output/dcerpc: call jb_get_mark just before jb_open_object

author Philippe Antoine <pantoine@oisf.net>

Mon, 24 Jun 2024 20:11:17 +0000 (22:11 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 9 Jul 2024 10:15:25 +0000 (12:15 +0200)
author Philippe Antoine <pantoine@oisf.net>
Mon, 24 Jun 2024 20:11:17 +0000 (22:11 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 9 Jul 2024 10:15:25 +0000 (12:15 +0200)
diff --git a/src/output-json-alert.c b/src/output-json-alert.c

index 070b021ed7e8e4e9a93bc3c677002e3830e67704..22a3f7cb9f9e058ccb5ad074c5c3c03f8664171c 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -385,12 +385,12 @@ static void AlertAddAppLayer(const Packet *p, JsonBuilder *jb,
                  jb_restore_mark(jb, &mark);
              }
              break;
-        case ALPROTO_DCERPC:
-            jb_get_mark(jb, &mark);
+        case ALPROTO_DCERPC: {
              void *state = FlowGetAppState(p->flow);
              if (state) {
                  void *tx = AppLayerParserGetTx(p->flow->proto, proto, state, tx_id);
                  if (tx) {
+                    jb_get_mark(jb, &mark);
                      jb_open_object(jb, "dcerpc");
                      if (p->proto == IPPROTO_TCP) {
                          if (!rs_dcerpc_log_json_record_tcp(state, tx, jb)) {
@@ -405,6 +405,7 @@ static void AlertAddAppLayer(const Packet *p, JsonBuilder *jb,
                  }
              }
              break;
+        }
          default:
              break;
      }
author	Philippe Antoine <pantoine@oisf.net>
	Mon, 24 Jun 2024 20:11:17 +0000 (22:11 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 9 Jul 2024 10:15:25 +0000 (12:15 +0200)