dns: fix transaction handling

When logging is disabled, the app layer would still be flagged
as logging. This caused transactions not to be freed until the
end of the flow as the logged tx id would never increment.

This fix postpones the setting of the app layer parser "logger"
flag to the point where we know the logger is enabled.

diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c
index b56593b54cd2de67275374cfe3f6e39d4301a1b3..5110902ec7638d682a8227032eca7abb5fa2705a 100644 (file)
--- a/src/app-layer-dns-common.c
+++ b/src/app-layer-dns-common.c
@@ -159,6 +159,8 @@ DNSTransaction *DNSTransactionAlloc(const uint16_t tx_id) {
  *  \brief Free a DNS TX
  *  \param tx DNS TX to free */
 static void DNSTransactionFree(DNSTransaction *tx) {
+    SCEnter();
+
     DNSQueryEntry *q = NULL;
     while ((q = TAILQ_FIRST(&tx->query_list))) {
         TAILQ_REMOVE(&tx->query_list, q, next);
@@ -177,6 +179,7 @@ static void DNSTransactionFree(DNSTransaction *tx) {
 
     AppLayerDecoderEventsFreeEvents(tx->decoder_events);
     SCFree(tx);
+    SCReturn;
 }
 
 /**
@@ -211,6 +214,7 @@ void DNSStateTransactionFree(void *state, uint64_t tx_id) {
         DNSTransactionFree(tx);
         break;
     }
+    SCReturn;
 }
 
 /** \internal
@@ -252,6 +256,7 @@ void *DNSStateAlloc(void) {
 }
 
 void DNSStateFree(void *s) {
+    SCEnter();
     if (s) {
         DNSState *dns_state = (DNSState *) s;
 
@@ -267,6 +272,7 @@ void DNSStateFree(void *s) {
         SCFree(s);
         s = NULL;
     }
+    SCReturn;
 }
 
 /** \brief Validation checks for DNS request header

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index 7dc15e4663a1e39b0ea6ca6d2e411897640aade1..b9f98836cb03ded04059cbebff754151e03bd9fa 100644 (file)
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -1008,6 +1008,9 @@ static void AppLayerTransactionsCleanup(AppLayerProto *p, AppLayerParserStateSto
         inspect = parser_state_store->inspect_id[1];
     log = parser_state_store->log_id;
 
+    SCLogDebug("inspect %"PRIu64", log %"PRIu64", logger: %s",
+            inspect, log, p->logger ? "true" : "false");
+
     if (p->logger == TRUE) {
         uint64_t min = log < inspect ? log : inspect;
         if (min > 0) {

diff --git a/src/log-dnslog.c b/src/log-dnslog.c
index 9fc82ca842d96f752a71bd2007cd9e6ffeaf9d60..43a1ab3d49873617633e595425b9996089ca00dc 100644 (file)
--- a/src/log-dnslog.c
+++ b/src/log-dnslog.c
@@ -78,8 +78,6 @@ void TmModuleLogDnsLogRegister (void) {
     OutputRegisterModule(MODULE_NAME, "dns-log", LogDnsLogInitCtx);
 
     /* enable the logger for the app layer */
-    AppLayerRegisterLogger(ALPROTO_DNS_UDP);
-    AppLayerRegisterLogger(ALPROTO_DNS_TCP);
     SCLogDebug("registered %s", MODULE_NAME);
 }
 
@@ -460,6 +458,9 @@ OutputCtx *LogDnsLogInitCtx(ConfNode *conf)
 
     SCLogDebug("DNS log output initialized");
 
+    AppLayerRegisterLogger(ALPROTO_DNS_UDP);
+    AppLayerRegisterLogger(ALPROTO_DNS_TCP);
+
     return output_ctx;
 }