suricata
app-layer-dns-common.c File Reference
#include "suricata-common.h"
#include "stream.h"
#include "app-layer-parser.h"
#include "app-layer-dns-common.h"
#include "util-memcmp.h"
#include "util-atomic.h"
Include dependency graph for app-layer-dns-common.c:

Go to the source code of this file.

Data Structures

struct  DNSConfig_
 

Typedefs

typedef struct DNSConfig_ DNSConfig
 

Functions

void DNSConfigInit (void)
 
void DNSConfigSetRequestFlood (uint32_t value)
 
void DNSConfigSetStateMemcap (uint32_t value)
 
 SC_ATOMIC_DECLARE (uint64_t, dns_memuse)
 
 SC_ATOMIC_DECLARE (uint64_t, dns_memcap_state)
 
 SC_ATOMIC_DECLARE (uint64_t, dns_memcap_global)
 
void DNSConfigSetGlobalMemcap (uint64_t value)
 
void DNSIncrMemcap (uint32_t size, DNSState *state)
 
void DNSDecrMemcap (uint32_t size, DNSState *state)
 
int DNSCheckMemcap (uint32_t want, DNSState *state)
 
uint64_t DNSMemcapGetMemuseCounter (void)
 
uint64_t DNSMemcapGetMemcapStateCounter (void)
 
uint64_t DNSMemcapGetMemcapGlobalCounter (void)
 
int DNSStateGetEventInfo (const char *event_name, int *event_id, AppLayerEventType *event_type)
 
void DNSAppLayerRegisterGetEventInfo (uint8_t ipproto, AppProto alproto)
 
AppLayerDecoderEventsDNSGetEvents (void *state, uint64_t id)
 
void * DNSGetTx (void *alstate, uint64_t tx_id)
 
uint64_t DNSGetTxCnt (void *alstate)
 
int DNSGetAlstateProgress (void *tx, uint8_t direction)
 
void DNSSetTxLogged (void *alstate, void *tx, LoggerId logged)
 
LoggerId DNSGetTxLogged (void *alstate, void *tx)
 
uint64_t DNSGetTxDetectFlags (void *vtx, uint8_t dir)
 
void DNSSetTxDetectFlags (void *vtx, uint8_t dir, uint64_t detect_flags)
 
int DNSGetAlstateProgressCompletionStatus (uint8_t direction)
 get value for 'complete' status in DNS More...
 
void DNSSetEvent (DNSState *s, uint8_t e)
 
void DNSStateTransactionFree (void *state, uint64_t tx_id)
 dns transaction cleanup callback More...
 
DNSTransactionDNSTransactionFindByTxId (const DNSState *dns_state, const uint16_t tx_id)
 
DetectEngineStateDNSGetTxDetectState (void *vtx)
 
int DNSSetTxDetectState (void *vtx, DetectEngineState *s)
 
void * DNSStateAlloc (void)
 
void DNSStateFree (void *s)
 
int DNSValidateRequestHeader (DNSState *dns_state, const DNSHeader *dns_header)
 Validation checks for DNS request header. More...
 
int DNSValidateResponseHeader (DNSState *dns_state, const DNSHeader *dns_header)
 Validation checks for DNS response header. More...
 
void DNSStoreQueryInState (DNSState *dns_state, const uint8_t *fqdn, const uint16_t fqdn_len, const uint16_t type, const uint16_t class, const uint16_t tx_id)
 
void DNSStoreAnswerInState (DNSState *dns_state, const int rtype, const uint8_t *fqdn, const uint16_t fqdn_len, const uint16_t type, const uint16_t class, const uint16_t ttl, const uint8_t *data, const uint16_t data_len, const uint16_t tx_id)
 
const uint8_t * DNSReponseParse (DNSState *dns_state, const DNSHeader *const dns_header, const uint16_t num, const DnsListEnum list, const uint8_t *const input, const uint32_t input_len, const uint8_t *data)
 
void DNSCreateTypeString (uint16_t type, char *str, size_t str_size)
 
void DNSCreateRcodeString (uint8_t rcode, char *str, size_t str_size)
 

Variables

SCEnumCharMap dns_decoder_event_table []
 

Detailed Description

Typedef Documentation

typedef struct DNSConfig_ DNSConfig

Function Documentation

void DNSAppLayerRegisterGetEventInfo ( uint8_t  ipproto,
AppProto  alproto 
)

Definition at line 152 of file app-layer-dns-common.c.

References AppLayerParserRegisterGetEventInfo(), and DNSStateGetEventInfo().

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the call graph for this function:

Here is the caller graph for this function:

int DNSCheckMemcap ( uint32_t  want,
DNSState state 
)

Definition at line 88 of file app-layer-dns-common.c.

References DNS_DECODER_EVENT_STATE_MEMCAP_REACHED, DNSSetEvent(), DNSConfig_::global_memcap, DNSState_::memuse, SC_ATOMIC_ADD, SC_ATOMIC_GET, and DNSConfig_::state_memcap.

Referenced by DNSSetEvent(), DNSStoreAnswerInState(), and DNSStoreQueryInState().

Here is the call graph for this function:

Here is the caller graph for this function:

void DNSConfigInit ( void  )

Definition at line 41 of file app-layer-dns-common.c.

void DNSConfigSetGlobalMemcap ( uint64_t  value)

Definition at line 60 of file app-layer-dns-common.c.

References DNSConfig_::global_memcap, and SC_ATOMIC_INIT.

void DNSConfigSetRequestFlood ( uint32_t  value)

Definition at line 46 of file app-layer-dns-common.c.

References DNSConfig_::request_flood.

void DNSConfigSetStateMemcap ( uint32_t  value)

Definition at line 51 of file app-layer-dns-common.c.

References SC_ATOMIC_DECLARE(), and DNSConfig_::state_memcap.

Here is the call graph for this function:

void DNSDecrMemcap ( uint32_t  size,
DNSState state 
)

< TODO remove later

< TODO remove later

Definition at line 77 of file app-layer-dns-common.c.

References BUG_ON, DNSState_::memuse, SC_ATOMIC_GET, and SC_ATOMIC_SUB.

Referenced by DNSSetEvent(), and DNSStateFree().

Here is the caller graph for this function:

int DNSGetAlstateProgress ( void *  tx,
uint8_t  direction 
)

Definition at line 217 of file app-layer-dns-common.c.

References DNSTransaction_::replied, DNSTransaction_::reply_lost, and STREAM_TOCLIENT.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

int DNSGetAlstateProgressCompletionStatus ( uint8_t  direction)

get value for 'complete' status in DNS

For DNS we use a simple bool. 1 means done.

Definition at line 269 of file app-layer-dns-common.c.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

AppLayerDecoderEvents* DNSGetEvents ( void *  state,
uint64_t  id 
)

Definition at line 159 of file app-layer-dns-common.c.

References DNSState_::curr, DNSTransaction_::decoder_events, next, TAILQ_FOREACH, and DNSTransaction_::tx_num.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

void* DNSGetTx ( void *  alstate,
uint64_t  tx_id 
)

Definition at line 175 of file app-layer-dns-common.c.

References DNSState_::curr, DNSState_::iter, next, SCLogDebug, TAILQ_FOREACH, TAILQ_NEXT, and DNSTransaction_::tx_num.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

uint64_t DNSGetTxCnt ( void *  alstate)

Definition at line 211 of file app-layer-dns-common.c.

References DNSState_::transaction_max.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

uint64_t DNSGetTxDetectFlags ( void *  vtx,
uint8_t  dir 
)

Definition at line 245 of file app-layer-dns-common.c.

References DNSTransaction_::detect_flags_tc, DNSTransaction_::detect_flags_ts, and STREAM_TOSERVER.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

DetectEngineState* DNSGetTxDetectState ( void *  vtx)

Definition at line 414 of file app-layer-dns-common.c.

References DNSTransaction_::de_state.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

LoggerId DNSGetTxLogged ( void *  alstate,
void *  tx 
)

Definition at line 239 of file app-layer-dns-common.c.

References DNSTransaction_::logged.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

void DNSIncrMemcap ( uint32_t  size,
DNSState state 
)

Definition at line 69 of file app-layer-dns-common.c.

References DNSState_::memuse, and SC_ATOMIC_ADD.

Referenced by DNSSetEvent(), DNSStateAlloc(), DNSStoreAnswerInState(), and DNSStoreQueryInState().

Here is the caller graph for this function:

uint64_t DNSMemcapGetMemcapGlobalCounter ( void  )

Definition at line 118 of file app-layer-dns-common.c.

References SC_ATOMIC_GET.

Referenced by AppLayerRegisterGlobalCounters().

Here is the caller graph for this function:

uint64_t DNSMemcapGetMemcapStateCounter ( void  )

Definition at line 112 of file app-layer-dns-common.c.

References SC_ATOMIC_GET.

Referenced by AppLayerRegisterGlobalCounters().

Here is the caller graph for this function:

uint64_t DNSMemcapGetMemuseCounter ( void  )

Definition at line 106 of file app-layer-dns-common.c.

References SC_ATOMIC_GET.

Referenced by AppLayerRegisterGlobalCounters().

Here is the caller graph for this function:

const uint8_t* DNSReponseParse ( DNSState dns_state,
const DNSHeader *const  dns_header,
const uint16_t  num,
const DnsListEnum  list,
const uint8_t *const  input,
const uint32_t  input_len,
const uint8_t *  data 
)
void DNSSetTxDetectFlags ( void *  vtx,
uint8_t  dir,
uint64_t  detect_flags 
)

Definition at line 255 of file app-layer-dns-common.c.

References DNSTransaction_::detect_flags_tc, DNSTransaction_::detect_flags_ts, and STREAM_TOSERVER.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

int DNSSetTxDetectState ( void *  vtx,
DetectEngineState s 
)

Definition at line 420 of file app-layer-dns-common.c.

References DNSTransaction_::de_state.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

void DNSSetTxLogged ( void *  alstate,
void *  tx,
LoggerId  logged 
)

Definition at line 233 of file app-layer-dns-common.c.

References DNSTransaction_::logged, and logged.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

void* DNSStateAlloc ( void  )

Definition at line 427 of file app-layer-dns-common.c.

References DNSIncrMemcap(), SCMalloc, TAILQ_INIT, and unlikely.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the call graph for this function:

Here is the caller graph for this function:

void DNSStateFree ( void *  s)

TODO update if/once we alloc in a smarter way

Definition at line 443 of file app-layer-dns-common.c.

References DNSState_::buffer, BUG_ON, DNSDecrMemcap(), DNSState_::memuse, next, SCEnter, SCFree, SCReturn, TAILQ_FIRST, and TAILQ_REMOVE.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the call graph for this function:

Here is the caller graph for this function:

int DNSStateGetEventInfo ( const char *  event_name,
int *  event_id,
AppLayerEventType event_type 
)

Definition at line 136 of file app-layer-dns-common.c.

References APP_LAYER_EVENT_TYPE_TRANSACTION, SC_ERR_INVALID_ENUM_MAP, SCLogError, and SCMapEnumNameToValue().

Referenced by DNSAppLayerRegisterGetEventInfo().

Here is the call graph for this function:

Here is the caller graph for this function:

void DNSStateTransactionFree ( void *  state,
uint64_t  tx_id 
)

dns transaction cleanup callback

Definition at line 352 of file app-layer-dns-common.c.

References AppLayerDecoderEvents_::cnt, DNSState_::curr, DNSTransaction_::decoder_events, DNSState_::events, next, SCEnter, SCLogDebug, SCReturn, TAILQ_FOREACH, TAILQ_REMOVE, and DNSTransaction_::tx_num.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

void DNSStoreAnswerInState ( DNSState dns_state,
const int  rtype,
const uint8_t *  fqdn,
const uint16_t  fqdn_len,
const uint16_t  type,
const uint16_t  class,
const uint16_t  ttl,
const uint8_t *  data,
const uint16_t  data_len,
const uint16_t  tx_id 
)
void DNSStoreQueryInState ( DNSState dns_state,
const uint8_t *  fqdn,
const uint16_t  fqdn_len,
const uint16_t  type,
const uint16_t  class,
const uint16_t  tx_id 
)
DNSTransaction* DNSTransactionFindByTxId ( const DNSState dns_state,
const uint16_t  tx_id 
)
int DNSValidateRequestHeader ( DNSState dns_state,
const DNSHeader *  dns_header 
)

Validation checks for DNS request header.

Will set decoder events if anomalies are found.

Return values
0ok
-1error

Definition at line 475 of file app-layer-dns-common.c.

References DNS_DECODER_EVENT_NOT_A_REQUEST, DNS_DECODER_EVENT_Z_FLAG_SET, DNSSetEvent(), flags, SCLogDebug, and SCNtohs.

Here is the call graph for this function:

int DNSValidateResponseHeader ( DNSState dns_state,
const DNSHeader *  dns_header 
)

Validation checks for DNS response header.

Will set decoder events if anomalies are found.

Return values
0ok
-1error

Definition at line 503 of file app-layer-dns-common.c.

References DNSQueryEntry_::class, DNS_DECODER_EVENT_NOT_A_RESPONSE, DNS_DECODER_EVENT_Z_FLAG_SET, DNSSetEvent(), FALSE, flags, DNSQueryEntry_::len, next, SCLogDebug, SCMemcmp, SCNtohs, TAILQ_FOREACH, TRUE, type, and DNSQueryEntry_::type.

Here is the call graph for this function:

SC_ATOMIC_DECLARE ( uint64_t  ,
dns_memuse   
)

byte counter of current memuse

Referenced by DNSConfigSetStateMemcap().

Here is the caller graph for this function:

SC_ATOMIC_DECLARE ( uint64_t  ,
dns_memcap_state   
)

counts number of 'rejects'

SC_ATOMIC_DECLARE ( uint64_t  ,
dns_memcap_global   
)

counts number of 'rejects'

Variable Documentation