add testcases

src/analyzer/protocol/dns/DNS.cc

@@ -713,7 +713,7 @@ bool DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg,
 		uint16_t option_code = ExtractShort(data, len);
 		int option_len = ExtractShort(data, len);
 		// check for invalid option length
-		if ( (option_len > len) || (0 == option_len) ) {
+		if ( (option_len > len) ) {
 			break;
 		}
 		len -= option_len;
@@ -789,7 +789,6 @@ bool DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg,
 				EDNS_TCP_KEEPALIVE edns_tcp_keepalive{
 					.keepalive_timeout_omitted = true,
 					.keepalive_timeout = 0
-						
 				};
 				if ( option_len == 0 || option_len == 2) 
 					{ 
@@ -801,12 +800,10 @@ bool DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg,
 
 					if (analyzer->Conn()->ConnTransport() == TRANSPORT_UDP) {
 						/*
-								 * Based on RFC 7828, clients and servers MUST NOT negotiate
-								 * TCP Keepalive timeout in DNS-over-UDP.
-								 * Record in Weird and proceed to the next EDNS option
+							* Based on RFC 7828 (3.2.1/3.2.2), clients and servers MUST NOT 
+							* negotiate TCP Keepalive timeout in DNS-over-UDP.
 							*/
 						analyzer->Weird("EDNS_TCP_Keepalive_Record_In_UDP");
-								break;
 					}
 					analyzer->EnqueueConnEvent(dns_EDNS_tcp_keepalive,
 						analyzer->ConnVal(),

testing/btest/Baseline/scripts.base.protocols.dns.dns-edns-tcp-keepalive/output

@@ -0,0 +1,4 @@
+[keepalive_timeout_omitted=F, keepalive_timeout=10]
+[keepalive_timeout_omitted=F, keepalive_timeout=370]
+[keepalive_timeout_omitted=T, keepalive_timeout=0]
+[keepalive_timeout_omitted=F, keepalive_timeout=370]

testing/btest/scripts/base/protocols/dns/dns-edns-tcp-keepalive.zeek

@@ -0,0 +1,8 @@
+# @TEST-EXEC: zeek -C -r $TRACES/dns-edns-tcp-keepalive.pcap %INPUT > output
+# @TEST-EXEC: btest-diff output
+@load policy/protocols/dns/auth-addl
+
+event dns_EDNS_tcp_keepalive(c: connection, msg: dns_msg, opt: dns_edns_tcp_keepalive)
+    {
+        print opt;
+    }