suricata
detect-dns-opcode.c
Go to the documentation of this file.
1 /* Copyright (C) 2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 
20 #include "detect-parse.h"
21 #include "detect-engine.h"
22 #include "detect-engine-uint.h"
23 #include "detect-dns-opcode.h"
24 #include "rust.h"
25 
26 static int dns_opcode_list_id = 0;
27 
28 static void DetectDnsOpcodeFree(DetectEngineCtx *, void *ptr);
29 
30 static int DetectDnsOpcodeSetup(DetectEngineCtx *de_ctx, Signature *s,
31  const char *str)
32 {
33  SCEnter();
34 
36  return -1;
37  }
38 
39  void *detect = DetectU8Parse(str);
40  if (detect == NULL) {
41  SCLogError("failed to parse dns.opcode: %s", str);
42  return -1;
43  }
44 
46  dns_opcode_list_id) == NULL) {
47  goto error;
48  }
49 
50  SCReturnInt(0);
51 
52 error:
53  DetectDnsOpcodeFree(de_ctx, detect);
54  SCReturnInt(-1);
55 }
56 
57 static void DetectDnsOpcodeFree(DetectEngineCtx *de_ctx, void *ptr)
58 {
59  SCEnter();
60  if (ptr != NULL) {
61  rs_detect_u8_free(ptr);
62  }
63  SCReturn;
64 }
65 
66 static int DetectDnsOpcodeMatch(DetectEngineThreadCtx *det_ctx,
67  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
68  const SigMatchCtx *ctx)
69 {
70  return rs_dns_opcode_match(txv, (void *)ctx, flags);
71 }
72 
74 {
76  sigmatch_table[DETECT_AL_DNS_OPCODE].desc = "Match the DNS header opcode flag.";
77  sigmatch_table[DETECT_AL_DNS_OPCODE].Setup = DetectDnsOpcodeSetup;
78  sigmatch_table[DETECT_AL_DNS_OPCODE].Free = DetectDnsOpcodeFree;
81  DetectDnsOpcodeMatch;
82 
85 
88 
89  dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode");
90 }
detect-engine-uint.h
DetectSignatureSetAppProto
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:1753
detect-engine.h
SigTableElmt_::desc
const char * desc
Definition: detect.h:1295
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1283
ALPROTO_DNS
@ ALPROTO_DNS
Definition: app-layer-protos.h:41
SigTableElmt_::name
const char * name
Definition: detect.h:1293
Flow_
Flow data structure.
Definition: flow.h:350
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:836
detect-dns-opcode.h
SigTableElmt_::AppLayerTxMatch
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Definition: detect.h:1264
rust.h
SIG_FLAG_TOCLIENT
#define SIG_FLAG_TOCLIENT
Definition: detect.h:264
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1278
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:1119
DetectU8Parse
DetectUintData_u8 * DetectU8Parse(const char *u8str)
This function is used to parse u8 options passed via some u8 keyword.
Definition: detect-engine-uint.c:85
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:263
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1092
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
DETECT_AL_DNS_OPCODE
@ DETECT_AL_DNS_OPCODE
Definition: detect-engine-register.h:232
SCReturn
#define SCReturn
Definition: util-debug.h:273
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1261
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:342
flags
uint8_t flags
Definition: decode-gre.h:0
suricata-common.h
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect-parse.c:127
DetectDnsOpcodeRegister
void DetectDnsOpcodeRegister(void)
Definition: detect-dns-opcode.c:73
DetectEngineInspectGenericList
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:2126
str
#define str(s)
Definition: suricata-common.h:291
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
detect-parse.h
Signature_
Signature container.
Definition: detect.h:593
DetectAppLayerInspectEngineRegister
void DetectAppLayerInspectEngineRegister(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr Callback, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
Definition: detect-engine.c:216
SigMatchAppendSMToList
SigMatch * SigMatchAppendSMToList(DetectEngineCtx *de_ctx, Signature *s, uint16_t type, SigMatchCtx *ctx, const int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:447
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275