From a9bf6bbd0ee43bcc4f984d5bb8f66f7d30eca7b7 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Tue, 28 Jan 2025 16:19:37 -0600 Subject: [PATCH] detect-dns-response: disable clang-format around byte arrays These arrays are manually formatted for readability. --- src/detect-dns-response.c | 1161 ++++++++++--------------------------- 1 file changed, 311 insertions(+), 850 deletions(-) diff --git a/src/detect-dns-response.c b/src/detect-dns-response.c index d15fb94280..5a6f6cbf4d 100644 --- a/src/detect-dns-response.c +++ b/src/detect-dns-response.c @@ -349,37 +349,20 @@ void DetectDnsResponseRegister(void) /** \test google.com match query name field in response */ static int DetectDnsResponseTest01(void) { + // clang-format off uint8_t buf[] = { - 0x10, - 0x31, /* ID */ - 0x85, - 0x80, /* Flags */ - 0x00, - 0x01, /* questions: 1 */ - 0x00, - 0x00, /* answer_rrs: 0 */ - 0x00, - 0x00, /* authority_rrs: 0 */ - 0x00, - 0x00, /* additional_rr: 0 */ + 0x10, 0x31, /* ID */ + 0x85, 0x80, /* Flags */ + 0x00, 0x01, /* questions: 1 */ + 0x00, 0x00, /* answer_rrs: 0 */ + 0x00, 0x00, /* authority_rrs: 0 */ + 0x00, 0x00, /* additional_rr: 0 */ /* Query */ - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x00, - 0x01, - 0x00, - 0x01, + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x01, 0x00, 0x01, }; + // clang-format on Flow f; void *dns_state = NULL; @@ -451,47 +434,22 @@ static int DetectDnsResponseTest01(void) /** \test google.com match answer name field in response */ static int DetectDnsResponseTest02(void) { + // clang-format off uint8_t buf[] = { - 0x11, - 0x32, /* ID */ - 0x85, - 0x80, /* Flags */ - 0x00, - 0x00, /* questions: 0 */ - 0x00, - 0x01, /* answer_rrs: 1 */ - 0x00, - 0x00, /* authority_rrs: 0 */ - 0x00, - 0x00, /* additional_rr: 0 */ + 0x11, 0x32, /* ID */ + 0x85, 0x80, /* Flags */ + 0x00, 0x00, /* questions: 0 */ + 0x00, 0x01, /* answer_rrs: 1 */ + 0x00, 0x00, /* authority_rrs: 0 */ + 0x00, 0x00, /* additional_rr: 0 */ /* Answer */ - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x00, - 0x01, - 0x00, - 0x01, - 0x00, - 0x00, - 0x01, - 0x2c, - 0x00, - 0x04, - 0x7f, - 0x00, - 0x00, - 0x01, + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, + 0x01, 0x2c, 0x00, 0x04, 0x7f, 0x00, + 0x00, 0x01, }; + // clang-format on Flow f; Packet *p = NULL; @@ -560,100 +518,35 @@ static int DetectDnsResponseTest02(void) /** \test google.com match authority name field in response */ static int DetectDnsResponseTest03(void) { + // clang-format off uint8_t buf[] = { - 0x12, - 0x33, /* ID */ - 0x85, - 0x80, /* Flags */ - 0x00, - 0x00, /* questions: 0 */ - 0x00, - 0x00, /* answer_rrs: 0 */ - 0x00, - 0x01, /* authority_rrs: 1 */ - 0x00, - 0x00, /* additional_rr: 0 */ + 0x12, 0x33, /* ID */ + 0x85, 0x80, /* Flags */ + 0x00, 0x00, /* questions: 0 */ + 0x00, 0x00, /* answer_rrs: 0 */ + 0x00, 0x01, /* authority_rrs: 1 */ + 0x00, 0x00, /* additional_rr: 0 */ /* Authority */ /* name = google.com*/ - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x00, - 0x06, /* type: SOA */ - 0x00, - 0x01, /* Class: IN*/ - 0x00, - 0x00, - 0x01, - 0x2c, /* TTL: 300 */ - 0x00, - 0x37, /* Data length: 55 */ + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x06, /* type: SOA */ + 0x00, 0x01, /* Class: IN*/ + 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ + 0x00, 0x37, /* Data length: 55 */ /* primary name server: ns1.google.com */ - 0x03, - 0x6e, - 0x73, - 0x31, - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x06, - 0x61, - 0x6e, - 0x64, - 0x72, - 0x65, - 0x69, - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x0b, - 0xff, - 0xb4, - 0x5f, - 0x00, - 0x00, - 0x0e, - 0x10, - 0x00, - 0x00, - 0x2a, - 0x30, - 0x00, - 0x01, - 0x51, - 0x80, - 0x00, - 0x00, - 0x0e, + 0x03, 0x6e, 0x73, 0x31, 0x06, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x03, + 0x63, 0x6f, 0x6d, 0x00, 0x06, 0x61, + 0x6e, 0x64, 0x72, 0x65, 0x69, 0x06, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x0b, + 0xff, 0xb4, 0x5f, 0x00, 0x00, 0x0e, + 0x10, 0x00, 0x00, 0x2a, 0x30, 0x00, + 0x01, 0x51, 0x80, 0x00, 0x00, 0x0e, 0x10, }; + // clang-format on Flow f; Packet *p = NULL; @@ -722,75 +615,29 @@ static int DetectDnsResponseTest03(void) /** \test ns1.google.com match additional name field in response */ static int DetectDnsResponseTest04(void) { + // clang-format off uint8_t buf[] = { - 0x13, - 0x34, /* ID */ - 0x85, - 0x80, /* Flags */ - 0x00, - 0x01, /* questions: 1 */ - 0x00, - 0x01, /* answer_rrs: 1 */ - 0x00, - 0x00, /* authority_rrs: 0 */ - 0x00, - 0x01, /* additional_rr: 1 */ + 0x13, 0x34, /* ID */ + 0x85, 0x80, /* Flags */ + 0x00, 0x01, /* questions: 1 */ + 0x00, 0x01, /* answer_rrs: 1 */ + 0x00, 0x00, /* authority_rrs: 0 */ + 0x00, 0x01, /* additional_rr: 1 */ /* Query name = google.com */ - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x00, - 0x01, - 0x00, - 0x01, + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x01, 0x00, 0x01, /* Answer name = google.com (0xc00c pointer to query) */ - 0xc0, - 0x0c, - 0x00, - 0x01, - 0x00, - 0x01, - 0x00, - 0x00, - 0x01, - 0x2c, - 0x00, - 0x04, - 0x7f, - 0x00, - 0x00, - 0x01, + 0xc0, 0x0c, 0x00, 0x01, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x04, + 0x7f, 0x00, 0x00, 0x01, /* Additional: name = ns1.google.com (0xc00c pointer to query) */ - 0x03, - 0x6e, - 0x73, - 0x31, - 0xc0, - 0x0c, - 0x00, - 0x01, - 0x00, - 0x01, - 0x00, - 0x00, - 0x01, - 0x2c, - 0x00, - 0x04, - 0x7f, - 0x00, - 0x00, - 0x01, + 0x03, 0x6e, 0x73, 0x31, 0xc0, 0x0c, + 0x00 ,0x01 ,0x00, 0x01 ,0x00 ,0x00, + 0x01, 0x2c, 0x00, 0x04, 0x7f, 0x00, + 0x00, 0x01, }; + // clang-format on Flow f; Packet *p = NULL; @@ -859,125 +706,40 @@ static int DetectDnsResponseTest04(void) /** \test mail.google.com match answer data field in response (MX type) */ static int DetectDnsResponseTest05(void) { + // clang-format off uint8_t buf[] = { - 0xb7, - 0xf6, /* ID */ - 0x85, - 0x80, /* Flags */ - 0x00, - 0x01, /* num query */ - 0x00, - 0x01, /* num answer */ - 0x00, - 0x01, /* num authority */ - 0x00, - 0x01, /* num additional */ + 0xb7, 0xf6, /* ID */ + 0x85, 0x80, /* Flags */ + 0x00, 0x01, /* num query */ + 0x00, 0x01, /* num answer */ + 0x00, 0x01, /* num authority */ + 0x00, 0x01, /* num additional */ /* Query */ - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, /* google.com */ - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x00, - 0x0f, - 0x00, - 0x01, + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, /* google.com */ + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x0f, 0x00, 0x01, /* Answer */ - 0xc0, - 0x0c, /* reference to Query name google.com bytes*/ - 0x00, - 0x0f, - 0x00, - 0x01, - 0x00, - 0x00, - 0x01, - 0x2c, - 0x00, - 0x09, - 0x00, - 0x0a, + 0xc0, 0x0c, /* reference to Query name google.com bytes*/ + 0x00, 0x0f, 0x00, 0x01, 0x00, 0x00, + 0x01, 0x2c, 0x00, 0x09, 0x00, 0x0a, /* MX record: mail.google.com */ - 0x04, - 0x6d, - 0x61, - 0x69, - 0x6c, - 0xc0, - 0x0c, /* google.com reference to Query name bytes */ + 0x04, 0x6d, 0x61, 0x69, 0x6c, + 0xc0, 0x0c, /* google.com reference to Query name bytes */ /* Authority */ - 0xc0, - 0x0c, - 0x00, - 0x06, - 0x00, - 0x01, - 0x00, - 0x00, - 0x01, - 0x2c, - 0x00, - 0x23, - 0x03, - 0x6e, - 0x73, - 0x31, - 0xc0, - 0x0c, - 0x06, - 0x61, - 0x6e, - 0x64, - 0x72, - 0x65, - 0x69, - 0xc0, - 0x0c, - 0x0b, - 0xff, - 0xb4, - 0x5f, - 0x00, - 0x00, - 0x0e, - 0x10, - 0x00, - 0x00, - 0x2a, - 0x30, - 0x00, - 0x01, - 0x51, - 0x80, - 0x00, - 0x00, - 0x0e, - 0x10, + 0xc0, 0x0c, 0x00, 0x06, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x23, + 0x03, 0x6e, 0x73, 0x31, 0xc0, 0x0c, + 0x06, 0x61, 0x6e, 0x64, 0x72, 0x65, + 0x69, 0xc0, 0x0c, 0x0b, 0xff, 0xb4, + 0x5f, 0x00, 0x00, 0x0e, 0x10, 0x00, + 0x00, 0x2a, 0x30, 0x00, 0x01, 0x51, + 0x80, 0x00, 0x00, 0x0e, 0x10, /* Additional */ - 0xc0, - 0x3d, - 0x00, - 0x01, - 0x00, - 0x01, - 0x00, - 0x00, - 0x01, - 0x2c, - 0x00, - 0x04, - 0x7f, - 0x00, - 0x00, - 0x01, + 0xc0, 0x3d, 0x00, 0x01, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x04, + 0x7f, 0x00, 0x00, 0x01, }; + // clang-format on Flow f; Packet *p = NULL; @@ -1049,77 +811,37 @@ static int DetectDnsResponseTest05(void) */ static int DetectDnsResponseTest06(void) { + // clang-format off uint8_t buf[] = { - 0x53, - 0x19, /* ID */ - 0x85, - 0x80, /* Flags */ - 0x00, - 0x01, /* num queries */ - 0x00, - 0x02, /* num answers */ - 0x00, - 0x00, /* num authority */ - 0x00, - 0x00, /* num additional */ + 0x53, 0x19, /* ID */ + 0x85, 0x80, /* Flags */ + 0x00, 0x01, /* num queries */ + 0x00, 0x02, /* num answers */ + 0x00, 0x00, /* num authority */ + 0x00, 0x00, /* num additional */ /* Query */ - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, /* google.com */ - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x00, - 0x02, /* Type: NS */ - 0x00, - 0x01, /* Class: IN */ + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, /* google.com */ + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x02, /* Type: NS */ + 0x00, 0x01, /* Class: IN */ /* Answer 1/2 */ - 0xc0, - 0x0c, /* Name: google.com (pointer to query bytes) */ - 0x00, - 0x02, /* Type: NS */ - 0x00, - 0x01, /* Class: IN*/ - 0x00, - 0x00, - 0x01, - 0x2c, /* TTL: 300 */ - 0x00, - 0x06, /* Data length: 6 */ + 0xc0, 0x0c, /* Name: google.com (pointer to query bytes) */ + 0x00, 0x02, /* Type: NS */ + 0x00, 0x01, /* Class: IN*/ + 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ + 0x00, 0x06, /* Data length: 6 */ /* ns1.google.com (google.com pointer to query bytes)*/ - 0x03, - 0x6e, - 0x73, - 0x31, - 0xc0, - 0x0c, + 0x03, 0x6e, 0x73, 0x31, 0xc0, 0x0c, /* Answer 2/2 */ - 0xc0, - 0x0c, /* Name: google.com (pointer to query bytes) */ - 0x00, - 0x02, /* Type: NS */ - 0x00, - 0x01, /* Class: IN */ - 0x00, - 0x00, - 0x01, - 0x2c, /* TTL: 300 */ - 0x00, - 0x06, /* Data length: 6 */ + 0xc0, 0x0c, /* Name: google.com (pointer to query bytes) */ + 0x00, 0x02, /* Type: NS */ + 0x00, 0x01, /* Class: IN */ + 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ + 0x00, 0x06, /* Data length: 6 */ /* ns2.google.com (google.com pointer to query bytes)*/ - 0x03, - 0x6e, - 0x73, - 0x32, - 0xc0, - 0x0c, + 0x03, 0x6e, 0x73, 0x32, 0xc0, 0x0c, }; + // clang-format on Flow f; Packet *p = NULL; @@ -1188,90 +910,34 @@ static int DetectDnsResponseTest06(void) /** \test ns1.google.com match authority data field in response (SOA) */ static int DetectDnsResponseTest07(void) { + // clang-format off uint8_t buf[] = { - 0x61, - 0xb7, /* ID */ - 0x85, - 0x80, /* Flags */ - 0x00, - 0x01, /* num queries */ - 0x00, - 0x00, /* num answers */ - 0x00, - 0x01, /* num authority */ - 0x00, - 0x00, /* num additional */ + 0x61, 0xb7, /* ID */ + 0x85, 0x80, /* Flags */ + 0x00, 0x01, /* num queries */ + 0x00, 0x00, /* num answers */ + 0x00, 0x01, /* num authority */ + 0x00, 0x00, /* num additional */ /* Query, name: www.google.com */ - 0x03, - 0x77, - 0x77, - 0x77, - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x00, - 0x01, - 0x00, - 0x01, + 0x03, 0x77, 0x77, 0x77, 0x06, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x03, + 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, + 0x00, 0x01, /* Authority */ - 0xc0, - 0x10, /* Name: google.com (pointer to query bytes) */ - 0x00, - 0x06, /* Type: SOA */ - 0x00, - 0x01, /* Class: IN */ - 0x00, - 0x00, - 0x01, - 0x2c, /* TTL: 300 */ - 0x00, - 0x23, /* Data length: 35 */ + 0xc0, 0x10, /* Name: google.com (pointer to query bytes) */ + 0x00, 0x06, /* Type: SOA */ + 0x00, 0x01, /* Class: IN */ + 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ + 0x00, 0x23, /* Data length: 35 */ /* Primary name server: ns1.google.com */ - 0x03, - 0x6e, - 0x73, - 0x31, - 0xc0, - 0x10, /* 0xc010 pointer to query */ - 0x06, - 0x61, - 0x6e, - 0x64, - 0x72, - 0x65, - 0x69, - 0xc0, - 0x10, - 0x0b, - 0xff, - 0xb4, - 0x5f, - 0x00, - 0x00, - 0x0e, - 0x10, - 0x00, - 0x00, - 0x2a, - 0x30, - 0x00, - 0x01, - 0x51, - 0x80, - 0x00, - 0x00, - 0x0e, - 0x10, + 0x03, 0x6e, 0x73, 0x31, 0xc0, 0x10, /* 0xc010 pointer to query */ + 0x06, 0x61, 0x6e, 0x64, 0x72, 0x65, + 0x69, 0xc0, 0x10, 0x0b, 0xff, 0xb4, + 0x5f, 0x00, 0x00, 0x0e, 0x10, 0x00, + 0x00, 0x2a, 0x30, 0x00, 0x01, 0x51, + 0x80, 0x00, 0x00, 0x0e, 0x10, }; + // clang-format on Flow f; Packet *p = NULL; @@ -1340,138 +1006,49 @@ static int DetectDnsResponseTest07(void) /** \test ns2.google.com match second additional data field in response (NS) */ static int DetectDnsResponseTest08(void) { + // clang-format off uint8_t buf[] = { - 0x50, - 0x42, /* ID */ - 0x85, - 0x80, /* Flags */ - 0x00, - 0x01, /* num queries */ - 0x00, - 0x01, /* num answers */ - 0x00, - 0x01, /* num authority */ - 0x00, - 0x02, /* num additional */ + 0x50, 0x42, /* ID */ + 0x85, 0x80, /* Flags */ + 0x00, 0x01, /* num queries */ + 0x00, 0x01, /* num answers */ + 0x00, 0x01, /* num authority */ + 0x00, 0x02, /* num additional */ /* Query, name: google.com */ - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x00, - 0x01, - 0x00, - 0x01, /* Type: A, Class: IN */ + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x01, 0x00, 0x01, /* Type: A, Class: IN */ /* Answer */ - 0xc0, - 0x0c, - 0x00, - 0x01, - 0x00, - 0x01, - 0x00, - 0x00, - 0x01, - 0x2c, - 0x00, - 0x04, - 0x7f, - 0x00, - 0x00, - 0x01, + 0xc0, 0x0c, 0x00, 0x01, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x04, + 0x7f, 0x00, 0x00, 0x01, /* Authority */ - 0xc0, - 0x0c, - 0x00, - 0x06, - 0x00, - 0x01, - 0x00, - 0x00, - 0x01, - 0x2c, - 0x00, - 0x23, + 0xc0, 0x0c, 0x00, 0x06, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x23, /* NS: ns1.google.com */ - 0x03, - 0x6e, - 0x73, - 0x31, - 0xc0, - 0x0c, - 0x06, - 0x61, - 0x6e, - 0x64, - 0x72, - 0x65, - 0x69, - 0xc0, - 0x0c, - 0x0b, - 0xff, - 0xb4, - 0x5f, - 0x00, - 0x00, - 0x0e, - 0x10, - 0x00, - 0x00, - 0x2a, - 0x30, - 0x00, - 0x01, - 0x51, - 0x80, - 0x00, - 0x00, - 0x0e, - 0x10, + 0x03, 0x6e, 0x73, 0x31, 0xc0, 0x0c, + 0x06, 0x61, 0x6e, 0x64, 0x72, 0x65, + 0x69, 0xc0, 0x0c, 0x0b, 0xff, 0xb4, + 0x5f, 0x00, 0x00, 0x0e, 0x10, 0x00, + 0x00, 0x2a, 0x30, 0x00, 0x01, 0x51, + 0x80, 0x00, 0x00, 0x0e, 0x10, /* Additional 1/2 */ - 0xc0, - 0x0c, /* name: google.com (pointer to query) */ - 0x00, - 0x02, /* Type: NS */ - 0x00, - 0x01, /* Class: IN */ - 0x00, - 0x00, - 0x01, - 0x2c, /* TTL: 300 */ - 0x00, - 0x02, /* Data length: 2 */ - 0xc0, - 0x38, /* Pointer to ns1.google.com in Authority */ + 0xc0, 0x0c, /* name: google.com (pointer to query) */ + 0x00, 0x02, /* Type: NS */ + 0x00, 0x01, /* Class: IN */ + 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ + 0x00, 0x02, /* Data length: 2 */ + 0xc0, 0x38, /* Pointer to ns1.google.com in Authority */ /* Additional 2/2 */ - 0xc0, - 0x0c, /* name: google.com (pointer to query) */ - 0x00, - 0x02, /* Type: NS */ - 0x00, - 0x01, /* Class: IN */ - 0x00, - 0x00, - 0x01, - 0x2c, /* TTL: 300 */ - 0x00, - 0x06, /* Data length: 6 */ + 0xc0, 0x0c, /* name: google.com (pointer to query) */ + 0x00, 0x02, /* Type: NS */ + 0x00, 0x01, /* Class: IN */ + 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ + 0x00, 0x06, /* Data length: 6 */ /* ns2.google.com (google.com pointer to query) */ - 0x03, - 0x6e, - 0x73, - 0x32, - 0xc0, - 0x0c, + 0x03, 0x6e, 0x73, 0x32, 0xc0, 0x0c, }; + // clang-format on Flow f; Packet *p = NULL; @@ -1540,39 +1117,21 @@ static int DetectDnsResponseTest08(void) /** \test google.com match query name field in response (TCP) */ static int DetectDnsResponseTest09(void) { + // clang-format off uint8_t buf[] = { - 0x00, - 28, /* tcp len */ - 0x10, - 0x31, /* ID */ - 0x85, - 0x80, /* Flags */ - 0x00, - 0x01, /* questions: 1 */ - 0x00, - 0x00, /* answer_rrs: 0 */ - 0x00, - 0x00, /* authority_rrs: 0 */ - 0x00, - 0x00, /* additional_rr: 0 */ + 0x00, 28, /* tcp len */ + 0x10, 0x31, /* ID */ + 0x85, 0x80, /* Flags */ + 0x00, 0x01, /* questions: 1 */ + 0x00, 0x00, /* answer_rrs: 0 */ + 0x00, 0x00, /* authority_rrs: 0 */ + 0x00, 0x00, /* additional_rr: 0 */ /* Query */ - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x00, - 0x01, - 0x00, - 0x01, + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x01, 0x00, 0x01, }; + // clang-format on Flow f; Packet *p = NULL; @@ -1641,95 +1200,68 @@ static int DetectDnsResponseTest09(void) /** \test multi tx (mail,ns2).google.com response matching */ static int DetectDnsResponseTest10(void) { + // clang-format off /* Query 1/2 */ uint8_t buf1[] = { - 0xa1, 0xc4, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, /* google.com */ - 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x0f, 0x00, 0x01, /* Type: MX, Class: IN */ + 0xa1, 0xc4, 0x01, 0x20, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, /* google.com */ + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x0f, 0x00, 0x01, /* Type: MX, Class: IN */ }; /* Response 1/2 */ uint8_t buf2[] = { - 0xa1, - 0xc4, - 0x85, - 0x80, - 0x00, - 0x01, - 0x00, - 0x01, - 0x00, - 0x00, - 0x00, - 0x00, + 0xa1, 0xc4, 0x85, 0x80, 0x00, 0x01, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, /* Query */ - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x00, - 0x0f, - 0x00, - 0x01, + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x0f, 0x00, 0x01, /* Answer data: mail.google.com */ - 0xc0, - 0x0c, - 0x00, - 0x0f, - 0x00, - 0x01, - 0x00, - 0x00, - 0x01, - 0x2c, - 0x00, - 0x09, - 0x00, - 0x0a, - 0x04, - 0x6d, - 0x61, - 0x69, - 0x6c, - 0xc0, - 0x0c, - 0xc0, - 0x0c, + 0xc0, 0x0c, 0x00, 0x0f, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x09, + 0x00, 0x0a, 0x04, 0x6d, 0x61, 0x69, + 0x6c, 0xc0, 0x0c, 0xc0, 0x0c, }; /* Query 2/2 */ uint8_t buf3[] = { - 0xc1, 0xc5, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, /* google.com */ - 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01, /* Type: A, Class: IN */ + 0xc1, 0xc5, 0x01, 0x20, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, /* google.com */ + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x01, 0x00, 0x01, /* Type: A, Class: IN */ }; /* Response 2/2 */ uint8_t buf4[] = { - 0xc1, 0xc5, 0x85, 0x80, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x02, + 0xc1, 0xc5, 0x85, 0x80, 0x00, 0x01, + 0x00, 0x01, 0x00, 0x01, 0x00, 0x02, /* Query */ 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, /* google.com */ - 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01, + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x01, 0x00, 0x01, /* Answer */ - 0xc0, 0x0c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x2c, 0x00, 0x04, 0x7f, 0x00, 0x00, - 0x01, + 0xc0, 0x0c, 0x00, 0x01, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x04, + 0x7f, 0x00, 0x00, 0x01, /* Authority */ - 0xc0, 0x0c, 0x00, 0x06, 0x00, 0x01, 0x00, 0x00, 0x01, 0x2c, 0x00, 0x23, 0x03, 0x6e, 0x73, - 0x31, 0xc0, 0x0c, /* ns1.google.com */ - 0x06, 0x61, 0x6e, 0x64, 0x72, 0x65, 0x69, 0xc0, 0x0c, 0x0b, 0xff, 0xb4, 0x5f, 0x00, 0x00, - 0x0e, 0x10, 0x00, 0x00, 0x2a, 0x30, 0x00, 0x01, 0x51, 0x80, 0x00, 0x00, 0x0e, 0x10, + 0xc0, 0x0c, 0x00, 0x06, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x23, + 0x03, 0x6e, 0x73, 0x31, 0xc0, 0x0c, /* ns1.google.com */ + 0x06, 0x61, 0x6e, 0x64, 0x72, 0x65, + 0x69, 0xc0, 0x0c, 0x0b, 0xff, 0xb4, + 0x5f, 0x00, 0x00, 0x0e, 0x10, 0x00, + 0x00, 0x2a, 0x30, 0x00, 0x01, 0x51, + 0x80, 0x00, 0x00, 0x0e, 0x10, /* Additional 1/2 */ - 0xc0, 0x0c, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x01, 0x2c, 0x00, 0x02, 0xc0, - 0x38, /* ns1.google.com */ + 0xc0, 0x0c, 0x00, 0x02, 0x00, + 0x01, 0x00, 0x00, 0x01, 0x2c, 0x00, + 0x02, 0xc0, 0x38, /* ns1.google.com */ /* Additional 2/2 */ - 0xc0, 0x0c, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x01, 0x2c, 0x00, 0x06, 0x03, 0x6e, 0x73, - 0x32, 0xc0, 0x0c, /* ns2.google.com */ + 0xc0, 0x0c, 0x00, 0x02, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x06, + 0x03, 0x6e, 0x73, 0x32, 0xc0, 0x0c, /* ns2.google.com */ }; + // clang-format on Flow f; Packet *p1 = NULL, *p2 = NULL, *p3 = NULL, *p4 = NULL; @@ -1882,138 +1414,49 @@ static int DetectDnsResponseTest10(void) /** \test google.com and ns2.google.com response matching, pcre */ static int DetectDnsResponseTest11(void) { + // clang-format off uint8_t buf[] = { - 0x50, - 0x42, /* ID */ - 0x85, - 0x80, /* Flags */ - 0x00, - 0x01, /* num queries */ - 0x00, - 0x01, /* num answers */ - 0x00, - 0x01, /* num authority */ - 0x00, - 0x02, /* num additional */ + 0x50, 0x42, /* ID */ + 0x85, 0x80, /* Flags */ + 0x00, 0x01, /* num queries */ + 0x00, 0x01, /* num answers */ + 0x00, 0x01, /* num authority */ + 0x00, 0x02, /* num additional */ /* Query, name: google.com */ - 0x06, - 0x67, - 0x6f, - 0x6f, - 0x67, - 0x6c, - 0x65, - 0x03, - 0x63, - 0x6f, - 0x6d, - 0x00, - 0x00, - 0x01, - 0x00, - 0x01, /* Type: A, Class: IN */ + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x01, 0x00, 0x01, /* Type: A, Class: IN */ /* Answer */ - 0xc0, - 0x0c, - 0x00, - 0x01, - 0x00, - 0x01, - 0x00, - 0x00, - 0x01, - 0x2c, - 0x00, - 0x04, - 0x7f, - 0x00, - 0x00, - 0x01, + 0xc0, 0x0c, 0x00, 0x01, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x04, + 0x7f, 0x00, 0x00, 0x01, /* Authority */ - 0xc0, - 0x0c, - 0x00, - 0x06, - 0x00, - 0x01, - 0x00, - 0x00, - 0x01, - 0x2c, - 0x00, - 0x23, + 0xc0, 0x0c, 0x00, 0x06, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x23, /* NS: ns1.google.com */ - 0x03, - 0x6e, - 0x73, - 0x31, - 0xc0, - 0x0c, - 0x06, - 0x61, - 0x6e, - 0x64, - 0x72, - 0x65, - 0x69, - 0xc0, - 0x0c, - 0x0b, - 0xff, - 0xb4, - 0x5f, - 0x00, - 0x00, - 0x0e, - 0x10, - 0x00, - 0x00, - 0x2a, - 0x30, - 0x00, - 0x01, - 0x51, - 0x80, - 0x00, - 0x00, - 0x0e, - 0x10, + 0x03, 0x6e, 0x73, 0x31, 0xc0, 0x0c, + 0x06, 0x61, 0x6e, 0x64, 0x72, 0x65, + 0x69, 0xc0, 0x0c, 0x0b, 0xff, 0xb4, + 0x5f, 0x00, 0x00, 0x0e, 0x10, 0x00, + 0x00, 0x2a, 0x30, 0x00, 0x01, 0x51, + 0x80, 0x00, 0x00, 0x0e, 0x10, /* Additional 1/2 */ - 0xc0, - 0x0c, /* name: google.com (pointer to query) */ - 0x00, - 0x02, /* Type: NS */ - 0x00, - 0x01, /* Class: IN */ - 0x00, - 0x00, - 0x01, - 0x2c, /* TTL: 300 */ - 0x00, - 0x02, /* Data length: 2 */ - 0xc0, - 0x38, /* Pointer to ns1.google.com in Authority */ + 0xc0, 0x0c, /* name: google.com (pointer to query) */ + 0x00, 0x02, /* Type: NS */ + 0x00, 0x01, /* Class: IN */ + 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ + 0x00, 0x02, /* Data length: 2 */ + 0xc0, 0x38, /* Pointer to ns1.google.com in Authority */ /* Additional 2/2 */ - 0xc0, - 0x0c, /* name: google.com (pointer to query) */ - 0x00, - 0x02, /* Type: NS */ - 0x00, - 0x01, /* Class: IN */ - 0x00, - 0x00, - 0x01, - 0x2c, /* TTL: 300 */ - 0x00, - 0x06, /* Data length: 6 */ + 0xc0, 0x0c, /* name: google.com (pointer to query) */ + 0x00, 0x02, /* Type: NS */ + 0x00, 0x01, /* Class: IN */ + 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ + 0x00, 0x06, /* Data length: 6 */ /* ns2.google.com (google.com pointer to query) */ - 0x03, - 0x6e, - 0x73, - 0x32, - 0xc0, - 0x0c, + 0x03, 0x6e, 0x73, 0x32, 0xc0, 0x0c, }; + // clang-format on Flow f; Packet *p = NULL; @@ -2093,6 +1536,7 @@ static int DetectDnsResponseTest11(void) */ static int DetectDnsResponseTest12(void) { + // clang-format off uint8_t buf[] = { 0x7a, 0x11, /* ID */ 0x85, 0x80, /* Flags */ @@ -2101,32 +1545,40 @@ static int DetectDnsResponseTest12(void) 0x00, 0x01, /* num authority */ 0x00, 0x02, /* num additional */ /* Query, name: google.com */ - 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, - 0x01, /* Type: A, Class: IN */ + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x01, 0x00, 0x01, /* Type: A, Class: IN */ /* Answer */ - 0xc0, 0x0c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x2c, 0x00, 0x04, 0x7f, 0x00, 0x00, - 0x01, + 0xc0, 0x0c, 0x00, 0x01, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x04, + 0x7f, 0x00, 0x00, 0x01, /* Authority */ - 0xc0, 0x0c, 0x00, 0x06, 0x00, 0x01, 0x00, 0x00, 0x01, 0x2c, 0x00, 0x23, + 0xc0, 0x0c, 0x00, 0x06, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x23, /* NS: ns1.google.com */ - 0x03, 0x6e, 0x73, 0x31, 0xc0, 0x0c, 0x06, 0x61, 0x6e, 0x64, 0x72, 0x65, 0x69, 0xc0, 0x0c, - 0x0b, 0xff, 0xb4, 0x5f, 0x00, 0x00, 0x0e, 0x10, 0x00, 0x00, 0x2a, 0x30, 0x00, 0x01, 0x51, + 0x03, 0x6e, 0x73, 0x31, 0xc0, 0x0c, + 0x06, 0x61, 0x6e, 0x64, 0x72, 0x65, + 0x69, 0xc0, 0x0c, 0x0b, 0xff, 0xb4, + 0x5f, 0x00, 0x00, 0x0e, 0x10, 0x00, + 0x00, 0x2a, 0x30, 0x00, 0x01, 0x51, 0x80, 0x00, 0x00, 0x0e, 0x10, /* Additional 1/2 */ - 0xc0, 0x38, /* name: ns1.google.com (pointer to authority) */ - 0x00, 0x01, /* Type: A */ - 0x00, 0x01, /* Class: IN */ + 0xc0, 0x38, /* name: ns1.google.com (pointer to authority) */ + 0x00, 0x01, /* Type: A */ + 0x00, 0x01, /* Class: IN */ 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ - 0x00, 0x04, /* Data length: 4 */ + 0x00, 0x04, /* Data length: 4 */ 0x7f, 0x00, 0x00, 0x01, /* 127.0.0.1 */ /* Additional 2/2 */ /* name: ns2.google.com (ns2 + pointer to query) */ - 0x03, 0x6e, 0x73, 0x32, 0xc0, 0x0c, 0x00, 0x01, /* Type: A */ - 0x00, 0x01, /* Class: IN */ - 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ - 0x00, 0x04, /* Data length: 4 */ - 0x7f, 0x00, 0x00, 0x01, /* 127.0.0.1 */ + 0x03, 0x6e, 0x73, 0x32, 0xc0, 0x0c, + 0x00, 0x01, /* Type: A */ + 0x00, 0x01, /* Class: IN */ + 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ + 0x00, 0x04, /* Data length: 4 */ + 0x7f, 0x00, 0x00, 0x01, /* 127.0.0.1 */ }; + // clang-format on Flow f; Packet *p = NULL; @@ -2200,6 +1652,7 @@ static int DetectDnsResponseTest12(void) */ static int DetectDnsResponseTest13(void) { + // clang-format off uint8_t buf[] = { 0x7a, 0x11, /* ID */ 0x85, 0x80, /* Flags */ @@ -2208,32 +1661,40 @@ static int DetectDnsResponseTest13(void) 0x00, 0x01, /* num authority */ 0x00, 0x02, /* num additional */ /* Query, name: google.com */ - 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, - 0x01, /* Type: A, Class: IN */ + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, + 0x00, 0x01, 0x00, 0x01, /* Type: A, Class: IN */ /* Answer */ - 0xc0, 0x0c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x2c, 0x00, 0x04, 0x7f, 0x00, 0x00, - 0x01, + 0xc0, 0x0c, 0x00, 0x01, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x04, + 0x7f, 0x00, 0x00, 0x01, /* Authority */ - 0xc0, 0x0c, 0x00, 0x06, 0x00, 0x01, 0x00, 0x00, 0x01, 0x2c, 0x00, 0x23, + 0xc0, 0x0c, 0x00, 0x06, 0x00, 0x01, + 0x00, 0x00, 0x01, 0x2c, 0x00, 0x23, /* NS: ns1.google.com */ - 0x03, 0x6e, 0x73, 0x31, 0xc0, 0x0c, 0x06, 0x61, 0x6e, 0x64, 0x72, 0x65, 0x69, 0xc0, 0x0c, - 0x0b, 0xff, 0xb4, 0x5f, 0x00, 0x00, 0x0e, 0x10, 0x00, 0x00, 0x2a, 0x30, 0x00, 0x01, 0x51, + 0x03, 0x6e, 0x73, 0x31, 0xc0, 0x0c, + 0x06, 0x61, 0x6e, 0x64, 0x72, 0x65, + 0x69, 0xc0, 0x0c, 0x0b, 0xff, 0xb4, + 0x5f, 0x00, 0x00, 0x0e, 0x10, 0x00, + 0x00, 0x2a, 0x30, 0x00, 0x01, 0x51, 0x80, 0x00, 0x00, 0x0e, 0x10, /* Additional 1/2 */ - 0xc0, 0x38, /* name: ns1.google.com (pointer to authority) */ - 0x00, 0x01, /* Type: A */ - 0x00, 0x01, /* Class: IN */ + 0xc0, 0x38, /* name: ns1.google.com (pointer to authority) */ + 0x00, 0x01, /* Type: A */ + 0x00, 0x01, /* Class: IN */ 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ - 0x00, 0x04, /* Data length: 4 */ + 0x00, 0x04, /* Data length: 4 */ 0x7f, 0x00, 0x00, 0x01, /* 127.0.0.1 */ /* Additional 2/2 */ /* name: ns2.google.com (ns2 + pointer to query) */ - 0x03, 0x6e, 0x73, 0x32, 0xc0, 0x0c, 0x00, 0x01, /* Type: A */ - 0x00, 0x01, /* Class: IN */ - 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ - 0x00, 0x04, /* Data length: 4 */ - 0x7f, 0x00, 0x00, 0x01, /* 127.0.0.1 */ + 0x03, 0x6e, 0x73, 0x32, 0xc0, 0x0c, + 0x00, 0x01, /* Type: A */ + 0x00, 0x01, /* Class: IN */ + 0x00, 0x00, 0x01, 0x2c, /* TTL: 300 */ + 0x00, 0x04, /* Data length: 4 */ + 0x7f, 0x00, 0x00, 0x01, /* 127.0.0.1 */ }; + // clang-format on Flow f; Packet *p = NULL;