suricata
detect-dns-opcode.c
Go to the documentation of this file.
1 /* Copyright (C) 2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 
20 #include "detect-parse.h"
21 #include "detect-engine.h"
22 #include "detect-dns-opcode.h"
23 #include "app-layer-dns-common.h"
24 #include "rust-dns-detect-gen.h"
25 
26 static int dns_opcode_list_id = 0;
27 
28 static void DetectDnsOpcodeFree(void *ptr);
29 
30 static int DetectDnsOpcodeSetup(DetectEngineCtx *de_ctx, Signature *s,
31  const char *str)
32 {
33  SCEnter();
34 
36  return -1;
37  }
38 
39  void *detect = rs_detect_dns_opcode_parse(str);
40  if (detect == NULL) {
42  "failed to parse dns.opcode: %s", str);
43  return -1;
44  }
45 
46  SigMatch *sm = SigMatchAlloc();
47  if (unlikely(sm == NULL)) {
48  goto error;
49  }
50 
52  sm->ctx = (void *)detect;
53  SigMatchAppendSMToList(s, sm, dns_opcode_list_id);
54 
55  SCReturnInt(0);
56 
57 error:
58  DetectDnsOpcodeFree(detect);
59  SCReturnInt(-1);
60 }
61 
62 static void DetectDnsOpcodeFree(void *ptr)
63 {
64  SCEnter();
65  if (ptr != NULL) {
66  rs_dns_detect_opcode_free(ptr);
67  }
68  SCReturn;
69 }
70 
71 static int DetectDnsOpcodeMatch(DetectEngineThreadCtx *det_ctx,
72  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
73  const SigMatchCtx *ctx)
74 {
75  return rs_dns_opcode_match(txv, (void *)ctx, flags);
76 }
77 
78 static int DetectEngineInspectRequestGenericDnsOpcode(ThreadVars *tv,
79  DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
80  const Signature *s, const SigMatchData *smd,
81  Flow *f, uint8_t flags, void *alstate,
82  void *txv, uint64_t tx_id)
83 {
84  return DetectEngineInspectGenericList(tv, de_ctx, det_ctx, s, smd,
85  f, flags, alstate, txv, tx_id);
86 }
87 
89 {
91  sigmatch_table[DETECT_AL_DNS_OPCODE].desc = "Match the DNS header opcode flag.";
92  sigmatch_table[DETECT_AL_DNS_OPCODE].Setup = DetectDnsOpcodeSetup;
93  sigmatch_table[DETECT_AL_DNS_OPCODE].Free = DetectDnsOpcodeFree;
96  DetectDnsOpcodeMatch;
97 
100  DetectEngineInspectRequestGenericDnsOpcode);
101 
104  DetectEngineInspectRequestGenericDnsOpcode);
105 
106  dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode");
107 }
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect.h:1448
uint16_t flags
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1186
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
#define unlikely(expr)
Definition: util-optimize.h:35
Data needed for Match()
Definition: detect.h:327
const char * name
Definition: detect.h:1200
int DetectEngineInspectGenericList(ThreadVars *tv, const DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, const uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Signature container.
Definition: detect.h:522
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:313
main detection engine ctx
Definition: detect.h:761
void DetectDnsOpcodeRegister(void)
int DetectBufferTypeGetByName(const char *name)
#define str(s)
#define SIG_FLAG_TOCLIENT
Definition: detect.h:237
void(* Free)(void *)
Definition: detect.h:1191
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
#define SIG_FLAG_TOSERVER
Definition: detect.h:236
#define SCEnter(...)
Definition: util-debug.h:337
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1170
uint8_t type
Definition: detect.h:319
#define SCReturnInt(x)
Definition: util-debug.h:341
const char * desc
Definition: detect.h:1202
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:346
SigMatchCtx * ctx
Definition: detect.h:321
uint16_t tx_id
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Definition: detect.h:1173
SigMatch * SigMatchAlloc(void)
Definition: detect-parse.c:232
#define SCReturn
Definition: util-debug.h:339
Per thread variable structure.
Definition: threadvars.h:57
Flow data structure.
Definition: flow.h:325
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback)
register inspect engine at start up time
a single match condition for a signature
Definition: detect.h:318