Feature #1261
closedRequest for Additional Lua Capabilities
Description
We use the luajit capabilities for various tasks but have hit some limitiations. We’re interesting in making additional data accessible to the Lua scripts.
Some of these features will likely overlap but we would like Lua to have the following features:
1) Access to HTTP header data at the same time as body data. For more information see: https://lists.openinfosecfoundation.org/pipermail/oisf-devel/2013-May/002354.html
2) Access to stream payloads, not just packet payloads. This would be particularly useful for being able to decode emails for scanning purposes.
3) Access to the TCP quad. When extracting payloads (ex: needs["payload"]), Lua does not have access to the TCP/IP information at the same time.
These capabilties will help provide full context for scanning and analysis.
Are these things that the OISF community would be interested in? Has any work been done on this so far, or are there plans for developing any similar capabilities?
Updated by Victor Julien over 10 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 2.1beta2
Some of these things will come through my lua output work, which also includes some improvements to the detection side.
I think it's a good idea to split out the 3 requests into 3 tickets so we can track them separately.
Updated by Victor Julien over 10 years ago
Btw, some of this should now work with: https://github.com/inliniac/suricata/pull/1109
Updated by Paul Gofran over 10 years ago
Updated by Victor Julien about 10 years ago
- Target version changed from 2.1beta2 to 2.1beta3
Updated by Victor Julien about 10 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
I believe (1) is also addressed by the HttpGetRequestBody and HttpGetResponseBody calls.