mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Pass DNS complete_flag along as a uint8_t instead of a String
This commit is contained in:
Tim Wojtulewicz
parent
73c9a1f3d9
commit
f1d69df165
2 changed files with 17 additions and 13 deletions
|
|
@ -455,6 +455,19 @@ bool DNS_Interpreter::ExtractLabel(const u_char*& data, int& len, u_char*& name,
|
|||
return true;
|
||||
}
|
||||
|
||||
uint8_t DNS_Interpreter::ExtractByte(const u_char*& data, int& len) {
|
||||
if ( len < 1 )
|
||||
return 0;
|
||||
|
||||
uint8_t val;
|
||||
val = data[0];
|
||||
|
||||
++data;
|
||||
--len;
|
||||
|
||||
return val;
|
||||
}
|
||||
|
||||
uint16_t DNS_Interpreter::ExtractShort(const u_char*& data, int& len) {
|
||||
if ( len < 2 )
|
||||
return 0;
|
||||
|
|
@ -1331,15 +1344,7 @@ bool DNS_Interpreter::ParseRR_BINDS(detail::DNS_MsgInfo* msg, const u_char*& dat
|
|||
|
||||
unsigned int keyid = (keyid1 << 8) | keyid2;
|
||||
|
||||
String* completeflag = ExtractStream(data, len, rdlength - 4);
|
||||
|
||||
// We exposed the complete flag as a string to script land previously,
|
||||
// but there should only ever be a single byte, so raise a weird if
|
||||
// it is longer than that.
|
||||
//
|
||||
// https://bind9.readthedocs.io/en/latest/chapter5.html#monitoring-with-private-type-records
|
||||
if ( completeflag->Len() > 1 )
|
||||
analyzer->Weird("DNS_BINDS_complete_flag_length", util::fmt("%d", completeflag->Len()));
|
||||
uint8_t completeflag = ExtractByte(data, len);
|
||||
|
||||
if ( dns_BINDS ) {
|
||||
detail::BINDS_DATA binds;
|
||||
|
|
@ -1352,8 +1357,6 @@ bool DNS_Interpreter::ParseRR_BINDS(detail::DNS_MsgInfo* msg, const u_char*& dat
|
|||
msg->BuildBINDS_Val(&binds));
|
||||
}
|
||||
|
||||
delete completeflag;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -1914,7 +1917,7 @@ RecordValPtr DNS_MsgInfo::BuildBINDS_Val(BINDS_DATA* binds) {
|
|||
r->Assign(2, binds->algorithm);
|
||||
r->Assign(3, binds->key_id);
|
||||
r->Assign(4, binds->removal_flag);
|
||||
r->Assign(5, binds->complete_flag->Len() > 0 ? binds->complete_flag->Bytes()[0] : 0);
|
||||
r->Assign(5, binds->complete_flag);
|
||||
r->Assign(6, is_query);
|
||||
|
||||
return r;
|
||||
|
|
|
|||
|
|
@ -262,7 +262,7 @@ struct BINDS_DATA {
|
|||
unsigned short algorithm; // 8
|
||||
unsigned short key_id; // 16 : ExtractShort(data, len)
|
||||
unsigned short removal_flag; // 8
|
||||
String* complete_flag; // 8
|
||||
uint8_t complete_flag; // 8
|
||||
};
|
||||
|
||||
struct LOC_DATA {
|
||||
|
|
@ -353,6 +353,7 @@ protected:
|
|||
bool downcase = true);
|
||||
bool ExtractLabel(const u_char*& data, int& len, u_char*& label, int& label_len, const u_char* msg_start);
|
||||
|
||||
uint8_t ExtractByte(const u_char*& data, int& len);
|
||||
uint16_t ExtractShort(const u_char*& data, int& len);
|
||||
uint32_t ExtractLong(const u_char*& data, int& len);
|
||||
void ExtractOctets(const u_char*& data, int& len, String** p);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue