diff --git a/.vscode/c_cpp_properties.json b/.vscode/c_cpp_properties.json deleted file mode 100644 index e48e2b73cd..0000000000 --- a/.vscode/c_cpp_properties.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "configurations": [ - { - "name": "Mac", - "includePath": [ - "${default}", - "${workspaceFolder}/**" - ], - "defines": [], - "macFrameworkPath": [], - "compilerPath": "/usr/local/bin/gcc-11", - "cStandard": "gnu17", - "cppStandard": "gnu++17", - "intelliSenseMode": "macos-gcc-x64" - } - ], - "version": 4 -} \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index ed208baa59..0000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "files.associations": { - "thread": "cpp" - } -} \ No newline at end of file diff --git a/auxil/package-manager b/auxil/package-manager index feffa1d51e..9ccb796814 160000 --- a/auxil/package-manager +++ b/auxil/package-manager @@ -1 +1 @@ -Subproject commit feffa1d51e4e5494fef7daf2bd044138cb04f621 +Subproject commit 9ccb7968149ebf91a0c15ff04aca13e558a8b465 diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 89510933c1..aa98ecfe13 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -3885,7 +3885,7 @@ type dns_loc_rr: record { }; type dns_svcb_rr: record { - svc_priority: count; ##< Service priority. (AliasMode? ServiceMode?) + svc_priority: count; ##< Service priority for the current record, 0 indicates that this record is in AliasMode and cannot carry svc_params; otherwise this is in ServiceMode, and may include svc_params target_name: string; ##< Target name, the hostname of the service endpoint. svc_params: table[count] of vector of string; ##< service parameters as key-value pairs (not used at this point) }; diff --git a/scripts/base/protocols/dns/consts.zeek b/scripts/base/protocols/dns/consts.zeek index 283c2fc0b7..c780e6ffb4 100644 --- a/scripts/base/protocols/dns/consts.zeek +++ b/scripts/base/protocols/dns/consts.zeek @@ -182,5 +182,5 @@ export { [4] = "ipv4hint", [5] = "ech", [6] = "ipv6hint", - } &default = function(n: count): string { return fmt("key%d", n); }; + } &default = function(n: count): string { return fmt("key-%d", n); }; } diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index cb6b8cb5e8..789169261a 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -1698,7 +1698,12 @@ bool DNS_Interpreter::ParseRR_CAA(detail::DNS_MsgInfo* msg, const u_char*& data, bool DNS_Interpreter::ParseRR_SVCB(detail::DNS_MsgInfo* msg, const u_char*& data, int& len, int rdlength, const u_char* msg_start, const RR_Type& svcb_type) { - unsigned short svc_priority = ExtractShort(data, len); + // the smallest SVCB/HTTPS rr is 3 bytes: + // the first 2 bytes are for the svc priority, and the third byte is root (0x0) + if ( len < 3 ) + return false; + + uint16_t svc_priority = ExtractShort(data, len); u_char target_name[513]; int name_len = sizeof(target_name) - 1; @@ -1717,24 +1722,28 @@ bool DNS_Interpreter::ParseRR_SVCB(detail::DNS_MsgInfo* msg, const u_char*& data SVCB_DATA svcb_data = { .svc_priority = svc_priority, - .target_name = new String(target_name, name_end - target_name, true), - .svc_params = Dictionary(), + .target_name = make_intrusive(new String(target_name, name_end - target_name, true)), }; // TODO: parse svcparams + // we consume all the remaining raw data (svc params) but do nothing. + // this should be removed if the svc param parser is ready + String* unparsed_data = ExtractStream(data, len, rdlength); + delete unparsed_data; + switch( svcb_type ) - { + { case detail::TYPE_SVCB: analyzer->EnqueueConnEvent(dns_SVCB, analyzer->ConnVal(), msg->BuildHdrVal(), - msg->BuildAnswerVal(), msg->BuildSVCB_Val(&svcb_data)); + msg->BuildAnswerVal(), msg->BuildSVCB_Val(svcb_data)); break; case detail::TYPE_HTTPS: analyzer->EnqueueConnEvent(dns_HTTPS, analyzer->ConnVal(), msg->BuildHdrVal(), - msg->BuildAnswerVal(), msg->BuildSVCB_Val(&svcb_data)); + msg->BuildAnswerVal(), msg->BuildSVCB_Val(svcb_data)); break; default: break; // unreachable. for suppressing compiler warnings. - } + } return true; } @@ -2038,13 +2047,13 @@ RecordValPtr DNS_MsgInfo::BuildLOC_Val(LOC_DATA* loc) return r; } -RecordValPtr DNS_MsgInfo::BuildSVCB_Val(SVCB_DATA* svcb) +RecordValPtr DNS_MsgInfo::BuildSVCB_Val(const SVCB_DATA& svcb) { static auto dns_svcb_rr = id::find_type("dns_svcb_rr"); auto r = make_intrusive(dns_svcb_rr); - r->Assign(0, svcb->svc_priority); - r->Assign(1, make_intrusive(svcb->target_name)); + r->Assign(0, svcb.svc_priority); + r->Assign(1, svcb.target_name); // TODO: assign values to svcparams return r; diff --git a/src/analyzer/protocol/dns/DNS.h b/src/analyzer/protocol/dns/DNS.h index cfc7b089c9..f6f9a75f9a 100644 --- a/src/analyzer/protocol/dns/DNS.h +++ b/src/analyzer/protocol/dns/DNS.h @@ -153,13 +153,13 @@ enum DNSSEC_Digest ///< all keys are defined in RFC draft https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-07#section-14.3.2 enum SVCPARAM_Key { - mandatory = 0, - alpn = 1, - no_default_alpn = 2, - port = 3, - ipv4hint = 4, - ech = 5, - ipv6hint = 6, + mandatory = 0, + alpn = 1, + no_default_alpn = 2, + port = 3, + ipv4hint = 4, + ech = 5, + ipv6hint = 6, }; struct DNS_RawMsgHdr @@ -285,9 +285,8 @@ struct LOC_DATA struct SVCB_DATA { - unsigned short svc_priority; // 2 - String* target_name; - Dictionary svc_params; + uint16_t svc_priority; // 2 + StringValPtr target_name; }; class DNS_MsgInfo @@ -309,7 +308,7 @@ public: RecordValPtr BuildDS_Val(struct DS_DATA*); RecordValPtr BuildBINDS_Val(struct BINDS_DATA*); RecordValPtr BuildLOC_Val(struct LOC_DATA*); - RecordValPtr BuildSVCB_Val(struct SVCB_DATA*); + RecordValPtr BuildSVCB_Val(const struct SVCB_DATA&); int id; int opcode; ///< query type, see DNS_Opcode