onos commit hash c2999f30c69e50df905a9d175ef80b3f23a98514

Change-Id: I2bb8562c4942b6d6a6d60b663db2e17540477b81
Signed-off-by: Ashlee Young <ashlee@wildernessvoice.com>

1 files changed, 41 insertions, 0 deletions

diff --git a/framework/src/suricata/src/util-lua-tls.c b/framework/src/suricata/src/util-lua-tls.c
index 8816d5d5..5963ac24 100644
--- a/framework/src/suricata/src/util-lua-tls.c
+++ b/framework/src/suricata/src/util-lua-tls.c
@@ -133,12 +133,53 @@ static int TlsGetCertInfo(lua_State *luastate)
     return r;
 }
 
+static int GetSNI(lua_State *luastate, const Flow *f)
+{
+    void *state = FlowGetAppState(f);
+    if (state == NULL)
+        return LuaCallbackError(luastate, "error: no app layer state");
+
+    SSLState *ssl_state = (SSLState *)state;
+
+    if (ssl_state->client_connp.sni == NULL)
+        return LuaCallbackError(luastate, "error: no server name indication");
+
+    return LuaPushStringBuffer(luastate, (uint8_t *)ssl_state->client_connp.sni,
+                               strlen(ssl_state->client_connp.sni));
+}
+
+static int TlsGetSNI(lua_State *luastate)
+{
+    int r;
+
+    if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
+        return LuaCallbackError(luastate, "error: protocol not tls");
+
+    int lock_hint = 0;
+    Flow *f = LuaStateGetFlow(luastate, &lock_hint);
+    if (f == NULL)
+        return LuaCallbackError(luastate, "internal error: no flow");
+
+    if (lock_hint == LUA_FLOW_NOT_LOCKED_BY_PARENT) {
+        FLOWLOCK_RDLOCK(f);
+        r = GetSNI(luastate, f);
+        FLOWLOCK_UNLOCK(f);
+    } else {
+        r = GetSNI(luastate, f);
+    }
+    return r;
+}
+
 /** \brief register tls lua extensions in a luastate */
 int LuaRegisterTlsFunctions(lua_State *luastate)
 {
     /* registration of the callbacks */
     lua_pushcfunction(luastate, TlsGetCertInfo);
     lua_setglobal(luastate, "TlsGetCertInfo");
+
+    lua_pushcfunction(luastate, TlsGetSNI);
+    lua_setglobal(luastate, "TlsGetSNI");
+
     return 0;
 }