Merge branch 'master' of https://github.com/FlyingWithJerome/zeek

Merge includes small changes, e.g. fixing the comsumption of remaining
raw data.

* 'master' of https://github.com/FlyingWithJerome/zeek:
  remove excussive fields in dns_svcb_rr
  address code reviews (formatting and type and intrusiveptr)
  newlines at the end of test outputs
  lazy commit
  use tabs in init-bare.zeek
  add svcb test case
  add a dns https test case
  remove test logs
  fix a few syntax errors
  initial commit for SVCB/HTTPS records

src/analyzer/protocol/dns/DNS.cc

@@ -345,6 +345,14 @@ bool DNS_Interpreter::ParseAnswer(detail::DNS_MsgInfo* msg, const u_char*& data,
 			status = ParseRR_LOC(msg, data, len, rdlength, msg_start);
 			break;
 
+		case detail::TYPE_SVCB:
+			status = ParseRR_SVCB(msg, data, len, rdlength, msg_start, TYPE_SVCB);
+			break;
+
+		case detail::TYPE_HTTPS:
+			status = ParseRR_SVCB(msg, data, len, rdlength, msg_start, TYPE_HTTPS);
+			break;
+
 		default:
 
 			if ( dns_unknown_reply && ! msg->skip_event )
@@ -1687,6 +1695,65 @@ bool DNS_Interpreter::ParseRR_CAA(detail::DNS_MsgInfo* msg, const u_char*& data,
 	return rdlength == 0;
 	}
 
+bool DNS_Interpreter::ParseRR_SVCB(detail::DNS_MsgInfo* msg, const u_char*& data, int& len,
+								   int rdlength, const u_char* msg_start, const RR_Type& svcb_type)
+	{
+	const u_char* data_start = data;
+	// the smallest SVCB/HTTPS rr is 3 bytes:
+	// the first 2 bytes are for the svc priority, and the third byte is root (0x0)
+	if ( len < 3 )
+		{
+		analyzer->Weird("DNS_SVBC_wrong_length");
+		return false;
+		}
+
+	uint16_t svc_priority = ExtractShort(data, len);
+
+	u_char target_name[513];
+	int name_len = sizeof(target_name) - 1;
+	u_char* name_end = ExtractName(data, len, target_name, name_len, msg_start, false);
+	if ( ! name_end )
+		return false;
+
+	// target name can be root - in this case the alternative endpoint is
+	// qname itself. make sure that we print "." instead of an empty string
+	if ( name_end - target_name == 0 )
+		{
+		target_name[0] = '.';
+		target_name[1] = '\0';
+		name_end = target_name+1;
+		}
+
+	SVCB_DATA svcb_data = {
+		.svc_priority = svc_priority,
+		.target_name = make_intrusive<StringVal>(new String(target_name, name_end - target_name, true)),
+	};
+
+	// TODO: parse svcparams
+	// we consume all the remaining raw data (svc params) but do nothing.
+	// this should be removed if the svc param parser is ready
+	std::ptrdiff_t parsed_bytes = data - data_start;
+	if ( parsed_bytes < rdlength )
+		{
+		len -= ( rdlength - parsed_bytes );
+		data += ( rdlength - parsed_bytes );
+		}
+
+	switch( svcb_type )
+		{
+		case detail::TYPE_SVCB:
+			analyzer->EnqueueConnEvent(dns_SVCB, analyzer->ConnVal(), msg->BuildHdrVal(),
+									msg->BuildAnswerVal(), msg->BuildSVCB_Val(svcb_data));
+			break;
+		case detail::TYPE_HTTPS:
+			analyzer->EnqueueConnEvent(dns_HTTPS, analyzer->ConnVal(), msg->BuildHdrVal(),
+									msg->BuildAnswerVal(), msg->BuildSVCB_Val(svcb_data));
+			break;
+		default: break; // unreachable. for suppressing compiler warnings.
+		}
+	return true;
+	}
+
 void DNS_Interpreter::SendReplyOrRejectEvent(detail::DNS_MsgInfo* msg, EventHandlerPtr event,
                                              const u_char*& data, int& len, String* question_name,
                                              String* original_name)
@@ -1987,6 +2054,18 @@ RecordValPtr DNS_MsgInfo::BuildLOC_Val(LOC_DATA* loc)
 	return r;
 	}
 
+RecordValPtr DNS_MsgInfo::BuildSVCB_Val(const SVCB_DATA& svcb)
+	{
+	static auto dns_svcb_rr = id::find_type<RecordType>("dns_svcb_rr");
+	auto r = make_intrusive<RecordVal>(dns_svcb_rr);
+
+	r->Assign(0, svcb.svc_priority);
+	r->Assign(1, svcb.target_name);
+
+	// TODO: assign values to svcparams
+	return r;
+	}
+
 	} // namespace detail
 
 Contents_DNS::Contents_DNS(Connection* conn, bool orig, detail::DNS_Interpreter* arg_interp)