From: Odin Jenseg <odin@mnemonic.no>
Date: Tue, 8 Jun 2021 19:55:36 +0000 (+0200)
Subject: dns: Logging of Z-bit
X-Git-Tag: suricata-6.0.5~131
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4318e9726f958ae90343629b89f46ef9ea232fd8;p=thirdparty%2Fsuricata.git

dns: Logging of Z-bit

[Edit by Jason Ish: fix flag bit value]

Ticket #4515

(cherry picked from commit dfb6f105e8b104bf27cce24b650d047d0925c145)
---

diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs
index c27076be45..621e601749 100644
--- a/rust/src/dns/log.rs
+++ b/rust/src/dns/log.rs
@@ -484,6 +484,9 @@ fn dns_log_json_answer(js: &mut JsonBuilder, response: &DNSResponse, flags: u64)
     if header.flags & 0x0080 != 0 {
         js.set_bool("ra", true)?;
     }
+    if header.flags & 0x0040 != 0 {
+        js.set_bool("z", true)?;
+    }
 
     for query in &response.queries {
         js.set_string_from_bytes("rrname", &query.name)?;
@@ -675,6 +678,9 @@ fn dns_log_json_answer_v1(header: &DNSHeader, answer: &DNSAnswerEntry)
     if header.flags & 0x0080 != 0 {
         js.set_bool("ra", true)?;
     }
+    if header.flags & 0x0040 != 0 {
+        js.set_bool("z", true)?;
+    }
     js.set_string("rcode", &dns_rcode_string(header.flags))?;
     js.set_string_from_bytes("rrname", &answer.name)?;
     js.set_string("rrtype", &dns_rrtype_string(answer.rrtype))?;