suricata
app-layer-dns-common.h File Reference
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "flow.h"
#include "queue.h"
#include "util-byte.h"
Include dependency graph for app-layer-dns-common.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  DNSHeader_
 DNS packet header. More...
 
struct  DNSQueryTrailer_
 
struct  DNSAnswerHeader_
 DNS answer header packed as we don't want alignment to mess up sizeof() More...
 
struct  DNSQueryEntry_
 DNS Query storage. Stored in TX list. More...
 
struct  DNSAnswerEntry_
 DNS Answer storage. Stored in TX list. More...
 
struct  DNSTransaction_
 DNS Transaction, request/reply with same TX id. More...
 
struct  DNSState_
 Per flow DNS state container. More...
 

Macros

#define DNS_MAX_SIZE   256
 
#define DNS_RECORD_TYPE_A   1
 
#define DNS_RECORD_TYPE_NS   2
 
#define DNS_RECORD_TYPE_MD   3
 
#define DNS_RECORD_TYPE_MF   4
 
#define DNS_RECORD_TYPE_CNAME   5
 
#define DNS_RECORD_TYPE_SOA   6
 
#define DNS_RECORD_TYPE_MB   7
 
#define DNS_RECORD_TYPE_MG   8
 
#define DNS_RECORD_TYPE_MR   9
 
#define DNS_RECORD_TYPE_NULL   10
 
#define DNS_RECORD_TYPE_WKS   11
 
#define DNS_RECORD_TYPE_PTR   12
 
#define DNS_RECORD_TYPE_HINFO   13
 
#define DNS_RECORD_TYPE_MINFO   14
 
#define DNS_RECORD_TYPE_MX   15
 
#define DNS_RECORD_TYPE_TXT   16
 
#define DNS_RECORD_TYPE_RP   17
 
#define DNS_RECORD_TYPE_AFSDB   18
 
#define DNS_RECORD_TYPE_X25   19
 
#define DNS_RECORD_TYPE_ISDN   20
 
#define DNS_RECORD_TYPE_RT   21
 
#define DNS_RECORD_TYPE_NSAP   22
 
#define DNS_RECORD_TYPE_NSAPPTR   23
 
#define DNS_RECORD_TYPE_SIG   24
 
#define DNS_RECORD_TYPE_KEY   25
 
#define DNS_RECORD_TYPE_PX   26
 
#define DNS_RECORD_TYPE_GPOS   27
 
#define DNS_RECORD_TYPE_AAAA   28
 
#define DNS_RECORD_TYPE_LOC   29
 
#define DNS_RECORD_TYPE_NXT   30
 
#define DNS_RECORD_TYPE_SRV   33
 
#define DNS_RECORD_TYPE_ATMA   34
 
#define DNS_RECORD_TYPE_NAPTR   35
 
#define DNS_RECORD_TYPE_KX   36
 
#define DNS_RECORD_TYPE_CERT   37
 
#define DNS_RECORD_TYPE_A6   38
 
#define DNS_RECORD_TYPE_DNAME   39
 
#define DNS_RECORD_TYPE_OPT   41
 
#define DNS_RECORD_TYPE_APL   42
 
#define DNS_RECORD_TYPE_DS   43
 
#define DNS_RECORD_TYPE_SSHFP   44
 
#define DNS_RECORD_TYPE_IPSECKEY   45
 
#define DNS_RECORD_TYPE_RRSIG   46
 
#define DNS_RECORD_TYPE_NSEC   47
 
#define DNS_RECORD_TYPE_DNSKEY   48
 
#define DNS_RECORD_TYPE_DHCID   49
 
#define DNS_RECORD_TYPE_NSEC3   50
 
#define DNS_RECORD_TYPE_NSEC3PARAM   51
 
#define DNS_RECORD_TYPE_TLSA   52
 
#define DNS_RECORD_TYPE_HIP   55
 
#define DNS_RECORD_TYPE_CDS   59
 
#define DNS_RECORD_TYPE_CDNSKEY   60
 
#define DNS_RECORD_TYPE_SPF   99
 
#define DNS_RECORD_TYPE_TKEY   249
 
#define DNS_RECORD_TYPE_TSIG   250
 
#define DNS_RECORD_TYPE_MAILA   254
 
#define DNS_RECORD_TYPE_ANY   255
 
#define DNS_RECORD_TYPE_URI   256
 
#define DNS_RCODE_NOERROR   0
 
#define DNS_RCODE_FORMERR   1
 
#define DNS_RCODE_SERVFAIL   2
 
#define DNS_RCODE_NXDOMAIN   3
 
#define DNS_RCODE_NOTIMP   4
 
#define DNS_RCODE_REFUSED   5
 
#define DNS_RCODE_YXDOMAIN   6
 
#define DNS_RCODE_YXRRSET   7
 
#define DNS_RCODE_NXRRSET   8
 
#define DNS_RCODE_NOTAUTH   9
 
#define DNS_RCODE_NOTZONE   10
 
#define DNS_RCODE_BADVERS   16
 
#define DNS_RCODE_BADSIG   16
 
#define DNS_RCODE_BADKEY   17
 
#define DNS_RCODE_BADTIME   18
 
#define DNS_RCODE_BADMODE   19
 
#define DNS_RCODE_BADNAME   20
 
#define DNS_RCODE_BADALG   21
 
#define DNS_RCODE_BADTRUNC   22
 
#define DNS_CONFIG_DEFAULT_REQUEST_FLOOD   500
 
#define DNS_CONFIG_DEFAULT_STATE_MEMCAP   512*1024
 
#define DNS_CONFIG_DEFAULT_GLOBAL_MEMCAP   16*1024*1024
 

Typedefs

typedef struct RSDNSState_ RSDNSState
 
typedef struct RSDNSTransaction_ RSDNSTransaction
 
typedef struct DNSAnswerHeader_ DNSAnswerHeader
 
typedef struct DNSQueryEntry_ DNSQueryEntry
 DNS Query storage. Stored in TX list. More...
 
typedef struct DNSAnswerEntry_ DNSAnswerEntry
 DNS Answer storage. Stored in TX list. More...
 
typedef struct DNSTransaction_ DNSTransaction
 DNS Transaction, request/reply with same TX id. More...
 
typedef struct DNSState_ DNSState
 Per flow DNS state container. More...
 

Enumerations

enum  {
  DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE, DNS_DECODER_EVENT_MALFORMED_DATA, DNS_DECODER_EVENT_NOT_A_REQUEST, DNS_DECODER_EVENT_NOT_A_RESPONSE,
  DNS_DECODER_EVENT_Z_FLAG_SET, DNS_DECODER_EVENT_FLOODED, DNS_DECODER_EVENT_STATE_MEMCAP_REACHED
}
 
enum  DnsListEnum { DNS_LIST_ANSWER = 0, DNS_LIST_AUTHORITY }
 List types in the TX. Used when storing answers from "Answer" or "Authority". More...
 

Functions

struct DNSHeader_ __attribute__ ((__packed__)) DNSHeader
 DNS packet header. More...
 
void DNSConfigInit (void)
 
void DNSConfigSetRequestFlood (uint32_t value)
 
void DNSConfigSetStateMemcap (uint32_t value)
 
void DNSConfigSetGlobalMemcap (uint64_t value)
 
void DNSIncrMemcap (uint32_t size, DNSState *state)
 
void DNSDecrMemcap (uint32_t size, DNSState *state)
 
int DNSCheckMemcap (uint32_t want, DNSState *state)
 
uint64_t DNSMemcapGetMemuseCounter (void)
 
uint64_t DNSMemcapGetMemcapStateCounter (void)
 
uint64_t DNSMemcapGetMemcapGlobalCounter (void)
 
void RegisterDNSParsers (void)
 
void DNSParserTests (void)
 
void DNSParserRegisterTests (void)
 
void DNSAppLayerDecoderEventsRegister (int alproto)
 
int DNSStateGetEventInfo (const char *event_name, int *event_id, AppLayerEventType *event_type)
 
void DNSAppLayerRegisterGetEventInfo (uint8_t ipproto, AppProto alproto)
 
void * DNSGetTx (void *alstate, uint64_t tx_id)
 
uint64_t DNSGetTxCnt (void *alstate)
 
void DNSSetTxLogged (void *alstate, void *tx, LoggerId logged)
 
LoggerId DNSGetTxLogged (void *alstate, void *tx)
 
int DNSGetAlstateProgress (void *tx, uint8_t direction)
 
int DNSGetAlstateProgressCompletionStatus (uint8_t direction)
 get value for 'complete' status in DNS More...
 
void DNSStateTransactionFree (void *state, uint64_t tx_id)
 dns transaction cleanup callback More...
 
DNSTransactionDNSTransactionFindByTxId (const DNSState *dns_state, const uint16_t tx_id)
 
DetectEngineStateDNSGetTxDetectState (void *vtx)
 
int DNSSetTxDetectState (void *vtx, DetectEngineState *s)
 
uint64_t DNSGetTxDetectFlags (void *vtx, uint8_t dir)
 
void DNSSetTxDetectFlags (void *vtx, uint8_t dir, uint64_t detect_flags)
 
void DNSSetEvent (DNSState *s, uint8_t e)
 
void * DNSStateAlloc (void)
 
void DNSStateFree (void *s)
 
AppLayerDecoderEventsDNSGetEvents (void *state, uint64_t id)
 
int DNSValidateRequestHeader (DNSState *, const DNSHeader *dns_header)
 Validation checks for DNS request header. More...
 
int DNSValidateResponseHeader (DNSState *, const DNSHeader *dns_header)
 Validation checks for DNS response header. More...
 
void DNSStoreQueryInState (DNSState *dns_state, const uint8_t *fqdn, const uint16_t fqdn_len, const uint16_t type, const uint16_t class, const uint16_t tx_id)
 
void DNSStoreAnswerInState (DNSState *dns_state, const int rtype, const uint8_t *fqdn, const uint16_t fqdn_len, const uint16_t type, const uint16_t class, const uint16_t ttl, const uint8_t *data, const uint16_t data_len, const uint16_t tx_id)
 
const uint8_t * DNSReponseParse (DNSState *dns_state, const DNSHeader *const dns_header, const uint16_t num, const DnsListEnum list, const uint8_t *const input, const uint32_t input_len, const uint8_t *data)
 
uint16_t DNSUdpResponseGetNameByOffset (const uint8_t *const input, const uint32_t input_len, const uint16_t offset, uint8_t *fqdn, const size_t fqdn_size)
 
void DNSCreateTypeString (uint16_t type, char *str, size_t str_size)
 
void DNSCreateRcodeString (uint8_t rcode, char *str, size_t str_size)
 

Variables

typedef __attribute__
 DNP3 application header. More...
 
uint16_t tx_id
 
uint16_t flags
 
uint16_t questions
 
uint16_t answer_rr
 
uint16_t authority_rr
 
uint16_t additional_rr
 
uint16_t type
 
uint16_t class
 
uint32_t ttl
 
uint16_t len
 

Detailed Description

Macro Definition Documentation

#define DNS_CONFIG_DEFAULT_GLOBAL_MEMCAP   16*1024*1024

Definition at line 248 of file app-layer-dns-common.h.

#define DNS_CONFIG_DEFAULT_REQUEST_FLOOD   500

Definition at line 246 of file app-layer-dns-common.h.

Referenced by RegisterDNSUDPParsers().

#define DNS_CONFIG_DEFAULT_STATE_MEMCAP   512*1024

Definition at line 247 of file app-layer-dns-common.h.

#define DNS_MAX_SIZE   256

Definition at line 33 of file app-layer-dns-common.h.

Referenced by DNSReponseParse().

#define DNS_RCODE_BADALG   21

Definition at line 114 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_BADKEY   17

Definition at line 110 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_BADMODE   19

Definition at line 112 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_BADNAME   20

Definition at line 113 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_BADSIG   16

Definition at line 109 of file app-layer-dns-common.h.

#define DNS_RCODE_BADTIME   18

Definition at line 111 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_BADTRUNC   22

Definition at line 115 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_BADVERS   16

Definition at line 108 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_FORMERR   1

Definition at line 96 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_NOERROR   0

Definition at line 95 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_NOTAUTH   9

Definition at line 104 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_NOTIMP   4

Definition at line 99 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_NOTZONE   10

Definition at line 105 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_NXDOMAIN   3

Definition at line 98 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_NXRRSET   8

Definition at line 103 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_REFUSED   5

Definition at line 100 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_SERVFAIL   2

Definition at line 97 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_YXDOMAIN   6

Definition at line 101 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RCODE_YXRRSET   7

Definition at line 102 of file app-layer-dns-common.h.

Referenced by DNSCreateRcodeString().

#define DNS_RECORD_TYPE_A   1

Definition at line 36 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString(), and DNSReponseParse().

#define DNS_RECORD_TYPE_A6   38

Definition at line 71 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_AAAA   28

Definition at line 63 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString(), and DNSReponseParse().

#define DNS_RECORD_TYPE_AFSDB   18

Definition at line 53 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_ANY   255

Definition at line 92 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_APL   42

Definition at line 74 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_ATMA   34

Definition at line 67 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_CDNSKEY   60

Definition at line 87 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_CDS   59

Definition at line 86 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_CERT   37

Definition at line 70 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_CNAME   5

Definition at line 40 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString(), and DNSReponseParse().

#define DNS_RECORD_TYPE_DHCID   49

Definition at line 81 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_DNAME   39

Definition at line 72 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_DNSKEY   48

Definition at line 80 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_DS   43

Definition at line 75 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_GPOS   27

Definition at line 62 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_HINFO   13

Definition at line 48 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_HIP   55

Definition at line 85 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_IPSECKEY   45

Definition at line 77 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_ISDN   20

Definition at line 55 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_KEY   25

Definition at line 60 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_KX   36

Definition at line 69 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_LOC   29

Definition at line 64 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_MAILA   254

Definition at line 91 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_MB   7

Definition at line 42 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_MD   3

Definition at line 38 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_MF   4

Definition at line 39 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_MG   8

Definition at line 43 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_MINFO   14

Definition at line 49 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_MR   9

Definition at line 44 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_MX   15

Definition at line 50 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString(), and DNSReponseParse().

#define DNS_RECORD_TYPE_NAPTR   35

Definition at line 68 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_NS   2

Definition at line 37 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString(), and DNSReponseParse().

#define DNS_RECORD_TYPE_NSAP   22

Definition at line 57 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_NSAPPTR   23

Definition at line 58 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_NSEC   47

Definition at line 79 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_NSEC3   50

Definition at line 82 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_NSEC3PARAM   51

Definition at line 83 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_NULL   10

Definition at line 45 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_NXT   30

Definition at line 65 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_OPT   41

Definition at line 73 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_PTR   12

Definition at line 47 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString(), and DNSReponseParse().

#define DNS_RECORD_TYPE_PX   26

Definition at line 61 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_RP   17

Definition at line 52 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_RRSIG   46

Definition at line 78 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_RT   21

Definition at line 56 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_SIG   24

Definition at line 59 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_SOA   6

Definition at line 41 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString(), and DNSReponseParse().

#define DNS_RECORD_TYPE_SPF   99

Definition at line 88 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_SRV   33

Definition at line 66 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_SSHFP   44

Definition at line 76 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString(), and DNSReponseParse().

#define DNS_RECORD_TYPE_TKEY   249

Definition at line 89 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_TLSA   52

Definition at line 84 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_TSIG   250

Definition at line 90 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_TXT   16

Definition at line 51 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString(), and DNSReponseParse().

#define DNS_RECORD_TYPE_URI   256

Definition at line 93 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_WKS   11

Definition at line 46 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

#define DNS_RECORD_TYPE_X25   19

Definition at line 54 of file app-layer-dns-common.h.

Referenced by DNSCreateTypeString().

Typedef Documentation

DNS Answer storage. Stored in TX list.

Layout is: [list ptr][2 byte type][2 byte class][2 byte ttl] \ [2 byte fqdn len][2 byte data len][...fqdn...][...data...]

Definition at line 154 of file app-layer-dns-common.h.

typedef struct DNSQueryEntry_ DNSQueryEntry

DNS Query storage. Stored in TX list.

Layout is: [list ptr][2 byte type][2 byte class][2 byte len][...data...]

typedef struct DNSState_ DNSState

Per flow DNS state container.

DNS Transaction, request/reply with same TX id.

typedef struct RSDNSState_ RSDNSState

Opaque Rust types.

Definition at line 128 of file app-layer-dns-common.h.

typedef struct RSDNSTransaction_ RSDNSTransaction

Definition at line 129 of file app-layer-dns-common.h.

Enumeration Type Documentation

anonymous enum
Enumerator
DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE 
DNS_DECODER_EVENT_MALFORMED_DATA 
DNS_DECODER_EVENT_NOT_A_REQUEST 
DNS_DECODER_EVENT_NOT_A_RESPONSE 
DNS_DECODER_EVENT_Z_FLAG_SET 
DNS_DECODER_EVENT_FLOODED 
DNS_DECODER_EVENT_STATE_MEMCAP_REACHED 

Definition at line 117 of file app-layer-dns-common.h.

List types in the TX. Used when storing answers from "Answer" or "Authority".

Enumerator
DNS_LIST_ANSWER 
DNS_LIST_AUTHORITY 

Definition at line 158 of file app-layer-dns-common.h.

Function Documentation

struct DNSHeader_ __attribute__ ( (__packed__)  )

DNS packet header.

DNS packet header.

Unified2 Extra Data Header Unified2 Extra Data (currently used only for XFF)

DNS packet header.

DNP3 internal indicators.

DNP3 application header.

Part of the application header for responses only.

Unified2 Extra Data Header Unified2 Extra Data (currently used only for XFF)

Definition at line 92 of file alert-unified2-alert.c.

void DNSAppLayerDecoderEventsRegister ( int  alproto)
void DNSAppLayerRegisterGetEventInfo ( uint8_t  ipproto,
AppProto  alproto 
)

Definition at line 152 of file app-layer-dns-common.c.

References AppLayerParserRegisterGetEventInfo(), and DNSStateGetEventInfo().

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the call graph for this function:

Here is the caller graph for this function:

int DNSCheckMemcap ( uint32_t  want,
DNSState state 
)

Definition at line 88 of file app-layer-dns-common.c.

References DNS_DECODER_EVENT_STATE_MEMCAP_REACHED, DNSSetEvent(), DNSConfig_::global_memcap, DNSState_::memuse, SC_ATOMIC_ADD, SC_ATOMIC_GET, and DNSConfig_::state_memcap.

Referenced by DNSSetEvent(), DNSStoreAnswerInState(), and DNSStoreQueryInState().

Here is the call graph for this function:

Here is the caller graph for this function:

void DNSConfigInit ( void  )

Definition at line 41 of file app-layer-dns-common.c.

void DNSConfigSetGlobalMemcap ( uint64_t  value)

Definition at line 60 of file app-layer-dns-common.c.

References DNSConfig_::global_memcap, and SC_ATOMIC_INIT.

void DNSConfigSetRequestFlood ( uint32_t  value)

Definition at line 46 of file app-layer-dns-common.c.

References DNSConfig_::request_flood.

void DNSConfigSetStateMemcap ( uint32_t  value)

Definition at line 51 of file app-layer-dns-common.c.

References SC_ATOMIC_DECLARE(), and DNSConfig_::state_memcap.

Here is the call graph for this function:

void DNSDecrMemcap ( uint32_t  size,
DNSState state 
)

< TODO remove later

< TODO remove later

Definition at line 77 of file app-layer-dns-common.c.

References BUG_ON, DNSState_::memuse, SC_ATOMIC_GET, and SC_ATOMIC_SUB.

Referenced by DNSSetEvent(), and DNSStateFree().

Here is the caller graph for this function:

int DNSGetAlstateProgress ( void *  tx,
uint8_t  direction 
)

Definition at line 217 of file app-layer-dns-common.c.

References DNSTransaction_::replied, DNSTransaction_::reply_lost, and STREAM_TOCLIENT.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

int DNSGetAlstateProgressCompletionStatus ( uint8_t  direction)

get value for 'complete' status in DNS

For DNS we use a simple bool. 1 means done.

Definition at line 269 of file app-layer-dns-common.c.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

AppLayerDecoderEvents* DNSGetEvents ( void *  state,
uint64_t  id 
)

Definition at line 159 of file app-layer-dns-common.c.

References DNSState_::curr, DNSTransaction_::decoder_events, next, TAILQ_FOREACH, and DNSTransaction_::tx_num.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

void* DNSGetTx ( void *  alstate,
uint64_t  tx_id 
)

Definition at line 175 of file app-layer-dns-common.c.

References DNSState_::curr, DNSState_::iter, next, SCLogDebug, TAILQ_FOREACH, TAILQ_NEXT, and DNSTransaction_::tx_num.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

uint64_t DNSGetTxCnt ( void *  alstate)

Definition at line 211 of file app-layer-dns-common.c.

References DNSState_::transaction_max.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

uint64_t DNSGetTxDetectFlags ( void *  vtx,
uint8_t  dir 
)

Definition at line 245 of file app-layer-dns-common.c.

References DNSTransaction_::detect_flags_tc, DNSTransaction_::detect_flags_ts, and STREAM_TOSERVER.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

DetectEngineState* DNSGetTxDetectState ( void *  vtx)

Definition at line 414 of file app-layer-dns-common.c.

References DNSTransaction_::de_state.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

LoggerId DNSGetTxLogged ( void *  alstate,
void *  tx 
)

Definition at line 239 of file app-layer-dns-common.c.

References DNSTransaction_::logged.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

void DNSIncrMemcap ( uint32_t  size,
DNSState state 
)

Definition at line 69 of file app-layer-dns-common.c.

References DNSState_::memuse, and SC_ATOMIC_ADD.

Referenced by DNSSetEvent(), DNSStateAlloc(), DNSStoreAnswerInState(), and DNSStoreQueryInState().

Here is the caller graph for this function:

uint64_t DNSMemcapGetMemcapGlobalCounter ( void  )

Definition at line 118 of file app-layer-dns-common.c.

References SC_ATOMIC_GET.

Referenced by AppLayerRegisterGlobalCounters().

Here is the caller graph for this function:

uint64_t DNSMemcapGetMemcapStateCounter ( void  )

Definition at line 112 of file app-layer-dns-common.c.

References SC_ATOMIC_GET.

Referenced by AppLayerRegisterGlobalCounters().

Here is the caller graph for this function:

uint64_t DNSMemcapGetMemuseCounter ( void  )

Definition at line 106 of file app-layer-dns-common.c.

References SC_ATOMIC_GET.

Referenced by AppLayerRegisterGlobalCounters().

Here is the caller graph for this function:

void DNSParserRegisterTests ( void  )
void DNSParserTests ( void  )
const uint8_t* DNSReponseParse ( DNSState dns_state,
const DNSHeader *const  dns_header,
const uint16_t  num,
const DnsListEnum  list,
const uint8_t *const  input,
const uint32_t  input_len,
const uint8_t *  data 
)
void DNSSetTxDetectFlags ( void *  vtx,
uint8_t  dir,
uint64_t  detect_flags 
)

Definition at line 255 of file app-layer-dns-common.c.

References DNSTransaction_::detect_flags_tc, DNSTransaction_::detect_flags_ts, and STREAM_TOSERVER.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

int DNSSetTxDetectState ( void *  vtx,
DetectEngineState s 
)

Definition at line 420 of file app-layer-dns-common.c.

References DNSTransaction_::de_state.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

void DNSSetTxLogged ( void *  alstate,
void *  tx,
LoggerId  logged 
)

Definition at line 233 of file app-layer-dns-common.c.

References DNSTransaction_::logged, and logged.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

void* DNSStateAlloc ( void  )

Definition at line 427 of file app-layer-dns-common.c.

References DNSIncrMemcap(), SCMalloc, TAILQ_INIT, and unlikely.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the call graph for this function:

Here is the caller graph for this function:

void DNSStateFree ( void *  s)

TODO update if/once we alloc in a smarter way

Definition at line 443 of file app-layer-dns-common.c.

References DNSState_::buffer, BUG_ON, DNSDecrMemcap(), DNSState_::memuse, next, SCEnter, SCFree, SCReturn, TAILQ_FIRST, and TAILQ_REMOVE.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the call graph for this function:

Here is the caller graph for this function:

int DNSStateGetEventInfo ( const char *  event_name,
int *  event_id,
AppLayerEventType event_type 
)

Definition at line 136 of file app-layer-dns-common.c.

References APP_LAYER_EVENT_TYPE_TRANSACTION, SC_ERR_INVALID_ENUM_MAP, SCLogError, and SCMapEnumNameToValue().

Referenced by DNSAppLayerRegisterGetEventInfo().

Here is the call graph for this function:

Here is the caller graph for this function:

void DNSStateTransactionFree ( void *  state,
uint64_t  tx_id 
)

dns transaction cleanup callback

Definition at line 352 of file app-layer-dns-common.c.

References AppLayerDecoderEvents_::cnt, DNSState_::curr, DNSTransaction_::decoder_events, DNSState_::events, next, SCEnter, SCLogDebug, SCReturn, TAILQ_FOREACH, TAILQ_REMOVE, and DNSTransaction_::tx_num.

Referenced by RegisterDNSTCPParsers(), and RegisterDNSUDPParsers().

Here is the caller graph for this function:

void DNSStoreAnswerInState ( DNSState dns_state,
const int  rtype,
const uint8_t *  fqdn,
const uint16_t  fqdn_len,
const uint16_t  type,
const uint16_t  class,
const uint16_t  ttl,
const uint8_t *  data,
const uint16_t  data_len,
const uint16_t  tx_id 
)
void DNSStoreQueryInState ( DNSState dns_state,
const uint8_t *  fqdn,
const uint16_t  fqdn_len,
const uint16_t  type,
const uint16_t  class,
const uint16_t  tx_id 
)
DNSTransaction* DNSTransactionFindByTxId ( const DNSState dns_state,
const uint16_t  tx_id 
)
uint16_t DNSUdpResponseGetNameByOffset ( const uint8_t *const  input,
const uint32_t  input_len,
const uint16_t  offset,
uint8_t *  fqdn,
const size_t  fqdn_size 
)
int DNSValidateRequestHeader ( DNSState dns_state,
const DNSHeader *  dns_header 
)

Validation checks for DNS request header.

Will set decoder events if anomalies are found.

Return values
0ok
-1error

Definition at line 475 of file app-layer-dns-common.c.

References DNS_DECODER_EVENT_NOT_A_REQUEST, DNS_DECODER_EVENT_Z_FLAG_SET, DNSSetEvent(), flags, SCLogDebug, and SCNtohs.

Here is the call graph for this function:

int DNSValidateResponseHeader ( DNSState dns_state,
const DNSHeader *  dns_header 
)

Validation checks for DNS response header.

Will set decoder events if anomalies are found.

Return values
0ok
-1error

Definition at line 503 of file app-layer-dns-common.c.

References DNSQueryEntry_::class, DNS_DECODER_EVENT_NOT_A_RESPONSE, DNS_DECODER_EVENT_Z_FLAG_SET, DNSSetEvent(), FALSE, flags, DNSQueryEntry_::len, next, SCLogDebug, SCMemcmp, SCNtohs, TAILQ_FOREACH, TRUE, type, and DNSQueryEntry_::type.

Here is the call graph for this function:

void RegisterDNSParsers ( void  )

Variable Documentation

struct StreamingBufferSegment_ __attribute__

DNP3 application header.

DNP3 internal indicators.

Part of the application header for responses only.

Definition at line 376 of file alert-unified2-alert.c.

Referenced by EngineAnalysisRulesFailure(), OutputJsonRegister(), RunModeNapatechRegister(), and StreamingBufferFree().

uint16_t additional_rr

Definition at line 43 of file app-layer-dns-common.h.

uint16_t answer_rr

Definition at line 41 of file app-layer-dns-common.h.

uint16_t authority_rr

Definition at line 42 of file app-layer-dns-common.h.

uint16_t class

Definition at line 39 of file app-layer-dns-common.h.

uint16_t flags

Definition at line 39 of file app-layer-dns-common.h.

Referenced by AppLayerIncTxCounter(), AppLayerParserGetTxDetectFlags(), AppLayerParserRegisterOptionFlags(), AppLayerParserStreamTruncated(), DCERPCParser(), DetectAppLayerEventRegister(), DetectAsn1Register(), DetectDceGetState(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDNP3Register(), DetectEngineContentInspection(), DetectFileextRegister(), DetectFilemagicRegister(), DetectFilenameRegister(), DetectFilesizeRegister(), DetectFilestorePostMatch(), DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFtpbounceRegister(), DetectFtpdataRegister(), DetectGeoipRegister(), DetectHttpClientBodyRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectSignatureApplyActions(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTemplateRustBufferRegister(), DetectTlsRegister(), DetectTlsValidityRegister(), DetectTlsVersionRegister(), DNSValidateRequestHeader(), DNSValidateResponseHeader(), FileFlowToFlags(), FlowGetDisruptionFlags(), GetIfaceMaxPacketSize(), HtpConfigRestoreBackup(), HTPFileOpen(), HTPFreeConfig(), MimeDecFindField(), MpmAddPattern(), MpmAddPatternCI(), NoNetmapSupportExit(), OutputJsonRegister(), OutputRegisterFiledataLogger(), PacketAlertAppend(), PatternStrength(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), RegisterTFTPParsers(), SCHTPGenerateNormalizedUri(), SCProfilingDumpPacketStats(), SCProfilingPrintPacketProfile(), SMTPProcessDataChunk(), SMTPStateAlloc(), SSLSetEvent(), SSLVersionToString(), TagTimeoutCheck(), TmThreadSpawn(), and Unified2AlertInitCtx().

uint16_t len

Definition at line 41 of file app-layer-dns-common.h.

uint16_t questions

Definition at line 40 of file app-layer-dns-common.h.

uint32_t ttl

Definition at line 40 of file app-layer-dns-common.h.

Referenced by DNSStoreAnswerInState(), and FlowGetPacketDirection().