/src/suricata7/src/detect-dns-opcode.c

Source (jump to first uncovered line)
/* Copyright (C) 2019 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

#include "suricata-common.h"

#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-dns-opcode.h"
#include "rust.h"

static int dns_opcode_list_id = 0;

static void DetectDnsOpcodeFree(DetectEngineCtx *, void *ptr);

static int DetectDnsOpcodeSetup(DetectEngineCtx *de_ctx, Signature *s,
   const char *str)
{
    SCEnter();

    if (DetectSignatureSetAppProto(s, ALPROTO_DNS) != 0) {
        return -1;
    }

    void *detect = rs_detect_dns_opcode_parse(str);
    if (detect == NULL) {
        SCLogError("failed to parse dns.opcode: %s", str);
        return -1;
    }

    SigMatch *sm = SigMatchAlloc();
    if (unlikely(sm == NULL)) {
        goto error;
    }

    sm->type = DETECT_AL_DNS_OPCODE;
    sm->ctx = (void *)detect;
    SigMatchAppendSMToList(s, sm, dns_opcode_list_id);
    
    SCReturnInt(0);

error:
    DetectDnsOpcodeFree(de_ctx, detect);
    SCReturnInt(-1);
}

static void DetectDnsOpcodeFree(DetectEngineCtx *de_ctx, void *ptr)
{
    SCEnter();
    if (ptr != NULL) {
        rs_dns_detect_opcode_free(ptr);
    }
    SCReturn;
}

static int DetectDnsOpcodeMatch(DetectEngineThreadCtx *det_ctx,
    Flow *f, uint8_t flags, void *state, void *txv, const Signature *s,
    const SigMatchCtx *ctx)
{
    return rs_dns_opcode_match(txv, (void *)ctx, flags);
}

void DetectDnsOpcodeRegister(void)
{
    sigmatch_table[DETECT_AL_DNS_OPCODE].name  = "dns.opcode";
    sigmatch_table[DETECT_AL_DNS_OPCODE].desc  = "Match the DNS header opcode flag.";
    sigmatch_table[DETECT_AL_DNS_OPCODE].Setup = DetectDnsOpcodeSetup;
    sigmatch_table[DETECT_AL_DNS_OPCODE].Free  = DetectDnsOpcodeFree;
    sigmatch_table[DETECT_AL_DNS_OPCODE].Match = NULL;
    sigmatch_table[DETECT_AL_DNS_OPCODE].AppLayerTxMatch =
        DetectDnsOpcodeMatch;

    DetectAppLayerInspectEngineRegister2(
            "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);

    DetectAppLayerInspectEngineRegister2(
            "dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);

    dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode");
}

Line	Count	Source (jump to first uncovered line)
1		/* Copyright (C) 2019 Open Information Security Foundation
2		*
3		* You can copy, redistribute or modify this Program under the terms of
4		* the GNU General Public License version 2 as published by the Free
5		* Software Foundation.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10		* GNU General Public License for more details.
11		*
12		* You should have received a copy of the GNU General Public License
13		* version 2 along with this program; if not, write to the Free Software
14		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15		* 02110-1301, USA.
16		*/
17
18		#include "suricata-common.h"
19
20		#include "detect-parse.h"
21		#include "detect-engine.h"
22		#include "detect-dns-opcode.h"
23		#include "rust.h"
24
25		static int dns_opcode_list_id = 0;
26
27		static void DetectDnsOpcodeFree(DetectEngineCtx , void ptr);
28
29		static int DetectDnsOpcodeSetup(DetectEngineCtx de_ctx, Signature s,
30		const char *str)
31	11	{
32	11	SCEnter();
33
34	11	if (DetectSignatureSetAppProto(s, ALPROTO_DNS) != 0) {
35	7	return -1;
36	7	}
37
38	4	void *detect = rs_detect_dns_opcode_parse(str);
39	4	if (detect == NULL) {
40	1	SCLogError("failed to parse dns.opcode: %s", str);
41	1	return -1;
42	1	}
43
44	3	SigMatch *sm = SigMatchAlloc();
45	3	if (unlikely(sm == NULL)) {
46	0	goto error;
47	0	}
48
49	3	sm->type = DETECT_AL_DNS_OPCODE;
50	3	sm->ctx = (void *)detect;
51	3	SigMatchAppendSMToList(s, sm, dns_opcode_list_id);
52
53	3	SCReturnInt(0);
54
55	0	error:
56	0	DetectDnsOpcodeFree(de_ctx, detect);
57	0	SCReturnInt(-1);
58	3	}
59
60		static void DetectDnsOpcodeFree(DetectEngineCtx de_ctx, void ptr)
61	3	{
62	3	SCEnter();
63	3	if (ptr != NULL) {
64	3	rs_dns_detect_opcode_free(ptr);
65	3	}
66	3	SCReturn;
67	3	}
68
69		static int DetectDnsOpcodeMatch(DetectEngineThreadCtx *det_ctx,
70		Flow f, uint8_t flags, void state, void txv, const Signature s,
71		const SigMatchCtx *ctx)
72	0	{
73	0	return rs_dns_opcode_match(txv, (void *)ctx, flags);
74	0	}
75
76		void DetectDnsOpcodeRegister(void)
77	34	{
78	34	sigmatch_table[DETECT_AL_DNS_OPCODE].name = "dns.opcode";
79	34	sigmatch_table[DETECT_AL_DNS_OPCODE].desc = "Match the DNS header opcode flag.";
80	34	sigmatch_table[DETECT_AL_DNS_OPCODE].Setup = DetectDnsOpcodeSetup;
81	34	sigmatch_table[DETECT_AL_DNS_OPCODE].Free = DetectDnsOpcodeFree;
82	34	sigmatch_table[DETECT_AL_DNS_OPCODE].Match = NULL;
83	34	sigmatch_table[DETECT_AL_DNS_OPCODE].AppLayerTxMatch =
84	34	DetectDnsOpcodeMatch;
85
86	34	DetectAppLayerInspectEngineRegister2(
87	34	"dns.opcode", ALPROTO_DNS, SIG_FLAG_TOSERVER, 0, DetectEngineInspectGenericList, NULL);
88
89	34	DetectAppLayerInspectEngineRegister2(
90	34	"dns.opcode", ALPROTO_DNS, SIG_FLAG_TOCLIENT, 0, DetectEngineInspectGenericList, NULL);
91
92	34	dns_opcode_list_id = DetectBufferTypeGetByName("dns.opcode");
93	34	}

Coverage Report

Created: 2025-07-23 07:29