From a705b2c08dbd8f14dd54163d978ddbf2e9561d94 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 25 Apr 2016 15:37:15 -0700 Subject: [PATCH] Add DNS tests for huge TLL and CAA --- CHANGES | 8 ++++++++ NEWS | 9 ++++++--- VERSION | 2 +- .../scripts.base.protocols.dns.caa/.stdout | 1 + .../scripts.base.protocols.dns.huge-ttl/.stdout | 8 ++++++++ testing/btest/Traces/dns-caa.pcap | Bin 0 -> 227 bytes testing/btest/Traces/dns-huge-ttl.pcap | Bin 0 -> 993 bytes testing/btest/scripts/base/protocols/dns/caa.bro | 7 +++++++ .../btest/scripts/base/protocols/dns/huge-ttl.bro | 7 +++++++ 9 files changed, 38 insertions(+), 4 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.dns.caa/.stdout create mode 100644 testing/btest/Baseline/scripts.base.protocols.dns.huge-ttl/.stdout create mode 100644 testing/btest/Traces/dns-caa.pcap create mode 100644 testing/btest/Traces/dns-huge-ttl.pcap create mode 100644 testing/btest/scripts/base/protocols/dns/caa.bro create mode 100644 testing/btest/scripts/base/protocols/dns/huge-ttl.bro diff --git a/CHANGES b/CHANGES index 1ecbf765e3..af063f122d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,12 @@ +2.4-471 | 2016-04-25 15:37:15 -0700 + + * Add DNS tests for huge TLLs and CAA. (Johanna Amann) + + * Add DNS "CAA" RR type and event. (Mark Taylor) + + * Fix DNS response parsing: TTLs are unsigned. (Mark Taylor) + 2.4-466 | 2016-04-22 16:25:33 -0700 * Rename BrokerStore and BrokerComm to Broker. Also split broker main.bro diff --git a/NEWS b/NEWS index 2858023439..4f1a84b7b6 100644 --- a/NEWS +++ b/NEWS @@ -36,6 +36,9 @@ New Functionality - Bro now tracks VLAN IDs. To record them inside the connection log, load protocols/conn/vlan-logging.bro. +- A new dns_CAA_reply event gives access to DNS Certification Authority + Authorization replies. + - A new per-packet event raw_packet() provides access to layer 2 information. Use with care, generating events per packet is expensive. @@ -45,8 +48,8 @@ New Functionality argument that will be used for decoding errors into weird.log (instead of reporter.log). -- A new get_current_packet_header bif returning the headers of the current - packet +- A new get_current_packet_header bif returns the headers of the current + packet. - Two new built-in functions for handling set[subnet] and table[subnet]: @@ -87,7 +90,7 @@ New Functionality Changed Functionality --------------------- -- The BrokerComm and BrokerStore namespaces were renamed to Broker +- The BrokerComm and BrokerStore namespaces were renamed to Broker. - ``SSH::skip_processing_after_detection`` was removed. The functionality was replaced by ``SSH::disable_analyzer_after_detection``. diff --git a/VERSION b/VERSION index 4d856a68a0..33a6cae723 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-466 +2.4-471 diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.caa/.stdout b/testing/btest/Baseline/scripts.base.protocols.dns.caa/.stdout new file mode 100644 index 0000000000..4ba72f24b4 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.dns.caa/.stdout @@ -0,0 +1 @@ +0, issue, symantec.com diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.huge-ttl/.stdout b/testing/btest/Baseline/scripts.base.protocols.dns.huge-ttl/.stdout new file mode 100644 index 0000000000..99f7325c23 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.dns.huge-ttl/.stdout @@ -0,0 +1,8 @@ +[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=49710.0 days 6.0 hrs 28.0 mins 15.0 secs] +[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins] +[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins] +[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins] +[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins] +[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins] +[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins] +[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins] diff --git a/testing/btest/Traces/dns-caa.pcap b/testing/btest/Traces/dns-caa.pcap new file mode 100644 index 0000000000000000000000000000000000000000..7409c0347b598e0906a463e2a2d3e16893f10007 GIT binary patch literal 227 zcmca|c+)~A1{MYw`2U}Qff2~znk5&W@|=so4af%J36blg)2>t)9z14$h=akEfx$v~ zJ_Cb;V5!Q16@peAK=8Dg!IVMe?PJq8pni}MK){xspP!zS%AA~^%fQIUzz8xmSDu?8 z6(|S75c42r15H(62;Y*&z+fu)UKC^^$Ycgnpt;VIDoo=V8-S*Q%|$o$01wD)28Iw% Y24M!)%;MtG)Z)tA#JrN!WIdqG0Q(U*+W-In literal 0 HcmV?d00001 diff --git a/testing/btest/Traces/dns-huge-ttl.pcap b/testing/btest/Traces/dns-huge-ttl.pcap new file mode 100644 index 0000000000000000000000000000000000000000..27849b904b047d24923e3fa480b8c75e72f22f05 GIT binary patch literal 993 zcmca|c+)~A1{MY+z{m*X{9|shEZ)t+u#=eqj2Q&(6#2w6T-YwRPl1EMm4SKnjn51W zMuLK&=jR>J;1Xe!XE0?jWuAWYZc1uP0|O%i2Ln3;J5y;fbD5DjcS>e)Nl|7}X-R4d zb6#o*15ln3pWJ^SU|>0y>#z%-Dh3AT76z6ZjAsK0t2#S%@nyoQ+Dx0V@!q~GZOXif&9aglv-TE zoSdJ_fZrn^#YUtkHbzp6E!;rqlYzm)fq~^>k^