add EDNS cookie parsing

2025-10-08 01:28:20 +00:00 · 2020-08-15 19:46:03 -04:00 · 2020-08-15 19:46:03 -04:00 · 74efbd0abc
commit 74efbd0abc
parent c5b4311a82
8 changed files with 95 additions and 2 deletions
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@ -3708,6 +3708,14 @@ type dns_edns_tcp_keepalive: record {
 	keepalive_timeout: count; ##<  Timeout value, in 100ms
 };

+## An DNS EDNS COOKIE (COOKIE) record.
+##
+## .. zeek:see:: dns_EDNS_tcp_keepalive
+type dns_edns_cookie: record {
+	client_cookie: string; ##< Cookie from the client (fixed 8 bytes)
+	server_cookie: string &default=""; ##< Cookie from the server (8 to 32 bytes)
+};
+
 ## An additional DNS TSIG record.
 ##
 ## .. zeek:see:: dns_TSIG_addl
--- a/scripts/base/protocols/dns/consts.zeek
+++ b/scripts/base/protocols/dns/consts.zeek
@ -110,6 +110,7 @@ export {
 		[20] = "BADNAME",       # Duplicate key name
 		[21] = "BADALG",        # Algorithm not supported
 		[22] = "BADTRUNC",      # draft-ietf-dnsext-tsig-sha-05.txt
+		[23] = "BADCOOKIE",     # Bad EDNS cookie value
 		[3842] = "BADSIG",      # 16 <= number collision with EDNS(16);
 		                        # this is a translation from TSIG(16)
 	} &default = function(n: count): string { return fmt("rcode-%d", n); };