suricata
detect-dns-opcode.c
Go to the documentation of this file.
1 /* Copyright (C) 2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 
20 #include "detect-parse.h"
21 #include "detect-engine.h"
22 #include "detect-dns-opcode.h"
23 #include "rust.h"
24 
25 static int dns_opcode_list_id = 0;
26 
27 static void DetectDnsOpcodeFree(DetectEngineCtx *, void *ptr);
28 
29 static int DetectDnsOpcodeSetup(DetectEngineCtx *de_ctx, Signature *s,
30  const char *str)
31 {
32  SCEnter();
33 
35  return -1;
36  }
37 
38  void *detect = rs_detect_dns_opcode_parse(str);
39  if (detect == NULL) {
40  SCLogError("failed to parse dns.opcode: %s", str);
41  return -1;
42  }
43 
44  SigMatch *sm = SigMatchAlloc();
45  if (unlikely(sm == NULL)) {
46  goto error;
47  }
48 
50  sm->ctx = (void *)detect;
51  SigMatchAppendSMToList(s, sm, dns_opcode_list_id);
52 
53  SCReturnInt(0);
54 
55 error:
56  DetectDnsOpcodeFree(de_ctx, detect);
57  SCReturnInt(-1);
58 }
59 
60 static void DetectDnsOpcodeFree(DetectEngineCtx *de_ctx, void *ptr)
61 {
62  SCEnter();
63  if (ptr != NULL) {
64  rs_dns_detect_opcode_free(ptr);
65  }
66  SCReturn;
67 }
68 
69 static int DetectDnsOpcodeMatch(DetectEngineThreadCtx *det_ctx,
70  Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
71  const SigMatchCtx *ctx)
72 {
73  return rs_dns_opcode_match(txv, (void *)ctx, flags);
74 }
75 
77 {
79  sigmatch_table[DETECT_AL_DNS_OPCODE].desc = "Match the DNS header opcode flag.";
80  sigmatch_table[DETECT_AL_DNS_OPCODE].Setup = DetectDnsOpcodeSetup;
81  sigmatch_table[DETECT_AL_DNS_OPCODE].Free = DetectDnsOpcodeFree;
84  DetectDnsOpcodeMatch;
85 
88 
91 
92  dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode");
93 }
DetectSignatureSetAppProto
int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
Definition: detect-parse.c:1498
detect-engine.h
SigTableElmt_::desc
const char * desc
Definition: detect.h:1240
SigTableElmt_::Free
void(* Free)(DetectEngineCtx *, void *)
Definition: detect.h:1228
ALPROTO_DNS
@ ALPROTO_DNS
Definition: app-layer-protos.h:41
SigTableElmt_::name
const char * name
Definition: detect.h:1238
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
Flow_
Flow data structure.
Definition: flow.h:357
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:785
detect-dns-opcode.h
SigTableElmt_::AppLayerTxMatch
int(* AppLayerTxMatch)(DetectEngineThreadCtx *, Flow *, uint8_t flags, void *alstate, void *txv, const Signature *, const SigMatchCtx *)
Definition: detect.h:1209
rust.h
SIG_FLAG_TOCLIENT
#define SIG_FLAG_TOCLIENT
Definition: detect.h:229
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1223
DetectBufferTypeGetByName
int DetectBufferTypeGetByName(const char *name)
Definition: detect-engine.c:1079
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:228
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1025
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
DETECT_AL_DNS_OPCODE
@ DETECT_AL_DNS_OPCODE
Definition: detect-engine-register.h:224
SigMatch_::ctx
SigMatchCtx * ctx
Definition: detect.h:316
SCReturn
#define SCReturn
Definition: util-debug.h:273
DetectAppLayerInspectEngineRegister2
void DetectAppLayerInspectEngineRegister2(const char *name, AppProto alproto, uint32_t dir, int progress, InspectEngineFuncPtr2 Callback2, InspectionBufferGetDataPtr GetData)
register inspect engine at start up time
Definition: detect-engine.c:224
SigTableElmt_::Match
int(* Match)(DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
Definition: detect.h:1206
SigMatchAlloc
SigMatch * SigMatchAlloc(void)
Definition: detect-parse.c:239
SigMatchCtx_
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
Definition: detect.h:308
flags
uint8_t flags
Definition: decode-gre.h:0
suricata-common.h
SigMatch_::type
uint16_t type
Definition: detect.h:314
sigmatch_table
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
Definition: detect-parse.c:76
DetectDnsOpcodeRegister
void DetectDnsOpcodeRegister(void)
Definition: detect-dns-opcode.c:76
DetectEngineInspectGenericList
uint8_t DetectEngineInspectGenericList(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine, const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
Do the content inspection & validation for a signature.
Definition: detect-engine.c:1948
str
#define str(s)
Definition: suricata-common.h:280
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
detect-parse.h
Signature_
Signature container.
Definition: detect.h:540
SigMatch_
a single match condition for a signature
Definition: detect.h:313
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
SigMatchAppendSMToList
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
Definition: detect-parse.c:354