Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

DNS: Implement NAPTR RR support

Browse source 
My phone is sending NAPTR queries and we reported an unknown RR type 35
in weird.log for the response, so figured I'd just add it.
This commit is contained in:
Arne Welzel 2025-06-21 13:32:03 +02:00
parent 25b5cabab7
commit 4f1fc296b6
11 changed files with 121 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

21
scripts/base/protocols/dns/main.zeek
View file

@ -537,6 +537,27 @@ event dns_SRV_reply(c: connection, msg: dns_msg, ans: dns_answer, target: string
hook DNS::do_reply(c, msg, ans, target);
}
event dns_NAPTR_reply(c: connection, msg: dns_msg, ans: dns_answer, naptr: dns_naptr_rr) &priority=5
{
# Just encode all the fields for NAPTR RR in the reply string.
local tmp = "";
if ( |naptr$regexp| > 0 )
tmp += naptr$regexp;
if ( |naptr$replacement| > 0 )
{
if ( |tmp| > 0 )
tmp += " ";
tmp += naptr$replacement;
}
local r = fmt("NAPTR %s %s %s %s %s", naptr$order, naptr$preference, naptr$flags, naptr$service, tmp);
hook DNS::do_reply(c, msg, ans, r);
}
# TODO: figure out how to handle these
#event dns_EDNS(c: connection, msg: dns_msg, ans: dns_answer)
# {