Project

General

Profile

Actions

Feature #1261

closed

Request for Additional Lua Capabilities

Added by Paul Gofran over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

We use the luajit capabilities for various tasks but have hit some limitiations. We’re interesting in making additional data accessible to the Lua scripts.

Some of these features will likely overlap but we would like Lua to have the following features:
1) Access to HTTP header data at the same time as body data. For more information see: https://lists.openinfosecfoundation.org/pipermail/oisf-devel/2013-May/002354.html
2) Access to stream payloads, not just packet payloads. This would be particularly useful for being able to decode emails for scanning purposes.
3) Access to the TCP quad. When extracting payloads (ex: needs["payload"]), Lua does not have access to the TCP/IP information at the same time.

These capabilties will help provide full context for scanning and analysis.

Are these things that the OISF community would be interested in? Has any work been done on this so far, or are there plans for developing any similar capabilities?

Actions #1

Updated by Victor Julien over 9 years ago

  • Status changed from New to Assigned
  • Assignee set to Victor Julien
  • Target version set to 2.1beta2

Some of these things will come through my lua output work, which also includes some improvements to the detection side.

I think it's a good idea to split out the 3 requests into 3 tickets so we can track them separately.

Actions #2

Updated by Victor Julien over 9 years ago

Btw, some of this should now work with: https://github.com/inliniac/suricata/pull/1109

Actions #3

Updated by Paul Gofran over 9 years ago

Moved #2 and #3 to features #1263 and #1264 respectively.

Actions #4

Updated by Victor Julien over 9 years ago

  • Target version changed from 2.1beta2 to 2.1beta3
Actions #5

Updated by Victor Julien over 9 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

I believe (1) is also addressed by the HttpGetRequestBody and HttpGetResponseBody calls.

Actions

Also available in: Atom PDF