From: Jason Ish Date: Mon, 18 Dec 2017 12:46:17 +0000 (-0600) Subject: rust/dns - convert more type values to text X-Git-Tag: suricata-4.0.4~45 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51188e44f949a06812318e599f850bb42bd0affa;p=thirdparty%2Fsuricata.git rust/dns - convert more type values to text Issue: https://redmine.openinfosecfoundation.org/issues/2364 Convert more record type and errr code values to text. Remove duplicate type declarations. --- diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 5c9e1ade9e..8a14dbae8c 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -26,17 +26,6 @@ use applayer::LoggerFlags; use core; use dns::parser; -/// DNS record types. -pub const DNS_RTYPE_A: u16 = 1; -pub const DNS_RTYPE_CNAME: u16 = 5; -pub const DNS_RTYPE_SOA: u16 = 6; -pub const DNS_RTYPE_PTR: u16 = 12; -pub const DNS_RTYPE_MX: u16 = 15; -pub const DNS_RTYPE_TXT: u16 = 16; -pub const DNS_RTYPE_AAAA: u16 = 28; -pub const DNS_RTYPE_SSHFP: u16 = 44; -pub const DNS_RTYPE_RRSIG: u16 = 46; - /// DNS record types. pub const DNS_RECORD_TYPE_A : u16 = 1; pub const DNS_RECORD_TYPE_NS : u16 = 2; @@ -67,7 +56,7 @@ pub const DNS_RECORD_TYPE_PX : u16 = 26; pub const DNS_RECORD_TYPE_GPOS : u16 = 27; pub const DNS_RECORD_TYPE_AAAA : u16 = 28; pub const DNS_RECORD_TYPE_LOC : u16 = 29; -pub const DNS_RECORD_TYPE_NXT : u16 = 30; // Obosolete +pub const DNS_RECORD_TYPE_NXT : u16 = 30; // Obsolete pub const DNS_RECORD_TYPE_SRV : u16 = 33; pub const DNS_RECORD_TYPE_ATMA : u16 = 34; pub const DNS_RECORD_TYPE_NAPTR : u16 = 35; @@ -100,7 +89,26 @@ pub const DNS_RECORD_TYPE_URI : u16 = 256; /// DNS error codes. pub const DNS_RCODE_NOERROR: u16 = 0; pub const DNS_RCODE_FORMERR: u16 = 1; +pub const DNS_RCODE_SERVFAIL: u16 = 2; pub const DNS_RCODE_NXDOMAIN: u16 = 3; +pub const DNS_RCODE_NOTIMP: u16 = 4; +pub const DNS_RCODE_REFUSED: u16 = 5; +pub const DNS_RCODE_YXDOMAIN: u16 = 6; +pub const DNS_RCODE_YXRRSET: u16 = 7; +pub const DNS_RCODE_NXRRSET: u16 = 8; +pub const DNS_RCODE_NOTAUTH: u16 = 9; +pub const DNS_RCODE_NOTZONE: u16 = 10; +// Support for OPT RR from RFC6891 will be needed to +// parse RCODE values over 15 +pub const DNS_RCODE_BADVERS: u16 = 16; +pub const DNS_RCODE_BADSIG: u16 = 16; +pub const DNS_RCODE_BADKEY: u16 = 17; +pub const DNS_RCODE_BADTIME: u16 = 18; +pub const DNS_RCODE_BADMODE: u16 = 19; +pub const DNS_RCODE_BADNAME: u16 = 20; +pub const DNS_RCODE_BADALG: u16 = 21; +pub const DNS_RCODE_BADTRUNC: u16 = 22; + /// The maximum number of transactions to keep in the queue pending /// processing before they are aggressively purged. Due to the diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs index c1334ba3e9..f24ffeee5b 100644 --- a/rust/src/dns/log.rs +++ b/rust/src/dns/log.rs @@ -271,15 +271,64 @@ fn dns_log_rrtype_enabled(rtype: u16, flags: u64) -> bool pub fn dns_rrtype_string(rrtype: u16) -> String { match rrtype { - DNS_RTYPE_A => "A", - DNS_RTYPE_CNAME => "CNAME", - DNS_RTYPE_SOA => "SOA", - DNS_RTYPE_PTR => "PTR", - DNS_RTYPE_MX => "MX", - DNS_RTYPE_TXT => "TXT", - DNS_RTYPE_AAAA => "AAAA", - DNS_RTYPE_SSHFP => "SSHFP", - DNS_RTYPE_RRSIG => "RRSIG", + DNS_RECORD_TYPE_A => "A", + DNS_RECORD_TYPE_NS => "NS", + DNS_RECORD_TYPE_AAAA => "AAAA", + DNS_RECORD_TYPE_CNAME => "CNAME", + DNS_RECORD_TYPE_TXT => "TXT", + DNS_RECORD_TYPE_MX => "MX", + DNS_RECORD_TYPE_SOA => "SOA", + DNS_RECORD_TYPE_PTR => "PTR", + DNS_RECORD_TYPE_SIG => "SIG", + DNS_RECORD_TYPE_KEY => "KEY", + DNS_RECORD_TYPE_WKS => "WKS", + DNS_RECORD_TYPE_TKEY => "TKEY", + DNS_RECORD_TYPE_TSIG => "TSIG", + DNS_RECORD_TYPE_ANY => "ANY", + DNS_RECORD_TYPE_RRSIG => "RRSIG", + DNS_RECORD_TYPE_NSEC => "NSEC", + DNS_RECORD_TYPE_DNSKEY => "DNSKEY", + DNS_RECORD_TYPE_HINFO => "HINFO", + DNS_RECORD_TYPE_MINFO => "MINFO", + DNS_RECORD_TYPE_RP => "RP", + DNS_RECORD_TYPE_AFSDB => "AFSDB", + DNS_RECORD_TYPE_X25 => "X25", + DNS_RECORD_TYPE_ISDN => "ISDN", + DNS_RECORD_TYPE_RT => "RT", + DNS_RECORD_TYPE_NSAP => "NSAP", + DNS_RECORD_TYPE_NSAPPTR => "NSAPPT", + DNS_RECORD_TYPE_PX => "PX", + DNS_RECORD_TYPE_GPOS => "GPOS", + DNS_RECORD_TYPE_LOC => "LOC", + DNS_RECORD_TYPE_SRV => "SRV", + DNS_RECORD_TYPE_ATMA => "ATMA", + DNS_RECORD_TYPE_NAPTR => "NAPTR", + DNS_RECORD_TYPE_KX => "KX", + DNS_RECORD_TYPE_CERT => "CERT", + DNS_RECORD_TYPE_A6 => "A6", + DNS_RECORD_TYPE_DNAME => "DNAME", + DNS_RECORD_TYPE_OPT => "OPT", + DNS_RECORD_TYPE_APL => "APL", + DNS_RECORD_TYPE_DS => "DS", + DNS_RECORD_TYPE_SSHFP => "SSHFP", + DNS_RECORD_TYPE_IPSECKEY => "IPSECKEY", + DNS_RECORD_TYPE_DHCID => "DHCID", + DNS_RECORD_TYPE_NSEC3 => "NSEC3", + DNS_RECORD_TYPE_NSEC3PARAM => "NSEC3PARAM", + DNS_RECORD_TYPE_TLSA => "TLSA", + DNS_RECORD_TYPE_HIP => "HIP", + DNS_RECORD_TYPE_CDS => "CDS", + DNS_RECORD_TYPE_CDNSKEY => "CDSNKEY", + DNS_RECORD_TYPE_MAILA => "MAILA", + DNS_RECORD_TYPE_URI => "URI", + DNS_RECORD_TYPE_MB => "MB", + DNS_RECORD_TYPE_MG => "MG", + DNS_RECORD_TYPE_MR => "MR", + DNS_RECORD_TYPE_NULL => "NULL", + DNS_RECORD_TYPE_SPF => "SPF", + DNS_RECORD_TYPE_NXT => "NXT", + DNS_RECORD_TYPE_MD => "ND", + DNS_RECORD_TYPE_MF => "MF", _ => { return rrtype.to_string(); } @@ -290,7 +339,22 @@ fn dns_rcode_string(flags: u16) -> String { match flags & 0x000f { DNS_RCODE_NOERROR => "NOERROR", DNS_RCODE_FORMERR => "FORMERR", + DNS_RCODE_SERVFAIL => "SERVFAIL", DNS_RCODE_NXDOMAIN => "NXDOMAIN", + DNS_RCODE_NOTIMP => "NOTIMP", + DNS_RCODE_REFUSED => "REFUSED", + DNS_RCODE_YXDOMAIN => "YXDOMAIN", + DNS_RCODE_YXRRSET => "YXRRSET", + DNS_RCODE_NXRRSET => "NXRRSET", + DNS_RCODE_NOTAUTH => "NOTAUTH", + DNS_RCODE_NOTZONE => "NOTZONE", + DNS_RCODE_BADVERS => "BADVERS/BADSIG", + DNS_RCODE_BADKEY => "BADKEY", + DNS_RCODE_BADTIME => "BADTIME", + DNS_RCODE_BADMODE => "BADMODE", + DNS_RCODE_BADNAME => "BADNAME", + DNS_RCODE_BADALG => "BADALG", + DNS_RCODE_BADTRUNC => "BADTRUNC", _ => { return (flags & 0x000f).to_string(); } @@ -385,16 +449,16 @@ fn dns_log_json_answer(header: &DNSHeader, answer: &DNSAnswerEntry) js.set_integer("ttl", answer.ttl as u64); match answer.rrtype { - DNS_RTYPE_A | DNS_RTYPE_AAAA => { + DNS_RECORD_TYPE_A | DNS_RECORD_TYPE_AAAA => { js.set_string("rdata", &dns_print_addr(&answer.data)); } - DNS_RTYPE_CNAME | - DNS_RTYPE_MX | - DNS_RTYPE_TXT | - DNS_RTYPE_PTR => { + DNS_RECORD_TYPE_CNAME | + DNS_RECORD_TYPE_MX | + DNS_RECORD_TYPE_TXT | + DNS_RECORD_TYPE_PTR => { js.set_string_from_bytes("rdata", &answer.data); }, - DNS_RTYPE_SSHFP => { + DNS_RECORD_TYPE_SSHFP => { dns_log_sshfp(&js, &answer); }, _ => {} diff --git a/rust/src/dns/lua.rs b/rust/src/dns/lua.rs index 641431c083..4f8b354b98 100644 --- a/rust/src/dns/lua.rs +++ b/rust/src/dns/lua.rs @@ -139,7 +139,7 @@ pub extern "C" fn rs_dns_lua_get_answer_table(clua: &mut CLuaState, if answer.data.len() > 0 { lua.pushstring("addr"); match answer.rrtype { - DNS_RTYPE_A | DNS_RTYPE_AAAA => { + DNS_RECORD_TYPE_A | DNS_RECORD_TYPE_AAAA => { lua.pushstring(&dns_print_addr(&answer.data)); } _ => { diff --git a/rust/src/dns/parser.rs b/rust/src/dns/parser.rs index 6bfec2d994..9159a84437 100644 --- a/rust/src/dns/parser.rs +++ b/rust/src/dns/parser.rs @@ -162,7 +162,7 @@ fn dns_parse_answer<'a>(slice: &'a [u8], message: &'a [u8], count: usize) let ttl = val.3; let data = val.4; let n = match rrtype { - DNS_RTYPE_TXT => { + DNS_RECORD_TYPE_TXT => { // For TXT records we need to run the parser // multiple times. Set n high, to the maximum // value based on a max txt side of 65535, but @@ -266,12 +266,12 @@ pub fn dns_parse_rdata<'a>(input: &'a [u8], message: &'a [u8], rrtype: u16) -> nom::IResult<&'a [u8], Vec> { match rrtype { - DNS_RTYPE_CNAME | - DNS_RTYPE_PTR | - DNS_RTYPE_SOA => { + DNS_RECORD_TYPE_CNAME | + DNS_RECORD_TYPE_PTR | + DNS_RECORD_TYPE_SOA => { dns_parse_name(input, message) }, - DNS_RTYPE_MX => { + DNS_RECORD_TYPE_MX => { // For MX we we skip over the preference field before // parsing out the name. closure!(&'a [u8], do_parse!( @@ -280,7 +280,7 @@ pub fn dns_parse_rdata<'a>(input: &'a [u8], message: &'a [u8], rrtype: u16) (name) ))(input) }, - DNS_RTYPE_TXT => { + DNS_RECORD_TYPE_TXT => { closure!(&'a [u8], do_parse!( len: be_u8 >> txt: take!(len) >>