suricata
detect-dns-opcode.c
Go to the documentation of this file.
1 /* Copyright (C) 2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 
20 #include "detect-parse.h"
21 #include "detect-engine.h"
22 #include "detect-dns-opcode.h"
23 #include "rust.h"
24 
25 static int dns_opcode_list_id = 0;
26 
27 static void DetectDnsOpcodeFree(DetectEngineCtx *, void *ptr);
28 
29 static int DetectDnsOpcodeSetup(DetectEngineCtx *de_ctx, Signature *s,
30  const char *str)
31 {
32  SCEnter();
33 
35  return -1;
36  }
37 
38  void *detect = rs_detect_dns_opcode_parse(str);
39  if (detect == NULL) {
41  "failed to parse dns.opcode: %s", str);
42  return -1;
43  }
44 
45  SigMatch *sm = SigMatchAlloc();
46  if (unlikely(sm == NULL)) {
47  goto error;
48  }
49 
51  sm->ctx = (void *)detect;
52  SigMatchAppendSMToList(s, sm, dns_opcode_list_id);
53 
54  SCReturnInt(0);
55 
56 error:
57  DetectDnsOpcodeFree(de_ctx, detect);
58  SCReturnInt(-1);
59 }
60 
61 static void DetectDnsOpcodeFree(DetectEngineCtx *de_ctx, void *ptr)
62 {
63  SCEnter();
64  if (ptr != NULL) {
65  rs_dns_detect_opcode_free(ptr);
66  }
67  SCReturn;
68 }
69 
70 static int DetectDnsOpcodeMatch(DetectEngineThreadCtx *det_ctx,
71  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
72  const SigMatchCtx *ctx)
73 {
74  return rs_dns_opcode_match(txv, (void *)ctx, flags);
75 }
76 
77 static int DetectEngineInspectRequestGenericDnsOpcode(ThreadVars *tv,
79  const Signature *s, const SigMatchData *smd,
80  Flow *f, uint8_t flags, void *alstate,
81  void *txv, uint64_t tx_id)
82 {
83  return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
84  f, flags, alstate, txv, tx_id);
85 }
86 
88 {
90  sigmatch_table[DETECT_AL_DNS_OPCODE].desc = "Match the DNS header opcode flag.";
91  sigmatch_table[DETECT_AL_DNS_OPCODE].Setup = DetectDnsOpcodeSetup;
92  sigmatch_table[DETECT_AL_DNS_OPCODE].Free = DetectDnsOpcodeFree;
95  DetectDnsOpcodeMatch;
96 
99  DetectEngineInspectRequestGenericDnsOpcode);
100 
103  DetectEngineInspectRequestGenericDnsOpcode);
104 
105  dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode");
106 }
DetectSignatureSetAppProto
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:1459
detect-engine.h
SigTableElmt_::desc
const char * desc
Definition: detect.h:1203
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1192
ALPROTO_DNS
@ ALPROTO_DNS
Definition: app-layer-protos.h:41
SigTableElmt_::name
const char * name
Definition: detect.h:1201
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ERR_INVALID_RULE_ARGUMENT
@ SC_ERR_INVALID_RULE_ARGUMENT
Definition: util-error.h:302
Flow_
Flow data structure.
Definition: flow.h:343
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:761
detect-dns-opcode.h
SigTableElmt_::AppLayerTxMatch
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Definition: detect.h:1174
rust.h
SIG_FLAG_TOCLIENT
#define SIG_FLAG_TOCLIENT
Definition: detect.h:237
SigMatchData_
Data needed for Match()
Definition: detect.h:327
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1187
DetectEngineInspectGenericList
int DetectEngineInspectGenericList(ThreadVars *tv, const DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:1533
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:860
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:236
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1004
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
DETECT_AL_DNS_OPCODE
@ DETECT_AL_DNS_OPCODE
Definition: detect-engine-register.h:198
SigMatch_::ctx
SigMatchCtx * ctx
Definition: detect.h:321
SCReturn
#define SCReturn
Definition: util-debug.h:302
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1171
SigMatchAlloc
SigMatch * SigMatchAlloc(void)
Definition: detect-parse.c:235
SigMatch_::type
uint8_t type
Definition: detect.h:319
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:313
flags
uint8_t flags
Definition: decode-gre.h:0
suricata-common.h
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect-parse.c:73
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
DetectDnsOpcodeRegister
void DetectDnsOpcodeRegister(void)
Definition: detect-dns-opcode.c:87
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
str
#define str(s)
Definition: suricata-common.h:273
detect-parse.h
Signature_
Signature container.
Definition: detect.h:522
SigMatch_
a single match condition for a signature
Definition: detect.h:318
DetectAppLayerInspectEngineRegister
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback)
register inspect engine at start up time
Definition: detect-engine.c:170
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
SigMatchAppendSMToList
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:349