Project

General

Profile

Actions

Feature #4775

open

lua: overhaul lua support

Added by Victor Julien about 3 years ago. Updated 6 months ago.

Status:
In Progress
Priority:
High
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Implement https://redmine.openinfosecfoundation.org/issues/3307#note-12:

  • vendor a specific version in
  • disallow modules by default (or at all)
  • do proper sandboxing, both for security and performance
  • enable it by default so rule vendors can rely on it to be there

Subtasks 7 (3 open4 closed)

Feature #1971: lua: make mandatoryClosedOISF DevActions
Feature #2290: lua: use script as transformIn ReviewJeff LucovskyActions
Feature #4776: lua: vendor latest lua stableIn ProgressJason IshActions
Task #6961: lua create: use a rust crate to vendor luaIn ProgressJason IshActions
Feature #4777: lua: implement sandboxingClosedJason IshActions
Feature #6939: lua: incremement stat when a lua rule exhausts its instruction countClosedJason IshActions
Bug #6940: lua: handle errors in lua rulesClosedJason IshActions

Related issues 7 (6 open1 closed)

Related to Suricata - Task #3307: Research: evaluate future of lua support in SuricataNewOISF DevActions
Related to Suricata - Feature #1504: lua: better notification in verbose mode on script errorsNewOISF DevActions
Related to Suricata - Feature #1505: lua: show lua scripts during rule (re)loadingNewOISF DevActions
Related to Suricata - Feature #2871: lua: Exposing byte extract to scriptClosedJeff LucovskyActions
Related to Suricata - Task #6443: Suricon 2023 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #7073: lua: expose hashing functions (md5/sha1/sha256)NewJason IshActions
Related to Suricata - Feature #7074: lua: expose base64 functionsNewJason IshActions
Actions #1

Updated by Victor Julien about 3 years ago

  • Related to Task #3307: Research: evaluate future of lua support in Suricata added
Actions #2

Updated by Victor Julien about 3 years ago

  • Related to Feature #1504: lua: better notification in verbose mode on script errors added
Actions #3

Updated by Victor Julien about 3 years ago

  • Related to Feature #1505: lua: show lua scripts during rule (re)loading added
Actions #4

Updated by Victor Julien about 3 years ago

  • Related to Feature #2871: lua: Exposing byte extract to script added
Actions #5

Updated by Jason Ish about 2 years ago

Neovim has some discussion on why they use Lua 5.1 vs other versions:

https://github.com/neovim/neovim/wiki/FAQ#why-lua-51-instead-of-lua-53

Also, rlua, the previously most popular Lua bindings for Rust started with Lua 5.3 I think. 5.1 came after due to popular demand. mlua, a fork of rlua that seems to be more popular now, and also supports luajit 5.1.

By using one of these crates we can get Lua vendored for free.

Actions #6

Updated by Jason Ish about 1 year ago

  • Assignee set to OISF Dev
Actions #7

Updated by Jason Ish about 1 year ago

  • Related to Task #6443: Suricon 2023 brainstorm added
Actions #8

Updated by Victor Julien about 1 year ago

  • Assignee changed from OISF Dev to Jo Johnson
Actions #9

Updated by Jason Ish 8 months ago

  • Subtask #6939 added
Actions #10

Updated by Jason Ish 8 months ago

  • Subtask #6940 added
Actions #11

Updated by Victor Julien 8 months ago

  • Assignee changed from Jo Johnson to Jason Ish
Actions #12

Updated by Philippe Antoine 8 months ago

  • Target version set to TBD
Actions #13

Updated by Victor Julien 6 months ago

  • Status changed from New to In Progress
Actions #14

Updated by Victor Julien 6 months ago

  • Related to Feature #7073: lua: expose hashing functions (md5/sha1/sha256) added
Actions #15

Updated by Victor Julien 6 months ago

Actions

Also available in: Atom PDF