dns.h
dns_module.cc
dns_module.h
+ dns_splitter.cc
+ dns_splitter.h
)
if (STATIC_INSPECTORS)
#include "stream/stream.h"
#include "dns_module.h"
+#include "dns_splitter.h"
using namespace snort;
Dns(DnsModule*);
void eval(Packet*) override;
+ StreamSplitter* get_splitter(bool) override;
};
Dns::Dns(DnsModule*)
snort_dns(p);
}
+StreamSplitter* Dns::get_splitter(bool c2s)
+{
+ return new DnsSplitter(c2s);
+}
+
//-------------------------------------------------------------------------
// api stuff
//-------------------------------------------------------------------------
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2021-2021 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// dns_splitter.cc author Brandon Stultz <brastult@cisco.com>
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "dns_splitter.h"
+
+#include <cassert>
+
+using namespace snort;
+
+StreamSplitter::Status DnsSplitter::scan(
+ Packet*, const uint8_t* data, uint32_t len,
+ uint32_t, uint32_t* fp)
+{
+ assert(len > 0);
+
+ if ( partial )
+ {
+ *fp = size + *data + 1;
+ partial = false;
+ return FLUSH;
+ }
+
+ if ( len == 1 )
+ {
+ size = *data << 8;
+ partial = true;
+ return SEARCH;
+ }
+
+ *fp = (*data << 8) + data[1] + 2;
+ return FLUSH;
+}
+
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2021-2021 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// dns_splitter.h author Brandon Stultz <brastult@cisco.com>
+
+#ifndef DNS_SPLITTER_H
+#define DNS_SPLITTER_H
+
+#include "stream/stream_splitter.h"
+
+class DnsSplitter : public snort::StreamSplitter
+{
+public:
+ DnsSplitter(bool c2s) : snort::StreamSplitter(c2s) { }
+
+ Status scan(snort::Packet* p, const uint8_t* data, uint32_t len,
+ uint32_t flags, uint32_t* fp) override;
+
+ bool is_paf() override
+ { return true; }
+
+private:
+ bool partial = false;
+ uint16_t size = 0;
+};
+
+#endif
+
projects / thirdparty / snort3.git / commitdiff
