detect/dns: support string for dns.rrtype

Ticket: 6723

doc/userguide/rules/dns-keywords.rst

@@ -98,6 +98,8 @@ This keyword matches on the **rrtype** (integer) found in the DNS message.
 
 dns.rrtype uses an :ref:`unsigned 16-bit integer <rules-integer-keywords>`.
 
+It can also be specified by text from the enumeration.
+
 Syntax
 ~~~~~~
 

rust/src/dns/detect.rs

@@ -15,10 +15,10 @@
  * 02110-1301, USA.
  */
 
-use super::dns::{DNSRcode, DNSTransaction, ALPROTO_DNS};
+use super::dns::{DNSRcode, DNSRecordType, DNSTransaction, ALPROTO_DNS};
 use crate::detect::uint::{
-    detect_match_uint, detect_parse_uint_enum, rs_detect_u16_free, rs_detect_u16_parse,
-    rs_detect_u8_free, rs_detect_u8_parse, DetectUintData,
+    detect_match_uint, detect_parse_uint_enum, rs_detect_u16_free, rs_detect_u8_free,
+    rs_detect_u8_parse, DetectUintData,
 };
 use crate::detect::{
     DetectBufferSetActiveList, DetectHelperBufferRegister, DetectHelperGetMultiData,
@@ -188,13 +188,26 @@ unsafe extern "C" fn dns_rcode_free(_de: *mut c_void, ctx: *mut c_void) {
     rs_detect_u16_free(ctx);
 }
 
+unsafe extern "C" fn dns_rrtype_parse(
+    ustr: *const std::os::raw::c_char,
+) -> *mut DetectUintData<u8> {
+    let ft_name: &CStr = CStr::from_ptr(ustr); //unsafe
+    if let Ok(s) = ft_name.to_str() {
+        if let Some(ctx) = detect_parse_uint_enum::<u16, DNSRecordType>(s) {
+            let boxed = Box::new(ctx);
+            return Box::into_raw(boxed) as *mut _;
+        }
+    }
+    return std::ptr::null_mut();
+}
+
 unsafe extern "C" fn dns_rrtype_setup(
     de: *mut c_void, s: *mut c_void, raw: *const libc::c_char,
 ) -> c_int {
     if DetectSignatureSetAppProto(s, ALPROTO_DNS) != 0 {
         return -1;
     }
-    let ctx = rs_detect_u16_parse(raw) as *mut c_void;
+    let ctx = dns_rrtype_parse(raw) as *mut c_void;
     if ctx.is_null() {
         return -1;
     }
@@ -631,41 +644,49 @@ mod test {
     #[test]
     fn parse_rrtype_good() {
         assert_eq!(
-            detect_parse_uint::<u16>("1").unwrap().1,
+            detect_parse_uint_enum::<u16, DNSRecordType>("1").unwrap(),
             DetectUintData {
                 mode: DetectUintMode::DetectUintModeEqual,
                 arg1: 1,
                 arg2: 0,
             }
         );
         assert_eq!(
-            detect_parse_uint::<u16>("123").unwrap().1,
+            detect_parse_uint_enum::<u16, DNSRecordType>("123").unwrap(),
             DetectUintData {
                 mode: DetectUintMode::DetectUintModeEqual,
                 arg1: 123,
                 arg2: 0,
             }
         );
         assert_eq!(
-            detect_parse_uint::<u16>("!123").unwrap().1,
+            detect_parse_uint_enum::<u16, DNSRecordType>("!123").unwrap(),
             DetectUintData {
                 mode: DetectUintMode::DetectUintModeNe,
                 arg1: 123,
                 arg2: 0,
             }
         );
         assert_eq!(
-            detect_parse_uint::<u16>("7-15").unwrap().1,
+            detect_parse_uint_enum::<u16, DNSRecordType>("7-15").unwrap(),
             DetectUintData {
                 mode: DetectUintMode::DetectUintModeRange,
                 arg1: 7,
                 arg2: 15,
             }
         );
-        assert!(detect_parse_uint::<u16>("").is_err());
-        assert!(detect_parse_uint::<u16>("!").is_err());
-        assert!(detect_parse_uint::<u16>("!   ").is_err());
-        assert!(detect_parse_uint::<u16>("!asdf").is_err());
+        assert_eq!(
+            detect_parse_uint_enum::<u16, DNSRecordType>("a").unwrap(),
+            DetectUintData {
+                mode: DetectUintMode::DetectUintModeEqual,
+                arg1: DNSRecordType::A as u16,
+                arg2: 0,
+            }
+        );
+        assert!(detect_parse_uint_enum::<u16, DNSRecordType>("").is_none());
+        assert!(detect_parse_uint_enum::<u16, DNSRecordType>("!").is_none());
+        assert!(detect_parse_uint_enum::<u16, DNSRecordType>("!   ").is_none());
+        assert!(detect_parse_uint_enum::<u16, DNSRecordType>("!asdf").is_none());
     }
 
     #[test]

rust/src/dns/dns.rs

@@ -32,65 +32,69 @@ use nom7::number::streaming::be_u16;
 use nom7::{Err, IResult};
 
 /// DNS record types.
-pub const DNS_RECORD_TYPE_A: u16 = 1;
-pub const DNS_RECORD_TYPE_NS: u16 = 2;
-pub const DNS_RECORD_TYPE_MD: u16 = 3; // Obsolete
-pub const DNS_RECORD_TYPE_MF: u16 = 4; // Obsolete
-pub const DNS_RECORD_TYPE_CNAME: u16 = 5;
-pub const DNS_RECORD_TYPE_SOA: u16 = 6;
-pub const DNS_RECORD_TYPE_MB: u16 = 7; // Experimental
-pub const DNS_RECORD_TYPE_MG: u16 = 8; // Experimental
-pub const DNS_RECORD_TYPE_MR: u16 = 9; // Experimental
-pub const DNS_RECORD_TYPE_NULL: u16 = 10; // Experimental
-pub const DNS_RECORD_TYPE_WKS: u16 = 11;
-pub const DNS_RECORD_TYPE_PTR: u16 = 12;
-pub const DNS_RECORD_TYPE_HINFO: u16 = 13;
-pub const DNS_RECORD_TYPE_MINFO: u16 = 14;
-pub const DNS_RECORD_TYPE_MX: u16 = 15;
-pub const DNS_RECORD_TYPE_TXT: u16 = 16;
-pub const DNS_RECORD_TYPE_RP: u16 = 17;
-pub const DNS_RECORD_TYPE_AFSDB: u16 = 18;
-pub const DNS_RECORD_TYPE_X25: u16 = 19;
-pub const DNS_RECORD_TYPE_ISDN: u16 = 20;
-pub const DNS_RECORD_TYPE_RT: u16 = 21;
-pub const DNS_RECORD_TYPE_NSAP: u16 = 22;
-pub const DNS_RECORD_TYPE_NSAPPTR: u16 = 23;
-pub const DNS_RECORD_TYPE_SIG: u16 = 24;
-pub const DNS_RECORD_TYPE_KEY: u16 = 25;
-pub const DNS_RECORD_TYPE_PX: u16 = 26;
-pub const DNS_RECORD_TYPE_GPOS: u16 = 27;
-pub const DNS_RECORD_TYPE_AAAA: u16 = 28;
-pub const DNS_RECORD_TYPE_LOC: u16 = 29;
-pub const DNS_RECORD_TYPE_NXT: u16 = 30; // Obsolete
-pub const DNS_RECORD_TYPE_SRV: u16 = 33;
-pub const DNS_RECORD_TYPE_ATMA: u16 = 34;
-pub const DNS_RECORD_TYPE_NAPTR: u16 = 35;
-pub const DNS_RECORD_TYPE_KX: u16 = 36;
-pub const DNS_RECORD_TYPE_CERT: u16 = 37;
-pub const DNS_RECORD_TYPE_A6: u16 = 38; // Obsolete
-pub const DNS_RECORD_TYPE_DNAME: u16 = 39;
-pub const DNS_RECORD_TYPE_OPT: u16 = 41;
-pub const DNS_RECORD_TYPE_APL: u16 = 42;
-pub const DNS_RECORD_TYPE_DS: u16 = 43;
-pub const DNS_RECORD_TYPE_SSHFP: u16 = 44;
-pub const DNS_RECORD_TYPE_IPSECKEY: u16 = 45;
-pub const DNS_RECORD_TYPE_RRSIG: u16 = 46;
-pub const DNS_RECORD_TYPE_NSEC: u16 = 47;
-pub const DNS_RECORD_TYPE_DNSKEY: u16 = 48;
-pub const DNS_RECORD_TYPE_DHCID: u16 = 49;
-pub const DNS_RECORD_TYPE_NSEC3: u16 = 50;
-pub const DNS_RECORD_TYPE_NSEC3PARAM: u16 = 51;
-pub const DNS_RECORD_TYPE_TLSA: u16 = 52;
-pub const DNS_RECORD_TYPE_HIP: u16 = 55;
-pub const DNS_RECORD_TYPE_CDS: u16 = 59;
-pub const DNS_RECORD_TYPE_CDNSKEY: u16 = 60;
-pub const DNS_RECORD_TYPE_HTTPS: u16 = 65;
-pub const DNS_RECORD_TYPE_SPF: u16 = 99; // Obsolete
-pub const DNS_RECORD_TYPE_TKEY: u16 = 249;
-pub const DNS_RECORD_TYPE_TSIG: u16 = 250;
-pub const DNS_RECORD_TYPE_MAILA: u16 = 254; // Obsolete
-pub const DNS_RECORD_TYPE_ANY: u16 = 255;
-pub const DNS_RECORD_TYPE_URI: u16 = 256;
+/// DNS error codes.
+#[derive(Clone, Debug, EnumStringU16)]
+pub enum DNSRecordType {
+    A = 1,
+    NS = 2,
+    MD = 3, // Obsolete
+    MF = 4, // Obsolete
+    CNAME = 5,
+    SOA = 6,
+    MB = 7,    // Experimental
+    MG = 8,    // Experimental
+    MR = 9,    // Experimental
+    NULL = 10, // Experimental
+    WKS = 11,
+    PTR = 12,
+    HINFO = 13,
+    MINFO = 14,
+    MX = 15,
+    TXT = 16,
+    RP = 17,
+    AFSDB = 18,
+    X25 = 19,
+    ISDN = 20,
+    RT = 21,
+    NSAP = 22,
+    NSAPPTR = 23,
+    SIG = 24,
+    KEY = 25,
+    PX = 26,
+    GPOS = 27,
+    AAAA = 28,
+    LOC = 29,
+    NXT = 30, // Obsolete
+    SRV = 33,
+    ATMA = 34,
+    NAPTR = 35,
+    KX = 36,
+    CERT = 37,
+    A6 = 38, // Obsolete
+    DNAME = 39,
+    OPT = 41,
+    APL = 42,
+    DS = 43,
+    SSHFP = 44,
+    IPSECKEY = 45,
+    RRSIG = 46,
+    NSEC = 47,
+    DNSKEY = 48,
+    DHCID = 49,
+    NSEC3 = 50,
+    NSEC3PARAM = 51,
+    TLSA = 52,
+    HIP = 55,
+    CDS = 59,
+    CDNSKEY = 60,
+    HTTPS = 65,
+    SPF = 99, // Obsolete
+    TKEY = 249,
+    TSIG = 250,
+    MAILA = 254, // Obsolete
+    ANY = 255,
+    URI = 256,
+}
 
 /// DNS error codes.
 #[derive(Clone, Debug, EnumStringU16)]