RR type for SSHFP incorrect in scripts/base/protocols/dns/consts.bro

Description

Bro incorrectly logs DNS RR type 44 as SINK.
Bro incorrectly logs DNS RR type 45 as SSHFP.

RR type 44 is SSHFP per https://tools.ietf.org/html/rfc4255#section-3.1
RR type 45 is IPSECKEY per https://tools.ietf.org/html/rfc4025

This results in DNS requests for host keys being logged as SINK not SSHFP.

This should result in IPSECKEY logged as SSHFP although I don't have a test case.

I think the problem is in:

scripts/base/protocols/dns/consts.bro

Lines 24 and 25:

[EDNS] = "EDNS", [42] = "APL", [43] = "DS", [44] = "SINK",
[45] = "SSHFP", [46] = "RRSIG", [47] = "NSEC", [48] = "DNSKEY",

Should be:

[EDNS] = "EDNS", [42] = "APL", [43] = "DS", [44] = "SSHFP",
[45] = "IPSECKEY", [46] = "RRSIG", [47] = "NSEC", [48] = "DNSKEY",

If you would like a patch with the fix, please let me know,

Environment

None

Assignee

Unassigned

Reporter

J. Edward Durrett

Labels

External issue ID

None

Components

Fix versions

Affects versions

Priority

Normal
Configure