Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 21:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add DNS TKEY event

Browse source
This commit is contained in:
Evan Typanski 2024-08-13 15:27:25 -04:00
parent ec1088c3ef
commit 170276807b
9 changed files with 161 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
testing/btest/Baseline/scripts.base.protocols.dns.tkey/dns.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dns
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.106 50138 192.168.1.108 53 tcp 52640 - 1068-ms-7.309-2c6e448.7a9463b8-b109-11ed-26a3-080027f220e5 1 C_INTERNET 249 TKEY 0 NOERROR F F F F 0 - - F
#close XXXX-XX-XX-XX-XX-XX

21
testing/btest/Baseline/scripts.base.protocols.dns.tkey/output Normal file
View file

@ -0,0 +1,21 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
TKEY
query, 1068-ms-7.309-2c6e448.7a9463b8-b109-11ed-26a3-080027f220e5
qtype, 3
alg_name, gss-tsig
inception, 1676938156.0
expiration, 1677024556.0
mode, 3
rr_error, 0
key_data size, 3073
is_query, 1
TKEY
query, 1068-ms-7.309-2c6e448.7a9463b8-b109-11ed-26a3-080027f220e5
qtype, 1
alg_name, gss-tsig
inception, 1676938118.0
expiration, 1677024518.0
mode, 3
rr_error, 0
key_data size, 185
is_query, 0

BIN
testing/btest/Traces/dns/tkey.pcap Normal file
View file

Binary file not shown.

22
testing/btest/scripts/base/protocols/dns/tkey.zeek Normal file
View file

@ -0,0 +1,22 @@
# @TEST-EXEC: zeek -b -C -r $TRACES/dns/tkey.pcap %INPUT > output
# @TEST-EXEC: btest-diff dns.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output
# @TEST-EXEC: test ! -f weird.log
@load base/protocols/dns
redef dns_skip_all_addl = F;
event dns_TKEY(c: connection, msg: dns_msg, ans: dns_tkey)
{
print "TKEY";
print "query", ans$query;
print "qtype", ans$qtype;
print "alg_name", ans$alg_name;
print "inception", ans$inception;
print "expiration", ans$expiration;
print "mode", ans$mode;
print "rr_error", ans$rr_error;
print "key_data size", |ans$key_data|;
print "is_query", ans$is_query;
}