mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 02:28:21 +00:00
Merge branch 'fatemabw/bro' of https://github.com/fatemabw/bro into dev/2.7
* 'fatemabw/bro' of https://github.com/fatemabw/bro: DNSSEC support in Bro I made several changes: - renamed event/record types - reformatted the info added to dns.log - removed the "addl" scripts that added extended dnssec info to dns.log - simplifications/improvements to the internal parsing logic
This commit is contained in:
Jon Siwek
commit
71ef5c8428
37 changed files with 1109 additions and 27 deletions
|
|
@ -1,4 +1,4 @@
|
|||
# Making sure DNSKEY gets logged as such.
|
||||
#
|
||||
# @TEST-EXEC: bro -r $TRACES/dns-dnskey.trace
|
||||
# @TEST-EXEC: bro -r $TRACES/dnssec/dnskey2.pcap
|
||||
# @TEST-EXEC: btest-diff dns.log
|
||||
|
|
|
|||
35
testing/btest/scripts/base/protocols/dns/dnskey.bro
Normal file
35
testing/btest/scripts/base/protocols/dns/dnskey.bro
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
# @TEST-EXEC: bro -C -r $TRACES/dnssec/dnskey.pcap %INPUT > output
|
||||
# @TEST-EXEC: btest-diff dns.log
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
#@load policy/protocols/dns/auth-addl
|
||||
|
||||
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
|
||||
{
|
||||
print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
|
||||
}
|
||||
|
||||
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
|
||||
{
|
||||
print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
|
||||
}
|
||||
|
||||
event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
|
||||
{
|
||||
print "NSEC", next_name, bitmaps;
|
||||
|
||||
for ( i in bitmaps )
|
||||
print bytestring_to_hexstr(bitmaps[i]);
|
||||
}
|
||||
|
||||
event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
|
||||
{
|
||||
print "NSEC3", nsec3,
|
||||
bytestring_to_hexstr(nsec3$nsec_salt),
|
||||
bytestring_to_hexstr(nsec3$nsec_hash);
|
||||
}
|
||||
|
||||
event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
|
||||
{
|
||||
print "DS", ds, bytestring_to_hexstr(ds$digest_val);
|
||||
}
|
||||
35
testing/btest/scripts/base/protocols/dns/ds.bro
Normal file
35
testing/btest/scripts/base/protocols/dns/ds.bro
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
# @TEST-EXEC: bro -C -r $TRACES/dnssec/ds.pcap %INPUT > output
|
||||
# @TEST-EXEC: btest-diff dns.log
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
#@load policy/protocols/dns/auth-addl
|
||||
|
||||
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
|
||||
{
|
||||
print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
|
||||
}
|
||||
|
||||
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
|
||||
{
|
||||
print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
|
||||
}
|
||||
|
||||
event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
|
||||
{
|
||||
print "NSEC", next_name, bitmaps;
|
||||
|
||||
for ( i in bitmaps )
|
||||
print bytestring_to_hexstr(bitmaps[i]);
|
||||
}
|
||||
|
||||
event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
|
||||
{
|
||||
print "NSEC3", nsec3,
|
||||
bytestring_to_hexstr(nsec3$nsec_salt),
|
||||
bytestring_to_hexstr(nsec3$nsec_hash);
|
||||
}
|
||||
|
||||
event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
|
||||
{
|
||||
print "DS", ds, bytestring_to_hexstr(ds$digest_val);
|
||||
}
|
||||
|
|
@ -2,4 +2,3 @@
|
|||
#
|
||||
# @TEST-EXEC: bro -r $TRACES/dns-two-responses.trace
|
||||
# @TEST-EXEC: btest-diff dns.log
|
||||
# @TEST-EXEC: btest-diff weird.log
|
||||
35
testing/btest/scripts/base/protocols/dns/nsec.bro
Normal file
35
testing/btest/scripts/base/protocols/dns/nsec.bro
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec.pcap %INPUT > output
|
||||
# @TEST-EXEC: btest-diff dns.log
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
@load policy/protocols/dns/auth-addl
|
||||
|
||||
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
|
||||
{
|
||||
print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
|
||||
}
|
||||
|
||||
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
|
||||
{
|
||||
print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
|
||||
}
|
||||
|
||||
event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
|
||||
{
|
||||
print "NSEC", next_name, bitmaps;
|
||||
|
||||
for ( i in bitmaps )
|
||||
print bytestring_to_hexstr(bitmaps[i]);
|
||||
}
|
||||
|
||||
event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
|
||||
{
|
||||
print "NSEC3", nsec3,
|
||||
bytestring_to_hexstr(nsec3$nsec_salt),
|
||||
bytestring_to_hexstr(nsec3$nsec_hash);
|
||||
}
|
||||
|
||||
event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
|
||||
{
|
||||
print "DS", ds, bytestring_to_hexstr(ds$digest_val);
|
||||
}
|
||||
35
testing/btest/scripts/base/protocols/dns/nsec3.bro
Normal file
35
testing/btest/scripts/base/protocols/dns/nsec3.bro
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec3.pcap %INPUT > output
|
||||
# @TEST-EXEC: btest-diff dns.log
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
@load policy/protocols/dns/auth-addl
|
||||
|
||||
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
|
||||
{
|
||||
print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
|
||||
}
|
||||
|
||||
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
|
||||
{
|
||||
print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
|
||||
}
|
||||
|
||||
event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
|
||||
{
|
||||
print "NSEC", next_name, bitmaps;
|
||||
|
||||
for ( i in bitmaps )
|
||||
print bytestring_to_hexstr(bitmaps[i]);
|
||||
}
|
||||
|
||||
event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
|
||||
{
|
||||
print "NSEC3", nsec3,
|
||||
bytestring_to_hexstr(nsec3$nsec_salt),
|
||||
bytestring_to_hexstr(nsec3$nsec_hash);
|
||||
}
|
||||
|
||||
event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
|
||||
{
|
||||
print "DS", ds, bytestring_to_hexstr(ds$digest_val);
|
||||
}
|
||||
35
testing/btest/scripts/base/protocols/dns/rrsig.bro
Normal file
35
testing/btest/scripts/base/protocols/dns/rrsig.bro
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
# @TEST-EXEC: bro -C -r $TRACES/dnssec/rrsig.pcap %INPUT > output
|
||||
# @TEST-EXEC: btest-diff dns.log
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
#@load policy/protocols/dns/auth-addl
|
||||
|
||||
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
|
||||
{
|
||||
print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
|
||||
}
|
||||
|
||||
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
|
||||
{
|
||||
print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
|
||||
}
|
||||
|
||||
event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
|
||||
{
|
||||
print "NSEC", next_name, bitmaps;
|
||||
|
||||
for ( i in bitmaps )
|
||||
print bytestring_to_hexstr(bitmaps[i]);
|
||||
}
|
||||
|
||||
event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
|
||||
{
|
||||
print "NSEC3", nsec3,
|
||||
bytestring_to_hexstr(nsec3$nsec_salt),
|
||||
bytestring_to_hexstr(nsec3$nsec_hash);
|
||||
}
|
||||
|
||||
event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
|
||||
{
|
||||
print "DS", ds, bytestring_to_hexstr(ds$digest_val);
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue