wip: dns: answer: use new buffer logic

jasonish · Oct 24, 2023 · 6b9c306 · 6b9c306
1 parent ebf6d0a
commit 6b9c306
Showing 1 changed file with 44 additions and 11 deletions.
diff --git a/src/detect-dns-answer-name.c b/src/detect-dns-answer-name.c
@@ -69,29 +69,62 @@ static int DetectDnsAnswerNameSetup(DetectEngineCtx *de_ctx, Signature *s, const
     return 0;
 }
 
-static uint8_t DetectEngineInspectDnsAnswerName(DetectEngineCtx *de_ctx,
-        DetectEngineThreadCtx *det_ctx, const struct DetectEngineAppInspectionEngine_ *engine,
-        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx,
+				   const DetectEngineTransforms *transforms, void *txv, 
+				   uint32_t index, int list_id)
 {
-    uint8_t ret = 0;
+    InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index);
+    if (buffer == NULL) {
+	return NULL;
+    }
+    if (buffer->initialized) {
+	return buffer;
+    }
+
     const uint8_t *data = NULL;
     uint32_t data_len = 0;
+
+    if (!SCDnsTxGetAnswerName(txv, index, &data, &data_len)) {
+	InspectionBufferSetupMultiEmpty(buffer);
+	return NULL;
+    } else {
+	InspectionBufferSetupMulti(buffer, transforms, data, data_len);
+	return buffer;
+    }
+}
 
+static uint8_t DetectEngineInspectDnsAnswerName(DetectEngineCtx *de_ctx,
+        DetectEngineThreadCtx *det_ctx, const DetectEngineAppInspectionEngine *engine,
+        const Signature *s, Flow *f, uint8_t flags, void *alstate, void *txv, uint64_t tx_id)
+{
     if (flags & STREAM_TOSERVER) {
         FatalError("Should not see TOSERVER data");
     }
 
+    const DetectEngineTransforms *transforms = NULL;
+    if (!engine->mpm) {
+	transforms = engine->v2.transforms;
+    }
+
     for (uint32_t i = 0;; i++) {
-        if (!SCDnsTxGetAnswerName(txv, i, &data, &data_len)) {
-            break;
-        }
-        ret = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f,
-                (uint8_t *)data, data_len, 0, DETECT_CI_FLAGS_SINGLE,
+	InspectionBuffer *buffer = GetBuffer(det_ctx, transforms, txv, i, engine->sm_list);
+	if (buffer == NULL || buffer->inspect == NULL) {
+	    break;
+	}
+
+	det_ctx->buffer_offset = 0;
+        det_ctx->discontinue_matching = 0;
+        det_ctx->inspection_recursion_counter = 0;
+
+        const int match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f,
+                (uint8_t *)buffer->inspect, buffer->inspect_len, buffer->inspect_offset, DETECT_CI_FLAGS_SINGLE,
                 DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
+	if (match == 1) {
+	    return DETECT_ENGINE_INSPECT_SIG_MATCH;
+	}
     }
 
-    SCLogNotice("Returning %d.", ret);
-    return ret;
+    return DETECT_ENGINE_INSPECT_SIG_NO_MATCH;
 }
 
 #ifdef UNITTESTS