Skip to content

Commit

Permalink
eve/dns: allow version to be set with environment variable
Browse files Browse the repository at this point in the history 
There is no sane way to set override the DNS eve version in Suricata
tests without using a copy of the configuration file, and many of the
tests by design use the configuration file of the Suricata under test,
so making a copy would break this assumption.

To get around this, respect the SURICATA_EVE_DNS_VERSION environment
variable as a way to set the version if not explicitly set in the
configuration file.
  • Loading branch information
@jasonish
jasonish committed Jul 5, 2024
1 parent 61da314 commit db81df3
Showing 1 changed file with 48 additions and 32 deletions.
80 changes: 48 additions & 32 deletions src/output-json-dns.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@

#include "threadvars.h"

#include "util-byte.h"
#include "util-debug.h"
#include "util-mem.h"
#include "app-layer-parser.h"
Expand Down Expand Up @@ -488,46 +489,61 @@ static void JsonDnsLogParseConfig(LogDnsFileCtx *dnslog_ctx, ConfNode *conf,
}
}

static uint8_t JsonDnsCheckVersion(ConfNode *conf)
static uint8_t GetVersion(ConfNode *conf)
{
// TODO: Convert to _DEFAULT.
uint8_t default_version = DNS_LOG_VERSION_2;

if (conf == NULL) {
SCLogConfig("EVE DNS default to DNS log version %d", DNS_LOG_VERSION_DEFAULT);
return default_version;
return DNS_LOG_VERSION_DEFAULT;
}

char *version_string = NULL;
const ConfNode *version_node = ConfNodeLookupChild(conf, "version");
if (version_node != NULL) {
version_string = version_node->val;
}

if (version_string == NULL) {
version_string = getenv("SURICATA_EVE_DNS_VERSION");
}

if (version_string == NULL) {
return DNS_LOG_VERSION_DEFAULT;
}

uint8_t version;
if (StringParseUint8(&version, 10, 0, version_string) >= 0) {
return version;
}
SCLogWarning("Failed to parse EVE DNS log version of \"%s\"", version_string);
return DNS_LOG_VERSION_DEFAULT;
}

static uint8_t JsonDnsCheckVersion(ConfNode *conf)
{
const uint8_t default_version = DNS_LOG_VERSION_DEFAULT;
const uint8_t version = GetVersion(conf);
static bool v1_deprecation_warned = false;
static bool v2_deprecation_warned = false;

const ConfNode *has_version = ConfNodeLookupChild(conf, "version");
if (has_version != NULL) {
intmax_t config_version;
if (ConfGetChildValueInt(conf, "version", &config_version)) {
switch(config_version) {
case 3:
SCLogNotice("DNS EVE v3 not implemented yet, using v2");
return DNS_LOG_VERSION_2;
case 2:
if (!v2_deprecation_warned) {
SCLogNotice("DNS EVE v2 logging has been deprecated and will be removed in "
"Suricata 9.0");
v2_deprecation_warned = true;
}
return DNS_LOG_VERSION_2;
case 1:
if (!v1_deprecation_warned) {
SCLogWarning("DNS EVE v1 logging has been removed, will use v2");
v1_deprecation_warned = true;
}
return default_version;
default:
SCLogWarning("Invalid EVE DNS version \"%s\", will use v%d", has_version->val,
DNS_LOG_VERSION_DEFAULT);
return default_version;
switch (version) {
case 3:
return DNS_LOG_VERSION_3;
case 2:
if (!v2_deprecation_warned) {
SCLogNotice("DNS EVE v2 logging has been deprecated and will be removed in "
"Suricata 9.0");
v2_deprecation_warned = true;
}
}
return DNS_LOG_VERSION_2;
case 1:
if (!v1_deprecation_warned) {
SCLogWarning("DNS EVE v1 logging has been removed, will use v2");
v1_deprecation_warned = true;
}
return default_version;
default:
SCLogWarning(
"Invalid EVE DNS version %d, will use v%d", version, DNS_LOG_VERSION_DEFAULT);
return default_version;
}

return default_version;
Expand Down

0 comments on commit db81df3

Please sign in to comment.