Hi,
Im try to add new "dns-request" keyword on Bro Signature langage, but it's not fire.
Anyone help please? (Im not a C++/developper)
ok Im test on bro v2.0 on linux plateform.
Modified two files, first is src/Rule.h :
@@ -37,7 +37,7 @@
enum PatternType {
PAYLOAD, HTTP_REQUEST, HTTP_REQUEST_BODY, HTTP_REQUEST_HEADER,
- HTTP_REPLY_BODY, HTTP_REPLY_HEADER, FTP, FINGER, TYPES,
+ HTTP_REPLY_BODY, HTTP_REPLY_HEADER, DNS_REQUEST, FTP, FINGER, TYPES,
};
bool Active() { return active; }
Second change are src/DNS.cc :
@@ -1093,6 +1093,8 @@
if ( buf_n < msg_size )
// Haven't filled up the message buffer yet, no more to do.
return;
+ Conn()->Match(Rule::DNS_REQUEST, (const u_char*) msg_buf,
+ msg_size, true, true, 1, true);
ForwardPacket(msg_size, msg_buf, orig, -1, 0, 0);
With this new signature:
dns-request /.*g.*/
Regards
Rmkml