From: Nathan Scrivens Date: Thu, 16 May 2024 19:50:24 +0000 (-0400) Subject: dns log: add additional section X-Git-Tag: suricata-8.0.0-beta1~1044 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4598ca164d09ae177b07bd46fc144dd83689d7f4;p=thirdparty%2Fsuricata.git dns log: add additional section Feature: 7011 dns_log_json_answer: log additional section records. update schema.json with new "additionals" section. --- diff --git a/etc/schema.json b/etc/schema.json index 2aff6cd6f9..bb6a8238c3 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -1104,6 +1104,9 @@ "authorities": { "$ref": "#/$defs/dns.authorities" }, + "additionals": { + "$ref": "#/$defs/dns.additionals" + }, "query": { "type": "array", "minItems": 1, @@ -1175,6 +1178,9 @@ }, "authorities": { "$ref": "#/$defs/dns.authorities" + }, + "additionals": { + "$ref": "#/$defs/dns.additionals" } }, "additionalProperties": false @@ -6345,6 +6351,28 @@ "additionalProperties": false } }, + "dns.additionals": { + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "properties": { + "rdata": { + "type": "string" + }, + "rrname": { + "type": "string" + }, + "rrtype": { + "type": "string" + }, + "ttl": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, "stats_applayer_error": { "type": "object", "properties": { diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs index 575875042a..c1043f8925 100644 --- a/rust/src/dns/log.rs +++ b/rust/src/dns/log.rs @@ -606,6 +606,26 @@ fn dns_log_json_answer( js.close()?; } + if !response.additionals.is_empty() { + let mut is_js_open = false; + for add in &response.additionals { + if let DNSRData::Unknown(rdata) = &add.data { + if rdata.is_empty() { + continue; + } + } + if !is_js_open { + js.open_array("additionals")?; + is_js_open = true; + } + let add_detail = dns_log_json_answer_detail(add)?; + js.append_object(&add_detail)?; + } + if is_js_open { + js.close()?; + } + } + Ok(()) }