suricata
app-layer-dns-common.h
Go to the documentation of this file.
1 /* Copyright (C) 2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef __APP_LAYER_DNS_COMMON_H__
25 #define __APP_LAYER_DNS_COMMON_H__
26 
27 #include "app-layer-protos.h"
28 #include "app-layer-parser.h"
29 
30 #define DNS_MAX_SIZE 256
31 
32 #define DNS_RECORD_TYPE_A 1
33 #define DNS_RECORD_TYPE_NS 2
34 #define DNS_RECORD_TYPE_MD 3 // Obsolete
35 #define DNS_RECORD_TYPE_MF 4 // Obsolete
36 #define DNS_RECORD_TYPE_CNAME 5
37 #define DNS_RECORD_TYPE_SOA 6
38 #define DNS_RECORD_TYPE_MB 7 // Experimental
39 #define DNS_RECORD_TYPE_MG 8 // Experimental
40 #define DNS_RECORD_TYPE_MR 9 // Experimental
41 #define DNS_RECORD_TYPE_NULL 10 // Experimental
42 #define DNS_RECORD_TYPE_WKS 11
43 #define DNS_RECORD_TYPE_PTR 12
44 #define DNS_RECORD_TYPE_HINFO 13
45 #define DNS_RECORD_TYPE_MINFO 14
46 #define DNS_RECORD_TYPE_MX 15
47 #define DNS_RECORD_TYPE_TXT 16
48 #define DNS_RECORD_TYPE_RP 17
49 #define DNS_RECORD_TYPE_AFSDB 18
50 #define DNS_RECORD_TYPE_X25 19
51 #define DNS_RECORD_TYPE_ISDN 20
52 #define DNS_RECORD_TYPE_RT 21
53 #define DNS_RECORD_TYPE_NSAP 22
54 #define DNS_RECORD_TYPE_NSAPPTR 23
55 #define DNS_RECORD_TYPE_SIG 24
56 #define DNS_RECORD_TYPE_KEY 25
57 #define DNS_RECORD_TYPE_PX 26
58 #define DNS_RECORD_TYPE_GPOS 27
59 #define DNS_RECORD_TYPE_AAAA 28
60 #define DNS_RECORD_TYPE_LOC 29
61 #define DNS_RECORD_TYPE_NXT 30 // Obosolete
62 #define DNS_RECORD_TYPE_SRV 33
63 #define DNS_RECORD_TYPE_ATMA 34
64 #define DNS_RECORD_TYPE_NAPTR 35
65 #define DNS_RECORD_TYPE_KX 36
66 #define DNS_RECORD_TYPE_CERT 37
67 #define DNS_RECORD_TYPE_A6 38 // Obsolete
68 #define DNS_RECORD_TYPE_DNAME 39
69 #define DNS_RECORD_TYPE_OPT 41
70 #define DNS_RECORD_TYPE_APL 42
71 #define DNS_RECORD_TYPE_DS 43
72 #define DNS_RECORD_TYPE_SSHFP 44
73 #define DNS_RECORD_TYPE_IPSECKEY 45
74 #define DNS_RECORD_TYPE_RRSIG 46
75 #define DNS_RECORD_TYPE_NSEC 47
76 #define DNS_RECORD_TYPE_DNSKEY 48
77 #define DNS_RECORD_TYPE_DHCID 49
78 #define DNS_RECORD_TYPE_NSEC3 50
79 #define DNS_RECORD_TYPE_NSEC3PARAM 51
80 #define DNS_RECORD_TYPE_TLSA 52
81 #define DNS_RECORD_TYPE_HIP 55
82 #define DNS_RECORD_TYPE_CDS 59
83 #define DNS_RECORD_TYPE_CDNSKEY 60
84 #define DNS_RECORD_TYPE_SPF 99 // Obsolete
85 #define DNS_RECORD_TYPE_TKEY 249
86 #define DNS_RECORD_TYPE_TSIG 250
87 #define DNS_RECORD_TYPE_MAILA 254 // Obsolete
88 #define DNS_RECORD_TYPE_ANY 255
89 #define DNS_RECORD_TYPE_URI 256
90 
91 #define DNS_RCODE_NOERROR 0
92 #define DNS_RCODE_FORMERR 1
93 #define DNS_RCODE_SERVFAIL 2
94 #define DNS_RCODE_NXDOMAIN 3
95 #define DNS_RCODE_NOTIMP 4
96 #define DNS_RCODE_REFUSED 5
97 #define DNS_RCODE_YXDOMAIN 6
98 #define DNS_RCODE_YXRRSET 7
99 #define DNS_RCODE_NXRRSET 8
100 #define DNS_RCODE_NOTAUTH 9
101 #define DNS_RCODE_NOTZONE 10
102 // Support for OPT RR from RFC6891 will be needed to
103 // parse RCODE values over 15
104 #define DNS_RCODE_BADVERS 16
105 #define DNS_RCODE_BADSIG 16
106 #define DNS_RCODE_BADKEY 17
107 #define DNS_RCODE_BADTIME 18
108 #define DNS_RCODE_BADMODE 19
109 #define DNS_RCODE_BADNAME 20
110 #define DNS_RCODE_BADALG 21
111 #define DNS_RCODE_BADTRUNC 22
112 
113 enum {
114  DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE,
115  DNS_DECODER_EVENT_MALFORMED_DATA,
116  DNS_DECODER_EVENT_NOT_A_REQUEST,
117  DNS_DECODER_EVENT_NOT_A_RESPONSE,
118  DNS_DECODER_EVENT_Z_FLAG_SET,
119  DNS_DECODER_EVENT_FLOODED,
120  DNS_DECODER_EVENT_STATE_MEMCAP_REACHED,
121 };
122 
123 /** Opaque Rust types. */
124 typedef struct RSDNSState_ RSDNSState;
125 typedef struct RSDNSTransaction_ RSDNSTransaction;
126 
127 /** \brief DNS packet header */
128 typedef struct DNSHeader_ {
129  uint16_t tx_id;
130  uint16_t flags;
131  uint16_t questions;
132  uint16_t answer_rr;
133  uint16_t authority_rr;
134  uint16_t additional_rr;
135 } __attribute__((__packed__)) DNSHeader;
136 
137 int DNSStateGetEventInfo(const char *event_name,
138  int *event_id, AppLayerEventType *event_type);
139 int DNSStateGetEventInfoById(int event_id, const char **event_name,
140  AppLayerEventType *event_type);
141 void DNSAppLayerRegisterGetEventInfo(uint8_t ipproto, AppProto alproto);
142 void DNSAppLayerRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto);
143 
144 void DNSCreateTypeString(uint16_t type, char *str, size_t str_size);
145 void DNSCreateRcodeString(uint8_t rcode, char *str, size_t str_size);
146 
147 #endif /* __APP_LAYER_DNS_COMMON_H__ */
DNSHeader_::tx_id
uint16_t tx_id
Definition: app-layer-dns-common.h:129
AppLayerEventType
enum AppLayerEventType_ AppLayerEventType
event_type
uint32_t event_type
Definition: alert-unified2-alert.c:84
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:69
str
#define str(s)
Definition: suricata-common.h:258
DNSStateGetEventInfoById
int DNSStateGetEventInfoById(int event_id, const char **event_name, AppLayerEventType *event_type)
Definition: app-layer-dns-common.c:55
DNSHeader_::answer_rr
uint16_t answer_rr
Definition: app-layer-dns-common.h:132
type
uint8_t type
Definition: decode-icmpv4.h:800
__attribute__
struct DNSHeader_ __attribute__((__packed__)) DNSHeader
DNS packet header.
Definition: alert-unified2-alert.c:92
DNSHeader_::additional_rr
uint16_t additional_rr
Definition: app-layer-dns-common.h:134
DNSAppLayerRegisterGetEventInfo
void DNSAppLayerRegisterGetEventInfo(uint8_t ipproto, AppProto alproto)
Definition: app-layer-dns-common.c:71
DNSAppLayerRegisterGetEventInfoById
void DNSAppLayerRegisterGetEventInfoById(uint8_t ipproto, AppProto alproto)
Definition: app-layer-dns-common.c:78
DNSHeader_::authority_rr
uint16_t authority_rr
Definition: app-layer-dns-common.h:133
DNSCreateTypeString
void DNSCreateTypeString(uint16_t type, char *str, size_t str_size)
Definition: app-layer-dns-common.c:85
DNSHeader_
DNS packet header.
Definition: app-layer-dns-common.h:128
RSDNSState
struct RSDNSState_ RSDNSState
Definition: app-layer-dns-common.h:124
DNSStateGetEventInfo
int DNSStateGetEventInfo(const char *event_name, int *event_id, AppLayerEventType *event_type)
Definition: app-layer-dns-common.c:39
RSDNSTransaction
struct RSDNSTransaction_ RSDNSTransaction
Definition: app-layer-dns-common.h:125
DNSCreateRcodeString
void DNSCreateRcodeString(uint8_t rcode, char *str, size_t str_size)
Definition: app-layer-dns-common.c:267
DNSHeader_::flags
uint16_t flags
Definition: app-layer-dns-common.h:130
DNSHeader_::questions
uint16_t questions
Definition: app-layer-dns-common.h:131