--- /dev/null
+DNS
+---
+
+DNS transaction details are exposes to Lua scripts with the
+``suricata.dns`` library, For example::
+
+ local dns = require("suricata.dns")
+
+Setup
+^^^^^
+
+If your purpose is to create a logging script, initialize the buffer as:
+
+::
+
+ function init (args)
+ local needs = {}
+ needs["protocol"] = "dns"
+ return needs
+ end
+
+If you are going to use the script for rule matching, choose one of
+the available DNS buffers listed in :ref:`lua-detection` and follow
+the pattern:
+
+::
+
+ function init (args)
+ local needs = {}
+ needs["dns.rrname"] = tostring(true)
+ return needs
+ end
+
+Transaction
+~~~~~~~~~~~
+
+DNS is transaction based, and the current transaction must be obtained before use::
+
+ local tx, err = dns.get_tx()
+ if tx == err then
+ print(err)
+ end
+
+All other functions are methods on the transaction table.
+
+Transaction Methods
+~~~~~~~~~~~~~~~~~~~
+
+``answers()``
+^^^^^^^^^^^^^
+
+Get the ``answers`` response section as a table of tables.
+
+Example::
+
+ local tx = dns.get_tx()
+ local answers = tx:answers()
+ if answers ~= nil then
+ for n, t in pairs(answers) do
+ rrname = t["rrname"]
+ rrtype = t["type"]
+ ttl = t["ttl"]
+
+ print ("ANSWER: " .. ts .. " " .. rrname .. " [**] " .. rrtype .. " [**] " ..
+ ttl .. " [**] " .. srcip .. ":" .. sp .. " -> " ..
+ dstip .. ":" .. dp)
+ end
+ end
+
+``authorities()``
+^^^^^^^^^^^^^^^^^
+
+Get the ``authorities`` response section as a table of tables.
+
+Example::
+
+ local tx = dns.get_tx()
+ local authorities = tx:authorities();
+ if authorities ~= nil then
+ for n, t in pairs(authorities) do
+ rrname = t["rrname"]
+ rrtype = t["type"]
+ ttl = t["ttl"]
+ print ("AUTHORITY: " .. ts .. " " .. rrname .. " [**] " .. rrtype .. " [**] " ..
+ ttl .. " [**] " .. srcip .. ":" .. sp .. " -> " ..
+ dstip .. ":" .. dp)
+ end
+ end
+
+``queries()``
+^^^^^^^^^^^^^
+
+Get the ``queries`` request or response section as a table of tables.
+
+Example::
+
+ local tx = dns.get_tx()
+ local queries = tx:queries();
+ if queries ~= nil then
+ for n, t in pairs(queries) do
+ rrname = t["rrname"]
+ rrtype = t["type"]
+
+ print ("QUERY: " .. ts .. " " .. rrname .. " [**] " .. rrtype .. " [**] " ..
+ "TODO" .. " [**] " .. srcip .. ":" .. sp .. " -> " ..
+ dstip .. ":" .. dp)
+ end
+ end
+
+``rcode()``
+^^^^^^^^^^^
+
+Get the ``rcode`` value as an integer.
+
+Example::
+
+ local tx = dns.get_tx()
+ local rcode = tx:rcode()
+ print (rcode)
+
+``rcode_string()``
+^^^^^^^^^^^^^^^^^^
+
+Get the ``rcode`` value as a string.
+
+Example::
+
+ local tx = dns.get_tx()
+ local rcode_string = tx:rcode_string();
+ print (rcode_string)
+
+``recursion_desired()``
+^^^^^^^^^^^^^^^^^^^^^^^
+
+Return the value of the recursion desired (RD) flag as a boolean.
+
+Example::
+
+ local tx = dns.get_tx()
+ if tx:recursion_desired() == true then
+ print ("RECURSION DESIRED")
+ end
+
+``rrname()``
+^^^^^^^^^^^^
+
+Return the resource name from the first query object.
+
+Example::
+
+ local tx = dns.get_tx()
+ local rrname = tx:rrname()
+ print(rrname)
+
+``txid()``
+^^^^^^^^^^
+
+Return the DNS transaction ID found in the DNS message.
+
+Example::
+
+ local tx = dns.get_tx()
+ local txid = tx:txid()
+ print(txid)
.. toctree::
base64
+ dns
hashlib
packetlib
print(n,v)
end
-DNS
----
-
-If your purpose is to create a logging script, initialize the buffer as:
-
-::
-
- function init (args)
- local needs = {}
- needs["protocol"] = "dns"
- return needs
- end
-
-If you are going to use the script for rule matching, choose one of the available DNS buffers listed in
-:ref:`lua-detection` and follow the pattern:
-
-::
-
- function init (args)
- local needs = {}
- needs["dns.rrname"] = tostring(true)
- return needs
- end
-
-DnsGetQueries
-~~~~~~~~~~~~~
-
-::
-
- dns_query = DnsGetQueries();
- if dns_query ~= nil then
- for n, t in pairs(dns_query) do
- rrname = t["rrname"]
- rrtype = t["type"]
-
- print ("QUERY: " .. ts .. " " .. rrname .. " [**] " .. rrtype .. " [**] " ..
- "TODO" .. " [**] " .. srcip .. ":" .. sp .. " -> " ..
- dstip .. ":" .. dp)
- end
- end
-
-returns a table of tables
-
-DnsGetAnswers
-~~~~~~~~~~~~~
-
-::
-
- dns_answers = DnsGetAnswers();
- if dns_answers ~= nil then
- for n, t in pairs(dns_answers) do
- rrname = t["rrname"]
- rrtype = t["type"]
- ttl = t["ttl"]
-
- print ("ANSWER: " .. ts .. " " .. rrname .. " [**] " .. rrtype .. " [**] " ..
- ttl .. " [**] " .. srcip .. ":" .. sp .. " -> " ..
- dstip .. ":" .. dp)
- end
- end
-
-returns a table of tables
-
-DnsGetAuthorities
-~~~~~~~~~~~~~~~~~
-
-::
-
- dns_auth = DnsGetAuthorities();
- if dns_auth ~= nil then
- for n, t in pairs(dns_auth) do
- rrname = t["rrname"]
- rrtype = t["type"]
- ttl = t["ttl"]
-
- print ("AUTHORITY: " .. ts .. " " .. rrname .. " [**] " .. rrtype .. " [**] " ..
- ttl .. " [**] " .. srcip .. ":" .. sp .. " -> " ..
- dstip .. ":" .. dp)
- end
- end
-
-returns a table of tables
-
-DnsGetRcode
-~~~~~~~~~~~
-
-::
-
- rcode = DnsGetRcode();
- if rcode == nil then
- return 0
- end
- print (rcode)
-
-returns a lua string with the error message, or nil
-
-DnsGetRecursionDesired
-~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
- if DnsGetRecursionDesired() == true then
- print ("RECURSION DESIRED")
- end
-
-returns a bool
-
TLS
---
{
if (!(LuaStateNeedProto(L, ALPROTO_DNS))) {
return LuaCallbackError(L, "error: protocol not dns");
- }
+ }
RSDNSTransaction *tx = LuaStateGetTX(L);
if (tx == NULL) {
return LuaCallbackError(L, "error: no tx available");
- }
+ }
struct LuaTx *ltx = (struct LuaTx *)lua_newuserdata(L, sizeof(*ltx));
if (ltx == NULL) {
return LuaCallbackError(L, "error: fail to allocate user data");
- }
+ }
ltx->tx = tx;
luaL_getmetatable(L, dns_tx);
if (tx == NULL) {
lua_pushnil(L);
return 1;
- }
+ }
return SCDnsLuaGetRrname(L, tx->tx);
-}
+}
static int LuaDnsTxGetTxid(lua_State *L)
{
if (tx == NULL) {
lua_pushnil(L);
return 1;
- }
+ }
return SCDnsLuaGetTxId(L, tx->tx);
}
if (tx == NULL) {
lua_pushnil(L);
return 1;
- }
+ }
return SCDnsLuaGetRcode(L, tx->tx);
}
if (tx == NULL) {
lua_pushnil(L);
return 1;
- }
+ }
return SCDnsLuaGetRcodeString(L, tx->tx);
}
if (tx == NULL) {
lua_pushnil(L);
return 1;
- }
+ }
uint16_t flags = SCDnsTxGetResponseFlags(tx->tx);
int recursion_desired = flags & 0x0080 ? 1 : 0;
lua_pushboolean(L, recursion_desired);
if (tx == NULL) {
lua_pushnil(L);
return 1;
- }
+ }
return SCDnsLuaGetQueryTable(L, tx->tx);
}
if (tx == NULL) {
lua_pushnil(L);
return 1;
- }
+ }
return SCDnsLuaGetAnswerTable(L, tx->tx);
}
if (tx == NULL) {
lua_pushnil(L);
return 1;
- }
+ }
return SCDnsLuaGetAuthorityTable(L, tx->tx);
}
{ "txid", LuaDnsTxGetTxid },
{ NULL, NULL, }
// clang-format on
-};
+};
static const struct luaL_Reg dnslib[] = {
// clang-format off
projects / thirdparty / suricata.git / commitdiff
