SC_ERR_LUAJIT_ERROR, "no init function in script"); + goto error; + } + + //LuaPrintStack(luastate); + if (lua_pcall(luastate, 0, 0, 0) != 0) { + SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't run script 'setup' function: %s", lua_tostring(luastate, -1)); + goto error; + } + //LuaPrintStack(luastate); + + if (1) { //http + if (LogLuaRegisterHttpFunctions(luastate) != 0) + SCLogInfo("boooh!"); + } + + SCLogDebug("lua_State %p is set up", luastate); + return luastate; +error: + lua_close(luastate); + return NULL; +} + +static OutputCtx *OutputLuaLogInitSub(ConfNode *conf, OutputCtx *parent_ctx) +{ + if (conf == NULL) + return NULL; + + LogLuaCtx *lua_ctx = SCMalloc(sizeof(LogLuaCtx)); + if (unlikely(lua_ctx == NULL)) + return NULL; + memset(lua_ctx, 0x00, sizeof(*lua_ctx)); + + OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); + if (unlikely(output_ctx == NULL)) { + SCFree(lua_ctx); + return NULL; + } + + SCMutexInit(&lua_ctx->m, NULL); + + // SCLogInfo("script %s", conf->val); + + SCMutexLock(&lua_ctx->m); + lua_ctx->luastate = LuaScriptSetup(conf->val); + SCMutexUnlock(&lua_ctx->m); + if (lua_ctx->luastate == NULL) + goto error; + + SCLogDebug("lua_ctx %p", lua_ctx); + + output_ctx->data = lua_ctx; + output_ctx->DeInit = NULL; + + return output_ctx; +error: + SCMutexDestroy(&lua_ctx->m); + SCFree(lua_ctx); + SCFree(output_ctx); + return NULL; +} + +static OutputCtx *OutputLuaLogInit(ConfNode *conf) +{ + ConfNode *scripts = ConfNodeLookupChild(conf, "scripts"); + if (scripts == NULL) { + /* No "outputs" section in the configuration. */ + SCLogInfo("scripts not defined"); + return NULL; + } + + OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); + if (unlikely(output_ctx == NULL)) { + return NULL; + } + TAILQ_INIT(&output_ctx->submodules); + + ConfNode *script; + TAILQ_FOREACH(script, &scripts->head, next) { + SCLogInfo("script %s", script->val); + + int r = LuaScriptInit(script->val); + if (r != 0) { + SCLogInfo("script init failed (%d)", r); + continue; + } + + + OutputModule *om = SCCalloc(1, sizeof(*om)); + BUG_ON(om == NULL); //TODO + + if (1) { // TODO, logger type selection logic + om->TxLogFunc = LuaTxLogger; + om->alproto = ALPROTO_HTTP; + om->name = MODULE_NAME; + om->conf_name = script->val; + om->InitSubFunc = OutputLuaLogInitSub; + TAILQ_INSERT_TAIL(&output_ctx->submodules, om, entries); + } + } + + return output_ctx; +} + +static void OutputLuaLogDoDeinit(LogLuaCtx *lua_ctx) +{ + lua_State *luastate = lua_ctx->luastate; + + lua_getglobal(luastate, "deinit"); + if (lua_type(luastate, -1) != LUA_TFUNCTION) { + SCLogError(SC_ERR_LUAJIT_ERROR, "no deinit function in script"); + return; + } + //LuaPrintStack(luastate); + + if (lua_pcall(luastate, 0, 0, 0) != 0) { + SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't run script 'deinit' function: %s", lua_tostring(luastate, -1)); + return; + } +} + +static TmEcode LuaLogThreadInit(ThreadVars *t, void *initdata, void **data) +{ + LogLuaThreadCtx *td = SCMalloc(sizeof(*td)); + if (unlikely(td == NULL)) + return TM_ECODE_FAILED; + memset(td, 0, sizeof(*td)); + + if (initdata == NULL) { + SCLogDebug("Error getting context for LuaLog. \"initdata\" argument NULL"); + SCFree(td); + return TM_ECODE_FAILED; + } + + LogLuaCtx *lua_ctx = ((OutputCtx *)initdata)->data; + SCLogDebug("lua_ctx %p", lua_ctx); + td->lua_ctx = lua_ctx; + *data = (void *)td; + return TM_ECODE_OK; +} + +static TmEcode LuaLogThreadDeinit(ThreadVars *t, void *data) +{ + LogLuaThreadCtx *td = (LogLuaThreadCtx *)data; + if (td == NULL) { + return TM_ECODE_OK; + } + + SCMutexLock(&td->lua_ctx->m); + if (td->lua_ctx->deinit_once == 0) { + OutputLuaLogDoDeinit(td->lua_ctx); + td->lua_ctx->deinit_once = 1; + } + SCMutexUnlock(&td->lua_ctx->m); + + /* clear memory */ + memset(td, 0, sizeof(*td)); + + SCFree(td); + return TM_ECODE_OK; +} + +void TmModuleLuaLogRegister (void) { + tmm_modules[TMM_LUALOG].name = MODULE_NAME; + tmm_modules[TMM_LUALOG].ThreadInit = LuaLogThreadInit; + tmm_modules[TMM_LUALOG].ThreadDeinit = LuaLogThreadDeinit; + tmm_modules[TMM_LUALOG].RegisterTests = NULL; + tmm_modules[TMM_LUALOG].cap_flags = 0; + tmm_modules[TMM_LUALOG].flags = TM_FLAG_LOGAPI_TM; + + /* register as separate module */ + OutputRegisterModule(MODULE_NAME, "lua", OutputLuaLogInit); + SCLogInfo("registered"); +} + +#else + +void TmModuleLuaLogRegister (void) { + /* no-op */ +} + +#endif diff --git a/src/output-lua.h b/src/output-lua.h new file mode 100644 index 0000000000..627cdc37a2 --- /dev/null +++ b/src/output-lua.h @@ -0,0 +1,29 @@ +/* Copyright (C) 2014 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien + */ + +#ifndef __OUTPUT_LUA_H__ +#define __OUTPUT_LUA_H__ + +void TmModuleLuaLogRegister (void); + +#endif /* __OUTPUT_LUA_H__ */ diff --git a/src/suricata.c b/src/suricata.c index c90060cb4f..a42e597ed5 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -164,6 +164,8 @@ #include "reputation.h" #include "output.h" +#include "output-lua.h" + #include "output-packet.h" #include "output-tx.h" #include "output-file.h" @@ -850,6 +852,7 @@ void RegisterAllModules() /* respond-reject */ TmModuleRespondRejectRegister(); + TmModuleLuaLogRegister(); /* fast log */ TmModuleAlertFastLogRegister(); /* debug log */ diff --git a/src/tm-modules.c b/src/tm-modules.c index 1a47e35e9b..791938e6b1 100644 --- a/src/tm-modules.c +++ b/src/tm-modules.c @@ -265,6 +265,7 @@ const char * TmModuleTmmIdToString(TmmId id) CASE_CODE (TMM_OUTPUTJSON); CASE_CODE (TMM_FLOWMANAGER); CASE_CODE (TMM_FLOWRECYCLER); + CASE_CODE (TMM_LUALOG); CASE_CODE (TMM_SIZE); } diff --git a/src/tm-threads-common.h b/src/tm-threads-common.h index 43d8a48fd7..867190d745 100644 --- a/src/tm-threads-common.h +++ b/src/tm-threads-common.h @@ -99,6 +99,7 @@ typedef enum { TMM_FLOWMANAGER, TMM_FLOWRECYCLER, + TMM_LUALOG, TMM_SIZE, } TmmId;