OISF · victorjulien · Jan 19, 2025 · Jan 19, 2025 · Jan 21, 2025 · Jan 21, 2025
@@ -519,6 +519,7 @@ noinst_HEADERS = \
 	util-lua-hassh.h \
 	util-lua-http.h \
 	util-lua-ja3.h \
+	util-lua-packetlib.h \
 	util-lua-sandbox.h \
 	util-lua-smtp.h \
 	util-lua-ssh.h \
@@ -1071,6 +1072,7 @@ libsuricata_c_a_SOURCES = \
 	util-lua-hassh.c \
 	util-lua-http.c \
 	util-lua-ja3.c \
+	util-lua-packetlib.c \
 	util-lua-sandbox.c \
 	util-lua-smtp.c \
 	util-lua-ssh.c \

@@ -57,6 +57,7 @@
 #include "util-var-name.h"
 
 #include "util-lua.h"
+#include "util-lua-builtins.h"
 #include "util-lua-sandbox.h"
 
 static int DetectLuaMatch (DetectEngineThreadCtx *,
@@ -116,7 +117,6 @@ void DetectLuaRegister(void)
 #define FLAG_DATATYPE_DNS_RRNAME                BIT_U32(15)
 #define FLAG_DATATYPE_DNS_REQUEST               BIT_U32(16)
 #define FLAG_DATATYPE_DNS_RESPONSE              BIT_U32(17)
-#define FLAG_DATATYPE_TLS                       BIT_U32(18)
 #define FLAG_DATATYPE_SSH                       BIT_U32(19)
 #define FLAG_DATATYPE_SMTP                      BIT_U32(20)
 #define FLAG_DATATYPE_DNP3                      BIT_U32(21)
@@ -354,16 +354,6 @@ static int DetectLuaMatch (DetectEngineThreadCtx *det_ctx,
     lua_getglobal(tlua->luastate, "match");
     lua_newtable(tlua->luastate); /* stack at -1 */
 
-    if ((tlua->flags & FLAG_DATATYPE_PAYLOAD) && p->payload_len) {
-        lua_pushliteral(tlua->luastate, "payload"); /* stack at -2 */
-        LuaPushStringBuffer (tlua->luastate, (const uint8_t *)p->payload, (size_t)p->payload_len); /* stack at -3 */
-        lua_settable(tlua->luastate, -3);
-    }
-    if ((tlua->flags & FLAG_DATATYPE_PACKET) && GET_PKT_LEN(p)) {
-        lua_pushliteral(tlua->luastate, "packet"); /* stack at -2 */
-        LuaPushStringBuffer (tlua->luastate, (const uint8_t *)GET_PKT_DATA(p), (size_t)GET_PKT_LEN(p)); /* stack at -3 */
-        lua_settable(tlua->luastate, -3);
-    }
     if (tlua->alproto == ALPROTO_HTTP1) {
         HtpState *htp_state = p->flow->alstate;
         if (htp_state != NULL && htp_state->connp != NULL) {
@@ -485,6 +475,7 @@ static void *DetectLuaThreadInit(void *data)
 
     if (lua->allow_restricted_functions) {
         luaL_openlibs(t->luastate);
+        SCLuaRequirefBuiltIns(t->luastate);
     } else {
         SCLuaSbLoadLibs(t->luastate);
     }
@@ -600,6 +591,7 @@ static int DetectLuaSetupPrime(DetectEngineCtx *de_ctx, DetectLuaData *ld, const
         return -1;
     if (ld->allow_restricted_functions) {
         luaL_openlibs(luastate);
+        SCLuaRequirefBuiltIns(luastate);
     } else {
         SCLuaSbLoadLibs(luastate);
     }
@@ -853,8 +845,6 @@ static int DetectLuaSetupPrime(DetectEngineCtx *de_ctx, DetectLuaData *ld, const
 
             ld->alproto = ALPROTO_TLS;
 
-            ld->flags |= FLAG_DATATYPE_TLS;
-
         } else if (strncmp(k, "ssh", 3) == 0 && strcmp(v, "true") == 0) {
 
             ld->alproto = ALPROTO_SSH;
@@ -901,20 +891,18 @@ static int DetectLuaSetupPrime(DetectEngineCtx *de_ctx, DetectLuaData *ld, const
  */
 static int DetectLuaSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
 {
-    DetectLuaData *lua = NULL;
-
     /* First check if Lua rules are enabled, by default Lua in rules
      * is disabled. */
     int enabled = 0;
     (void)ConfGetBool("security.lua.allow-rules", &enabled);
     if (!enabled) {
         SCLogError("Lua rules disabled by security configuration: security.lua.allow-rules");
-        goto error;
+        return -1;
     }
 
-    lua = DetectLuaParse(de_ctx, str);
+    DetectLuaData *lua = DetectLuaParse(de_ctx, str);
     if (lua == NULL)
-        goto error;
+        return -1;
 
     /* Load lua sandbox configurations */
     intmax_t lua_alloc_limit = DEFAULT_LUA_ALLOC_LIMIT;

@@ -19,12 +19,14 @@
 #include "util-lua-builtins.h"
 #include "util-lua-hashlib.h"
 #include "util-lua-dataset.h"
+#include "util-lua-packetlib.h"
 
 #include "lauxlib.h"
 
 static const luaL_Reg builtins[] = {
     { "suricata.hashlib", SCLuaLoadHashlib },
     { "suricata.dataset", LuaLoadDatasetLib },
+    { "suricata.packet", LuaLoadPacketLib },
     { NULL, NULL },
 };
 

@@ -133,90 +133,6 @@ static int LuaCallbackStreamingBuffer(lua_State *luastate)
     return LuaCallbackStreamingBufferPushToStack(luastate, b);
 }
 
-/** \internal
- *  \brief fill lua stack with payload
- *  \param luastate the lua state
- *  \param p packet
- *  \retval cnt number of data items placed on the stack
- *
- *  Places: payload (string)
- */
-static int LuaCallbackPacketPayloadPushToStackFromPacket(lua_State *luastate, const Packet *p)
-{
-    lua_pushlstring (luastate, (const char *)p->payload, p->payload_len);
-    return 1;
-}
-
-/** \internal
- *  \brief Wrapper for getting payload into a lua script
- *  \retval cnt number of items placed on the stack
- */
-static int LuaCallbackPacketPayload(lua_State *luastate)
-{
-    const Packet *p = LuaStateGetPacket(luastate);
-    if (p == NULL)
-        return LuaCallbackError(luastate, "internal error: no packet");
-
-    return LuaCallbackPacketPayloadPushToStackFromPacket(luastate, p);
-}
-
-/** \internal
- *  \brief fill lua stack with packet timestamp
- *  \param luastate the lua state
- *  \param p packet
- *  \retval cnt number of data items placed on the stack
- *
- *  Places: seconds (number), microseconds (number)
- */
-static int LuaCallbackTimestampPushToStack(lua_State *luastate, const SCTime_t ts)
-{
-    lua_pushnumber(luastate, (double)SCTIME_SECS(ts));
-    lua_pushnumber(luastate, (double)SCTIME_USECS(ts));
-    return 2;
-}
-
-/** \internal
- *  \brief fill lua stack with header info
- *  \param luastate the lua state
- *  \param p packet
- *  \retval cnt number of data items placed on the stack
- *
- *  Places: ts (string)
- */
-static int LuaCallbackTimeStringPushToStackFromPacket(lua_State *luastate, const Packet *p)
-{
-    char timebuf[64];
-    CreateTimeString(p->ts, timebuf, sizeof(timebuf));
-    lua_pushstring (luastate, timebuf);
-    return 1;
-}
-
-/** \internal
- *  \brief Wrapper for getting packet timestamp (as numbers) into a lua script
- *  \retval cnt number of items placed on the stack
- */
-static int LuaCallbackPacketTimestamp(lua_State *luastate)
-{
-    const Packet *p = LuaStateGetPacket(luastate);
-    if (p == NULL)
-        return LuaCallbackError(luastate, "internal error: no packet");
-
-    return LuaCallbackTimestampPushToStack(luastate, p->ts);
-}
-
-/** \internal
- *  \brief Wrapper for getting tuple info into a lua script
- *  \retval cnt number of items placed on the stack
- */
-static int LuaCallbackPacketTimeString(lua_State *luastate)
-{
-    const Packet *p = LuaStateGetPacket(luastate);
-    if (p == NULL)
-        return LuaCallbackError(luastate, "internal error: no packet");
-
-    return LuaCallbackTimeStringPushToStackFromPacket(luastate, p);
-}
-
 /** \internal
  *  \brief fill lua stack with flow timestamps
  *  \param luastate the lua state
@@ -314,69 +230,6 @@ static int LuaCallbackFlowHasAlerts(lua_State *luastate)
     return r;
 }
 
-/** \internal
- *  \brief fill lua stack with header info
- *  \param luastate the lua state
- *  \param p packet
- *  \retval cnt number of data items placed on the stack
- *
- *  Places: ipver (number), src ip (string), dst ip (string), protocol (number),
- *          sp or icmp type (number), dp or icmp code (number).
- */
-static int LuaCallbackTuplePushToStackFromPacket(lua_State *luastate, const Packet *p)
-{
-    int ipver = 0;
-    if (PacketIsIPv4(p)) {
-        ipver = 4;
-    } else if (PacketIsIPv6(p)) {
-        ipver = 6;
-    }
-    lua_pushinteger(luastate, ipver);
-    if (ipver == 0)
-        return 1;
-
-    char srcip[46] = "", dstip[46] = "";
-    if (PacketIsIPv4(p)) {
-        PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
-        PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));
-    } else if (PacketIsIPv6(p)) {
-        PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip));
-        PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip));
-    }
-
-    lua_pushstring (luastate, srcip);
-    lua_pushstring (luastate, dstip);
-
-    /* proto and ports (or type/code) */
-    lua_pushinteger(luastate, p->proto);
-    if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP) {
-        lua_pushinteger(luastate, p->sp);
-        lua_pushinteger(luastate, p->dp);
-
-    } else if (p->proto == IPPROTO_ICMP || p->proto == IPPROTO_ICMPV6) {
-        lua_pushinteger(luastate, p->icmp_s.type);
-        lua_pushinteger(luastate, p->icmp_s.code);
-    } else {
-        lua_pushinteger(luastate, 0);
-        lua_pushinteger(luastate, 0);
-    }
-
-    return 6;
-}
-
-/** \internal
- *  \brief Wrapper for getting tuple info into a lua script
- *  \retval cnt number of items placed on the stack
- */
-static int LuaCallbackTuple(lua_State *luastate)
-{
-    const Packet *p = LuaStateGetPacket(luastate);
-    if (p == NULL)
-        return LuaCallbackError(luastate, "internal error: no packet");
-
-    return LuaCallbackTuplePushToStackFromPacket(luastate, p);
-}
-
 /** \internal
  *  \brief fill lua stack with header info
  *  \param luastate the lua state
@@ -931,15 +784,6 @@ static int LuaCallbackThreadInfo(lua_State *luastate)
 int LuaRegisterFunctions(lua_State *luastate)
 {
     /* registration of the callbacks */
-    lua_pushcfunction(luastate, LuaCallbackPacketPayload);
-    lua_setglobal(luastate, "SCPacketPayload");
-    lua_pushcfunction(luastate, LuaCallbackPacketTimestamp);
-    lua_setglobal(luastate, "SCPacketTimestamp");
-    lua_pushcfunction(luastate, LuaCallbackPacketTimeString);
-    lua_setglobal(luastate, "SCPacketTimeString");
-    lua_pushcfunction(luastate, LuaCallbackTuple);
-    lua_setglobal(luastate, "SCPacketTuple");
-
     lua_pushcfunction(luastate, LuaCallbackFlowTimestamps);
     lua_setglobal(luastate, "SCFlowTimestamps");
     lua_pushcfunction(luastate, LuaCallbackFlowTimeString);