git.ipfire.org Git - thirdparty/suricata.git/commit

author	Jason Ish <jason.ish@oisf.net>
	Fri, 1 Nov 2024 17:39:23 +0000 (11:39 -0600)
committer	Victor Julien <vjulien@oisf.net>
	Wed, 11 Dec 2024 05:49:35 +0000 (06:49 +0100)
commit	19cf0f81335d9f787d587450f7105ad95a648951
tree	dbe43bf0332739160b046f09fc46a50f9bd52599	tree
parent	37f4c52b22fcdde4adf9b479cb5700f89d00768d	commit \| diff

dns: provide events for recoverable parse errors

Add events for the following resource name parsing issues:

- name truncated as its too long
- maximum number of labels reached
- infinite loop

Currently these events are only registered when encountered, but
recoverable. That is where we are able to return some of the name,
usually in a truncated state.

As name parsing has many code paths, we pass in a pointer to a flag
field that can be updated by the name parser, this is done in
addition to the flags being set on a specific name as when logging we
want to designate which fields are truncated, etc. But for alerts, we
just care that something happened during the parse. It also reduces
errors as it won't be forgotten to check for the flags and set the
event if some new parser is written that also parses names.

Ticket: #7280

rules/dns-events.rules		diff \| blob \| blame \| history
rust/src/dns/dns.rs		diff \| blob \| blame \| history
rust/src/dns/parser.rs		diff \| blob \| blame \| history