Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lua packetlib/v2 #12512

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Lua packetlib/v2 #12512

wants to merge 5 commits into from
+300 −174

Conversation

victorjulien
Copy link
Member

@victorjulien
detect/lua: remove unused tls flag
f1775e9
@victorjulien
detect/lua: minor code cleanup
a168a26
@victorjulien
lua: add initial suricata.packet lib
892cac2 
Example:

```
local packet = require "suricata.packet"

function init (args)
    local needs = {}
    return needs
end

function match (args)
    p = packet.get()
    payload = p:payload()
    ts = p:timestring()

    for line in payload:gmatch("([^\r\n]*)[\r\n]+") do
        if line == "GET /index.html HTTP/1.0" then
            ipver, srcip, dstip, proto, sp, dp = p:tuple()
            SCLogNotice(string.format("%s %s->%s %d->%d (pcap_cnt:%d) match! %s", ts, srcip, dstip, sp, dp, p:pcap_cnt(), line));
            return 1
        end
    end

    return 0
end
```

Methods:
`get` creates the packet object.
`payload` returns the packet payload as a buffer
`packet` returns the whole packet (includes headers)
`pcap_cnt` returns the `pcap_cnt` (pcap file mode only)
`tuple` returns various fields: srcip, dstip, proto, sp, dp
`timestamp` returns time as 2 numbers: seconds and microseconds
`timestring` returns a timestamp as a string

Ticket: OISF#7488.
@victorjulien
lua: remove old lua payload/packet calls
307e876 
Moving forward the packetlib is to be used.

Ticket: OISF#7488.
@victorjulien
detect/lua: register built-in libs also for open setup
5f8158e 
Register internal libs for the case where loading external modules is allowed.
@victorjulien victorjulien requested a review from jasonish January 30, 2025 16:25
@victorjulien victorjulien mentioned this pull request Jan 30, 2025
Closed
@codecov Codecov
Copy link

codecov bot commented Jan 30, 2025

Codecov Report

Attention: Patch coverage is 73.38710% with 33 lines in your changes missing coverage. Please review.

Project coverage is 80.57%. Comparing base (cfbf8fd) to head (5f8158e).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #12512   +/-   ##
=======================================
  Coverage   80.56%   80.57%           
=======================================
  Files         925      926    +1     
  Lines      259292   259333   +41     
=======================================
+ Hits       208906   208947   +41     
  Misses      50386    50386
Flag Coverage Δ
fuzzcorpus 56.13% <0.80%> (-0.02%) ⬇️
livemode 19.38% <0.00%> (-0.01%) ⬇️
pcap 44.18% <0.00%> (-0.01%) ⬇️
suricata-verify 63.39% <72.58%> (+<0.01%) ⬆️
unittests 58.42% <0.80%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 24450

jasonish
jasonish reviewed Jan 30, 2025
View reviewed changes
src/util-lua-packetlib.c
}

char timebuf[64];
CreateTimeString(s->p->ts, timebuf, sizeof(timebuf));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think for a new API it would be really nice to generate a stanard timestring.. So instead of

YYYY/MM/DD-HH:mm:ss.ssssss

we should do:

YYYY-MM-DDTHH:mm:ss.ssssssZ

If needed, add a _legacy variant for the old one. Or timestamp_rfc3339 for this new one, and some other specifier for the legacy format?

jasonish
jasonish reviewed Jan 30, 2025
View reviewed changes
src/util-lua-packetlib.c
Comment on lines +234 to +254
static const luaL_Reg packetlib[] = {
// clang-format off
{ "get", LuaPacketGet },
{ NULL, NULL }
// clang-format on
};

static const luaL_Reg packetlib_meta[] = {
// clang-format off
{ "packet", LuaPacketPacket },
{ "payload", LuaPacketPayload },
{ "pcap_cnt", LuaPacketPcapCnt },
{ "timestring", LuaPacketTimestring },
{ "timestamp", LuaPacketTimestamp },
{ "tuple", LuaPacketTuple },
{ "sp", LuaPacketSport },
{ "dp", LuaPacketDport },
{ "__gc", LuaPacketGC },
{ NULL, NULL }
// clang-format on
};
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise API looks OK to me. Time for docs :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@victorjulien @suricata-qa @jasonish