From: Victor Julien <victor@inliniac.net>
Date: Wed, 17 Jan 2018 14:13:55 +0000 (+0100)
Subject: dns: support detect flags
X-Git-Tag: suricata-4.1.0-beta1~323
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=edb9c59526ffd562a31747568855cb224f714d7f;p=thirdparty%2Fsuricata.git

dns: support detect flags
---

diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c
index 07c9e45572..bc6821092c 100644
--- a/src/app-layer-dns-common.c
+++ b/src/app-layer-dns-common.c
@@ -248,6 +248,26 @@ LoggerId DNSGetTxLogged(void *alstate, void *tx)
     return dns_tx->logged;
 }
 
+uint64_t DNSGetTxDetectFlags(void *vtx, uint8_t dir)
+{
+    DNSTransaction *tx = (DNSTransaction *)vtx;
+    if (dir & STREAM_TOSERVER) {
+        return tx->detect_flags_ts;
+    } else {
+        return tx->detect_flags_tc;
+    }
+}
+
+void DNSSetTxDetectFlags(void *vtx, uint8_t dir, uint64_t detect_flags)
+{
+    DNSTransaction *tx = (DNSTransaction *)vtx;
+    if (dir & STREAM_TOSERVER) {
+        tx->detect_flags_ts = detect_flags;
+    } else {
+        tx->detect_flags_tc = detect_flags;
+    }
+}
+
 /** \brief get value for 'complete' status in DNS
  *
  *  For DNS we use a simple bool. 1 means done.
diff --git a/src/app-layer-dns-common.h b/src/app-layer-dns-common.h
index 6b11477183..fffaccd360 100644
--- a/src/app-layer-dns-common.h
+++ b/src/app-layer-dns-common.h
@@ -202,6 +202,10 @@ typedef struct DNSTransaction_ {
     uint8_t rcode;                                  /**< response code (e.g. "no error" / "no such name") */
     uint8_t recursion_desired;                      /**< server said "recursion desired" */
 
+    /** detection engine flags */
+    uint64_t detect_flags_ts;
+    uint64_t detect_flags_tc;
+
     TAILQ_HEAD(, DNSQueryEntry_) query_list;        /**< list for query/queries */
     TAILQ_HEAD(, DNSAnswerEntry_) answer_list;      /**< list for answers */
     TAILQ_HEAD(, DNSAnswerEntry_) authority_list;   /**< list for authority records */
@@ -278,6 +282,8 @@ DNSTransaction *DNSTransactionFindByTxId(const DNSState *dns_state, const uint16
 int DNSStateHasTxDetectState(void *alstate);
 DetectEngineState *DNSGetTxDetectState(void *vtx);
 int DNSSetTxDetectState(void *alstate, void *vtx, DetectEngineState *s);
+uint64_t DNSGetTxDetectFlags(void *vtx, uint8_t dir);
+void DNSSetTxDetectFlags(void *vtx, uint8_t dir, uint64_t detect_flags);
 
 void DNSSetEvent(DNSState *s, uint8_t e);
 void *DNSStateAlloc(void);
diff --git a/src/app-layer-dns-tcp.c b/src/app-layer-dns-tcp.c
index b352144b19..e595fae5ce 100644
--- a/src/app-layer-dns-tcp.c
+++ b/src/app-layer-dns-tcp.c
@@ -752,6 +752,8 @@ void RegisterDNSTCPParsers(void)
         AppLayerParserRegisterDetectStateFuncs(IPPROTO_TCP, ALPROTO_DNS,
                                                DNSStateHasTxDetectState,
                                                DNSGetTxDetectState, DNSSetTxDetectState);
+        AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_TCP, ALPROTO_DNS,
+                                               DNSGetTxDetectFlags, DNSSetTxDetectFlags);
 
         AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_DNS, DNSGetTx);
         AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_DNS, DNSGetTxCnt);
diff --git a/src/app-layer-dns-udp.c b/src/app-layer-dns-udp.c
index a31abf21cc..9f1ec9d092 100644
--- a/src/app-layer-dns-udp.c
+++ b/src/app-layer-dns-udp.c
@@ -445,6 +445,8 @@ void RegisterDNSUDPParsers(void)
         AppLayerParserRegisterDetectStateFuncs(IPPROTO_UDP, ALPROTO_DNS,
                                                DNSStateHasTxDetectState,
                                                DNSGetTxDetectState, DNSSetTxDetectState);
+        AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_UDP, ALPROTO_DNS,
+                                               DNSGetTxDetectFlags, DNSSetTxDetectFlags);
 
         AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_DNS,
                                     DNSGetTx);