Merge remote-tracking branch 'origin/topic/awelzel/dns-naming-authority-pointer'

* origin/topic/awelzel/dns-naming-authority-pointer:
  DNS: Implement NAPTR RR support
  DNS: Move extract_char_string() helper around

scripts/base/init-bare.zeek

@@ -3048,6 +3048,20 @@ type dns_svcb_rr: record {
 	target_name: string;	##< Target name, the hostname of the service endpoint.
 };
 
+## A NAPTR record.
+##
+## See also RFC 2915 - The Naming Authority Pointer (NAPTR) DNS Resource Record.
+##
+## .. zeek:see:: dns_NAPTR_reply
+type dns_naptr_rr: record {
+	order: count;        ##< Order in which to process NAPTR records.
+	preference: count;   ##< Preference specifying processing order for *equal* :zeek:field:`dns_naptr_rr$order` fields.
+	flags: string;       ##< Flags to control rewriting. E.g. "u", "a", "s" or "p".
+	service: string;     ##< The services available down this rewrite path.
+	regexp: string;      ##< Substitution expression to be applied to the original query.
+	replacement: string; ##< The next name to query, where the type is depending on the :zeek:field:`dns_naptr_rr$flags` field.
+};
+
 # DNS answer types.
 #
 # .. zeek:see:: dns_answer

scripts/base/protocols/dns/main.zeek

@@ -537,6 +537,27 @@ event dns_SRV_reply(c: connection, msg: dns_msg, ans: dns_answer, target: string
 	hook DNS::do_reply(c, msg, ans, target);
 	}
 
+event dns_NAPTR_reply(c: connection, msg: dns_msg, ans: dns_answer, naptr: dns_naptr_rr) &priority=5
+	{
+	# Just encode all the fields for NAPTR RR in the reply string.
+	local tmp = "";
+
+	if ( |naptr$regexp| > 0 )
+		tmp += naptr$regexp;
+
+	if ( |naptr$replacement| > 0 )
+		{
+		if ( |tmp| > 0 )
+			tmp += " ";
+
+		tmp += naptr$replacement;
+		}
+
+	local r = fmt("NAPTR %s %s %s %s %s", naptr$order, naptr$preference, naptr$flags, naptr$service, tmp);
+
+	hook DNS::do_reply(c, msg, ans, r);
+	}
+
 # TODO: figure out how to handle these
 #event dns_EDNS(c: connection, msg: dns_msg, ans: dns_answer)
 #	{