Batch backports 6.0.x/1.1: Backports of 5550, 5604

rules/dns-events.rules

@@ -7,3 +7,4 @@ alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server;
 alert dns any any -> any any (msg:"SURICATA DNS Not a response"; flow:to_client; app-layer-event:dns.not_a_response; classtype:protocol-command-decode; sid:2240005; rev:2;)
 # Z flag (reserved) not 0
 alert dns any any -> any any (msg:"SURICATA DNS Z flag set"; app-layer-event:dns.z_flag_set; classtype:protocol-command-decode; sid:2240006; rev:2;)
+alert dns any any -> any any (msg:"SURICATA DNS Invalid opcode"; app-layer-event:dns.invalid_opcode; classtype:protocol-command-decode; sid:2240007; rev:1;)

rust/src/applayer.rs

@@ -23,6 +23,49 @@ use crate::filecontainer::FileContainer;
 use crate::applayer;
 use std::os::raw::{c_void,c_char,c_int};
 
+#[repr(C)]
+pub struct StreamSlice {
+    input: *const u8,
+    input_len: u32,
+    /// STREAM_* flags
+    flags: u8,
+    offset: u64,
+}
+
+impl StreamSlice {
+
+    /// Create a StreamSlice from a Rust slice. Useful in unit tests.
+    pub fn from_slice(slice: &[u8], flags: u8, offset: u64) -> Self {
+        Self {
+            input: slice.as_ptr() as *const u8,
+            input_len: slice.len() as u32,
+            flags,
+            offset
+        }
+    }
+
+    pub fn is_gap(&self) -> bool {
+        self.input.is_null() && self.input_len > 0
+    }
+    pub fn gap_size(&self) -> u32 {
+        self.input_len
+    }
+    pub fn as_slice(&self) -> &[u8] {
+        unsafe { std::slice::from_raw_parts(self.input, self.input_len as usize) }
+    }
+    pub fn is_empty(&self) -> bool {
+        self.input_len == 0
+    }
+    pub fn len(&self) -> u32 {
+        self.input_len
+    }
+    pub fn offset_from(&self, slice: &[u8]) -> u32 {
+        self.len() - slice.len() as u32
+    }
+    pub fn flags(&self) -> u8 {
+        self.flags
+    }
+}
 #[repr(C)]
 #[derive(Debug,PartialEq)]
 pub struct AppLayerTxConfig {