aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

output: Lua HTTP log initial implementation

Browse Source 
Initial version of a HTTP LUA logger. Execute lua scripts from the
Tx-log API.
pull/1112/head
Victor Julien 12 years ago
parent 95e0eae69a
commit db30ed8c3e
8 changed files with 835 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
src/Makefile.am
Unescape Escape View File

@ -226,6 +226,8 @@ output-json-netflow.c output-json-netflow.h \
output-json-http.c output-json-http.h \
output-json-ssh.c output-json-ssh.h \
output-json-tls.c output-json-tls.h \
output-lua.c output-lua.h \
output-lua-http.c output-lua-http.h \
output-packet.c output-packet.h \
output-streaming.c output-streaming.h \
output-tx.c output-tx.h \

291
src/output-lua-http.c
Unescape Escape View File

@ -0,0 +1,291 @@
/* Copyright (C) 2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*
*/
#include "suricata-common.h"
#include "debug.h"
#include "detect.h"
#include "pkt-var.h"
#include "conf.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"
#include "util-print.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "output.h"
#include "app-layer-htp.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "util-privs.h"
#include "util-buffer.h"
#include "util-proto-name.h"
#include "util-logopenfile.h"
#include "util-time.h"
#ifdef HAVE_LUA
#include <lua.h>
#include <lualib.h>
#include <lauxlib.h>
extern const char lualog_ext_key_tx;
static void *LuaStateGetTX(lua_State *luastate)
{
lua_pushlightuserdata(luastate, (void *)&lualog_ext_key_tx);
lua_gettable(luastate, LUA_REGISTRYINDEX);
void *tx = lua_touserdata(luastate, -1);
return tx;
}
static int LuaCallbackError(lua_State *luastate, const char *msg)
{
lua_pushnil(luastate);
lua_pushstring(luastate, msg);
return 2;
}
static int LuaReturnStringBuffer(lua_State *luastate, uint8_t *input, size_t input_len)
{
/* we're using a buffer sized at a multiple of 4 as lua_pushlstring generates
* invalid read errors in valgrind otherwise. Adding in a nul to be sure.
*
* Buffer size = len + 1 (for nul) + whatever makes it a multiple of 4 */
size_t buflen = input_len + 1 + ((input_len + 1) % 4);
uint8_t buf[buflen];
memset(buf, 0x00, buflen);
memcpy(buf, input, input_len);
buf[input_len] = '\0';
/* return value through luastate, as a luastring */
lua_pushlstring(luastate, (char *)buf, input_len);
return 1;
}
const char *LuaGetStringArgument(lua_State *luastate, int argc)
{
/* get argument */
if (!lua_isstring(luastate, argc))
return NULL;
const char *str = lua_tostring(luastate, 1);
if (str == NULL)
return NULL;
if (strlen(str) == 0)
return NULL;
return str;
}
static int HttpGetRequestUriRaw(lua_State *luastate)
{
htp_tx_t *tx = LuaStateGetTX(luastate);
if (tx == NULL)
return LuaCallbackError(luastate, "internal error: no tx");
return LuaReturnStringBuffer(luastate,
bstr_ptr(tx->request_uri), bstr_len(tx->request_uri));
}
static int HttpGetRequestUriNormalized(lua_State *luastate)
{
htp_tx_t *tx = LuaStateGetTX(luastate);
if (tx == NULL)
return LuaCallbackError(luastate, "internal error: no tx");
HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx);
if (htud == NULL)
return LuaCallbackError(luastate, "no htud in tx");
if (htud->request_uri_normalized == NULL ||
bstr_ptr(htud->request_uri_normalized) == NULL ||
bstr_len(htud->request_uri_normalized) == 0)
return LuaCallbackError(luastate, "no normalized uri");
return LuaReturnStringBuffer(luastate,
bstr_ptr(htud->request_uri_normalized),
bstr_len(htud->request_uri_normalized));
}
static int HttpGetRequestLine(lua_State *luastate)
{
htp_tx_t *tx = LuaStateGetTX(luastate);
if (tx == NULL)
return LuaCallbackError(luastate, "internal error: no tx");
if (tx->request_line == NULL)
return LuaCallbackError(luastate, "no request_line");
return LuaReturnStringBuffer(luastate,
bstr_ptr(tx->request_line), bstr_len(tx->request_line));
}
static int HttpGetResponseLine(lua_State *luastate)
{
htp_tx_t *tx = LuaStateGetTX(luastate);
if (tx == NULL)
return LuaCallbackError(luastate, "internal error: no tx");
if (tx->response_line == NULL)
return LuaCallbackError(luastate, "no response_line");
return LuaReturnStringBuffer(luastate,
bstr_ptr(tx->response_line), bstr_len(tx->response_line));
}
static int HttpGetHeader(lua_State *luastate, int dir)
{
htp_tx_t *tx = LuaStateGetTX(luastate);
if (tx == NULL)
return LuaCallbackError(luastate, "internal error: no tx");
const char *name = LuaGetStringArgument(luastate, 1);
if (name == NULL)
return LuaCallbackError(luastate, "1st argument missing, empty or wrong type");
htp_table_t *headers = tx->request_headers;
if (dir == 1)
headers = tx->response_headers;
if (headers == NULL)
return LuaCallbackError(luastate, "tx has no headers");
htp_header_t *h = (htp_header_t *)htp_table_get_c(headers, name);
if (h == NULL || bstr_len(h->value) == 0)
return LuaCallbackError(luastate, "header not found");
return LuaReturnStringBuffer(luastate,
bstr_ptr(h->value), bstr_len(h->value));
}
static int HttpGetRequestHeader(lua_State *luastate)
{
return HttpGetHeader(luastate, 0 /* request */);
}
static int HttpGetResponseHeader(lua_State *luastate)
{
return HttpGetHeader(luastate, 1 /* response */);
}
static int HttpGetRawHeaders(lua_State *luastate, int dir)
{
htp_tx_t *tx = LuaStateGetTX(luastate);
if (tx == NULL)
return LuaCallbackError(luastate, "internal error: no tx");
HtpTxUserData *htud = (HtpTxUserData *) htp_tx_get_user_data(tx);
if (htud == NULL)
return LuaCallbackError(luastate, "no htud in tx");
uint8_t *raw = htud->request_headers_raw;
uint32_t raw_len = htud->request_headers_raw_len;
if (dir == 1) {
raw = htud->response_headers_raw;
raw_len = htud->response_headers_raw_len;
}
if (raw == NULL || raw_len == 0)
return LuaCallbackError(luastate, "no raw headers");
return LuaReturnStringBuffer(luastate, raw, raw_len);
}
static int HttpGetRawRequestHeaders(lua_State *luastate)
{
return HttpGetRawHeaders(luastate, 0);
}
static int HttpGetRawResponseHeaders(lua_State *luastate)
{
return HttpGetRawHeaders(luastate, 1);
}
static int HttpGetHeaders(lua_State *luastate, int dir)
{
htp_tx_t *tx = LuaStateGetTX(luastate);
if (tx == NULL)
return LuaCallbackError(luastate, "internal error: no tx");
htp_table_t *table = tx->request_headers;
if (dir == 1)
table = tx->response_headers;
if (tx->request_headers == NULL)
return LuaCallbackError(luastate, "no headers");
lua_newtable(luastate);
htp_header_t *h = NULL;
size_t i = 0;
size_t no_of_headers = htp_table_size(table);
for (; i < no_of_headers; i++) {
h = htp_table_get_index(table, i, NULL);
LuaReturnStringBuffer(luastate, bstr_ptr(h->name), bstr_len(h->name));
LuaReturnStringBuffer(luastate, bstr_ptr(h->value), bstr_len(h->value));
lua_settable(luastate, -3);
}
return 1;
}
/** \brief return request headers as lua table */
static int HttpGetRequestHeaders(lua_State *luastate)
{
return HttpGetHeaders(luastate, 0);
}
/** \brief return response headers as lua table */
static int HttpGetResponseHeaders(lua_State *luastate)
{
return HttpGetHeaders(luastate, 1);
}
/** \brief register http lua extensions in a luastate */
int LogLuaRegisterHttpFunctions(lua_State *luastate)
{
/* registration of the callbacks */
lua_pushcfunction(luastate, HttpGetRequestHeader);
lua_setglobal(luastate, "HttpGetRequestHeader");
lua_pushcfunction(luastate, HttpGetResponseHeader);
lua_setglobal(luastate, "HttpGetResponseHeader");
lua_pushcfunction(luastate, HttpGetRequestLine);
lua_setglobal(luastate, "HttpGetRequestLine");
lua_pushcfunction(luastate, HttpGetResponseLine);
lua_setglobal(luastate, "HttpGetResponseLine");
lua_pushcfunction(luastate, HttpGetRawRequestHeaders);
lua_setglobal(luastate, "HttpGetRawRequestHeaders");
lua_pushcfunction(luastate, HttpGetRawResponseHeaders);
lua_setglobal(luastate, "HttpGetRawResponseHeaders");
lua_pushcfunction(luastate, HttpGetRequestUriRaw);
lua_setglobal(luastate, "HttpGetRequestUriRaw");
lua_pushcfunction(luastate, HttpGetRequestUriNormalized);
lua_setglobal(luastate, "HttpGetRequestUriNormalized");
lua_pushcfunction(luastate, HttpGetRequestHeaders);
lua_setglobal(luastate, "HttpGetRequestHeaders");
lua_pushcfunction(luastate, HttpGetResponseHeaders);
lua_setglobal(luastate, "HttpGetResponseHeaders");
return 0;
}
#endif /* HAVE_LUA */

33
src/output-lua-http.h
Unescape Escape View File

@ -0,0 +1,33 @@
/* Copyright (C) 2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*/
#ifndef __OUTPUT_LUA_HTTP_H__
#define __OUTPUT_LUA_HTTP_H__
#ifdef HAVE_LUA
int LogLuaRegisterHttpFunctions(lua_State *luastate);
#endif /* HAVE_LUA */
#endif /* __OUTPUT_LUA_HTTP_H__ */

475
src/output-lua.c
Unescape Escape View File

@ -0,0 +1,475 @@
/* Copyright (C) 2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*
*/
#include "suricata-common.h"
#include "debug.h"
#include "detect.h"
#include "pkt-var.h"
#include "conf.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"
#include "util-print.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "output.h"
#include "app-layer-htp.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "util-privs.h"
#include "util-buffer.h"
#include "util-proto-name.h"
#include "util-logopenfile.h"
#include "util-time.h"
#ifdef HAVE_LUA
#include <lua.h>
#include <lualib.h>
#include <lauxlib.h>
#include "output-lua-http.h"
#define MODULE_NAME "LuaLog"
typedef struct LogLuaCtx_ {
SCMutex m;
lua_State *luastate;
int deinit_once;
} LogLuaCtx;
typedef struct LogLuaThreadCtx_ {
LogLuaCtx *lua_ctx;
} LogLuaThreadCtx;
const char lualog_ext_key_tx[] = "suricata:lualog:tx:ptr";
static int LuaTxLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
{
SCEnter();
LogLuaThreadCtx *td = (LogLuaThreadCtx *)thread_data;
SCMutexLock(&td->lua_ctx->m);
/* we need the tx in our callbacks */
lua_pushlightuserdata(td->lua_ctx->luastate, (void *)&lualog_ext_key_tx);
lua_pushlightuserdata(td->lua_ctx->luastate, (void *)txptr);
lua_settable(td->lua_ctx->luastate, LUA_REGISTRYINDEX);
/* prepare data to pass to script */
lua_getglobal(td->lua_ctx->luastate, "log");
lua_newtable(td->lua_ctx->luastate); /* stack at -1 */
lua_pushliteral (td->lua_ctx->luastate, "tx_id"); /* stack at -2 */
lua_pushnumber (td->lua_ctx->luastate, (int)(tx_id));
lua_settable(td->lua_ctx->luastate, -3);
int retval = lua_pcall(td->lua_ctx->luastate, 1, 0, 0);
if (retval != 0) {
SCLogInfo("failed to run script: %s", lua_tostring(td->lua_ctx->luastate, -1));
}
SCMutexUnlock(&td->lua_ctx->m);
SCReturnInt(0);
}
/** \brief dump stack from lua state to screen */
void LuaPrintStack(lua_State *state) {
int size = lua_gettop(state);
int i;
for (i = 1; i <= size; i++) {
int type = lua_type(state, i);
printf("Stack size=%d, level=%d, type=%d, ", size, i, type);
switch (type) {
case LUA_TFUNCTION:
printf("function %s", lua_tostring(state, i) ? "true" : "false");
break;
case LUA_TBOOLEAN:
printf("bool %s", lua_toboolean(state, i) ? "true" : "false");
break;
case LUA_TNUMBER:
printf("number %g", lua_tonumber(state, i));
break;
case LUA_TSTRING:
printf("string `%s'", lua_tostring(state, i));
break;
case LUA_TTABLE:
printf("table `%s'", lua_tostring(state, i));
break;
default:
printf("other %s", lua_typename(state, type));
break;
}
printf("\n");
}
}
/** \brief load and evaluate the script
*
* This function parses the script, checks if all the required functions
* are defined and runs the 'init' function. The init function will inform
* us what the scripts needs are.
*/
static int LuaScriptInit(const char *filename) {
int status;
// AppProto alproto = ALPROTO_UNKNOWN;
lua_State *luastate = luaL_newstate();
if (luastate == NULL)
goto error;
luaL_openlibs(luastate);
/* hackish, needed to allow unittests to pass buffers as scripts instead of files */
#if 0//def UNITTESTS
if (ut_script != NULL) {
status = luaL_loadbuffer(luastate, ut_script, strlen(ut_script), "unittest");
if (status) {
SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't load file: %s", lua_tostring(luastate, -1));
goto error;
}
} else {
#endif
status = luaL_loadfile(luastate, filename);
if (status) {
SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't load file: %s", lua_tostring(luastate, -1));
goto error;
}
#if 0//def UNITTESTS
}
#endif
/* prime the script (or something) */
if (lua_pcall(luastate, 0, 0, 0) != 0) {
SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't prime file: %s", lua_tostring(luastate, -1));
goto error;
}
lua_getglobal(luastate, "init");
if (lua_type(luastate, -1) != LUA_TFUNCTION) {
SCLogError(SC_ERR_LUAJIT_ERROR, "no init function in script");
goto error;
}
lua_newtable(luastate); /* stack at -1 */
if (lua_gettop(luastate) == 0 || lua_type(luastate, 2) != LUA_TTABLE) {
SCLogError(SC_ERR_LUAJIT_ERROR, "no table setup");
goto error;
}
lua_pushliteral(luastate, "script_api_ver"); /* stack at -2 */
lua_pushnumber (luastate, 1); /* stack at -3 */
lua_settable(luastate, -3);
if (lua_pcall(luastate, 1, 1, 0) != 0) {
SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't run script 'init' function: %s", lua_tostring(luastate, -1));
goto error;
}
/* process returns from script */
if (lua_gettop(luastate) == 0) {
SCLogError(SC_ERR_LUAJIT_ERROR, "init function in script should return table, nothing returned");
goto error;
}
if (lua_type(luastate, 1) != LUA_TTABLE) {
SCLogError(SC_ERR_LUAJIT_ERROR, "init function in script should return table, returned is not table");
goto error;
}
lua_pushnil(luastate);
const char *k, *v;
while (lua_next(luastate, -2)) {
k = lua_tostring(luastate, -2);
if (k == NULL)
continue;
v = lua_tostring(luastate, -1);
lua_pop(luastate, 1);
if (v == NULL)
continue;
SCLogDebug("k='%s', v='%s'", k, v);
// if (strcmp(k,"protocol") == 0 && strcmp(v, "http") == 0)
// alproto = ALPROTO_HTTP;
}
//SCLogInfo("alproto %u", alproto);
lua_getglobal(luastate, "setup");
if (lua_type(luastate, -1) != LUA_TFUNCTION) {
SCLogError(SC_ERR_LUAJIT_ERROR, "no setup function in script");
goto error;
}
lua_getglobal(luastate, "log");
if (lua_type(luastate, -1) != LUA_TFUNCTION) {
SCLogError(SC_ERR_LUAJIT_ERROR, "no log function in script");
goto error;
}
lua_getglobal(luastate, "deinit");
if (lua_type(luastate, -1) != LUA_TFUNCTION) {
SCLogError(SC_ERR_LUAJIT_ERROR, "no deinit function in script");
goto error;
}
/* pop the table */
lua_pop(luastate, 1);
lua_close(luastate);
return 0;
error:
lua_close(luastate);
return -1;
}
/** \brief setup a luastate for use at runtime
*
* This loads the script, primes it and then runs the 'setup' function.
*/
static lua_State *LuaScriptSetup(const char *filename)
{
lua_State *luastate = luaL_newstate();
if (luastate == NULL) {
SCLogError(SC_ERR_LUAJIT_ERROR, "luaL_newstate failed");
goto error;
}
luaL_openlibs(luastate);
int status;
/* hackish, needed to allow unittests to pass buffers as scripts instead of files */
#if 0//def UNITTESTS
if (ut_script != NULL) {
status = luaL_loadbuffer(t->luastate, ut_script, strlen(ut_script), "unittest");
if (status) {
SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't load file: %s", lua_tostring(t->luastate, -1));
goto error;
}
} else {
#endif
status = luaL_loadfile(luastate, filename);
if (status) {
SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't load file: %s", lua_tostring(luastate, -1));
goto error;
}
#if 0//def UNITTESTS
}
#endif
/* prime the script (or something) */
if (lua_pcall(luastate, 0, 0, 0) != 0) {
SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't prime file: %s", lua_tostring(luastate, -1));
goto error;
}
lua_getglobal(luastate, "setup");
if (lua_type(luastate, -1) != LUA_TFUNCTION) {
SCLogError(SC_ERR_LUAJIT_ERROR, "no init function in script");
goto error;
}
//LuaPrintStack(luastate);
if (lua_pcall(luastate, 0, 0, 0) != 0) {
SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't run script 'setup' function: %s", lua_tostring(luastate, -1));
goto error;
}
//LuaPrintStack(luastate);
if (1) { //http
if (LogLuaRegisterHttpFunctions(luastate) != 0)
SCLogInfo("boooh!");
}
SCLogDebug("lua_State %p is set up", luastate);
return luastate;
error:
lua_close(luastate);
return NULL;
}
static OutputCtx *OutputLuaLogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
{
if (conf == NULL)
return NULL;
LogLuaCtx *lua_ctx = SCMalloc(sizeof(LogLuaCtx));
if (unlikely(lua_ctx == NULL))
return NULL;
memset(lua_ctx, 0x00, sizeof(*lua_ctx));
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL)) {
SCFree(lua_ctx);
return NULL;
}
SCMutexInit(&lua_ctx->m, NULL);
// SCLogInfo("script %s", conf->val);
SCMutexLock(&lua_ctx->m);
lua_ctx->luastate = LuaScriptSetup(conf->val);
SCMutexUnlock(&lua_ctx->m);
if (lua_ctx->luastate == NULL)
goto error;
SCLogDebug("lua_ctx %p", lua_ctx);
output_ctx->data = lua_ctx;
output_ctx->DeInit = NULL;
return output_ctx;
error:
SCMutexDestroy(&lua_ctx->m);
SCFree(lua_ctx);
SCFree(output_ctx);
return NULL;
}
static OutputCtx *OutputLuaLogInit(ConfNode *conf)
{
ConfNode *scripts = ConfNodeLookupChild(conf, "scripts");
if (scripts == NULL) {
/* No "outputs" section in the configuration. */
SCLogInfo("scripts not defined");
return NULL;
}
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL)) {
return NULL;
}
TAILQ_INIT(&output_ctx->submodules);
ConfNode *script;
TAILQ_FOREACH(script, &scripts->head, next) {
SCLogInfo("script %s", script->val);
int r = LuaScriptInit(script->val);
if (r != 0) {
SCLogInfo("script init failed (%d)", r);
continue;
}
OutputModule *om = SCCalloc(1, sizeof(*om));
BUG_ON(om == NULL); //TODO
if (1) { // TODO, logger type selection logic
om->TxLogFunc = LuaTxLogger;
om->alproto = ALPROTO_HTTP;
om->name = MODULE_NAME;
om->conf_name = script->val;
om->InitSubFunc = OutputLuaLogInitSub;
TAILQ_INSERT_TAIL(&output_ctx->submodules, om, entries);
}
}
return output_ctx;
}
static void OutputLuaLogDoDeinit(LogLuaCtx *lua_ctx)
{
lua_State *luastate = lua_ctx->luastate;
lua_getglobal(luastate, "deinit");
if (lua_type(luastate, -1) != LUA_TFUNCTION) {
SCLogError(SC_ERR_LUAJIT_ERROR, "no deinit function in script");
return;
}
//LuaPrintStack(luastate);
if (lua_pcall(luastate, 0, 0, 0) != 0) {
SCLogError(SC_ERR_LUAJIT_ERROR, "couldn't run script 'deinit' function: %s", lua_tostring(luastate, -1));
return;
}
}
static TmEcode LuaLogThreadInit(ThreadVars *t, void *initdata, void **data)
{
LogLuaThreadCtx *td = SCMalloc(sizeof(*td));
if (unlikely(td == NULL))
return TM_ECODE_FAILED;
memset(td, 0, sizeof(*td));
if (initdata == NULL) {
SCLogDebug("Error getting context for LuaLog. \"initdata\" argument NULL");
SCFree(td);
return TM_ECODE_FAILED;
}
LogLuaCtx *lua_ctx = ((OutputCtx *)initdata)->data;
SCLogDebug("lua_ctx %p", lua_ctx);
td->lua_ctx = lua_ctx;
*data = (void *)td;
return TM_ECODE_OK;
}
static TmEcode LuaLogThreadDeinit(ThreadVars *t, void *data)
{
LogLuaThreadCtx *td = (LogLuaThreadCtx *)data;
if (td == NULL) {
return TM_ECODE_OK;
}
SCMutexLock(&td->lua_ctx->m);
if (td->lua_ctx->deinit_once == 0) {
OutputLuaLogDoDeinit(td->lua_ctx);
td->lua_ctx->deinit_once = 1;
}
SCMutexUnlock(&td->lua_ctx->m);
/* clear memory */
memset(td, 0, sizeof(*td));
SCFree(td);
return TM_ECODE_OK;
}
void TmModuleLuaLogRegister (void) {
tmm_modules[TMM_LUALOG].name = MODULE_NAME;
tmm_modules[TMM_LUALOG].ThreadInit = LuaLogThreadInit;
tmm_modules[TMM_LUALOG].ThreadDeinit = LuaLogThreadDeinit;
tmm_modules[TMM_LUALOG].RegisterTests = NULL;
tmm_modules[TMM_LUALOG].cap_flags = 0;
tmm_modules[TMM_LUALOG].flags = TM_FLAG_LOGAPI_TM;
/* register as separate module */
OutputRegisterModule(MODULE_NAME, "lua", OutputLuaLogInit);
SCLogInfo("registered");
}
#else
void TmModuleLuaLogRegister (void) {
/* no-op */
}
#endif

29
src/output-lua.h
Unescape Escape View File

@ -0,0 +1,29 @@
/* Copyright (C) 2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*/
#ifndef __OUTPUT_LUA_H__
#define __OUTPUT_LUA_H__
void TmModuleLuaLogRegister (void);
#endif /* __OUTPUT_LUA_H__ */

3
src/suricata.c
Unescape Escape View File

@ -164,6 +164,8 @@
#include "reputation.h"
#include "output.h"
#include "output-lua.h"
#include "output-packet.h"
#include "output-tx.h"
#include "output-file.h"
@ -850,6 +852,7 @@ void RegisterAllModules()
/* respond-reject */
TmModuleRespondRejectRegister();
TmModuleLuaLogRegister();
/* fast log */
TmModuleAlertFastLogRegister();
/* debug log */

1
src/tm-modules.c
Unescape Escape View File

@ -265,6 +265,7 @@ const char * TmModuleTmmIdToString(TmmId id)
CASE_CODE (TMM_OUTPUTJSON);
CASE_CODE (TMM_FLOWMANAGER);
CASE_CODE (TMM_FLOWRECYCLER);
CASE_CODE (TMM_LUALOG);
CASE_CODE (TMM_SIZE);
}

1
src/tm-threads-common.h
Unescape Escape View File

@ -99,6 +99,7 @@ typedef enum {
TMM_FLOWMANAGER,
TMM_FLOWRECYCLER,
TMM_LUALOG,
TMM_SIZE,
} TmmId;

Write Preview
Loading…
Cancel
Save