Merge remote-tracking branch 'origin/topic/vlad/dns_rr_fixes'

* origin/topic/vlad/dns_rr_fixes:
  Add a TODO to return a correct status for ParseRR_WKS
  Remove unnecessary if
  Generate dns_WKS_reply event
  dns_HINFO_reply event was never being generated.

CHANGES

@@ -1,3 +1,13 @@
+4.2.0-dev.24 | 2021-07-15 11:33:31 -0700
+
+  * Add a TODO to return a correct status for ParseRR_WKS (Vlad Grigorescu)
+
+  * Update scripts/site/local-compat test for 4.2 cycle (Tim Wojtulewicz)
+
+  * Remove tests for deprecated operators. (Robin Sommer, Corelight)
+
+  * Add tests for operations on vectors of string. (Robin Sommer, Corelight)
+
 4.2.0-dev.18 | 2021-07-15 09:50:25 -0700
 
   * Remove tests for deprecated operators. (Robin Sommer, Corelight)

VERSION

@@ -1 +1 @@
-4.2.0-dev.18
+4.2.0-dev.24

src/analyzer/protocol/dns/DNS.cc

@@ -1644,18 +1644,21 @@ bool DNS_Interpreter::ParseRR_AAAA(detail::DNS_MsgInfo* msg,
 bool DNS_Interpreter::ParseRR_WKS(detail::DNS_MsgInfo* msg,
                                   const u_char*& data, int& len, int rdlength)
 	{
-	data += rdlength;
-	len -= rdlength;
+	if ( ! dns_WKS_reply || msg->skip_event )
+		{
+		data += rdlength;
+		len -= rdlength;
+		return true;
+		}
 
-	return true;
-	}
-
-bool DNS_Interpreter::ParseRR_HINFO(detail::DNS_MsgInfo* msg,
-                                    const u_char*& data, int& len, int rdlength)
-	{
-	data += rdlength;
-	len -= rdlength;
+	// TODO: Pass the ports as parameters to the event
+	analyzer->EnqueueConnEvent(dns_WKS_reply,
+		analyzer->ConnVal(),
+		msg->BuildHdrVal(),
+		msg->BuildAnswerVal()
+	);
 
+	// TODO: Return a status which reflects if the port parameters were successfully parsed
 	return true;
 	}
 
@@ -1687,6 +1690,28 @@ extract_char_string(analyzer::Analyzer* analyzer,
 	return rval;
 	}
 
+bool DNS_Interpreter::ParseRR_HINFO(detail::DNS_MsgInfo* msg,
+                                    const u_char*& data, int& len, int rdlength)
+	{
+	if ( ! dns_HINFO_reply || msg->skip_event )
+		{
+		data += rdlength;
+		len -= rdlength;
+		return true;
+		}
+
+	auto cpu = extract_char_string(analyzer, data, len, rdlength);
+	auto os = extract_char_string(analyzer, data, len, rdlength);
+
+	analyzer->EnqueueConnEvent(dns_HINFO_reply,
+		analyzer->ConnVal(),
+		msg->BuildHdrVal(),
+		msg->BuildAnswerVal(),
+		cpu, os);
+
+	return rdlength == 0;
+	}
+
 bool DNS_Interpreter::ParseRR_TXT(detail::DNS_MsgInfo* msg,
                                   const u_char*& data, int& len, int rdlength,
                                   const u_char* msg_start)

src/analyzer/protocol/dns/events.bif

@@ -334,7 +334,8 @@ event dns_WKS_reply%(c: connection, msg: dns_msg, ans: dns_answer%);
 ##    dns_mapping_valid dns_message dns_query_reply dns_rejected dns_request
 ##    dns_max_queries dns_session_timeout dns_skip_addl
 ##    dns_skip_all_addl dns_skip_all_auth dns_skip_auth
-event dns_HINFO_reply%(c: connection, msg: dns_msg, ans: dns_answer%);
+event dns_HINFO_reply%(c: connection, msg: dns_msg, ans: dns_answer, cpu: string, os: string%);
+event dns_HINFO_reply%(c: connection, msg: dns_msg, ans: dns_answer%) &deprecated="Remove in v5.2. Use the definition with the extra parameters for cpu and os.";
 
 ## Generated for DNS replies of type *MX*. For replies with multiple answers, an
 ## individual event of the corresponding type is raised for each.

testing/btest/Baseline/scripts.base.protocols.dns.hinfo/.stdout

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+HINFO, [id=51592, opcode=0, rcode=0, QR=T, AA=T, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=1, num_auth=0, num_addl=1], [answer_type=1, query=zeek.example.net, qtype=13, qclass=1, TTL=1.0 hr], INTEL-386, Windows

testing/btest/scripts/base/protocols/dns/hinfo.zeek

@@ -0,0 +1,9 @@
+# @TEST-EXEC: zeek -b -r $TRACES/dns/hinfo.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/dns
+
+event dns_HINFO_reply(c: connection, msg: dns_msg, ans: dns_answer, cpu: string, os: string)
+	{
+	print "HINFO", msg, ans, cpu, os;
+	}