detect/lua: add initial suricata.packet lib

Example:

```
local packet = require "suricata.packet"

function init (args)
    local needs = {}
    return needs
end

function match (args)
    p = packet.get()
    payload = p:payload()

    for line in payload:gmatch("([^\r\n]*)[\r\n]+") do
        if line == "GET /index.html HTTP/1.0" then
            SCLogNotice(p:pcap_cnt() .. ": matching line! " .. line)
            return 1
        end
    end

    return 0
end
```

Methods:
`get` creates the packet object.
`payload` returns the packet payload as a buffer
`packet` returns the whole packet (includes headers)
`pcap_cnt` returns the `pcap_cnt` (pcap file mode only)

src/Makefile.am

@@ -515,6 +515,7 @@ noinst_HEADERS = \
 	util-lua-hassh.h \
 	util-lua-http.h \
 	util-lua-ja3.h \
+	util-lua-packet.h \
 	util-lua-sandbox.h \
 	util-lua-smtp.h \
 	util-lua-ssh.h \
@@ -1063,6 +1064,7 @@ libsuricata_c_a_SOURCES = \
 	util-lua-hassh.c \
 	util-lua-http.c \
 	util-lua-ja3.c \
+	util-lua-packet.c \
 	util-lua-sandbox.c \
 	util-lua-smtp.c \
 	util-lua-ssh.c \

src/util-lua-packet.c

@@ -0,0 +1,131 @@
+/* Copyright (C) 2025 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * Packet API for Lua.
+ *
+ * local packet = require("suricata.packet")
+ */
+
+#include "suricata-common.h"
+
+#include "util-lua-packet.h"
+
+#include "app-layer-protos.h" /* Required by util-lua-common. */
+#include "util-lua-common.h"
+#include "util-lua.h"
+#include "util-debug.h"
+
+/* key for p (packet) pointer */
+extern const char lua_ext_key_p[];
+
+struct LuaPacket {
+    Packet *p;
+};
+
+static int LuaPacketGC(lua_State *luastate)
+{
+    SCLogDebug("gc:start");
+    struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1);
+    SCLogDebug("packet %p", s->p);
+    s->p = NULL;
+    SCLogDebug("gc:done");
+    return 0;
+}
+
+static int LuaPacketPayload(lua_State *luastate)
+{
+    struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1);
+    if (s == NULL) {
+        LUA_ERROR("failed to get packet");
+    }
+    if (s->p == NULL) {
+        LUA_ERROR("failed to get packet");
+    }
+
+    LuaPushStringBuffer (luastate, (const uint8_t *)s->p->payload, (size_t)s->p->payload_len); /* stack at -3 */
+    return 1;
+}
+
+static int LuaPacketPacket(lua_State *luastate)
+{
+    struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1);
+    if (s == NULL) {
+        LUA_ERROR("failed to get packet");
+    }
+    if (s->p == NULL) {
+        LUA_ERROR("failed to get packet");
+    }
+
+    LuaPushStringBuffer (luastate, (const uint8_t *)GET_PKT_DATA(s->p), (size_t)GET_PKT_LEN(s->p)); /* stack at -3 */
+    return 1;
+}
+
+static int LuaPacketPcapCnt(lua_State *luastate)
+{
+    struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1);
+    if (s == NULL) {
+        LUA_ERROR("failed to get packet");
+    }
+    if (s->p == NULL) {
+        LUA_ERROR("failed to get packet");
+    }
+
+    lua_pushinteger(luastate, s->p->pcap_cnt);
+    return 1;
+}
+
+static int LuaPacketGet(lua_State *luastate)
+{
+    Packet *p = LuaStateGetPacket(luastate);
+    if (p == NULL) {
+        LUA_ERROR("failed to get packet");
+    }
+
+    SCLogDebug("new:start");
+    struct LuaPacket *s = (struct LuaPacket *)lua_newuserdata(luastate, sizeof(*s));
+    if (s == NULL) {
+        LUA_ERROR("failed to get userdata");
+    }
+    s->p = p;
+    luaL_getmetatable(luastate, "packet::metatable");
+    lua_setmetatable(luastate, -2);
+    SCLogDebug("new:done");
+    return 1;
+}
+
+// clang-format off
+static const luaL_Reg packetlib[] = {
+    { "get", LuaPacketGet },
+    { "packet", LuaPacketPacket },
+    { "payload", LuaPacketPayload },
+    { "pcap_cnt", LuaPacketPcapCnt },
+    { "__gc", LuaPacketGC },
+    { NULL, NULL }
+};
+// clang-format on
+
+void LuaLoadPacketLib(lua_State *luastate)
+{
+    luaL_newmetatable(luastate, "packet::metatable");
+    lua_pushvalue(luastate, -1);
+    lua_setfield(luastate, -2, "__index");
+    luaL_setfuncs(luastate, packetlib, 0);
+    luaL_newlib(luastate, packetlib);
+}

src/util-lua-packet.h

@@ -0,0 +1,25 @@
+/* Copyright (C) 2025 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+#ifndef SURICATA_UTIL_LUA_PACKET_H
+#define SURICATA_UTIL_LUA_PACKET_H
+
+#include "lua.h"
+
+void LuaLoadPacketLib(lua_State *luastate);
+
+#endif /* SURICATA_UTIL_LUA_DATASET_H */

src/util-lua-sandbox.c

@@ -32,6 +32,7 @@
 #include "util-validate.h"
 #include "util-lua-sandbox.h"
 #include "util-lua-dataset.h"
+#include "util-lua-packet.h"
 
 #define SANDBOX_CTX "SANDBOX_CTX"
 
@@ -269,6 +270,11 @@ static int SCLuaSbRequire(lua_State *L)
         return 1;
     }
 
+    if (strcmp(module_name, "suricata.packet") == 0) {
+        LuaLoadPacketLib(L);
+        return 1;
+    }
+
     return luaL_error(L, "Module not found: %s", module_name);
 }