Merge branch 'release/0.3.0'

* release/0.3.0: (67 commits)
  Don't strip haka patch version even if it is 0
  Fix cmake dev warning about link interface on elasticsearch
  Fix valgrind complaint
  Fix module path computation when config is in current directory
  Bump haka version to 0.3.0
  Fix cmake according to CMP0023
  Don't use reserved identifier as stated by C11 7.1.3
  Don't use reserved identifier as stated by C11 7.1.3
  Add color to instruction dump
  Update capstone submodule version to 3.0
  Fix capstone lib build issue
  Update dump instruction parameters
  Avoid compiling capstone if already installed
  Rework instruction disassembly
  Fix test
  Use capstone enum instead of integer values
  Update capstone sources
  Add instructions dump
  Minor cleanup
  Update disassembler module doc
  ...

.gitmodules

@@ -13,3 +13,6 @@
 [submodule "external/breathe"]
 	path = external/breathe
 	url = https://github.com/haka-security/breathe.git
+[submodule "external/capstone/src"]
+	path = external/capstone/src
+	url = https://github.com/haka-security/capstone.git

build/CompareOutput.awk

@@ -36,9 +36,9 @@ $0 ~ /info core: unload module/ {
 
 $0 ~ /^debug packet:/ { next; }
 $0 ~ /^debug pcre:/ { next; }
-$0 ~ /^debug state-machine:/ { next; }
+$0 ~ /^debug states:/ { next; }
 $0 ~ /^debug event: signal/ { next; }
-$0 ~ /^debug timer: / { next; }
+$0 ~ /^debug time: / { next; }
 $0 ~ /^info pcap: progress/ { next; }
 $0 ~ /^debug core: memory report/ { next; }
 
@@ -73,7 +73,7 @@ $0 ~ /^debug lua: closing state$/ {
 	closing = 1;
 }
 
-$0 ~ /^debug cnx: .* connection/ {
+$0 ~ /^debug conn: .* connection/ {
 	if (closing) {
 		print($1 " " $2 " <cleanup> " $4);
 		next;

build/FindLibCapstone.cmake

@@ -0,0 +1,12 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+find_path(LIBCAPSTONE_INCLUDE_DIR capstone.h PATH_SUFFIXES capstone)
+find_library(LIBCAPSTONE_LIBRARY NAMES capstone)
+
+include(FindPackageHandleStandardArgs)
+
+find_package_handle_standard_args(LibCapstone
+	REQUIRED_VARS LIBCAPSTONE_LIBRARY LIBCAPSTONE_INCLUDE_DIR)
+

build/Package.cmake

@@ -12,11 +12,7 @@ set(CPACK_PACKAGE_VERSION_MAJOR ${HAKA_VERSION_MAJOR})
 set(CPACK_PACKAGE_VERSION_MINOR ${HAKA_VERSION_MINOR})
 set(CPACK_PACKAGE_VERSION_PATCH ${HAKA_VERSION_PATCH})
 
-if(${HAKA_VERSION_PATCH} GREATER 0)
-	set(CPACK_PACKAGE_VERSION "${HAKA_VERSION_MAJOR}.${HAKA_VERSION_MINOR}.${HAKA_VERSION_PATCH}${HAKA_VERSION_BUILD}")
-else()
-	set(CPACK_PACKAGE_VERSION "${HAKA_VERSION_MAJOR}.${HAKA_VERSION_MINOR}${HAKA_VERSION_BUILD}")
-endif()
+set(CPACK_PACKAGE_VERSION "${HAKA_VERSION_MAJOR}.${HAKA_VERSION_MINOR}.${HAKA_VERSION_PATCH}${HAKA_VERSION_BUILD}")
 
 string(TOLOWER ${CMAKE_BUILD_TYPE} build)
 set(CPACK_PACKAGE_FULLNAME "${CPACK_PACKAGE_NAME}-${build}-${CMAKE_LUA}")

build/UseCapstone.cmake

@@ -0,0 +1,5 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+include("${PROJECT_SOURCE_DIR}/external/capstone/capstone.cmake")
+

doc/ref/hakamodule.rst

@@ -9,3 +9,4 @@ Haka modules
 
     ../../../modules/misc/geoip/doc/geoip.rst
     ../../../modules/misc/elasticsearch/doc/elasticsearch.rst
+    ../../../modules/misc/asm/doc/asm.rst

doc/ref/log.rst

@@ -8,53 +8,43 @@ Logging
 =======
 
 This section introduces the Haka logging API. The logs are used for various type of
-information about a running Haka.
+information about a running Haka. The API defines various log sections that allows to
+have a fine grained control over information reported.
 
-.. haka:module:: haka.log
+.. haka:module:: haka
 
-.. haka:function:: fatal(module, fmt[, ...])
-                   error(module, fmt[, ...])
-                   warning(module, fmt[, ...])
-                   info(module, fmt[, ...])
-                   debug(module, fmt[, ...])
+.. haka:function:: haka.log.fatal(fmt[, ...])
+                   haka.log.error(fmt[, ...])
+                   haka.log.warning(fmt[, ...])
+                   haka.log.info(fmt[, ...])
+                   haka.log.debug(fmt[, ...])
 
-    :param module: Name of the module issuing the log.
-    :paramtype module: string
     :param fmt: Format string.
     :paramtype fmt: string
     :param ...: Format arguments.
 
-    Log a message in corresponding level.
+    Log a message in corresponding level. This function log to the section named ``'external'``.
 
-.. haka:function:: haka.log(module, fmt[, ...])
+.. haka:function:: haka.log(fmt[, ...])
 
     Alias to :haka:func:`haka.log.info`.
 
-.. haka:function:: message(level, module, fmt[, ...])
 
-    :param level: Level for the log (``'debug'``, ``'info'``, ``'warning'``, ``'error'`` or ``'fatal'``).
-    :paramtype level: string
-    :param module: Name of the module issuing the log.
-    :paramtype module: string
-    :param fmt: Format string.
-    :paramtype fmt: string
-    :param ...: Format arguments.
+Using different log section
+---------------------------
 
-    Log a message.
+.. haka:function:: log_section(name) -> logging
 
-.. haka:function:: setlevel(level[, module])
+    If you want more control, you can define a new section with this function. It will
+    return a tabe without have the same API as the table :haka:func:`haka.log`.
 
-    :param level: Level for the log (``'debug'``, ``'info'``, ``'warning'``, ``'error'`` or ``'fatal'``).
-    :paramtype level: string
-    :param module: Name of the module to modify.
-    :paramtype module: string
-
-    Set the logging level to display. It can be set globally and also manually for
-    each module.
 
 Example
 -------
 
 ::
 
-    haka.log("test", "error in packet %s", pkt)
+    haka.log("error in packet %s", pkt)
+
+    local log = haka.log_section("mysection")
+    log.debug("this is a log")

doc/test/workshop-blurring-the-web-ref.txt

@@ -1,10 +1,10 @@
-debug cnx: opening connection 192.168.10.10:56748 -> 192.168.20.1:80
-debug http: selecting http dissector on flow
-info bluring: received request for / on server
-info bluring: bluring:       bluring response
-info bluring: received request for /twiki/ on server
-info bluring: bluring:       bluring response
-info bluring: received request for /twiki/TWikiDocumentation.html on server
-info bluring: bluring:       bluring response
+debug conn: opening connection 192.168.10.10:56748 -> 192.168.20.1:80
+debug tcp: selecting http dissector on flow
+info external: received request for / on server
+info external: bluring response
+info external: received request for /twiki/ on server
+info external: bluring response
+info external: received request for /twiki/TWikiDocumentation.html on server
+info external: bluring response
 debug lua: closing state
-debug cnx: <cleanup> connection
+debug conn: <cleanup> connection

doc/test/workshop-hellopacket-ref.txt

@@ -1,32 +1,32 @@
-info Hello: packet from 192.168.10.1 to 192.168.10.99
+info external: packet from 192.168.10.1 to 192.168.10.99
 alert: id = = <>
 	severity = low
 	description = packet from 192.168.10.1 to 192.168.10.99
-info Hello: packet from 192.168.10.99 to 192.168.10.1
+info external: packet from 192.168.10.99 to 192.168.10.1
 alert: id = = <>
 	severity = low
 	description = packet from 192.168.10.99 to 192.168.10.1
-info Hello: packet from 192.168.10.1 to 192.168.10.99
+info external: packet from 192.168.10.1 to 192.168.10.99
 alert: id = = <>
 	severity = low
 	description = packet from 192.168.10.1 to 192.168.10.99
-info Hello: packet from 192.168.10.1 to 192.168.10.99
+info external: packet from 192.168.10.1 to 192.168.10.99
 alert: id = = <>
 	severity = low
 	description = packet from 192.168.10.1 to 192.168.10.99
-info Hello: packet from 192.168.10.99 to 192.168.10.1
+info external: packet from 192.168.10.99 to 192.168.10.1
 alert: id = = <>
 	severity = low
 	description = packet from 192.168.10.99 to 192.168.10.1
-info Hello: packet from 192.168.10.1 to 192.168.10.99
+info external: packet from 192.168.10.1 to 192.168.10.99
 alert: id = = <>
 	severity = low
 	description = packet from 192.168.10.1 to 192.168.10.99
-info Hello: packet from 192.168.10.99 to 192.168.10.1
+info external: packet from 192.168.10.99 to 192.168.10.1
 alert: id = = <>
 	severity = low
 	description = packet from 192.168.10.99 to 192.168.10.1
-info Hello: packet from 192.168.10.1 to 192.168.10.99
+info external: packet from 192.168.10.1 to 192.168.10.99
 alert: id = = <>
 	severity = low
 	description = packet from 192.168.10.1 to 192.168.10.99

doc/test/workshop-smtp-mail_content-ref.txt

@@ -1,10 +1,10 @@
-debug cnx: opening connection 192.168.10.10:56704 -> 192.168.20.1:80
-debug cnx: opening connection 192.168.10.10:41155 -> 192.168.20.1:25
-debug smtp: selecting smtp dissector on flow
-debug cnx: closing connection 192.168.10.10:56704 -> 192.168.20.1:80
+debug conn: opening connection 192.168.10.10:56704 -> 192.168.20.1:80
+debug conn: opening connection 192.168.10.10:41155 -> 192.168.20.1:25
+debug tcp: selecting smtp dissector on flow
+debug conn: closing connection 192.168.10.10:56704 -> 192.168.20.1:80
 == Mail Content ==
 BLA BLA BLA ...
 MORE BLA BLA BLA ...
 == End Mail Content ==
 debug lua: closing state
-debug cnx: <cleanup> connection
+debug conn: <cleanup> connection

doc/test/workshop-smtp-spam_filter-ref.txt

@@ -1,10 +1,10 @@
-debug cnx: opening connection 192.168.10.10:56704 -> 192.168.20.1:80
-debug cnx: opening connection 192.168.10.10:41155 -> 192.168.20.1:25
-debug smtp: selecting smtp dissector on flow
+debug conn: opening connection 192.168.10.10:56704 -> 192.168.20.1:80
+debug conn: opening connection 192.168.10.10:41155 -> 192.168.20.1:25
+debug tcp: selecting smtp dissector on flow
 alert: id = = <>
 	severity = low
 	description = forbidden mail domain
-debug cnx: dropping connection 192.168.10.10:41155 -> 192.168.20.1:25
-debug cnx: closing connection 192.168.10.10:56704 -> 192.168.20.1:80
+debug conn: dropping connection 192.168.10.10:41155 -> 192.168.20.1:25
+debug conn: closing connection 192.168.10.10:56704 -> 192.168.20.1:80
 debug lua: closing state
-debug cnx: <cleanup> connection
+debug conn: <cleanup> connection

doc/test/workshop-smtp_final-ref.txt

@@ -1,6 +1,6 @@
-debug cnx: opening connection 192.168.10.10:56704 -> 192.168.20.1:80
-debug cnx: opening connection 192.168.10.10:41155 -> 192.168.20.1:25
-debug smtp: selecting smtp dissector on flow
-debug cnx: closing connection 192.168.10.10:56704 -> 192.168.20.1:80
+debug conn: opening connection 192.168.10.10:56704 -> 192.168.20.1:80
+debug conn: opening connection 192.168.10.10:41155 -> 192.168.20.1:25
+debug tcp: selecting smtp dissector on flow
+debug conn: closing connection 192.168.10.10:56704 -> 192.168.20.1:80
 debug lua: closing state
-debug cnx: <cleanup> connection
+debug conn: <cleanup> connection

doc/test/workshop-smtp_partial-ref.txt

@@ -1,14 +1,14 @@
-debug cnx: opening connection 192.168.10.10:56704 -> 192.168.20.1:80
-debug cnx: opening connection 192.168.10.10:41155 -> 192.168.20.1:25
-debug smtp: selecting smtp dissector on flow
+debug conn: opening connection 192.168.10.10:56704 -> 192.168.20.1:80
+debug conn: opening connection 192.168.10.10:41155 -> 192.168.20.1:25
+debug tcp: selecting smtp dissector on flow
 debug grammar: parse error at byte 0 for field <unknown> in <unknown>: incomplete grammar
 debug grammar: parse error context: 220 metasploitable.localdomain ESMTP Postfix (Ubuntu)\x0d\x0a...
 alert: id = = <>
 	severity = high
 	description = invalid smtp response parse error at byte 0 for field <unknown> in <unknown>: incomplete grammar
-debug cnx: dropping connection 192.168.10.10:41155 -> 192.168.20.1:25
-debug cnx: closing connection 192.168.10.10:56704 -> 192.168.20.1:80
-debug cnx: closing connection 192.168.10.10:41155 -> 192.168.20.1:25
+debug conn: dropping connection 192.168.10.10:41155 -> 192.168.20.1:25
+debug conn: closing connection 192.168.10.10:56704 -> 192.168.20.1:80
+debug conn: closing connection 192.168.10.10:41155 -> 192.168.20.1:25
 alert: id = = <>
 	severity = low
 	description = no connection found for tcp packet

doc/test/workshop-tcpfilter-ref.txt

@@ -1,27 +1,27 @@
-debug cnx: opening connection 192.168.10.1:53684 -> 192.168.20.1:80
-info Filter: Authorizing trafic on port 80
-debug cnx: opening connection 192.168.10.1:53685 -> 192.168.20.1:80
-info Filter: Authorizing trafic on port 80
-debug cnx: opening connection 192.168.10.1:53686 -> 192.168.20.1:80
-info Filter: Authorizing trafic on port 80
-debug cnx: opening connection 192.168.10.1:53687 -> 192.168.20.1:80
-info Filter: Authorizing trafic on port 80
-debug cnx: opening connection 192.168.10.1:53688 -> 192.168.20.1:80
-info Filter: Authorizing trafic on port 80
-debug cnx: opening connection 192.168.10.1:58446 -> 192.168.20.1:21
-info Filter: Trafic not authorized on port 21
-debug cnx: dropping connection 192.168.10.1:58446 -> 192.168.20.1:21
-debug cnx: opening connection 192.168.10.1:58447 -> 192.168.20.1:21
-info Filter: Trafic not authorized on port 21
-debug cnx: dropping connection 192.168.10.1:58447 -> 192.168.20.1:21
-debug cnx: opening connection 192.168.10.1:36780 -> 192.168.20.1:22
-info Filter: Authorizing trafic on port 22
+debug conn: opening connection 192.168.10.1:53684 -> 192.168.20.1:80
+info external: Authorizing trafic on port 80
+debug conn: opening connection 192.168.10.1:53685 -> 192.168.20.1:80
+info external: Authorizing trafic on port 80
+debug conn: opening connection 192.168.10.1:53686 -> 192.168.20.1:80
+info external: Authorizing trafic on port 80
+debug conn: opening connection 192.168.10.1:53687 -> 192.168.20.1:80
+info external: Authorizing trafic on port 80
+debug conn: opening connection 192.168.10.1:53688 -> 192.168.20.1:80
+info external: Authorizing trafic on port 80
+debug conn: opening connection 192.168.10.1:58446 -> 192.168.20.1:21
+info external: Trafic not authorized on port 21
+debug conn: dropping connection 192.168.10.1:58446 -> 192.168.20.1:21
+debug conn: opening connection 192.168.10.1:58447 -> 192.168.20.1:21
+info external: Trafic not authorized on port 21
+debug conn: dropping connection 192.168.10.1:58447 -> 192.168.20.1:21
+debug conn: opening connection 192.168.10.1:36780 -> 192.168.20.1:22
+info external: Authorizing trafic on port 22
 debug lua: closing state
-debug cnx: <cleanup> connection
-debug cnx: <cleanup> connection
-debug cnx: <cleanup> connection
-debug cnx: <cleanup> connection
-debug cnx: <cleanup> connection
-debug cnx: <cleanup> connection
-debug cnx: <cleanup> connection
-debug cnx: <cleanup> connection
+debug conn: <cleanup> connection
+debug conn: <cleanup> connection
+debug conn: <cleanup> connection
+debug conn: <cleanup> connection
+debug conn: <cleanup> connection
+debug conn: <cleanup> connection
+debug conn: <cleanup> connection
+debug conn: <cleanup> connection

doc/user/workshop/blurring-the-web.lua

@@ -19,7 +19,7 @@ haka.rule {
 		request.headers['If-Modified-Since'] = nil
 		request.headers['If-None-Match'] = nil
 
-		haka.log("bluring", "received request for %s on %s", request.uri,
+		haka.log("received request for %s on %s", request.uri,
 			request.headers['Host'])
 	end
 }
@@ -39,7 +39,7 @@ haka.rule{
 	eval = function (flow, iter)
 		local result = regexp:match(iter, true)
 		if result then
-			haka.log("bluring", "bluring response")
+			haka.log("bluring response")
 			result:pos('begin'):insert(haka.vbuffer_from(css))
 		end
 	end

doc/user/workshop/erroneousrule.lua

@@ -16,9 +16,9 @@ haka.rule{
 		-- The next line will generate a lua error:
 		-- there is no 'destport' field. Replace 'destport' by 'dstport'
 		if pkt.destport == 80 or pkt.srcport == 80 then
-			haka.log("Filter", "Authorizing trafic on port 80")
+			haka.log("Authorizing trafic on port 80")
 		else
-			haka.log("Filter", "Trafic not authorized on port %d", pkt.dstport)
+			haka.log("Trafic not authorized on port %d", pkt.dstport)
 			pkt:drop()
 		end
 	end

doc/user/workshop/hellopacket.lua

@@ -20,7 +20,7 @@ haka.rule{
 	eval = function (pkt)
 		-- All fields are accessible through pkt variable.
 		-- See the Haka documentation for a complete list.
-		haka.log("Hello", "packet from %s to %s", pkt.src, pkt.dst)
+		haka.log("packet from %s to %s", pkt.src, pkt.dst)
 
 		haka.alert{
 			description = string.format("packet from %s to %s", pkt.src, pkt.dst),

doc/user/workshop/tcpfilter.lua

@@ -13,9 +13,9 @@ haka.rule{
 	hook = tcp.events.new_connection,
 	eval = function (flow, pkt)
 		if flow.dstport == 22 or flow.dstport == 80 then
-			haka.log("Filter", "Authorizing trafic on port %d", flow.dstport)
+			haka.log("Authorizing trafic on port %d", flow.dstport)
 		else
-			haka.log("Filter", "Trafic not authorized on port %d", flow.dstport)
+			haka.log("Trafic not authorized on port %d", flow.dstport)
 			pkt:drop()
 		end
 	end

external/CMakeLists.txt

@@ -5,3 +5,4 @@
 add_subdirectory("iniparser")
 add_subdirectory("uthash")
 add_subdirectory("luaunit")
+add_subdirectory("capstone")