aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/suricata/src/app-layer-dns-udp.c
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/suricata/src/app-layer-dns-udp.c')
-rw-r--r--framework/src/suricata/src/app-layer-dns-udp.c635
1 files changed, 0 insertions, 635 deletions
diff --git a/framework/src/suricata/src/app-layer-dns-udp.c b/framework/src/suricata/src/app-layer-dns-udp.c
deleted file mode 100644
index e3ee01ff..00000000
--- a/framework/src/suricata/src/app-layer-dns-udp.c
+++ /dev/null
@@ -1,635 +0,0 @@
-/* Copyright (C) 2013 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- * \author Victor Julien <victor@inliniac.net>
- */
-
-#include "suricata-common.h"
-#include "suricata.h"
-
-#include "conf.h"
-#include "util-misc.h"
-
-#include "debug.h"
-#include "decode.h"
-
-#include "flow-util.h"
-
-#include "threads.h"
-
-#include "util-print.h"
-#include "util-pool.h"
-#include "util-debug.h"
-
-#include "stream-tcp-private.h"
-#include "stream-tcp-reassemble.h"
-#include "stream-tcp.h"
-#include "stream.h"
-
-#include "app-layer-protos.h"
-#include "app-layer-parser.h"
-
-#include "util-spm.h"
-#include "util-unittest.h"
-
-#include "app-layer-dns-udp.h"
-
-/** \internal
- * \brief Parse DNS request packet
- */
-static int DNSUDPRequestParse(Flow *f, void *dstate,
- AppLayerParserState *pstate,
- uint8_t *input, uint32_t input_len,
- void *local_data)
-{
- DNSState *dns_state = (DNSState *)dstate;
-
- SCLogDebug("starting %u", input_len);
-
- if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) {
- SCReturnInt(1);
- }
-
- /** \todo remove this when PP is fixed to enforce ipproto */
- if (f != NULL && f->proto != IPPROTO_UDP)
- SCReturnInt(-1);
-
- if (input == NULL || input_len == 0 || input_len < sizeof(DNSHeader)) {
- SCLogDebug("ilen too small, hoped for at least %"PRIuMAX, (uintmax_t)sizeof(DNSHeader));
- goto insufficient_data;
- }
-
- DNSHeader *dns_header = (DNSHeader *)input;
- SCLogDebug("DNS %p", dns_header);
-
- if (DNSValidateRequestHeader(dns_state, dns_header) < 0)
- goto bad_data;
-
- uint16_t q;
- const uint8_t *data = input + sizeof(DNSHeader);
- for (q = 0; q < ntohs(dns_header->questions); q++) {
- uint8_t fqdn[DNS_MAX_SIZE];
- uint16_t fqdn_offset = 0;
-
- if (input + input_len < data + 1) {
- SCLogDebug("input buffer too small for len");
- goto insufficient_data;
- }
- SCLogDebug("query length %u", *data);
-
- while (*data != 0) {
- if (*data > 63) {
- /** \todo set event?*/
- goto insufficient_data;
- }
- uint8_t length = *data;
-
- data++;
-
- if (length == 0) {
- break;
- }
-
- if (input + input_len < data + length) {
- SCLogDebug("input buffer too small for domain of len %u", length);
- goto insufficient_data;
- }
- //PrintRawDataFp(stdout, data, qry->length);
-
- if ((size_t)(fqdn_offset + length + 1) < sizeof(fqdn)) {
- memcpy(fqdn + fqdn_offset, data, length);
- fqdn_offset += length;
- fqdn[fqdn_offset++] = '.';
- } else {
- /** \todo set event? */
- goto insufficient_data;
- }
-
- data += length;
-
- if (input + input_len < data + 1) {
- SCLogDebug("input buffer too small for len(2)");
- goto insufficient_data;
- }
-
- SCLogDebug("qry length %u", *data);
- }
- if (fqdn_offset) {
- fqdn_offset--;
- }
-
- data++;
- if (input + input_len < data + sizeof(DNSQueryTrailer)) {
- SCLogDebug("input buffer too small for DNSQueryTrailer");
- goto insufficient_data;
- }
- DNSQueryTrailer *trailer = (DNSQueryTrailer *)data;
- SCLogDebug("trailer type %04x class %04x", ntohs(trailer->type), ntohs(trailer->class));
- data += sizeof(DNSQueryTrailer);
-
- /* store our data */
- if (dns_state != NULL) {
- DNSStoreQueryInState(dns_state, fqdn, fqdn_offset,
- ntohs(trailer->type), ntohs(trailer->class),
- ntohs(dns_header->tx_id));
- }
- }
-
- SCReturnInt(1);
-bad_data:
-insufficient_data:
- SCReturnInt(-1);
-}
-
-/** \internal
- * \brief DNS UDP record parser, entry function
- *
- * Parses a DNS UDP record and fills the DNS state
- *
- */
-static int DNSUDPResponseParse(Flow *f, void *dstate,
- AppLayerParserState *pstate,
- uint8_t *input, uint32_t input_len,
- void *local_data)
-{
- DNSState *dns_state = (DNSState *)dstate;
-
- SCLogDebug("starting %u", input_len);
-
- if (input == NULL && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF)) {
- SCReturnInt(1);
- }
-
- /** \todo remove this when PP is fixed to enforce ipproto */
- if (f != NULL && f->proto != IPPROTO_UDP)
- SCReturnInt(-1);
-
- if (input == NULL || input_len == 0 || input_len < sizeof(DNSHeader)) {
- SCLogDebug("ilen too small, hoped for at least %"PRIuMAX, (uintmax_t)sizeof(DNSHeader));
- goto insufficient_data;
- }
-
- DNSHeader *dns_header = (DNSHeader *)input;
- SCLogDebug("DNS %p %04x %04x", dns_header, ntohs(dns_header->tx_id), dns_header->flags);
-
- DNSTransaction *tx = NULL;
- int found = 0;
- if ((tx = DNSTransactionFindByTxId(dns_state, ntohs(dns_header->tx_id))) != NULL)
- found = 1;
-
- if (!found) {
- SCLogDebug("DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE");
- DNSSetEvent(dns_state, DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE);
- }
-
- if (DNSValidateResponseHeader(dns_state, dns_header) < 0)
- goto bad_data;
-
- SCLogDebug("queries %04x", ntohs(dns_header->questions));
-
- uint16_t q;
- const uint8_t *data = input + sizeof(DNSHeader);
- for (q = 0; q < ntohs(dns_header->questions); q++) {
- uint8_t fqdn[DNS_MAX_SIZE];
- uint16_t fqdn_offset = 0;
-
- if (input + input_len < data + 1) {
- SCLogDebug("input buffer too small for len");
- goto insufficient_data;
- }
- SCLogDebug("qry length %u", *data);
-
- while (*data != 0) {
- uint8_t length = *data;
- data++;
-
- if (length == 0)
- break;
-
- if (input + input_len < data + length) {
- SCLogDebug("input buffer too small for domain of len %u", length);
- goto insufficient_data;
- }
- //PrintRawDataFp(stdout, data, length);
-
- if ((size_t)(fqdn_offset + length + 1) < sizeof(fqdn)) {
- memcpy(fqdn + fqdn_offset, data, length);
- fqdn_offset += length;
- fqdn[fqdn_offset++] = '.';
- }
-
- data += length;
-
- if (input + input_len < data + 1) {
- SCLogDebug("input buffer too small for len");
- goto insufficient_data;
- }
-
- SCLogDebug("length %u", *data);
- }
- if (fqdn_offset) {
- fqdn_offset--;
- }
-
- data++;
- if (input + input_len < data + sizeof(DNSQueryTrailer)) {
- SCLogDebug("input buffer too small for DNSQueryTrailer");
- goto insufficient_data;
- }
-#if DEBUG
- DNSQueryTrailer *trailer = (DNSQueryTrailer *)data;
- SCLogDebug("trailer type %04x class %04x", ntohs(trailer->type), ntohs(trailer->class));
-#endif
- data += sizeof(DNSQueryTrailer);
- }
-
- SCLogDebug("answer_rr %04x", ntohs(dns_header->answer_rr));
- for (q = 0; q < ntohs(dns_header->answer_rr); q++) {
- data = DNSReponseParse(dns_state, dns_header, q, DNS_LIST_ANSWER,
- input, input_len, data);
- if (data == NULL) {
- goto insufficient_data;
- }
- }
-
- SCLogDebug("authority_rr %04x", ntohs(dns_header->authority_rr));
- for (q = 0; q < ntohs(dns_header->authority_rr); q++) {
- data = DNSReponseParse(dns_state, dns_header, q, DNS_LIST_AUTHORITY,
- input, input_len, data);
- if (data == NULL) {
- goto insufficient_data;
- }
- }
-
- /* parse rcode, e.g. "noerror" or "nxdomain" */
- uint8_t rcode = ntohs(dns_header->flags) & 0x0F;
- if (rcode <= DNS_RCODE_NOTZONE) {
- SCLogDebug("rcode %u", rcode);
- if (tx != NULL)
- tx->rcode = rcode;
- } else {
- /* this is not invalid, rcodes can be user defined */
- SCLogDebug("unexpected DNS rcode %u", rcode);
- }
-
- if (ntohs(dns_header->flags) & 0x0080) {
- SCLogDebug("recursion desired");
- if (tx != NULL)
- tx->recursion_desired = 1;
- }
-
- if (tx != NULL) {
- tx->replied = 1;
- }
-
- SCReturnInt(1);
-
-bad_data:
-insufficient_data:
- DNSSetEvent(dns_state, DNS_DECODER_EVENT_MALFORMED_DATA);
- SCReturnInt(-1);
-}
-
-static uint16_t DNSUdpProbingParser(uint8_t *input, uint32_t ilen, uint32_t *offset)
-{
- if (ilen == 0 || ilen < sizeof(DNSHeader)) {
- SCLogDebug("ilen too small, hoped for at least %"PRIuMAX, (uintmax_t)sizeof(DNSHeader));
- return ALPROTO_UNKNOWN;
- }
-
- if (DNSUDPRequestParse(NULL, NULL, NULL, input, ilen, NULL) == -1)
- return ALPROTO_FAILED;
-
- return ALPROTO_DNS;
-}
-
-static void DNSUDPConfigure(void)
-{
- uint32_t request_flood = DNS_CONFIG_DEFAULT_REQUEST_FLOOD;
- uint32_t state_memcap = DNS_CONFIG_DEFAULT_STATE_MEMCAP;
- uint64_t global_memcap = DNS_CONFIG_DEFAULT_GLOBAL_MEMCAP;
-
- ConfNode *p = ConfGetNode("app-layer.protocols.dns.request-flood");
- if (p != NULL) {
- uint32_t value;
- if (ParseSizeStringU32(p->val, &value) < 0) {
- SCLogError(SC_ERR_DNS_CONFIG, "invalid value for request-flood %s", p->val);
- } else {
- request_flood = value;
- }
- }
- SCLogInfo("DNS request flood protection level: %u", request_flood);
- DNSConfigSetRequestFlood(request_flood);
-
- p = ConfGetNode("app-layer.protocols.dns.state-memcap");
- if (p != NULL) {
- uint32_t value;
- if (ParseSizeStringU32(p->val, &value) < 0) {
- SCLogError(SC_ERR_DNS_CONFIG, "invalid value for state-memcap %s", p->val);
- } else {
- state_memcap = value;
- }
- }
- SCLogInfo("DNS per flow memcap (state-memcap): %u", state_memcap);
- DNSConfigSetStateMemcap(state_memcap);
-
- p = ConfGetNode("app-layer.protocols.dns.global-memcap");
- if (p != NULL) {
- uint64_t value;
- if (ParseSizeStringU64(p->val, &value) < 0) {
- SCLogError(SC_ERR_DNS_CONFIG, "invalid value for global-memcap %s", p->val);
- } else {
- global_memcap = value;
- }
- }
- SCLogInfo("DNS global memcap: %"PRIu64, global_memcap);
- DNSConfigSetGlobalMemcap(global_memcap);
-}
-
-void RegisterDNSUDPParsers(void)
-{
- char *proto_name = "dns";
-
- /** DNS */
- if (AppLayerProtoDetectConfProtoDetectionEnabled("udp", proto_name)) {
- AppLayerProtoDetectRegisterProtocol(ALPROTO_DNS, proto_name);
-
- if (RunmodeIsUnittests()) {
- AppLayerProtoDetectPPRegister(IPPROTO_UDP,
- "53",
- ALPROTO_DNS,
- 0, sizeof(DNSHeader),
- STREAM_TOSERVER,
- DNSUdpProbingParser);
- } else {
- int have_cfg = AppLayerProtoDetectPPParseConfPorts("udp", IPPROTO_UDP,
- proto_name, ALPROTO_DNS,
- 0, sizeof(DNSHeader),
- DNSUdpProbingParser);
- /* if we have no config, we enable the default port 53 */
- if (!have_cfg) {
- SCLogWarning(SC_ERR_DNS_CONFIG, "no DNS UDP config found, "
- "enabling DNS detection on "
- "port 53.");
- AppLayerProtoDetectPPRegister(IPPROTO_UDP, "53",
- ALPROTO_DNS, 0, sizeof(DNSHeader),
- STREAM_TOSERVER, DNSUdpProbingParser);
- }
- }
- } else {
- SCLogInfo("Protocol detection and parser disabled for %s protocol.",
- proto_name);
- return;
- }
-
- if (AppLayerParserConfParserEnabled("udp", proto_name)) {
- AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_DNS, STREAM_TOSERVER,
- DNSUDPRequestParse);
- AppLayerParserRegisterParser(IPPROTO_UDP, ALPROTO_DNS, STREAM_TOCLIENT,
- DNSUDPResponseParse);
- AppLayerParserRegisterStateFuncs(IPPROTO_UDP, ALPROTO_DNS, DNSStateAlloc,
- DNSStateFree);
- AppLayerParserRegisterTxFreeFunc(IPPROTO_UDP, ALPROTO_DNS,
- DNSStateTransactionFree);
-
- AppLayerParserRegisterGetEventsFunc(IPPROTO_UDP, ALPROTO_DNS, DNSGetEvents);
- AppLayerParserRegisterHasEventsFunc(IPPROTO_UDP, ALPROTO_DNS, DNSHasEvents);
- AppLayerParserRegisterDetectStateFuncs(IPPROTO_UDP, ALPROTO_DNS,
- DNSStateHasTxDetectState,
- DNSGetTxDetectState, DNSSetTxDetectState);
-
- AppLayerParserRegisterGetTx(IPPROTO_UDP, ALPROTO_DNS,
- DNSGetTx);
- AppLayerParserRegisterGetTxCnt(IPPROTO_UDP, ALPROTO_DNS,
- DNSGetTxCnt);
- AppLayerParserRegisterGetStateProgressFunc(IPPROTO_UDP, ALPROTO_DNS,
- DNSGetAlstateProgress);
- AppLayerParserRegisterGetStateProgressCompletionStatus(IPPROTO_UDP, ALPROTO_DNS,
- DNSGetAlstateProgressCompletionStatus);
-
- DNSAppLayerRegisterGetEventInfo(IPPROTO_UDP, ALPROTO_DNS);
-
- DNSUDPConfigure();
- } else {
- SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
- "still on.", proto_name);
- }
-#ifdef UNITTESTS
- AppLayerParserRegisterProtocolUnittests(IPPROTO_UDP, ALPROTO_DNS, DNSUDPParserRegisterTests);
-#endif
-}
-
-/* UNITTESTS */
-#ifdef UNITTESTS
-#include "util-unittest-helper.h"
-
-static int DNSUDPParserTest01 (void)
-{
- int result = 0;
- /* query: abcdefghijk.com
- * TTL: 86400
- * serial 20130422 refresh 28800 retry 7200 exp 604800 min ttl 86400
- * ns, hostmaster */
- uint8_t buf[] = { 0x00, 0x3c, 0x85, 0x00, 0x00, 0x01, 0x00, 0x00,
- 0x00, 0x01, 0x00, 0x00, 0x0b, 0x61, 0x62, 0x63,
- 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
- 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x0f, 0x00,
- 0x01, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00, 0x01,
- 0x51, 0x80, 0x00, 0x25, 0x02, 0x6e, 0x73, 0x00,
- 0x0a, 0x68, 0x6f, 0x73, 0x74, 0x6d, 0x61, 0x73,
- 0x74, 0x65, 0x72, 0xc0, 0x2f, 0x01, 0x33, 0x2a,
- 0x76, 0x00, 0x00, 0x70, 0x80, 0x00, 0x00, 0x1c,
- 0x20, 0x00, 0x09, 0x3a, 0x80, 0x00, 0x01, 0x51,
- 0x80};
- size_t buflen = sizeof(buf);
- Flow *f = NULL;
-
- f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 53);
- if (f == NULL)
- goto end;
- f->proto = IPPROTO_UDP;
- f->alproto = ALPROTO_DNS;
- f->alstate = DNSStateAlloc();
-
- int r = DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL);
- if (r != 1)
- goto end;
-
- result = 1;
-end:
- UTHFreeFlow(f);
- return (result);
-}
-
-static int DNSUDPParserTest02 (void)
-{
- int result = 0;
- uint8_t buf[] = {
- 0x6D,0x08,0x84,0x80,0x00,0x01,0x00,0x08,0x00,0x00,0x00,0x01,0x03,0x57,0x57,0x57,
- 0x04,0x54,0x54,0x54,0x54,0x03,0x56,0x56,0x56,0x03,0x63,0x6F,0x6D,0x02,0x79,0x79,
- 0x00,0x00,0x01,0x00,0x01,0xC0,0x0C,0x00,0x05,0x00,0x01,0x00,0x00,0x0E,0x10,0x00,
- 0x02,0xC0,0x0C,0xC0,0x31,0x00,0x05,0x00,0x01,0x00,0x00,0x0E,0x10,0x00,0x02,0xC0,
- 0x31,0xC0,0x3F,0x00,0x05,0x00,0x01,0x00,0x00,0x0E,0x10,0x00,0x02,0xC0,0x3F,0xC0,
- 0x4D,0x00,0x05,0x00,0x01,0x00,0x00,0x0E,0x10,0x00,0x02,0xC0,0x4D,0xC0,0x5B,0x00,
- 0x05,0x00,0x01,0x00,0x00,0x0E,0x10,0x00,0x02,0xC0,0x5B,0xC0,0x69,0x00,0x05,0x00,
- 0x01,0x00,0x00,0x0E,0x10,0x00,0x02,0xC0,0x69,0xC0,0x77,0x00,0x05,0x00,0x01,0x00,
- 0x00,0x0E,0x10,0x00,0x02,0xC0,0x77,0xC0,0x85,0x00,0x05,0x00,0x01,0x00,0x00,0x0E,
- 0x10,0x00,0x02,0xC0,0x85,0x00,0x00,0x29,0x05,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- };
- size_t buflen = sizeof(buf);
- Flow *f = NULL;
-
- f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 53);
- if (f == NULL)
- goto end;
- f->proto = IPPROTO_UDP;
- f->alproto = ALPROTO_DNS;
- f->alstate = DNSStateAlloc();
-
- int r = DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL);
- if (r != 1)
- goto end;
-
- result = 1;
-end:
- UTHFreeFlow(f);
- return (result);
-}
-
-static int DNSUDPParserTest03 (void)
-{
- int result = 0;
- uint8_t buf[] = {
- 0x6F,0xB4,0x84,0x80,0x00,0x01,0x00,0x02,0x00,0x02,0x00,0x03,0x03,0x57,0x57,0x77,
- 0x0B,0x56,0x56,0x56,0x56,0x56,0x56,0x56,0x56,0x56,0x56,0x56,0x03,0x55,0x55,0x55,
- 0x02,0x79,0x79,0x00,0x00,0x01,0x00,0x01,0xC0,0x0C,0x00,0x05,0x00,0x01,0x00,0x00,
- 0x0E,0x10,0x00,0x02,0xC0,0x10,0xC0,0x34,0x00,0x01,0x00,0x01,0x00,0x00,0x0E,0x10,
- 0x00,0x04,0xC3,0xEA,0x04,0x19,0xC0,0x34,0x00,0x02,0x00,0x01,0x00,0x00,0x0E,0x10,
- 0x00,0x0A,0x03,0x6E,0x73,0x31,0x03,0x61,0x67,0x62,0xC0,0x20,0xC0,0x46,0x00,0x02,
- 0x00,0x01,0x00,0x00,0x0E,0x10,0x00,0x06,0x03,0x6E,0x73,0x32,0xC0,0x56,0xC0,0x52,
- 0x00,0x01,0x00,0x01,0x00,0x00,0x0E,0x10,0x00,0x04,0xC3,0xEA,0x04,0x0A,0xC0,0x68,
- 0x00,0x01,0x00,0x01,0x00,0x00,0x0E,0x10,0x00,0x04,0xC3,0xEA,0x05,0x14,0x00,0x00,
- 0x29,0x05,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- size_t buflen = sizeof(buf);
- Flow *f = NULL;
-
- f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 53);
- if (f == NULL)
- goto end;
- f->proto = IPPROTO_UDP;
- f->alproto = ALPROTO_DNS;
- f->alstate = DNSStateAlloc();
-
- int r = DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL);
- if (r != 1)
- goto end;
-
- result = 1;
-end:
- UTHFreeFlow(f);
- return (result);
-}
-
-/** \test TXT records in answer */
-static int DNSUDPParserTest04 (void)
-{
- int result = 0;
- uint8_t buf[] = {
- 0xc2,0x2f,0x81,0x80,0x00,0x01,0x00,0x01,0x00,0x01,0x00,0x01,0x0a,0x41,0x41,0x41,
- 0x41,0x41,0x4f,0x31,0x6b,0x51,0x41,0x05,0x3d,0x61,0x75,0x74,0x68,0x03,0x73,0x72,
- 0x76,0x06,0x74,0x75,0x6e,0x6e,0x65,0x6c,0x03,0x63,0x6f,0x6d,0x00,0x00,0x10,0x00,
- 0x01,
- /* answer record start */
- 0xc0,0x0c,0x00,0x10,0x00,0x01,0x00,0x00,0x00,0x03,0x00,0x22,
- /* txt record starts: */
- 0x20, /* <txt len 32 */ 0x41,0x68,0x76,0x4d,0x41,0x41,0x4f,0x31,0x6b,0x41,0x46,
- 0x45,0x35,0x54,0x45,0x39,0x51,0x54,0x6a,0x46,0x46,0x4e,0x30,0x39,0x52,0x4e,0x31,
- 0x6c,0x59,0x53,0x44,0x6b,0x00, /* <txt len 0 */ 0xc0,0x1d,0x00,0x02,0x00,0x01,
- 0x00,0x09,0x3a,0x80,0x00,0x09,0x06,0x69,0x6f,0x64,0x69,0x6e,0x65,0xc0,0x21,0xc0,
- 0x6b,0x00,0x01,0x00,0x01,0x00,0x09,0x3a,0x80,0x00,0x04,0x0a,0x1e,0x1c,0x5f
- };
- size_t buflen = sizeof(buf);
- Flow *f = NULL;
-
- f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 53);
- if (f == NULL)
- goto end;
- f->proto = IPPROTO_UDP;
- f->alproto = ALPROTO_DNS;
- f->alstate = DNSStateAlloc();
-
- int r = DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL);
- if (r != 1)
- goto end;
-
- result = 1;
-end:
- UTHFreeFlow(f);
- return (result);
-}
-
-/** \test TXT records in answer, bad txtlen */
-static int DNSUDPParserTest05 (void)
-{
- int result = 0;
- uint8_t buf[] = {
- 0xc2,0x2f,0x81,0x80,0x00,0x01,0x00,0x01,0x00,0x01,0x00,0x01,0x0a,0x41,0x41,0x41,
- 0x41,0x41,0x4f,0x31,0x6b,0x51,0x41,0x05,0x3d,0x61,0x75,0x74,0x68,0x03,0x73,0x72,
- 0x76,0x06,0x74,0x75,0x6e,0x6e,0x65,0x6c,0x03,0x63,0x6f,0x6d,0x00,0x00,0x10,0x00,
- 0x01,
- /* answer record start */
- 0xc0,0x0c,0x00,0x10,0x00,0x01,0x00,0x00,0x00,0x03,0x00,0x22,
- /* txt record starts: */
- 0x40, /* <txt len 64 */ 0x41,0x68,0x76,0x4d,0x41,0x41,0x4f,0x31,0x6b,0x41,0x46,
- 0x45,0x35,0x54,0x45,0x39,0x51,0x54,0x6a,0x46,0x46,0x4e,0x30,0x39,0x52,0x4e,0x31,
- 0x6c,0x59,0x53,0x44,0x6b,0x00, /* <txt len 0 */ 0xc0,0x1d,0x00,0x02,0x00,0x01,
- 0x00,0x09,0x3a,0x80,0x00,0x09,0x06,0x69,0x6f,0x64,0x69,0x6e,0x65,0xc0,0x21,0xc0,
- 0x6b,0x00,0x01,0x00,0x01,0x00,0x09,0x3a,0x80,0x00,0x04,0x0a,0x1e,0x1c,0x5f
- };
- size_t buflen = sizeof(buf);
- Flow *f = NULL;
-
- f = UTHBuildFlow(AF_INET, "1.2.3.4", "1.2.3.5", 1024, 53);
- if (f == NULL)
- goto end;
- f->proto = IPPROTO_UDP;
- f->alproto = ALPROTO_DNS;
- f->alstate = DNSStateAlloc();
-
- int r = DNSUDPResponseParse(f, f->alstate, NULL, buf, buflen, NULL);
- if (r != -1)
- goto end;
-
- result = 1;
-end:
- UTHFreeFlow(f);
- return (result);
-}
-
-
-void DNSUDPParserRegisterTests(void)
-{
- UtRegisterTest("DNSUDPParserTest01", DNSUDPParserTest01, 1);
- UtRegisterTest("DNSUDPParserTest02", DNSUDPParserTest02, 1);
- UtRegisterTest("DNSUDPParserTest03", DNSUDPParserTest03, 1);
- UtRegisterTest("DNSUDPParserTest04", DNSUDPParserTest04, 1);
- UtRegisterTest("DNSUDPParserTest05", DNSUDPParserTest05, 1);
-}
-#endif