zeek.bif: Introduce blocking_lookup_hostname()

As a replacement for host literal DNS resolutions.
2025-10-02 06:38:20 +00:00 · 2025-03-05 10:38:21 +01:00 · 2025-03-05 10:38:21 +01:00 · 376913b509
commit 376913b509
parent 7eec3859fa
3 changed files with 58 additions and 1 deletions
--- a/testing/btest/Baseline/dns_mgr.blocking_lookup_hostname/out
+++ b/testing/btest/Baseline/dns_mgr.blocking_lookup_hostname/out
@ -0,0 +1,13 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+zeek_init
+addrs, {
+10.0.0.3,
+10.0.0.2,
+10.0.0.1,
+fe80::6990:df6e:618:c096,
+10.0.0.4
+}
+zeek_done
+caddrs, {
+10.0.0.99
+}
--- a/testing/btest/dns_mgr/blocking_lookup_hostname.zeek
+++ b/testing/btest/dns_mgr/blocking_lookup_hostname.zeek
@ -0,0 +1,25 @@
+# @TEST-GROUP: dns_mgr
+#
+# @TEST-REQUIRES: dnsmasq --version
+# @TEST-PORT: DNSMASQ_PORT
+
+# @TEST-EXEC: btest-bg-run dnsmasq run-dnsmasq 127.0.0.1 ${DNSMASQ_PORT%/tcp}
+# @TEST-EXEC: unset ZEEK_DNS_FAKE; ZEEK_DNS_RESOLVER=127.0.0.1:${DNSMASQ_PORT%/tcp} zeek -b %INPUT >out
+# @TEST-EXEC: btest-bg-wait -k 0
+
+# @TEST-EXEC: btest-diff out
+
+const caddrs = blocking_lookup_hostname("dns.example.com");
+
+event zeek_init()
+	{
+	print "zeek_init";
+	local addrs = blocking_lookup_hostname("example.com");
+	print "addrs", addrs;
+	}
+
+event zeek_done()
+	{
+	print "zeek_done";
+	print "caddrs", caddrs;
+	}