mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
81aa6b14fd
We already had these declared in dns/const.zeek, so extend the parser as well to avoid raising weirds and add some test pcaps: $ dig @8.8.8.8 DNSKEY ed448.no $ dig @8.8.8.8 ed448.no +dnssec And the same for the ed25519.no domain. Closes #3453
24 lines
952 B
Text
24 lines
952 B
Text
# @TEST-DOC: Add the textual representation of the DNSSEC algorithm into answers and verify there's no weirds for the ed25519 and ed448 curves.
|
|
#
|
|
# @TEST-EXEC: zeek -b -r $TRACES/dnssec/ed25519.no.pcap %INPUT
|
|
# @TEST-EXEC: test ! -f weird.log
|
|
# @TEST-EXEC: zeek-cut -m id.orig_h id.resp_h qtype_name query answers < dns.log > dns.ed25519.log
|
|
#
|
|
# @TEST-EXEC: zeek -b -C -r $TRACES/dnssec/ed448.no.pcap %INPUT
|
|
# @TEST-EXEC: test ! -f weird.log
|
|
# @TEST-EXEC: zeek-cut -m id.orig_h id.resp_h questions answers < dns.log > dns.ed448.log
|
|
#
|
|
# @TEST-EXEC: btest-diff dns.ed25519.log
|
|
# @TEST-EXEC: btest-diff dns.ed448.log
|
|
|
|
@load base/protocols/dns
|
|
|
|
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr) &priority=4
|
|
{
|
|
c$dns$answers += DNS::algorithms[rrsig$algorithm];
|
|
}
|
|
|
|
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr) &priority=4
|
|
{
|
|
c$dns$answers += DNS::algorithms[dnskey$algorithm];
|
|
}
|