Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

remove excussive fields in dns_svcb_rr

Browse source
This commit is contained in:
FlyingWithJerome 2021-10-12 21:40:56 -04:00
parent c957e3e91e
commit 605d4024e4
4 changed files with 42 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

1
scripts/base/init-bare.zeek
View file

@ -3887,7 +3887,6 @@ type dns_loc_rr: record {
type dns_svcb_rr: record { type dns_svcb_rr: record {
svc_priority: count; ##< Service priority for the current record, 0 indicates that this record is in AliasMode and cannot carry svc_params; otherwise this is in ServiceMode, and may include svc_params svc_priority: count; ##< Service priority for the current record, 0 indicates that this record is in AliasMode and cannot carry svc_params; otherwise this is in ServiceMode, and may include svc_params
target_name: string; ##< Target name, the hostname of the service endpoint. target_name: string; ##< Target name, the hostname of the service endpoint.
svc_params: table[count] of vector of string; ##< service parameters as key-value pairs (not used at this point)
}; };
# DNS answer types. # DNS answer types.

80
src/analyzer/protocol/dns/DNS.cc
View file

@ -1698,53 +1698,53 @@ bool DNS_Interpreter::ParseRR_CAA(detail::DNS_MsgInfo* msg, const u_char*& data,
bool DNS_Interpreter::ParseRR_SVCB(detail::DNS_MsgInfo* msg, const u_char*& data, int& len, bool DNS_Interpreter::ParseRR_SVCB(detail::DNS_MsgInfo* msg, const u_char*& data, int& len,
int rdlength, const u_char* msg_start, const RR_Type& svcb_type) int rdlength, const u_char* msg_start, const RR_Type& svcb_type)
{ {
// the smallest SVCB/HTTPS rr is 3 bytes: // the smallest SVCB/HTTPS rr is 3 bytes:
// the first 2 bytes are for the svc priority, and the third byte is root (0x0) // the first 2 bytes are for the svc priority, and the third byte is root (0x0)
if ( len < 3 ) if ( len < 3 )
return false; return false;
uint16_t svc_priority = ExtractShort(data, len); uint16_t svc_priority = ExtractShort(data, len);
u_char target_name[513]; u_char target_name[513];
int name_len = sizeof(target_name) - 1; int name_len = sizeof(target_name) - 1;
u_char* name_end = ExtractName(data, len, target_name, name_len, msg_start, false); u_char* name_end = ExtractName(data, len, target_name, name_len, msg_start, false);
if ( ! name_end ) if ( ! name_end )
return false; return false;
// target name can be root - in this case the alternative endpoint is // target name can be root - in this case the alternative endpoint is
// qname itself. make sure that we print "." instead of an empty string // qname itself. make sure that we print "." instead of an empty string
if ( name_end - target_name == 0 ) if ( name_end - target_name == 0 )
{ {
target_name[0] = '.'; target_name[0] = '.';
target_name[1] = '\0'; target_name[1] = '\0';
name_end = target_name+1; name_end = target_name+1;
} }
SVCB_DATA svcb_data = { SVCB_DATA svcb_data = {
.svc_priority = svc_priority, .svc_priority = svc_priority,
.target_name = make_intrusive<StringVal>(new String(target_name, name_end - target_name, true)), .target_name = make_intrusive<StringVal>(new String(target_name, name_end - target_name, true)),
}; };
// TODO: parse svcparams // TODO: parse svcparams
// we consume all the remaining raw data (svc params) but do nothing. // we consume all the remaining raw data (svc params) but do nothing.
// this should be removed if the svc param parser is ready // this should be removed if the svc param parser is ready
String* unparsed_data = ExtractStream(data, len, rdlength); String* unparsed_data = ExtractStream(data, len, rdlength);
delete unparsed_data; delete unparsed_data;
switch( svcb_type ) switch( svcb_type )
{ {
case detail::TYPE_SVCB: case detail::TYPE_SVCB:
analyzer->EnqueueConnEvent(dns_SVCB, analyzer->ConnVal(), msg->BuildHdrVal(), analyzer->EnqueueConnEvent(dns_SVCB, analyzer->ConnVal(), msg->BuildHdrVal(),
msg->BuildAnswerVal(), msg->BuildSVCB_Val(svcb_data)); msg->BuildAnswerVal(), msg->BuildSVCB_Val(svcb_data));
break; break;
case detail::TYPE_HTTPS: case detail::TYPE_HTTPS:
analyzer->EnqueueConnEvent(dns_HTTPS, analyzer->ConnVal(), msg->BuildHdrVal(), analyzer->EnqueueConnEvent(dns_HTTPS, analyzer->ConnVal(), msg->BuildHdrVal(),
msg->BuildAnswerVal(), msg->BuildSVCB_Val(svcb_data)); msg->BuildAnswerVal(), msg->BuildSVCB_Val(svcb_data));
break; break;
default: break; // unreachable. for suppressing compiler warnings. default: break; // unreachable. for suppressing compiler warnings.
} }
return true; return true;
} }
void DNS_Interpreter::SendReplyOrRejectEvent(detail::DNS_MsgInfo* msg, EventHandlerPtr event, void DNS_Interpreter::SendReplyOrRejectEvent(detail::DNS_MsgInfo* msg, EventHandlerPtr event,

4
testing/btest/Baseline/scripts.base.protocols.dns.https/output
View file

@ -1,3 +1 @@
[svc_priority=1, target_name=., svc_params={ [svc_priority=1, target_name=.]
}]

4
testing/btest/Baseline/scripts.base.protocols.dns.svcb/output
View file

@ -1,3 +1 @@
[svc_priority=0, target_name=foo.example.com, svc_params={ [svc_priority=0, target_name=foo.example.com]
}]