wip: dns: dns.answer.name: use new buffer logic

This new logic is not yet in the template so wasn't in the initial implementation of the keyword.
jasonish · Oct 24, 2023 · edd0e9d · edd0e9d
1 parent 9341298
commit edd0e9d
Showing 1 changed file with 42 additions and 10 deletions.
diff --git a/src/detect-dns-answer-name.c b/src/detect-dns-answer-name.c
@@ -69,29 +69,61 @@ static int DetectDnsAnswerNameSetup(DetectEngineCtx *de_ctx, Signature *s, const
     return 0;
 }
 
-static uint8_t DetectEngineInspectDnsAnswerName(DetectEngineCtx *de_ctx,
-        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
-        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx,
+        const DetectEngineTransforms *transforms, void *txv, uint32_t index, int list_id)
 {
-    uint8_t ret = 0;
+    InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index);
+    if (buffer == NULL) {
+        return NULL;
+    }
+    if (buffer->initialized) {
+        return buffer;
+    }
+
     const uint8_t *data = NULL;
     uint32_t data_len = 0;
 
+    if (!SCDnsTxGetAnswerName(txv, index, &data, &data_len)) {
+        InspectionBufferSetupMultiEmpty(buffer);
+        return NULL;
+    } else {
+        InspectionBufferSetupMulti(buffer, transforms, data, data_len);
+        return buffer;
+    }
+}
+
+static uint8_t DetectEngineInspectDnsAnswerName(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+{
     if (flags & STREAM_TOSERVER) {
         FatalError("Should not see TOSERVER data");
     }
 
+    const DetectEngineTransforms *transforms = NULL;
+    if (!engine->mpm) {
+        transforms = engine->v2.transforms;
+    }
+
     for (uint32_t i = 0;; i++) {
-        if (!SCDnsTxGetAnswerName(txv, i, &data, &data_len)) {
+        InspectionBuffer *buffer = GetBuffer(det_ctx, transforms, txv, i, engine->sm_list);
+        if (buffer == NULL || buffer->inspect == NULL) {
             break;
         }
-        ret = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f,
-                (uint8_t *)data, data_len, 0, DETECT_CI_FLAGS_SINGLE,
-                DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
+
+        det_ctx->buffer_offset = 0;
+        det_ctx->discontinue_matching = 0;
+        det_ctx->inspection_recursion_counter = 0;
+
+        const int match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f,
+                (uint8_t *)buffer->inspect, buffer->inspect_len, buffer->inspect_offset,
+                DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
+        if (match == 1) {
+            return DETECT_ENGINE_INSPECT_SIG_MATCH;
+        }
     }
 
-    SCLogNotice("Returning %d.", ret);
-    return ret;
+    return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
 }
 
 #ifdef UNITTESTS