dns: improve handling of tx pick up on response

diff --git a/src/app-layer-dns-udp.c b/src/app-layer-dns-udp.c
index 01393ceee726e0af44305a5051e958cb25a57e32..dcb2f5aa18b817a5103cba3ce9d619c6ce4b4c02 100644 (file)
--- a/src/app-layer-dns-udp.c
+++ b/src/app-layer-dns-udp.c
@@ -277,27 +277,29 @@ static int DNSUDPResponseParse(Flow *f, void *dstate,
         }
     }
 
-    /* parse rcode, e.g. "noerror" or "nxdomain" */
-    uint8_t rcode = ntohs(dns_header->flags) & 0x0F;
-    if (rcode <= DNS_RCODE_NOTZONE) {
-        SCLogDebug("rcode %u", rcode);
-        if (tx != NULL)
-            tx->rcode = rcode;
-    } else {
-        /* this is not invalid, rcodes can be user defined */
-        SCLogDebug("unexpected DNS rcode %u", rcode);
+    /* if we previously didn't have a tx, it could have been created by the
+     * above code, so lets check again */
+    if (tx == NULL) {
+        tx = DNSTransactionFindByTxId(dns_state, ntohs(dns_header->tx_id));
     }
+    if (tx != NULL) {
+        /* parse rcode, e.g. "noerror" or "nxdomain" */
+        uint8_t rcode = ntohs(dns_header->flags) & 0x0F;
+        if (rcode <= DNS_RCODE_NOTZONE) {
+            SCLogDebug("rcode %u", rcode);
+            tx->rcode = rcode;
+        } else {
+            /* this is not invalid, rcodes can be user defined */
+            SCLogDebug("unexpected DNS rcode %u", rcode);
+        }
 
-    if (ntohs(dns_header->flags) & 0x0080) {
-        SCLogDebug("recursion desired");
-        if (tx != NULL)
+        if (ntohs(dns_header->flags) & 0x0080) {
+            SCLogDebug("recursion desired");
             tx->recursion_desired = 1;
-    }
+        }
 
-    if (tx != NULL) {
         tx->replied = 1;
     }
-
     SCReturnInt(1);
 
 bad_data: