aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

eve/dns: allow version to be set with environment variable

Browse Source 
There is no sane way to set override the DNS eve version in Suricata
tests without using a copy of the configuration file, and many of the
tests by design use the configuration file of the Suricata under test,
so making a copy would break this assumption.

To get around this, respect the SURICATA_EVE_DNS_VERSION environment
variable as a way to set the version if not explicitly set in the
configuration file.
pull/11454/head
Jason Ish 1 year ago committed by Victor Julien
parent 575e5b471f
commit b32f6bf381
1 changed files with 48 additions and 32 deletions
Show Stats Download Patch File Download Diff File

80
src/output-json-dns.c
Unescape Escape View File

@ -28,6 +28,7 @@
#include "threadvars.h"
#include "util-byte.h"
#include "util-debug.h"
#include "util-mem.h"
#include "app-layer-parser.h"
@ -447,46 +448,61 @@ static void JsonDnsLogParseConfig(LogDnsFileCtx *dnslog_ctx, ConfNode *conf,
}
}
static uint8_t JsonDnsCheckVersion(ConfNode *conf)
static uint8_t GetDnsLogVersion(ConfNode *conf)
{
// TODO: Convert to _DEFAULT.
uint8_t default_version = DNS_LOG_VERSION_2;
if (conf == NULL) {
SCLogConfig("EVE DNS default to DNS log version %d", DNS_LOG_VERSION_DEFAULT);
return default_version;
return DNS_LOG_VERSION_DEFAULT;
}
char *version_string = NULL;
const ConfNode *version_node = ConfNodeLookupChild(conf, "version");
if (version_node != NULL) {
version_string = version_node->val;
}
if (version_string == NULL) {
version_string = getenv("SURICATA_EVE_DNS_VERSION");
}
if (version_string == NULL) {
return DNS_LOG_VERSION_DEFAULT;
}
uint8_t version;
if (StringParseUint8(&version, 10, 0, version_string) >= 0) {
return version;
}
SCLogWarning("Failed to parse EVE DNS log version of \"%s\"", version_string);
return DNS_LOG_VERSION_DEFAULT;
}
static uint8_t JsonDnsCheckVersion(ConfNode *conf)
{
const uint8_t default_version = DNS_LOG_VERSION_DEFAULT;
const uint8_t version = GetDnsLogVersion(conf);
static bool v1_deprecation_warned = false;
static bool v2_deprecation_warned = false;
const ConfNode *has_version = ConfNodeLookupChild(conf, "version");
if (has_version != NULL) {
intmax_t config_version;
if (ConfGetChildValueInt(conf, "version", &config_version)) {
switch(config_version) {
case 3:
SCLogNotice("DNS EVE v3 not implemented yet, using v2");
return DNS_LOG_VERSION_2;
case 2:
if (!v2_deprecation_warned) {
SCLogNotice("DNS EVE v2 logging has been deprecated and will be removed in "
"Suricata 9.0");
v2_deprecation_warned = true;
}
return DNS_LOG_VERSION_2;
case 1:
if (!v1_deprecation_warned) {
SCLogWarning("DNS EVE v1 logging has been removed, will use v2");
v1_deprecation_warned = true;
}
return default_version;
default:
SCLogWarning("Invalid EVE DNS version \"%s\", will use v%d", has_version->val,
DNS_LOG_VERSION_DEFAULT);
return default_version;
switch (version) {
case 3:
return DNS_LOG_VERSION_3;
case 2:
if (!v2_deprecation_warned) {
SCLogNotice("DNS EVE v2 logging has been deprecated and will be removed in "
"Suricata 9.0");
v2_deprecation_warned = true;
}
}
return DNS_LOG_VERSION_2;
case 1:
if (!v1_deprecation_warned) {
SCLogWarning("DNS EVE v1 logging has been removed, will use v2");
v1_deprecation_warned = true;
}
return default_version;
default:
SCLogWarning(
"Invalid EVE DNS version %d, will use v%d", version, DNS_LOG_VERSION_DEFAULT);
return default_version;
}
return default_version;

Write Preview
Loading…
Cancel
Save