AppLayerDecoderEventsModuleRegister(alproto, dns_decoder_event_table);
}
+AppLayerDecoderEvents *DNSGetEvents(void *state, uint64_t id) {
+ DNSState *dns_state = (DNSState *)state;
+ DNSTransaction *tx;
+ TAILQ_FOREACH(tx, &dns_state->tx_list, next) {
+ if (tx->tx_num == (id+1))
+ return tx->decoder_events;
+ }
+ return NULL;
+}
+
void *DNSStateAlloc(void) {
void *s = SCMalloc(sizeof(DNSState));
if (unlikely(s == NULL))
return (direction == 0) ? 0 : 1;
}
+void DNSSetEvent(DNSState *s, uint8_t e) {
+ if (s && s->curr) {
+ SCLogDebug("s->curr->decoder_events %p", s->curr->decoder_events);
+ AppLayerDecoderEventsSetEventRaw(s->curr->decoder_events, e);
+ SCLogDebug("s->curr->decoder_events %p", s->curr->decoder_events);
+ } else {
+ SCLogDebug("couldn't set event %u", e);
+ }
+}
+
/** \internal
* \brief Allocate a DNS TX
* \retval tx or NULL */
* \retval 0 ok
* \retval -1 error
*/
-int DNSValidateRequestHeader(Flow *f, const DNSHeader *dns_header) {
+int DNSValidateRequestHeader(DNSState *dns_state, const DNSHeader *dns_header) {
uint16_t flags = ntohs(dns_header->flags);
if ((flags & 0x8000) != 0) {
SCLogDebug("not a request 0x%04x", flags);
- if (f != NULL)
- AppLayerDecoderEventsSetEvent(f, DNS_DECODER_EVENT_NOT_A_REQUEST);
+ DNSSetEvent(dns_state, DNS_DECODER_EVENT_NOT_A_REQUEST);
goto bad_data;
}
if ((flags & 0x0040) != 0) {
SCLogDebug("Z flag not 0, 0x%04x", flags);
- if (f != NULL)
- AppLayerDecoderEventsSetEvent(f, DNS_DECODER_EVENT_Z_FLAG_SET);
+ DNSSetEvent(dns_state, DNS_DECODER_EVENT_Z_FLAG_SET);
goto bad_data;
}
* \retval 0 ok
* \retval -1 error
*/
-int DNSValidateResponseHeader(Flow *f, const DNSHeader *dns_header) {
+int DNSValidateResponseHeader(DNSState *dns_state, const DNSHeader *dns_header) {
uint16_t flags = ntohs(dns_header->flags);
if ((flags & 0x8000) == 0) {
SCLogDebug("not a response 0x%04x", flags);
- AppLayerDecoderEventsSetEvent(f, DNS_DECODER_EVENT_NOT_A_RESPONSE);
+ DNSSetEvent(dns_state, DNS_DECODER_EVENT_NOT_A_RESPONSE);
goto bad_data;
}
if ((flags & 0x0040) != 0) {
SCLogDebug("Z flag not 0, 0x%04x", flags);
- AppLayerDecoderEventsSetEvent(f, DNS_DECODER_EVENT_Z_FLAG_SET);
+ DNSSetEvent(dns_state, DNS_DECODER_EVENT_Z_FLAG_SET);
goto bad_data;
}
TAILQ_HEAD(, DNSAnswerEntry_) answer_list; /**< list for answers */
TAILQ_HEAD(, DNSAnswerEntry_) authority_list; /**< list for authority records */
+ AppLayerDecoderEvents *decoder_events; /**< per tx events */
+
TAILQ_ENTRY(DNSTransaction_) next;
} DNSTransaction;
void DNSTransactionFree(DNSTransaction *tx);
DNSTransaction *DNSTransactionFindByTxId(const DNSState *dns_state, const uint16_t tx_id);
+void DNSSetEvent(DNSState *s, uint8_t e);
void *DNSStateAlloc(void);
void DNSStateFree(void *s);
+AppLayerDecoderEvents *DNSGetEvents(void *state, uint64_t id);
-int DNSValidateRequestHeader(Flow *f, const DNSHeader *dns_header);
-int DNSValidateResponseHeader(Flow *f, const DNSHeader *dns_header);
+int DNSValidateRequestHeader(DNSState *, const DNSHeader *dns_header);
+int DNSValidateResponseHeader(DNSState *, const DNSHeader *dns_header);
void DNSStoreQueryInState(DNSState *dns_state, const uint8_t *fqdn, const uint16_t fqdn_len,
const uint16_t type, const uint16_t class, const uint16_t tx_id);
static int DNSRequestParseData(Flow *f, DNSState *dns_state, const uint8_t *input, const uint32_t input_len) {
DNSHeader *dns_header = (DNSHeader *)input;
- if (DNSValidateRequestHeader(f, dns_header) < 0)
+ if (DNSValidateRequestHeader(dns_state, dns_header) < 0)
goto bad_data;
//SCLogInfo("ID %04x", ntohs(dns_header->tx_id));
static int DNSReponseParseData(Flow *f, DNSState *dns_state, const uint8_t *input, const uint32_t input_len) {
DNSHeader *dns_header = (DNSHeader *)input;
- if (DNSValidateResponseHeader(f, dns_header) < 0)
+ if (DNSValidateResponseHeader(dns_state, dns_header) < 0)
goto bad_data;
DNSTransaction *tx = NULL;
break;
}
}
- if (!found) {
- SCLogDebug("DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE");
- AppLayerDecoderEventsSetEvent(f, DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE);
- }
uint16_t q;
const uint8_t *data = input + sizeof(DNSHeader);
}
}
+ if (!found) {
+ SCLogDebug("DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE");
+ DNSSetEvent(dns_state, DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE);
+ }
+
SCReturnInt(1);
bad_data:
insufficient_data:
DNSStateFree);
AppLayerRegisterTransactionIdFuncs(ALPROTO_DNS_TCP,
DNSStateUpdateTransactionId, DNSStateTransactionFree);
+ AppLayerRegisterGetEventsFunc(ALPROTO_DNS_TCP, DNSGetEvents);
AppLayerRegisterGetTx(ALPROTO_DNS_TCP,
DNSGetTx);
DNSHeader *dns_header = (DNSHeader *)input;
SCLogDebug("DNS %p", dns_header);
- if (DNSValidateRequestHeader(f, dns_header) < 0)
+ if (DNSValidateRequestHeader(dns_state, dns_header) < 0)
goto bad_data;
uint16_t q;
break;
}
}
- if (!found) {
- SCLogDebug("DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE");
- AppLayerDecoderEventsSetEvent(f, DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE);
- }
-
- if (DNSValidateResponseHeader(f, dns_header) < 0)
+ if (DNSValidateResponseHeader(dns_state, dns_header) < 0)
goto bad_data;
uint16_t q;
}
}
+ if (!found) {
+ SCLogDebug("DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE");
+ DNSSetEvent(dns_state, DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE);
+ }
+
SCReturnInt(1);
bad_data:
insufficient_data:
- AppLayerDecoderEventsSetEvent(f, DNS_DECODER_EVENT_MALFORMED_DATA);
+ DNSSetEvent(dns_state, DNS_DECODER_EVENT_MALFORMED_DATA);
SCReturnInt(-1);
}
DNSStateFree);
AppLayerRegisterTransactionIdFuncs(ALPROTO_DNS_UDP,
DNSStateUpdateTransactionId, DNSStateTransactionFree);
+ AppLayerRegisterGetEventsFunc(ALPROTO_DNS_UDP, DNSGetEvents);
AppLayerRegisterGetTx(ALPROTO_DNS_UDP,
DNSGetTx);
projects / thirdparty / suricata.git / commitdiff
