Raise warnings when for DNS events that are not raised due to dns_skip_all_addl

By default, dns_skip_all_addl is set to false. This causes several events to not be raised. This change emits warnings when a user defines event handlers for events that will not be raised. Furthermore, it adds notes about this behavior to the documentation. We also introduce a new BIF, `is_event_handled`, which checks if an event is handled. Fixes GH-4061
2025-10-02 06:38:20 +00:00 · 2025-01-07 17:46:27 +00:00 · 2025-01-07 17:46:27 +00:00 · 9f72353a41
commit 9f72353a41
parent 87d9ecb743
7 changed files with 106 additions and 3 deletions
--- a/scripts/base/protocols/dns/load.zeek
+++ b/scripts/base/protocols/dns/load.zeek
@ -1,2 +1,3 @@
@load ./consts
@load ./main
+@load ./check-event-handlers
--- a/scripts/base/protocols/dns/check-event-handlers.zeek
+++ b/scripts/base/protocols/dns/check-event-handlers.zeek
@ -0,0 +1,19 @@
+##! This script checks if DNS event handlers that will not be raised
+##! are used and raises a warning in those cases.
+
+module DNS;
+
+event zeek_init() &priority=20
+	{
+	if ( ! dns_skip_all_addl )
+		return;
+
+	local addl_functions = ["dns_TSIG_addl", "dns_EDNS_addl", "dns_EDNS_ecs", "dns_EDNS_tcp_keepalive", "dns_EDNS_cookie"];
+
+	for ( event_name in addl_functions )
+		if ( is_event_handled(event_name) )
+			Reporter::warning(fmt("Used event '%s' will not be raised because 'dns_skip_all_addl' is true", event_name));
+
+	if ( is_event_handled("dns_TKEY") )
+		Reporter::warning("Used event 'dns_TKEY' will not contain any data in 'ans' because 'dns_skip_all_addl' is true");
+	}