zeek.bif: Introduce blocking_lookup_hostname()

As a replacement for host literal DNS resolutions.
2025-10-02 06:38:20 +00:00 · 2025-03-05 10:38:21 +01:00 · 2025-03-05 10:38:21 +01:00 · 376913b509
commit 376913b509
parent 7eec3859fa
3 changed files with 58 additions and 1 deletions
--- a/src/zeek.bif
+++ b/src/zeek.bif
@ -4059,7 +4059,7 @@ function lookup_hostname_txt%(host: string%) : string
 ##
 ## Returns: A set of DNS A and AAAA records associated with *host*.
 ##
-## .. zeek:see:: lookup_addr
+## .. zeek:see:: lookup_addr blocking_lookup_hostname
 function lookup_hostname%(host: string%) : addr_set
 	%{
 	// FIXME: Is should be easy to adapt the function to synchronous
@ -4080,6 +4080,25 @@ function lookup_hostname%(host: string%) : addr_set
 	return nullptr;
 	%}

+## Issues a synchronous DNS lookup.
+##
+## host: The hostname to lookup.
+##
+## Returns: A set addresses, either IPv4 or IPv6, associated with *host*.
+##
+## .. zeek:see:: lookup_addr
+##
+## .. note::
+##
+##      This is a blocking call. You should use :zeek:see:`lookup_hostname`
+##      unless for initialization or testing purposes.
+##
+## .. zeek:see:: lookup_addr lookup_hostname
+function blocking_lookup_hostname%(host: string%) : addr_set
+	%{
+	return zeek::detail::dns_mgr->LookupHost(host->CheckString());
+	%}
+
 ## Calculates distance between two geographic locations using the haversine
 ## formula.  Latitudes and longitudes must be given in degrees, where southern
 ## hemisphere latitudes are negative and western hemisphere longitudes are
--- a/testing/btest/Baseline/dns_mgr.blocking_lookup_hostname/out
+++ b/testing/btest/Baseline/dns_mgr.blocking_lookup_hostname/out
@ -0,0 +1,13 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+zeek_init
+addrs, {
+10.0.0.3,
+10.0.0.2,
+10.0.0.1,
+fe80::6990:df6e:618:c096,
+10.0.0.4
+}
+zeek_done
+caddrs, {
+10.0.0.99
+}
--- a/testing/btest/dns_mgr/blocking_lookup_hostname.zeek
+++ b/testing/btest/dns_mgr/blocking_lookup_hostname.zeek
@ -0,0 +1,25 @@
+# @TEST-GROUP: dns_mgr
+#
+# @TEST-REQUIRES: dnsmasq --version
+# @TEST-PORT: DNSMASQ_PORT
+
+# @TEST-EXEC: btest-bg-run dnsmasq run-dnsmasq 127.0.0.1 ${DNSMASQ_PORT%/tcp}
+# @TEST-EXEC: unset ZEEK_DNS_FAKE; ZEEK_DNS_RESOLVER=127.0.0.1:${DNSMASQ_PORT%/tcp} zeek -b %INPUT >out
+# @TEST-EXEC: btest-bg-wait -k 0
+
+# @TEST-EXEC: btest-diff out
+
+const caddrs = blocking_lookup_hostname("dns.example.com");
+
+event zeek_init()
+	{
+	print "zeek_init";
+	local addrs = blocking_lookup_hostname("example.com");
+	print "addrs", addrs;
+	}
+
+event zeek_done()
+	{
+	print "zeek_done";
+	print "caddrs", caddrs;
+	}