dns: support detect flags

7 years ago · edb9c59526
parent 98eca55241
commit edb9c59526
4 changed files with 30 additions and 0 deletions
--- a/src/app-layer-dns-common.c
+++ b/src/app-layer-dns-common.c
@ -248,6 +248,26 @@ LoggerId DNSGetTxLogged(void *alstate, void *tx)
    return dns_tx->logged;
 }

+uint64_t DNSGetTxDetectFlags(void *vtx, uint8_t dir)
+{
+    DNSTransaction *tx = (DNSTransaction *)vtx;
+    if (dir & STREAM_TOSERVER) {
+        return tx->detect_flags_ts;
+    } else {
+        return tx->detect_flags_tc;
+    }
+}
+
+void DNSSetTxDetectFlags(void *vtx, uint8_t dir, uint64_t detect_flags)
+{
+    DNSTransaction *tx = (DNSTransaction *)vtx;
+    if (dir & STREAM_TOSERVER) {
+        tx->detect_flags_ts = detect_flags;
+    } else {
+        tx->detect_flags_tc = detect_flags;
+    }
+}
+
 /** \brief get value for 'complete' status in DNS
 *
 *  For DNS we use a simple bool. 1 means done.
--- a/src/app-layer-dns-common.h
+++ b/src/app-layer-dns-common.h
@ -202,6 +202,10 @@ typedef struct DNSTransaction_ {
    uint8_t rcode;                                  /**< response code (e.g. "no error" / "no such name") */
    uint8_t recursion_desired;                      /**< server said "recursion desired" */

+    /** detection engine flags */
+    uint64_t detect_flags_ts;
+    uint64_t detect_flags_tc;
+
    TAILQ_HEAD(, DNSQueryEntry_) query_list;        /**< list for query/queries */
    TAILQ_HEAD(, DNSAnswerEntry_) answer_list;      /**< list for answers */
    TAILQ_HEAD(, DNSAnswerEntry_) authority_list;   /**< list for authority records */
@ -278,6 +282,8 @@ DNSTransaction *DNSTransactionFindByTxId(const DNSState *dns_state, const uint16
 int DNSStateHasTxDetectState(void *alstate);
 DetectEngineState *DNSGetTxDetectState(void *vtx);
 int DNSSetTxDetectState(void *alstate, void *vtx, DetectEngineState *s);
+uint64_t DNSGetTxDetectFlags(void *vtx, uint8_t dir);
+void DNSSetTxDetectFlags(void *vtx, uint8_t dir, uint64_t detect_flags);

 void DNSSetEvent(DNSState *s, uint8_t e);
 void *DNSStateAlloc(void);
--- a/src/app-layer-dns-tcp.c
+++ b/src/app-layer-dns-tcp.c
@ -752,6 +752,8 @@ void RegisterDNSTCPParsers(void)
        AppLayerParserRegisterDetectStateFuncs(IPPROTO_TCP, ALPROTO_DNS,
                                               DNSStateHasTxDetectState,
                                               DNSGetTxDetectState, DNSSetTxDetectState);
+        AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_TCP, ALPROTO_DNS,
+                                               DNSGetTxDetectFlags, DNSSetTxDetectFlags);

        AppLayerParserRegisterGetTx(IPPROTO_TCP, ALPROTO_DNS, DNSGetTx);
        AppLayerParserRegisterGetTxCnt(IPPROTO_TCP, ALPROTO_DNS, DNSGetTxCnt);
--- a/src/app-layer-dns-udp.c
+++ b/src/app-layer-dns-udp.c
@ -445,6 +445,8 @@ void RegisterDNSUDPParsers(void)
        AppLayerParserRegisterDetectStateFuncs(IPPROTO_UDP, ALPROTO_DNS,
                                               DNSStateHasTxDetectState,
                                               DNSGetTxDetectState, DNSSetTxDetectState);
+        AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_UDP, ALPROTO_DNS,
+                                               DNSGetTxDetectFlags, DNSSetTxDetectFlags);

        AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_DNS,
                                    DNSGetTx);