Skip to content

dns: add missing dns keywords to schema.json v6 #10460

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
hadiqaalamdar wants to merge 1 commit into from
Closed

dns: add missing dns keywords to schema.json v6 #10460

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions etc/schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -999,6 +999,10 @@
"description": "DNS opcode as an integer",
"type": "integer"
},
"tc": {
"description": "A 1-bit subfield for truncated response that specifies if the length of the message exceeds the allowed length",
Copy link
Member

@inashivb inashivb Feb 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like others' opinions on this but I think this looks very RFC definition and not very Suricata specific like what does this field in Suricata logs represent. Like DNS truncated response field as a boolean..
Note that this is not a change requested. Would like your and other opinions on this.

Copy link
Contributor

@catenacyber catenacyber Feb 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not think there is a difference for this field between RFC and Suricata...

If I want to be nitpicky, I would say 1-bit subfield is redundant

Copy link
Contributor

@jufajardini jufajardini Feb 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is your question towards description style? If so, I understand what you say.
Have we ever discussed what we'd like these descriptions to look like? Any style guide or something?

Copy link
Member

@jasonish jasonish Feb 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it should be pretty simple, perhaps along the lines of:
DNS truncation flag.

We shouldn't actually say that this means the DNS truncation message was truncated. Its easy to set this value to true or false whether the actual DNS message was truncated or not. So this should just describe what that header value was set to.

"type": "boolean"
},
"answers": {
"type": "array",
"minItems": 1,
Expand Down Expand Up @@ -1034,6 +1038,22 @@
}
},
"additionalProperties": false
},
"sshfp": {
"description": "A Secure Shell fingerprint, used to verify the system’s authenticity",
"type": "object",
"properties": {
"fingerprint": {
"type": "string"
},
"algo": {
"type": "integer"
},
"type": {
"type": "integer"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
Expand Down Expand Up @@ -1190,6 +1210,26 @@
"items": {
"type": "string"
}
},
"SSHFP": {
"description": "A Secure Shell fingerprint is used to verify the system’s authenticity",
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"fingerprint": {
"type": "string"
},
"algo": {
"type": "integer"
},
"type": {
"type": "integer"
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false
Expand Down