suricata
util-lua-rule.c
Go to the documentation of this file.
1/* Copyright (C) 2025 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18#include "suricata-common.h"
19#include "action-globals.h"
20#include "app-layer.h"
21#include "util-lua-rule.h"
22#include "util-lua-common.h"
23#include "util-lua.h"
24
25#include "lauxlib.h"
26
27static const char suricata_rule_mt[] = "suricata:rule:mt";
28
29static int LuaRuleGetRule(lua_State *L)
30{
32 const Signature *s = NULL;
33 if (pa != NULL) {
34 s = pa->s;
35 } else {
37 }
38 if (s == NULL) {
39 return LuaCallbackError(L, "internal error: no packet alert or signature");
40 }
41
42 void **p = lua_newuserdata(L, sizeof(*p));
43 if (p == NULL) {
44 return LuaCallbackError(L, "error: failed to allocate user data");
45 }
46 *p = (void *)s;
47
48 luaL_getmetatable(L, suricata_rule_mt);
49 lua_setmetatable(L, -2);
50
51 return 1;
52}
53
54static int LuaRuleGetSid(lua_State *L)
55{
56 void **data = luaL_testudata(L, 1, suricata_rule_mt);
57 if (data == NULL) {
58 lua_pushnil(L);
59 return 1;
60 }
61 const Signature *s = *data;
62 lua_pushinteger(L, s->id);
63 return 1;
64}
65
66static int LuaRuleGetGid(lua_State *L)
67{
68 void **data = luaL_testudata(L, 1, suricata_rule_mt);
69 if (data == NULL) {
70 lua_pushnil(L);
71 return 1;
72 }
73 const Signature *s = *data;
74 lua_pushinteger(L, s->gid);
75 return 1;
76}
77
78static int LuaRuleGetRev(lua_State *L)
79{
80 void **data = luaL_testudata(L, 1, suricata_rule_mt);
81 if (data == NULL) {
82 lua_pushnil(L);
83 return 1;
84 }
85 const Signature *s = *data;
86 lua_pushinteger(L, s->rev);
87 return 1;
88}
89
90static int LuaRuleGetAction(lua_State *L)
91{
92 void **data = luaL_testudata(L, 1, suricata_rule_mt);
93 if (data == NULL) {
94 lua_pushnil(L);
95 return 1;
96 }
97 const Signature *s = *data;
98
99 const char *action = "";
100 if (s->action & ACTION_PASS) {
101 action = "pass";
102 } else if ((s->action & ACTION_REJECT) || (s->action & ACTION_REJECT_BOTH) ||
103 (s->action & ACTION_REJECT_DST)) {
104 action = "reject";
105 } else if (s->action & ACTION_DROP) {
106 action = "drop";
107 } else if (s->action & ACTION_ALERT) {
108 action = "alert";
109 }
110 lua_pushstring(L, action);
111 return 1;
112}
113
114static int LuaRuleGetMsg(lua_State *L)
115{
116 void **data = luaL_testudata(L, 1, suricata_rule_mt);
117 if (data == NULL) {
118 lua_pushnil(L);
119 return 1;
120 }
121 const Signature *s = *data;
122 lua_pushstring(L, s->msg);
123 return 1;
124}
125
126static int LuaRuleGetClassDescription(lua_State *L)
127{
128 void **data = luaL_testudata(L, 1, suricata_rule_mt);
129 if (data == NULL) {
130 lua_pushnil(L);
131 return 1;
132 }
133 const Signature *s = *data;
134 lua_pushstring(L, s->class_msg);
135 return 1;
136}
137
138static int LuaRuleGetPriority(lua_State *L)
139{
140 void **data = luaL_testudata(L, 1, suricata_rule_mt);
141 if (data == NULL) {
142 lua_pushnil(L);
143 return 1;
144 }
145 const Signature *s = *data;
146 lua_pushinteger(L, s->prio);
147 return 1;
148}
149
150static const struct luaL_Reg rulemt[] = {
151 // clang-format off
152 { "action", LuaRuleGetAction },
153 { "class_description", LuaRuleGetClassDescription, },
154 { "gid", LuaRuleGetGid, },
155 { "msg", LuaRuleGetMsg },
156 { "priority", LuaRuleGetPriority },
157 { "rev", LuaRuleGetRev, },
158 { "sid", LuaRuleGetSid, },
159 { NULL, NULL },
160 // clang-format on
161};
162
163static const struct luaL_Reg rulelib[] = {
164 // clang-format off
165 { "get_rule", LuaRuleGetRule, },
166 { NULL, NULL, }
167 // clang-format on
168};
169
171{
172 luaL_newmetatable(L, suricata_rule_mt);
173 lua_pushvalue(L, -1);
174 lua_setfield(L, -2, "__index");
175 luaL_setfuncs(L, rulemt, 0);
176
177 luaL_newlib(L, rulelib);
178
179 return 1;
180}
#define ACTION_REJECT
#define ACTION_PASS
#define ACTION_REJECT_BOTH
#define ACTION_REJECT_DST
#define ACTION_ALERT
#define ACTION_DROP
const struct Signature_ * s
Definition decode.h:252
Signature container.
Definition detect.h:668
uint8_t action
Definition detect.h:683
uint32_t rev
Definition detect.h:715
int prio
Definition detect.h:716
char * class_msg
Definition detect.h:739
uint32_t id
Definition detect.h:713
char * msg
Definition detect.h:736
uint32_t gid
Definition detect.h:714
struct lua_State lua_State
int LuaCallbackError(lua_State *luastate, const char *msg)
int SCLuaLoadRuleLib(lua_State *L)
PacketAlert * LuaStateGetPacketAlert(lua_State *luastate)
get packet alert pointer from the lua state
Definition util-lua.c:191
Signature * LuaStateGetSignature(lua_State *luastate)
get signature pointer from the lua state
Definition util-lua.c:207