Merge remote-tracking branch 'origin/dev/2.7'

* origin/dev/2.7:
  Improve introspection of Record and TypeType values
  Bro plugins should support a patch version (x.y.z)
  GH-148: add priority to DNSSEC event handlers
  DNSSEC support in Bro

CHANGES

@@ -1,4 +1,19 @@
 
+2.6-14 | 2018-11-29 16:27:38 -0600
+
+  * Improve introspection of Record and TypeType values (Jon Siwek, Corelight)
+
+    * TypeType values are now printable and yield the type name/alias
+    * Fix record_fields BIF to return correct type name for fields
+    * Allow TypeType values that point to a RecordType to be used with
+      record_fields BIF
+
+  * Bro plugins should support a patch version (x.y.z) (Jon Zeolla)
+
+  * GH-148: add priority to DNSSEC event handlers (Jon Siwek, Corelight)
+
+  * DNSSEC support (Fatema Bannat Wala)
+
 2.6 | 2018-11-29 10:03:33 -0600
 
   * Release 2.6.

NEWS

@@ -1,8 +1,40 @@
 
 This document summarizes the most important changes in the current Bro
 release. For an exhaustive list of changes, see the ``CHANGES`` file
-(note that submodules, such as BroControl and Broccoli, come with
-their own ``CHANGES``.)
+(note that submodules, such as Broker, come with their own ``CHANGES``.)
+
+Bro 2.7
+=======
+
+New Functionality
+-----------------
+
+- Added support for DNSSEC resource records RRSIG, DNSKEY, DS, NSEC, and NSEC3.
+  The associated events are:
+
+  - dns_RRSIG
+  - dns_DNSKEY
+  - dns_DS
+  - dns_NSEC
+  - dns_NSEC3
+
+- Bro's Plugin framework now allows a patch version.  If a patch version is not
+  provided, it will default to 0.  To specify this, modify the plugin
+  Configuration class in your ``src/Plugin.cc` and set
+  ``config.version.patch``.  Note that the default plugin skeleton
+  includes a unit test whose Baseline has the plugin version number in
+  it and that will now fail due to the version number now including a
+  patch number.  For those that want to keep the unit test, simply adapt
+  the unit test/baseline to include the new plugin patch number.
+
+Changed Functionality
+---------------------
+
+Removed Functionality
+---------------------
+
+Deprecated Functionality
+------------------------
 
 Bro 2.6
 =======

VERSION

@@ -1 +1 @@
-2.6
+2.6-14

doc/devel/plugins.rst

@@ -99,7 +99,7 @@ option::
     # export BRO_PLUGIN_PATH=/path/to/rot13-plugin/build
     # bro -N
     [...]
-    Demo::Rot13 - <Insert description> (dynamic, version 0.1)
+    Demo::Rot13 - <Insert description> (dynamic, version 0.1.0)
     [...]
 
 That looks quite good, except for the dummy description that we should
@@ -115,6 +115,7 @@ is about.  We do this by editing the ``config.description`` line in
         config.description = "Caesar cipher rotating a string's characters by 13 places.";
         config.version.major = 0;
         config.version.minor = 1;
+        config.version.patch = 0;
         return config;
         }
     [...]
@@ -124,14 +125,14 @@ Now rebuild and verify that the description is visible::
     # make
     [...]
     # bro -N | grep Rot13
-    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1)
+    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1.0)
 
 Bro can also show us what exactly the plugin provides with the
 more verbose option ``-NN``::
 
     # bro -NN
     [...]
-    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1)
+    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1.0)
         [Function] Demo::rot13
     [...]
 
@@ -166,7 +167,7 @@ unpacking.
 
 To distribute the plugin in binary form, the build process
 conveniently creates a corresponding tarball in ``build/dist/``. In
-this case, it's called ``Demo_Rot13-0.1.tar.gz``, with the version
+this case, it's called ``Demo_Rot13-0.1.0.tar.gz``, with the version
 number coming out of the ``VERSION`` file that ``init-plugin`` put
 into place. The binary tarball has everything needed to run the
 plugin, but no further source files. Optionally, one can include
@@ -395,7 +396,7 @@ let's get that in place::
     % 'btest-diff output' failed unexpectedly (exit code 100)
     % cat .diag
     == File ===============================
-    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1)
+    Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1.0)
         [Function] Demo::rot13
 
     == Error ===============================

scripts/base/init-bare.bro

@@ -3544,6 +3544,67 @@ type dns_tsig_additional: record {
 	is_query: count;	##< TODO.
 };
 
+## A DNSSEC RRSIG record.
+##
+## .. bro:see:: dns_RRSIG
+type dns_rrsig_rr: record {
+	query: string;			##< Query.
+	answer_type: count;		##< Ans type.
+	type_covered: count;	##< qtype covered by RRSIG RR.
+	algorithm: count;		##< Algorithm.
+	labels: count;			##< Labels in the owner's name.
+	orig_ttl: interval;		##< Original TTL.
+	sig_exp: time;			##< Time when signed RR expires.
+	sig_incep: time;		##< Time when signed.
+	key_tag: count;			##< Key tag value.
+	signer_name: string;	##< Signature.
+	signature: string;		##< Hash of the RRDATA.
+	is_query: count;		##< The RR is a query/Response.
+};
+
+## A DNSSEC DNSKEY record.
+##
+## .. bro:see:: dns_DNSKEY
+type dns_dnskey_rr: record {
+	query: string;		##< Query.
+	answer_type: count;	##< Ans type.
+	flags: count;		##< flags filed.
+	protocol: count;	##< Protocol, should be always 3 for DNSSEC.
+	algorithm: count;	##< Algorithm for Public Key.
+	public_key: string;	##< Public Key
+	is_query: count;	##< The RR is a query/Response.
+};
+
+## A DNSSEC NSEC3 record.
+##
+## .. bro:see:: dns_NSEC3
+type dns_nsec3_rr: record {
+	query: string;			##< Query.
+	answer_type: count;		##< Ans type.
+	nsec_flags: count;		##< flags field.
+	nsec_hash_algo: count;	##< Hash algorithm.
+	nsec_iter: count;		##< Iterations.
+	nsec_salt_len: count; 	##< Salt length.
+	nsec_salt: string;		##< Salt value
+	nsec_hlen: count;		##< Hash length.
+	nsec_hash: string;		##< Hash value.
+	bitmaps: string_vec;	##< Type Bit Maps.
+	is_query: count;		##< The RR is a query/Response.
+};
+
+## A DNSSEC DS record.
+##
+## .. bro:see:: dns_DS
+type dns_ds_rr: record {
+	query: string;		##< Query.
+	answer_type: count;	##< Ans type.
+	key_tag: count;		##< flags filed.
+	algorithm: count;	##< Algorithm for Public Key.
+	digest_type: count;	##< Digest Type.
+	digest_val: string;	##< Digest Value.
+	is_query: count;	##< The RR is a query/Response.
+};
+
 # DNS answer types.
 #
 # .. bro:see:: dns_answerr

scripts/base/protocols/dns/consts.bro

@@ -130,4 +130,37 @@ export {
 		[254] = "C_NONE",
 		[255] = "C_ANY",
 	} &default = function(n: count): string { return fmt("qclass-%d", n); };
+
+	## Possible values of the algorithms used in DNSKEY, DS and RRSIG records
+	const algorithms = {
+		[0] = "reserved0",
+		[1] = "RSA_MD5",
+		[2] = "Diffie_Hellman",
+		[3] = "DSA_SHA1",
+		[4] = "Elliptic_Curve",
+		[5] = "RSA_SHA1",
+		[6] = "DSA_NSEC3_SHA1",
+		[7] = "RSA_SHA1_NSEC3_SHA1",
+		[8] = "RSA_SHA256",
+		[10] = "RSA_SHA512",
+		[12] = "GOST_R_34_10_2001",
+		[13] = "ECDSA_curveP256withSHA256",
+		[14] = "ECDSA_curveP384withSHA384",
+		[15] = "Ed25519",
+		[16] = "Ed448",
+		[252] = "Indirect",
+		[253] = "PrivateDNS",
+		[254] = "PrivateOID",
+		[255] = "reserved255",
+	} &default = function(n: count): string { return fmt("algorithm-%d", n); };
+
+	## Possible digest types used in DNSSEC.
+	const digests = {
+		[0] = "reserved0",
+		[1] = "SHA1",
+		[2] = "SHA256",
+		[3] = "GOST_R_34_11_94",
+		[4] = "SHA384",
+	} &default = function(n: count): string { return fmt("digest-%d", n); };
+
 }

scripts/base/protocols/dns/main.bro

@@ -466,6 +466,38 @@ event dns_SRV_reply(c: connection, msg: dns_msg, ans: dns_answer, target: string
 #
 #	}
 
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr) &priority=5
+	{
+	local s: string;
+	s = fmt("RRSIG %s %s", rrsig$type_covered,
+	        rrsig$signer_name == "" ? "<Root>" : rrsig$signer_name);
+	hook DNS::do_reply(c, msg, ans, s);
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr) &priority=5
+	{
+	local s: string;
+	s = fmt("DNSKEY %s", dnskey$algorithm);
+	hook DNS::do_reply(c, msg, ans, s);
+	}
+
+event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec) &priority=5
+	{
+	hook DNS::do_reply(c, msg, ans, fmt("NSEC %s %s", ans$query, next_name));
+	}
+
+event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr) &priority=5
+	{
+	hook DNS::do_reply(c, msg, ans, "NSEC3");
+	}
+
+event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr) &priority=5
+	{
+	local s: string;
+	s = fmt("DS %s %s", ds$algorithm, ds$digest_type);
+	hook DNS::do_reply(c, msg, ans, s);
+	}
+
 event dns_rejected(c: connection, msg: dns_msg, query: string, qtype: count, qclass: count) &priority=5
 	{
 	if ( c?$dns )

src/NetVar.cc

@@ -115,6 +115,10 @@ RecordType* dns_answer;
 RecordType* dns_soa;
 RecordType* dns_edns_additional;
 RecordType* dns_tsig_additional;
+RecordType* dns_rrsig_rr;
+RecordType* dns_dnskey_rr;
+RecordType* dns_nsec3_rr;
+RecordType* dns_ds_rr;
 TableVal* dns_skip_auth;
 TableVal* dns_skip_addl;
 int dns_skip_all_auth;
@@ -430,7 +434,10 @@ void init_net_var()
 		internal_type("dns_edns_additional")->AsRecordType();
 	dns_tsig_additional =
 		internal_type("dns_tsig_additional")->AsRecordType();
-
+	dns_rrsig_rr = internal_type("dns_rrsig_rr")->AsRecordType();
+	dns_dnskey_rr = internal_type("dns_dnskey_rr")->AsRecordType();
+	dns_nsec3_rr = internal_type("dns_nsec3_rr")->AsRecordType();
+	dns_ds_rr = internal_type("dns_ds_rr")->AsRecordType();
 	dns_skip_auth = internal_val("dns_skip_auth")->AsTableVal();
 	dns_skip_addl = internal_val("dns_skip_addl")->AsTableVal();
 	dns_skip_all_auth = opt_internal_int("dns_skip_all_auth");

src/NetVar.h

@@ -118,6 +118,10 @@ extern RecordType* dns_answer;
 extern RecordType* dns_soa;
 extern RecordType* dns_edns_additional;
 extern RecordType* dns_tsig_additional;
+extern RecordType* dns_rrsig_rr;
+extern RecordType* dns_dnskey_rr;
+extern RecordType* dns_nsec3_rr;
+extern RecordType* dns_ds_rr;
 extern TableVal* dns_skip_auth;
 extern TableVal* dns_skip_addl;
 extern int dns_skip_all_auth;

src/Val.cc

@@ -500,6 +500,8 @@ void Val::ValDescribe(ODesc* d) const
 			AsFunc()->Describe(d);
 		else if ( type->Tag() == TYPE_FILE )
 			AsFile()->Describe(d);
+		else if ( type->Tag() == TYPE_TYPE )
+			d->Add(type->AsTypeType()->Type()->GetName());
 		else
 			d->Add("<no value description>");
 		break;