Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

DNS: Add Ed25519 and Ed448 enum values to parser

Browse source 
We already had these declared in dns/const.zeek, so extend the parser
as well to avoid raising weirds and add some test pcaps:

   $ dig @8.8.8.8 DNSKEY ed448.no
   $ dig @8.8.8.8 ed448.no +dnssec

And the same for the ed25519.no domain.

Closes #3453
This commit is contained in:
Arne Welzel 2023-11-17 19:44:00 +01:00
parent b0a200a5dc
commit 81aa6b14fd
7 changed files with 38 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/analyzer/protocol/dns/DNS.cc
View file

@ -872,6 +872,8 @@ bool DNS_Interpreter::ParseRR_RRSIG(detail::DNS_MsgInfo* msg, const u_char*& dat
case detail::GOST_R_34_10_2001: break;
case detail::ECDSA_curveP256withSHA256: break;
case detail::ECDSA_curveP384withSHA384: break;
case detail::Ed25519: break;
case detail::Ed448: break;
case detail::Indirect: analyzer->Weird("DNSSEC_RRSIG_Indirect_ZoneSignAlgo", util::fmt("%d", algo)); break;
case detail::PrivateDNS: analyzer->Weird("DNSSEC_RRSIG_PrivateDNS_ZoneSignAlgo", util::fmt("%d", algo)); break;
case detail::PrivateOID: analyzer->Weird("DNSSEC_RRSIG_PrivateOID_ZoneSignAlgo", util::fmt("%d", algo)); break;
@ -945,6 +947,8 @@ bool DNS_Interpreter::ParseRR_DNSKEY(detail::DNS_MsgInfo* msg, const u_char*& da
case detail::GOST_R_34_10_2001: break;
case detail::ECDSA_curveP256withSHA256: break;
case detail::ECDSA_curveP384withSHA384: break;
case detail::Ed25519: break;
case detail::Ed448: break;
case detail::Indirect:
analyzer->Weird("DNSSEC_DNSKEY_Indirect_ZoneSignAlgo", util::fmt("%d", dalgorithm));
break;