return ALPROTO_DNS;
}
+/**
+ * \brief Probing parser for TCP DNS responses.
+ *
+ * This is a minimal parser that just checks that the input contains enough
+ * data for a TCP DNS response.
+ */
+static uint16_t DNSTcpProbeResponse(uint8_t *input, uint32_t len,
+ uint32_t *offset)
+{
+ if (len == 0 || len < sizeof(DNSTcpHeader)) {
+ return ALPROTO_UNKNOWN;
+ }
+
+ DNSTcpHeader *dns_header = (DNSTcpHeader *)input;
+
+ if (ntohs(dns_header->len) < sizeof(DNSHeader)) {
+ return ALPROTO_FAILED;
+ }
+
+ return ALPROTO_DNS;
+}
+
void RegisterDNSTCPParsers(void)
{
char *proto_name = "dns";
int have_cfg = AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
proto_name, ALPROTO_DNS,
0, sizeof(DNSTcpHeader),
- DNSTcpProbingParser, NULL);
+ DNSTcpProbingParser,
+ DNSTcpProbeResponse);
/* if we have no config, we enable the default port 53 */
if (!have_cfg) {
SCLogWarning(SC_ERR_DNS_CONFIG, "no DNS TCP config found, "
"port 53.");
AppLayerProtoDetectPPRegister(IPPROTO_TCP, "53",
ALPROTO_DNS, 0, sizeof(DNSTcpHeader),
- STREAM_TOSERVER, DNSTcpProbingParser, NULL);
+ STREAM_TOSERVER, DNSTcpProbingParser,
+ DNSTcpProbeResponse);
}
}
} else {
projects / thirdparty / suricata.git / commitdiff
