From 9b840104bd5846b817b824836b34a4f5dc442be6 Mon Sep 17 00:00:00 2001 From: Carl Smith Date: Thu, 17 Nov 2016 16:36:10 +1300 Subject: [PATCH] lua: Make the rule action available to output scripts Useful for those that want to do custom logging from lua --- doc/userguide/lua/lua-functions.rst | 9 +++++++ src/util-lua-common.c | 41 +++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/doc/userguide/lua/lua-functions.rst b/doc/userguide/lua/lua-functions.rst index 60a29ebab5..293b31cd76 100644 --- a/doc/userguide/lua/lua-functions.rst +++ b/doc/userguide/lua/lua-functions.rst @@ -792,6 +792,15 @@ SCRuleIds sid, rev, gid = SCRuleIds() +SCRuleAction +~~~~~~~~~~~~ + +:: + + action = SCRuleAction() + +returns one of 'pass', 'reject', 'drop' or 'alert' + SCRuleMsg ~~~~~~~~~ diff --git a/src/util-lua-common.c b/src/util-lua-common.c index 4d6aa26e75..5ae952501f 100644 --- a/src/util-lua-common.c +++ b/src/util-lua-common.c @@ -576,6 +576,45 @@ static int LuaCallbackRuleIds(lua_State *luastate) return LuaCallbackRuleIdsPushToStackFromPacketAlert(luastate, pa); } +/** \internal + * \brief fill lua stack with alert info + * \param luastate the lua state + * \param pa pointer to packet alert struct + * \retval cnt number of data items placed on the stack + * + * Places: action (string) + */ +static int LuaCallbackRuleActionPushToStackFromPacketAlert( + lua_State *luastate, const PacketAlert *pa) +{ + const char *action = ""; + if (pa->s->action & ACTION_PASS) { + action = "pass"; + } else if ((pa->s->action & ACTION_REJECT) || (pa->s->action & ACTION_REJECT_BOTH) || + (pa->s->action & ACTION_REJECT_DST)) { + action = "reject"; + } else if (pa->s->action & ACTION_DROP) { + action = "drop"; + } else if (pa->s->action & ACTION_ALERT) { + action = "alert"; + } + lua_pushstring(luastate, action); + return 1; +} + +/** \internal + * \brief Wrapper for getting tuple info into a lua script + * \retval cnt number of items placed on the stack + */ +static int LuaCallbackRuleAction(lua_State *luastate) +{ + const PacketAlert *pa = LuaStateGetPacketAlert(luastate); + if (pa == NULL) + return LuaCallbackError(luastate, "internal error: no packet"); + + return LuaCallbackRuleActionPushToStackFromPacketAlert(luastate, pa); +} + /** \internal * \brief fill lua stack with alert info * \param luastate the lua state @@ -908,6 +947,8 @@ int LuaRegisterFunctions(lua_State *luastate) lua_pushcfunction(luastate, LuaCallbackRuleIds); lua_setglobal(luastate, "SCRuleIds"); + lua_pushcfunction(luastate, LuaCallbackRuleAction); + lua_setglobal(luastate, "SCRuleAction"); lua_pushcfunction(luastate, LuaCallbackRuleMsg); lua_setglobal(luastate, "SCRuleMsg"); lua_pushcfunction(luastate, LuaCallbackRuleClass);