dns: add memcap options

Add per state and global memcap option parsing.

diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c
index d4daf8dc502dc1e2177d49396fae0f4c06fbf249..cb5ce14ef87ae17ded56c8bd34737385595fce9d 100644 (file)
--- a/src/app-layer-dns-common.c
+++ b/src/app-layer-dns-common.c
@@ -32,6 +32,8 @@
 
 typedef struct DNSConfig_ {
     uint32_t request_flood;
+    uint32_t state_memcap;  /**< memcap in bytes per state */
+    uint64_t global_memcap; /**< memcap in bytes globally for parser */
 } DNSConfig;
 static DNSConfig dns_config;
 
@@ -43,6 +45,14 @@ void DNSConfigSetRequestFlood(uint32_t value) {
     dns_config.request_flood = value;
 }
 
+void DNSConfigSetStateMemcap(uint32_t value) {
+    dns_config.state_memcap = value;
+}
+
+void DNSConfigSetGlobalMemcap(uint64_t value) {
+    dns_config.global_memcap = value;
+}
+
 SCEnumCharMap dns_decoder_event_table[ ] = {
     { "UNSOLLICITED_RESPONSE",      DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE, },
     { "MALFORMED_DATA",             DNS_DECODER_EVENT_MALFORMED_DATA, },

diff --git a/src/app-layer-dns-common.h b/src/app-layer-dns-common.h
index 6c72c1d475761d6026cec39ad444d12ac9462959..5886aca7aae8bcb031e95ae7317a3723bed195de 100644 (file)
--- a/src/app-layer-dns-common.h
+++ b/src/app-layer-dns-common.h
@@ -156,9 +156,13 @@ typedef struct DNSState_ {
 } DNSState;
 
 #define DNS_CONFIG_DEFAULT_REQUEST_FLOOD 500
+#define DNS_CONFIG_DEFAULT_STATE_MEMCAP 512*1024
+#define DNS_CONFIG_DEFAULT_GLOBAL_MEMCAP 16*1024*1024
 
 void DNSConfigInit(void);
 void DNSConfigSetRequestFlood(uint32_t value);
+void DNSConfigSetStateMemcap(uint32_t value);
+void DNSConfigSetGlobalMemcap(uint64_t value);
 
 void RegisterDNSParsers(void);
 void DNSParserTests(void);

diff --git a/src/app-layer-dns-udp.c b/src/app-layer-dns-udp.c
index 13cf13d113cb1b5686e41d61d58d93c666b4ea26..bd3a694c4133a8ec54721232f6d3db00bf8df206 100644 (file)
--- a/src/app-layer-dns-udp.c
+++ b/src/app-layer-dns-udp.c
@@ -309,6 +309,8 @@ static uint16_t DNSUdpProbingParser(uint8_t *input, uint32_t ilen, uint32_t *off
 
 static void DNSUDPConfigure(void) {
     uint32_t request_flood = DNS_CONFIG_DEFAULT_REQUEST_FLOOD;
+    uint32_t state_memcap = DNS_CONFIG_DEFAULT_STATE_MEMCAP;
+    uint64_t global_memcap = DNS_CONFIG_DEFAULT_GLOBAL_MEMCAP;
 
     ConfNode *p = ConfGetNode("app-layer.protocols.dns.request-flood");
     if (p != NULL) {
@@ -321,6 +323,30 @@ static void DNSUDPConfigure(void) {
     }
     SCLogInfo("DNS request flood protection level: %u", request_flood);
     DNSConfigSetRequestFlood(request_flood);
+
+    p = ConfGetNode("app-layer.protocols.dns.state-memcap");
+    if (p != NULL) {
+        uint32_t value;
+        if (ParseSizeStringU32(p->val, &value) < 0) {
+            SCLogError(SC_ERR_DNS_CONFIG, "invalid value for state-memcap %s", p->val);
+        } else {
+            state_memcap = value;
+        }
+    }
+    SCLogInfo("DNS per flow memcap (state-memcap): %u", state_memcap);
+    DNSConfigSetStateMemcap(state_memcap);
+
+    p = ConfGetNode("app-layer.protocols.dns.global-memcap");
+    if (p != NULL) {
+        uint64_t value;
+        if (ParseSizeStringU64(p->val, &value) < 0) {
+            SCLogError(SC_ERR_DNS_CONFIG, "invalid value for global-memcap %s", p->val);
+        } else {
+            global_memcap = value;
+        }
+    }
+    SCLogInfo("DNS global memcap: %"PRIu64, global_memcap);
+    DNSConfigSetGlobalMemcap(global_memcap);
 }
 
 void RegisterDNSUDPParsers(void) {