suricata
app-layer-dns-common.c
Go to the documentation of this file.
1 /* Copyright (C) 2013-2014 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "app-layer-dns-common.h"
26 
28  { "UNSOLLICITED_RESPONSE", DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE, },
29  { "MALFORMED_DATA", DNS_DECODER_EVENT_MALFORMED_DATA, },
30  { "NOT_A_REQUEST", DNS_DECODER_EVENT_NOT_A_REQUEST, },
31  { "NOT_A_RESPONSE", DNS_DECODER_EVENT_NOT_A_RESPONSE, },
32  { "Z_FLAG_SET", DNS_DECODER_EVENT_Z_FLAG_SET, },
33  { "FLOODED", DNS_DECODER_EVENT_FLOODED, },
34  { "STATE_MEMCAP_REACHED", DNS_DECODER_EVENT_STATE_MEMCAP_REACHED, },
35 
36  { NULL, -1 },
37 };
38 
39 int DNSStateGetEventInfo(const char *event_name,
40  int *event_id, AppLayerEventType *event_type)
41 {
42  *event_id = SCMapEnumNameToValue(event_name, dns_decoder_event_table);
43  if (*event_id == -1) {
44  SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
45  "dns's enum map table.", event_name);
46  /* this should be treated as fatal */
47  return -1;
48  }
49 
51 
52  return 0;
53 }
54 
55 int DNSStateGetEventInfoById(int event_id, const char **event_name,
57 {
58  *event_name = SCMapEnumValueToName(event_id, dns_decoder_event_table);
59  if (*event_name == NULL) {
60  SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%d\" not present in "
61  "dns's enum map table.", event_id);
62  /* this should be treated as fatal */
63  return -1;
64  }
65 
67 
68  return 0;
69 }
70 
71 void DNSAppLayerRegisterGetEventInfo(uint8_t ipproto, AppProto alproto)
72 {
74 
75  return;
76 }
77 
78 void DNSAppLayerRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto)
79 {
81 
82  return;
83 }
84 
85 void DNSCreateTypeString(uint16_t type, char *str, size_t str_size)
86 {
87  switch (type) {
88  case DNS_RECORD_TYPE_A:
89  snprintf(str, str_size, "A");
90  break;
91  case DNS_RECORD_TYPE_NS:
92  snprintf(str, str_size, "NS");
93  break;
95  snprintf(str, str_size, "AAAA");
96  break;
98  snprintf(str, str_size, "CNAME");
99  break;
100  case DNS_RECORD_TYPE_TXT:
101  snprintf(str, str_size, "TXT");
102  break;
103  case DNS_RECORD_TYPE_MX:
104  snprintf(str, str_size, "MX");
105  break;
106  case DNS_RECORD_TYPE_SOA:
107  snprintf(str, str_size, "SOA");
108  break;
109  case DNS_RECORD_TYPE_PTR:
110  snprintf(str, str_size, "PTR");
111  break;
112  case DNS_RECORD_TYPE_SIG:
113  snprintf(str, str_size, "SIG");
114  break;
115  case DNS_RECORD_TYPE_KEY:
116  snprintf(str, str_size, "KEY");
117  break;
118  case DNS_RECORD_TYPE_WKS:
119  snprintf(str, str_size, "WKS");
120  break;
122  snprintf(str, str_size, "TKEY");
123  break;
125  snprintf(str, str_size, "TSIG");
126  break;
127  case DNS_RECORD_TYPE_ANY:
128  snprintf(str, str_size, "ANY");
129  break;
131  snprintf(str, str_size, "RRSIG");
132  break;
134  snprintf(str, str_size, "NSEC");
135  break;
137  snprintf(str, str_size, "DNSKEY");
138  break;
140  snprintf(str, str_size, "HINFO");
141  break;
143  snprintf(str, str_size, "MINFO");
144  break;
145  case DNS_RECORD_TYPE_RP:
146  snprintf(str, str_size, "RP");
147  break;
149  snprintf(str, str_size, "AFSDB");
150  break;
151  case DNS_RECORD_TYPE_X25:
152  snprintf(str, str_size, "X25");
153  break;
155  snprintf(str, str_size, "ISDN");
156  break;
157  case DNS_RECORD_TYPE_RT:
158  snprintf(str, str_size, "RT");
159  break;
161  snprintf(str, str_size, "NSAP");
162  break;
164  snprintf(str, str_size, "NSAPPTR");
165  break;
166  case DNS_RECORD_TYPE_PX:
167  snprintf(str, str_size, "PX");
168  break;
170  snprintf(str, str_size, "GPOS");
171  break;
172  case DNS_RECORD_TYPE_LOC:
173  snprintf(str, str_size, "LOC");
174  break;
175  case DNS_RECORD_TYPE_SRV:
176  snprintf(str, str_size, "SRV");
177  break;
179  snprintf(str, str_size, "ATMA");
180  break;
182  snprintf(str, str_size, "NAPTR");
183  break;
184  case DNS_RECORD_TYPE_KX:
185  snprintf(str, str_size, "KX");
186  break;
188  snprintf(str, str_size, "CERT");
189  break;
190  case DNS_RECORD_TYPE_A6:
191  snprintf(str, str_size, "A6");
192  break;
194  snprintf(str, str_size, "DNAME");
195  break;
196  case DNS_RECORD_TYPE_OPT:
197  snprintf(str, str_size, "OPT");
198  break;
199  case DNS_RECORD_TYPE_APL:
200  snprintf(str, str_size, "APL");
201  break;
202  case DNS_RECORD_TYPE_DS:
203  snprintf(str, str_size, "DS");
204  break;
206  snprintf(str, str_size, "SSHFP");
207  break;
209  snprintf(str, str_size, "IPSECKEY");
210  break;
212  snprintf(str, str_size, "DHCID");
213  break;
215  snprintf(str, str_size, "NSEC3");
216  break;
218  snprintf(str, str_size, "NSEC3PARAM");
219  break;
221  snprintf(str, str_size, "TLSA");
222  break;
223  case DNS_RECORD_TYPE_HIP:
224  snprintf(str, str_size, "HIP");
225  break;
226  case DNS_RECORD_TYPE_CDS:
227  snprintf(str, str_size, "CDS");
228  break;
230  snprintf(str, str_size, "CDNSKEY");
231  break;
233  snprintf(str, str_size, "MAILA");
234  break;
235  case DNS_RECORD_TYPE_URI:
236  snprintf(str, str_size, "URI");
237  break;
238  case DNS_RECORD_TYPE_MB:
239  snprintf(str, str_size, "MB");
240  break;
241  case DNS_RECORD_TYPE_MG:
242  snprintf(str, str_size, "MG");
243  break;
244  case DNS_RECORD_TYPE_MR:
245  snprintf(str, str_size, "MR");
246  break;
248  snprintf(str, str_size, "NULL");
249  break;
250  case DNS_RECORD_TYPE_SPF:
251  snprintf(str, str_size, "SPF");
252  break;
253  case DNS_RECORD_TYPE_NXT:
254  snprintf(str, str_size, "NXT");
255  break;
256  case DNS_RECORD_TYPE_MD:
257  snprintf(str, str_size, "MD");
258  break;
259  case DNS_RECORD_TYPE_MF:
260  snprintf(str, str_size, "MF");
261  break;
262  default:
263  snprintf(str, str_size, "%04x/%u", type, type);
264  }
265 }
266 
267 void DNSCreateRcodeString(uint8_t rcode, char *str, size_t str_size)
268 {
269  switch (rcode) {
270  case DNS_RCODE_NOERROR:
271  snprintf(str, str_size, "NOERROR");
272  break;
273  case DNS_RCODE_FORMERR:
274  snprintf(str, str_size, "FORMERR");
275  break;
276  case DNS_RCODE_SERVFAIL:
277  snprintf(str, str_size, "SERVFAIL");
278  break;
279  case DNS_RCODE_NXDOMAIN:
280  snprintf(str, str_size, "NXDOMAIN");
281  break;
282  case DNS_RCODE_NOTIMP:
283  snprintf(str, str_size, "NOTIMP");
284  break;
285  case DNS_RCODE_REFUSED:
286  snprintf(str, str_size, "REFUSED");
287  break;
288  case DNS_RCODE_YXDOMAIN:
289  snprintf(str, str_size, "YXDOMAIN");
290  break;
291  case DNS_RCODE_YXRRSET:
292  snprintf(str, str_size, "YXRRSET");
293  break;
294  case DNS_RCODE_NXRRSET:
295  snprintf(str, str_size, "NXRRSET");
296  break;
297  case DNS_RCODE_NOTAUTH:
298  snprintf(str, str_size, "NOTAUTH");
299  break;
300  case DNS_RCODE_NOTZONE:
301  snprintf(str, str_size, "NOTZONE");
302  break;
303  /* these are the same, need more logic */
304  case DNS_RCODE_BADVERS:
305  //case DNS_RCODE_BADSIG:
306  snprintf(str, str_size, "BADVERS/BADSIG");
307  break;
308  case DNS_RCODE_BADKEY:
309  snprintf(str, str_size, "BADKEY");
310  break;
311  case DNS_RCODE_BADTIME:
312  snprintf(str, str_size, "BADTIME");
313  break;
314  case DNS_RCODE_BADMODE:
315  snprintf(str, str_size, "BADMODE");
316  break;
317  case DNS_RCODE_BADNAME:
318  snprintf(str, str_size, "BADNAME");
319  break;
320  case DNS_RCODE_BADALG:
321  snprintf(str, str_size, "BADALG");
322  break;
323  case DNS_RCODE_BADTRUNC:
324  snprintf(str, str_size, "BADTRUNC");
325  break;
326  default:
327  SCLogDebug("could not map DNS rcode to name, bug!");
328  snprintf(str, str_size, "%04x/%u", rcode, rcode);
329  }
330 }
#define DNS_RECORD_TYPE_NSEC
#define DNS_RCODE_YXDOMAIN
enum AppLayerEventType_ AppLayerEventType
int DNSStateGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type)
#define DNS_RECORD_TYPE_ATMA
#define DNS_RECORD_TYPE_AFSDB
#define SCLogDebug(...)
Definition: util-debug.h:335
#define DNS_RCODE_YXRRSET
const char * SCMapEnumValueToName(int enum_value, SCEnumCharMap *table)
Maps an enum value to a string name, from the supplied table.
Definition: util-enum.c:69
#define DNS_RECORD_TYPE_MF
uint32_t event_type
void DNSAppLayerRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto)
#define DNS_RECORD_TYPE_NSEC3
#define DNS_RECORD_TYPE_LOC
#define DNS_RCODE_NOTIMP
#define DNS_RECORD_TYPE_KEY
#define DNS_RCODE_SERVFAIL
#define DNS_RECORD_TYPE_SPF
#define DNS_RECORD_TYPE_DS
#define DNS_RCODE_NXDOMAIN
void DNSCreateRcodeString(uint8_t rcode, char *str, size_t str_size)
#define DNS_RECORD_TYPE_RT
int SCMapEnumNameToValue(const char *enum_name, SCEnumCharMap *table)
Maps a string name to an enum value from the supplied table. Please specify the last element of any m...
Definition: util-enum.c:41
#define DNS_RCODE_BADKEY
uint16_t AppProto
#define DNS_RECORD_TYPE_TLSA
#define DNS_RECORD_TYPE_NSEC3PARAM
#define DNS_RCODE_FORMERR
#define DNS_RCODE_BADVERS
#define DNS_RECORD_TYPE_NXT
#define DNS_RCODE_BADMODE
#define DNS_RECORD_TYPE_APL
#define DNS_RECORD_TYPE_ISDN
#define str(s)
#define DNS_RCODE_NOTAUTH
void AppLayerParserRegisterGetEventInfo(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfo)(const char *event_name, int *event_id, AppLayerEventType *event_type))
uint8_t type
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
#define DNS_RECORD_TYPE_A
#define DNS_RECORD_TYPE_TSIG
#define DNS_RCODE_REFUSED
#define DNS_RECORD_TYPE_MG
#define DNS_RECORD_TYPE_DNAME
#define DNS_RECORD_TYPE_CDNSKEY
#define DNS_RECORD_TYPE_NSAP
#define DNS_RECORD_TYPE_SRV
#define DNS_RECORD_TYPE_MB
#define DNS_RECORD_TYPE_KX
#define DNS_RECORD_TYPE_X25
#define DNS_RECORD_TYPE_PTR
void AppLayerParserRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto, int(*StateGetEventInfoById)(int event_id, const char **event_name, AppLayerEventType *event_type))
#define DNS_RECORD_TYPE_AAAA
#define DNS_RECORD_TYPE_CNAME
SCEnumCharMap dns_decoder_event_table[]
#define DNS_RECORD_TYPE_RP
#define DNS_RECORD_TYPE_WKS
#define DNS_RECORD_TYPE_NSAPPTR
#define DNS_RECORD_TYPE_CERT
#define DNS_RECORD_TYPE_OPT
#define DNS_RECORD_TYPE_RRSIG
#define DNS_RECORD_TYPE_SIG
#define DNS_RECORD_TYPE_IPSECKEY
#define DNS_RECORD_TYPE_NULL
#define DNS_RECORD_TYPE_MX
#define DNS_RCODE_BADALG
#define DNS_RECORD_TYPE_A6
#define DNS_RECORD_TYPE_CDS
#define DNS_RCODE_BADTRUNC
#define DNS_RECORD_TYPE_ANY
#define DNS_RECORD_TYPE_GPOS
#define DNS_RECORD_TYPE_MR
#define DNS_RECORD_TYPE_HINFO
#define DNS_RECORD_TYPE_MD
#define DNS_RECORD_TYPE_NAPTR
#define DNS_RECORD_TYPE_TXT
#define DNS_RECORD_TYPE_MAILA
#define DNS_RCODE_BADNAME
#define DNS_RECORD_TYPE_DHCID
#define DNS_RCODE_BADTIME
#define DNS_RECORD_TYPE_NS
#define DNS_RCODE_NXRRSET
int DNSStateGetEventInfoById(int event_id, const char **event_name, AppLayerEventType *event_type)
#define DNS_RECORD_TYPE_TKEY
#define DNS_RECORD_TYPE_HIP
#define DNS_RECORD_TYPE_SOA
#define DNS_RCODE_NOERROR
#define DNS_RECORD_TYPE_DNSKEY
#define DNS_RECORD_TYPE_URI
#define DNS_RECORD_TYPE_PX
#define DNS_RECORD_TYPE_MINFO
#define DNS_RCODE_NOTZONE
void DNSCreateTypeString(uint16_t type, char *str, size_t str_size)
void DNSAppLayerRegisterGetEventInfo(uint8_t ipproto, AppProto alproto)
#define DNS_RECORD_TYPE_SSHFP