aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rust/dns: add dns to dns alerts

Browse Source
pull/3641/head
Jason Ish 6 years ago committed by Victor Julien
parent d01ce2e58e
commit 9bf6f7d5a9
3 changed files with 44 additions and 35 deletions
Show Stats Download Patch File Download Diff File

13
src/output-json-alert.c
Unescape Escape View File

@ -189,29 +189,26 @@ static void AlertJsonDnp3(const Flow *f, const uint64_t tx_id, json_t *js)
static void AlertJsonDns(const Flow *f, const uint64_t tx_id, json_t *js)
{
#ifndef HAVE_RUST
DNSState *dns_state = (DNSState *)FlowGetAppState(f);
if (dns_state) {
DNSTransaction *tx = AppLayerParserGetTx(f->proto, ALPROTO_DNS,
dns_state, tx_id);
if (tx) {
void *txptr = AppLayerParserGetTx(f->proto, ALPROTO_DNS,
dns_state, tx_id);
if (txptr) {
json_t *dnsjs = json_object();
if (unlikely(dnsjs == NULL)) {
return;
}
json_t *qjs = JsonDNSLogQuery(tx, tx_id);
json_t *qjs = JsonDNSLogQuery(txptr, tx_id);
if (qjs != NULL) {
json_object_set_new(dnsjs, "query", qjs);
}
json_t *ajs = JsonDNSLogAnswer(tx, tx_id);
json_t *ajs = JsonDNSLogAnswer(txptr, tx_id);
if (ajs != NULL) {
json_object_set_new(dnsjs, "answer", ajs);
}
json_object_set_new(js, "dns", dnsjs);
}
}
#endif
return;
}

62
src/output-json-dns.c
Unescape Escape View File

@ -444,23 +444,6 @@ static json_t *OutputQuery(DNSTransaction *tx, uint64_t tx_id, DNSQueryEntry *en
return djs;
}
json_t *JsonDNSLogQuery(DNSTransaction *tx, uint64_t tx_id)
{
DNSQueryEntry *entry = NULL;
json_t *queryjs = json_array();
if (queryjs == NULL)
return NULL;
TAILQ_FOREACH(entry, &tx->query_list, next) {
json_t *qjs = OutputQuery(tx, tx_id, entry);
if (qjs != NULL) {
json_array_append_new(queryjs, qjs);
}
}
return queryjs;
}
static void LogQuery(LogDnsLogThread *aft, json_t *js, DNSTransaction *tx,
uint64_t tx_id, DNSQueryEntry *entry)
{
@ -485,6 +468,34 @@ static void LogQuery(LogDnsLogThread *aft, json_t *js, DNSTransaction *tx,
}
#endif
json_t *JsonDNSLogQuery(void *txptr, uint64_t tx_id)
{
json_t *queryjs = json_array();
if (queryjs == NULL)
return NULL;
#ifdef HAVE_RUST
for (uint16_t i = 0; i < UINT16_MAX; i++) {
json_t *dns = rs_dns_log_json_query((void *)txptr, i, LOG_ALL_RRTYPES);
if (unlikely(dns == NULL)) {
break;
}
json_array_append_new(queryjs, dns);
}
#else
DNSTransaction *tx = txptr;
DNSQueryEntry *entry = NULL;
TAILQ_FOREACH(entry, &tx->query_list, next) {
json_t *qjs = OutputQuery(tx, tx_id, entry);
if (qjs != NULL) {
json_array_append_new(queryjs, qjs);
}
}
#endif
return queryjs;
}
#ifndef HAVE_RUST
static json_t *DnsParseSshFpType(DNSAnswerEntry *entry, uint8_t *ptr)
@ -917,20 +928,21 @@ static void OutputAnswerV2(LogDnsLogThread *aft, json_t *djs,
OutputJSONBuffer(djs, aft->dnslog_ctx->file_ctx, &aft->buffer);
}
}
#endif
json_t *JsonDNSLogAnswer(DNSTransaction *tx, uint64_t tx_id)
json_t *JsonDNSLogAnswer(void *txptr, uint64_t tx_id)
{
#ifdef HAVE_RUST
return rs_dns_log_json_answer(txptr, LOG_ALL_RRTYPES);
#else
DNSTransaction *tx = txptr;
DNSAnswerEntry *entry = TAILQ_FIRST(&tx->answer_list);
json_t *js = NULL;
if (entry) {
js = BuildAnswer(tx, tx_id, LOG_FORMAT_DETAILED, DNS_VERSION_2);
return BuildAnswer(tx, tx_id, LOG_FORMAT_DETAILED, DNS_VERSION_2);
}
return js;
}
return NULL;
#endif
}
#ifndef HAVE_RUST
static void OutputFailure(LogDnsLogThread *aft, json_t *djs,

4
src/output-json-dns.h
Unescape Escape View File

@ -29,8 +29,8 @@ void JsonDnsLogRegister(void);
#ifdef HAVE_LIBJANSSON
#include "app-layer-dns-common.h"
json_t *JsonDNSLogQuery(DNSTransaction *tx, uint64_t tx_id) __attribute__((nonnull));
json_t *JsonDNSLogAnswer(DNSTransaction *tx, uint64_t tx_id) __attribute__((nonnull));
json_t *JsonDNSLogQuery(void *txptr, uint64_t tx_id) __attribute__((nonnull));
json_t *JsonDNSLogAnswer(void *txptr, uint64_t tx_id) __attribute__((nonnull));
#endif
#endif /* __OUTPUT_JSON_DNS_H__ */

Write Preview
Loading…
Cancel
Save