Skip to content

Commit

Permalink
wip: dns: dns.answer.name: use new buffer logic
Browse files Browse the repository at this point in the history
This new logic is not yet in the template so wasn't in the initial
implementation of the keyword.
  • Loading branch information
jasonish committed Oct 25, 2023
1 parent c1c57b6 commit a041197
Showing 1 changed file with 42 additions and 10 deletions.
52 changes: 42 additions & 10 deletions src/detect-dns-answer-name.c
Original file line number Diff line number Diff line change
Expand Up @@ -70,25 +70,57 @@ static int DetectDnsResponseAnswerNameSetup(DetectEngineCtx *de_ctx, Signature *
return 0;
}

static uint8_t DetectEngineInspectDnsResponseAnswerName(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx,
const DetectEngineTransforms *transforms, void *txv, uint32_t index, int list_id)
{
uint8_t ret = 0;
InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index);
if (buffer == NULL) {
return NULL;
}
if (buffer->initialized) {
return buffer;
}

const uint8_t *data = NULL;
uint32_t data_len = 0;

if (!SCDnsTxGetAnswerName(txv, index, &data, &data_len)) {
InspectionBufferSetupMultiEmpty(buffer);
return NULL;
} else {
InspectionBufferSetupMulti(buffer, transforms, data, data_len);
return buffer;
}
}

static uint8_t DetectEngineInspectDnsResponseAnswerName(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
{
const DetectEngineTransforms *transforms = NULL;
if (!engine->mpm) {
transforms = engine->v2.transforms;
}

for (uint32_t i = 0;; i++) {
if (!SCDnsTxGetAnswerName(txv, i, &data, &data_len)) {
InspectionBuffer *buffer = GetBuffer(det_ctx, transforms, txv, i, engine->sm_list);
if (buffer == NULL || buffer->inspect == NULL) {
break;
}
ret = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f,
(uint8_t *)data, data_len, 0, DETECT_CI_FLAGS_SINGLE,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);

det_ctx->buffer_offset = 0;
det_ctx->discontinue_matching = 0;
det_ctx->inspection_recursion_counter = 0;

const int match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f,
(uint8_t *)buffer->inspect, buffer->inspect_len, buffer->inspect_offset,
DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
if (match == 1) {
return DETECT_ENGINE_INSPECT_SIG_MATCH;
}
}

SCLogNotice("Returning %d.", ret);
return ret;
return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
}

#ifdef UNITTESTS
Expand Down

0 comments on commit a041197

Please sign in to comment.