suricata
app-layer-dns-common.c
Go to the documentation of this file.
1 /* Copyright (C) 2013-2014 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "app-layer-dns-common.h"
26 
28  { "UNSOLLICITED_RESPONSE", DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE, },
29  { "MALFORMED_DATA", DNS_DECODER_EVENT_MALFORMED_DATA, },
30  { "NOT_A_REQUEST", DNS_DECODER_EVENT_NOT_A_REQUEST, },
31  { "NOT_A_RESPONSE", DNS_DECODER_EVENT_NOT_A_RESPONSE, },
32  { "Z_FLAG_SET", DNS_DECODER_EVENT_Z_FLAG_SET, },
33  { "FLOODED", DNS_DECODER_EVENT_FLOODED, },
34  { "STATE_MEMCAP_REACHED", DNS_DECODER_EVENT_STATE_MEMCAP_REACHED, },
35 
36  { NULL, -1 },
37 };
38 
39 int DNSStateGetEventInfo(const char *event_name,
40  int *event_id, AppLayerEventType *event_type)
41 {
42  *event_id = SCMapEnumNameToValue(event_name, dns_decoder_event_table);
43  if (*event_id == -1) {
44  SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
45  "dns's enum map table.", event_name);
46  /* this should be treated as fatal */
47  return -1;
48  }
49 
51 
52  return 0;
53 }
54 
55 void DNSAppLayerRegisterGetEventInfo(uint8_t ipproto, AppProto alproto)
56 {
58 
59  return;
60 }
61 
62 void DNSCreateTypeString(uint16_t type, char *str, size_t str_size)
63 {
64  switch (type) {
65  case DNS_RECORD_TYPE_A:
66  snprintf(str, str_size, "A");
67  break;
68  case DNS_RECORD_TYPE_NS:
69  snprintf(str, str_size, "NS");
70  break;
72  snprintf(str, str_size, "AAAA");
73  break;
75  snprintf(str, str_size, "CNAME");
76  break;
78  snprintf(str, str_size, "TXT");
79  break;
80  case DNS_RECORD_TYPE_MX:
81  snprintf(str, str_size, "MX");
82  break;
84  snprintf(str, str_size, "SOA");
85  break;
87  snprintf(str, str_size, "PTR");
88  break;
90  snprintf(str, str_size, "SIG");
91  break;
93  snprintf(str, str_size, "KEY");
94  break;
96  snprintf(str, str_size, "WKS");
97  break;
99  snprintf(str, str_size, "TKEY");
100  break;
102  snprintf(str, str_size, "TSIG");
103  break;
104  case DNS_RECORD_TYPE_ANY:
105  snprintf(str, str_size, "ANY");
106  break;
108  snprintf(str, str_size, "RRSIG");
109  break;
111  snprintf(str, str_size, "NSEC");
112  break;
114  snprintf(str, str_size, "DNSKEY");
115  break;
117  snprintf(str, str_size, "HINFO");
118  break;
120  snprintf(str, str_size, "MINFO");
121  break;
122  case DNS_RECORD_TYPE_RP:
123  snprintf(str, str_size, "RP");
124  break;
126  snprintf(str, str_size, "AFSDB");
127  break;
128  case DNS_RECORD_TYPE_X25:
129  snprintf(str, str_size, "X25");
130  break;
132  snprintf(str, str_size, "ISDN");
133  break;
134  case DNS_RECORD_TYPE_RT:
135  snprintf(str, str_size, "RT");
136  break;
138  snprintf(str, str_size, "NSAP");
139  break;
141  snprintf(str, str_size, "NSAPPTR");
142  break;
143  case DNS_RECORD_TYPE_PX:
144  snprintf(str, str_size, "PX");
145  break;
147  snprintf(str, str_size, "GPOS");
148  break;
149  case DNS_RECORD_TYPE_LOC:
150  snprintf(str, str_size, "LOC");
151  break;
152  case DNS_RECORD_TYPE_SRV:
153  snprintf(str, str_size, "SRV");
154  break;
156  snprintf(str, str_size, "ATMA");
157  break;
159  snprintf(str, str_size, "NAPTR");
160  break;
161  case DNS_RECORD_TYPE_KX:
162  snprintf(str, str_size, "KX");
163  break;
165  snprintf(str, str_size, "CERT");
166  break;
167  case DNS_RECORD_TYPE_A6:
168  snprintf(str, str_size, "A6");
169  break;
171  snprintf(str, str_size, "DNAME");
172  break;
173  case DNS_RECORD_TYPE_OPT:
174  snprintf(str, str_size, "OPT");
175  break;
176  case DNS_RECORD_TYPE_APL:
177  snprintf(str, str_size, "APL");
178  break;
179  case DNS_RECORD_TYPE_DS:
180  snprintf(str, str_size, "DS");
181  break;
183  snprintf(str, str_size, "SSHFP");
184  break;
186  snprintf(str, str_size, "IPSECKEY");
187  break;
189  snprintf(str, str_size, "DHCID");
190  break;
192  snprintf(str, str_size, "NSEC3");
193  break;
195  snprintf(str, str_size, "NSEC3PARAM");
196  break;
198  snprintf(str, str_size, "TLSA");
199  break;
200  case DNS_RECORD_TYPE_HIP:
201  snprintf(str, str_size, "HIP");
202  break;
203  case DNS_RECORD_TYPE_CDS:
204  snprintf(str, str_size, "CDS");
205  break;
207  snprintf(str, str_size, "CDNSKEY");
208  break;
210  snprintf(str, str_size, "MAILA");
211  break;
212  case DNS_RECORD_TYPE_URI:
213  snprintf(str, str_size, "URI");
214  break;
215  case DNS_RECORD_TYPE_MB:
216  snprintf(str, str_size, "MB");
217  break;
218  case DNS_RECORD_TYPE_MG:
219  snprintf(str, str_size, "MG");
220  break;
221  case DNS_RECORD_TYPE_MR:
222  snprintf(str, str_size, "MR");
223  break;
225  snprintf(str, str_size, "NULL");
226  break;
227  case DNS_RECORD_TYPE_SPF:
228  snprintf(str, str_size, "SPF");
229  break;
230  case DNS_RECORD_TYPE_NXT:
231  snprintf(str, str_size, "NXT");
232  break;
233  case DNS_RECORD_TYPE_MD:
234  snprintf(str, str_size, "MD");
235  break;
236  case DNS_RECORD_TYPE_MF:
237  snprintf(str, str_size, "MF");
238  break;
239  default:
240  snprintf(str, str_size, "%04x/%u", type, type);
241  }
242 }
243 
244 void DNSCreateRcodeString(uint8_t rcode, char *str, size_t str_size)
245 {
246  switch (rcode) {
247  case DNS_RCODE_NOERROR:
248  snprintf(str, str_size, "NOERROR");
249  break;
250  case DNS_RCODE_FORMERR:
251  snprintf(str, str_size, "FORMERR");
252  break;
253  case DNS_RCODE_SERVFAIL:
254  snprintf(str, str_size, "SERVFAIL");
255  break;
256  case DNS_RCODE_NXDOMAIN:
257  snprintf(str, str_size, "NXDOMAIN");
258  break;
259  case DNS_RCODE_NOTIMP:
260  snprintf(str, str_size, "NOTIMP");
261  break;
262  case DNS_RCODE_REFUSED:
263  snprintf(str, str_size, "REFUSED");
264  break;
265  case DNS_RCODE_YXDOMAIN:
266  snprintf(str, str_size, "YXDOMAIN");
267  break;
268  case DNS_RCODE_YXRRSET:
269  snprintf(str, str_size, "YXRRSET");
270  break;
271  case DNS_RCODE_NXRRSET:
272  snprintf(str, str_size, "NXRRSET");
273  break;
274  case DNS_RCODE_NOTAUTH:
275  snprintf(str, str_size, "NOTAUTH");
276  break;
277  case DNS_RCODE_NOTZONE:
278  snprintf(str, str_size, "NOTZONE");
279  break;
280  /* these are the same, need more logic */
281  case DNS_RCODE_BADVERS:
282  //case DNS_RCODE_BADSIG:
283  snprintf(str, str_size, "BADVERS/BADSIG");
284  break;
285  case DNS_RCODE_BADKEY:
286  snprintf(str, str_size, "BADKEY");
287  break;
288  case DNS_RCODE_BADTIME:
289  snprintf(str, str_size, "BADTIME");
290  break;
291  case DNS_RCODE_BADMODE:
292  snprintf(str, str_size, "BADMODE");
293  break;
294  case DNS_RCODE_BADNAME:
295  snprintf(str, str_size, "BADNAME");
296  break;
297  case DNS_RCODE_BADALG:
298  snprintf(str, str_size, "BADALG");
299  break;
300  case DNS_RCODE_BADTRUNC:
301  snprintf(str, str_size, "BADTRUNC");
302  break;
303  default:
304  SCLogDebug("could not map DNS rcode to name, bug!");
305  snprintf(str, str_size, "%04x/%u", rcode, rcode);
306  }
307 }
#define DNS_RECORD_TYPE_NSEC
#define DNS_RCODE_YXDOMAIN
enum AppLayerEventType_ AppLayerEventType
int DNSStateGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type)
#define DNS_RECORD_TYPE_ATMA
#define DNS_RECORD_TYPE_AFSDB
#define SCLogDebug(...)
Definition: util-debug.h:335
#define DNS_RCODE_YXRRSET
#define DNS_RECORD_TYPE_MF
uint32_t event_type
#define DNS_RECORD_TYPE_NSEC3
#define DNS_RECORD_TYPE_LOC
#define DNS_RCODE_NOTIMP
#define DNS_RECORD_TYPE_KEY
#define DNS_RCODE_SERVFAIL
#define DNS_RECORD_TYPE_SPF
#define DNS_RECORD_TYPE_DS
#define DNS_RCODE_NXDOMAIN
void DNSCreateRcodeString(uint8_t rcode, char *str, size_t str_size)
#define DNS_RECORD_TYPE_RT
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:41
#define DNS_RCODE_BADKEY
uint16_t AppProto
#define DNS_RECORD_TYPE_TLSA
#define DNS_RECORD_TYPE_NSEC3PARAM
#define DNS_RCODE_FORMERR
#define DNS_RCODE_BADVERS
#define DNS_RECORD_TYPE_NXT
#define DNS_RCODE_BADMODE
#define DNS_RECORD_TYPE_APL
#define DNS_RECORD_TYPE_ISDN
#define str(s)
#define DNS_RCODE_NOTAUTH
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type))
uint8_t type
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
#define DNS_RECORD_TYPE_A
#define DNS_RECORD_TYPE_TSIG
#define DNS_RCODE_REFUSED
#define DNS_RECORD_TYPE_MG
#define DNS_RECORD_TYPE_DNAME
#define DNS_RECORD_TYPE_CDNSKEY
#define DNS_RECORD_TYPE_NSAP
#define DNS_RECORD_TYPE_SRV
#define DNS_RECORD_TYPE_MB
#define DNS_RECORD_TYPE_KX
#define DNS_RECORD_TYPE_X25
#define DNS_RECORD_TYPE_PTR
#define DNS_RECORD_TYPE_AAAA
#define DNS_RECORD_TYPE_CNAME
SCEnumCharMap dns_decoder_event_table[]
#define DNS_RECORD_TYPE_RP
#define DNS_RECORD_TYPE_WKS
#define DNS_RECORD_TYPE_NSAPPTR
#define DNS_RECORD_TYPE_CERT
#define DNS_RECORD_TYPE_OPT
#define DNS_RECORD_TYPE_RRSIG
#define DNS_RECORD_TYPE_SIG
#define DNS_RECORD_TYPE_IPSECKEY
#define DNS_RECORD_TYPE_NULL
#define DNS_RECORD_TYPE_MX
#define DNS_RCODE_BADALG
#define DNS_RECORD_TYPE_A6
#define DNS_RECORD_TYPE_CDS
#define DNS_RCODE_BADTRUNC
#define DNS_RECORD_TYPE_ANY
#define DNS_RECORD_TYPE_GPOS
#define DNS_RECORD_TYPE_MR
#define DNS_RECORD_TYPE_HINFO
#define DNS_RECORD_TYPE_MD
#define DNS_RECORD_TYPE_NAPTR
#define DNS_RECORD_TYPE_TXT
#define DNS_RECORD_TYPE_MAILA
#define DNS_RCODE_BADNAME
#define DNS_RECORD_TYPE_DHCID
#define DNS_RCODE_BADTIME
#define DNS_RECORD_TYPE_NS
#define DNS_RCODE_NXRRSET
#define DNS_RECORD_TYPE_TKEY
#define DNS_RECORD_TYPE_HIP
#define DNS_RECORD_TYPE_SOA
#define DNS_RCODE_NOERROR
#define DNS_RECORD_TYPE_DNSKEY
#define DNS_RECORD_TYPE_URI
#define DNS_RECORD_TYPE_PX
#define DNS_RECORD_TYPE_MINFO
#define DNS_RCODE_NOTZONE
void DNSCreateTypeString(uint16_t type, char *str, size_t str_size)
void DNSAppLayerRegisterGetEventInfo(uint8_t ipproto, AppProto alproto)
#define DNS_RECORD_TYPE_SSHFP