data += ntohs(head->len);
break;
}
+ case DNS_RECORD_TYPE_SSHFP:
+ {
+ /* data here should be:
+ * [1 byte algo][1 byte type][var bytes fingerprint]
+ * As we currently can't store each of those in the state,
+ * we just store the raw data an let the output/detect
+ * code figure out what to do with it. */
+
+ DNSStoreAnswerInState(dns_state, list, fqdn, fqdn_len,
+ ntohs(head->type), ntohs(head->class), ntohl(head->ttl),
+ data, ntohs(head->len), ntohs(dns_header->tx_id));
+
+ data += ntohs(head->len);
+ break;
+ }
default: /* unsupported record */
{
DNSStoreAnswerInState(dns_state, list, NULL, 0,
} else {
json_object_set_new(js, "rdata", json_string(""));
}
+ } else if (entry->type == DNS_RECORD_TYPE_SSHFP) {
+ if (entry->data_len > 2) {
+ /* get algo and type */
+ uint8_t algo = *ptr;
+ uint8_t fptype = *(ptr+1);
+
+ /* turn fp raw buffer into a nice :-separate hex string */
+ uint16_t fp_len = (entry->data_len - 2);
+ uint8_t *dptr = ptr+2;
+ uint32_t output_len = fp_len * 2 + 1; // create c-string, so add space for 0.
+ char hexstring[output_len], *p = hexstring;
+ memset(hexstring, 0x00, output_len);
+
+ uint16_t x;
+ for (x = 0; x < fp_len; x++, p += 3) {
+ snprintf(p, 4, x == fp_len - 1 ? "%02x" : "%02x:", dptr[x]);
+ }
+
+ /* wrap the whole thing in it's own structure */
+ json_t *hjs = json_object();
+ if (hjs != NULL) {
+ json_object_set_new(hjs, "fingerprint", json_string(hexstring));
+ json_object_set_new(hjs, "algo", json_integer(algo));
+ json_object_set_new(hjs, "type", json_integer(fptype));
+
+ json_object_set_new(js, "sshfp", hjs);
+ }
+ }
}
}
projects / thirdparty / suricata.git / commitdiff
