From: Jason Ish Date: Tue, 16 Mar 2021 21:28:01 +0000 (-0600) Subject: dns: only register a single logger X-Git-Tag: suricata-7.0.0-beta1~1703 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6853bf98fb7f79d197abd95b84a0f596e6f38494;p=thirdparty%2Fsuricata.git dns: only register a single logger DNS no longer requires a logger to be registered for to-client and to-server directions. This has not been required with the stateless design of the Rust DNS parser. --- diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 4f2d9a38b6..50f1458ed9 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -875,6 +875,16 @@ pub extern "C" fn rs_dns_state_get_tx(state: *mut std::os::raw::c_void, } } +#[no_mangle] +pub extern "C" fn rs_dns_tx_is_request(tx: &mut DNSTransaction) -> bool { + tx.request.is_some() +} + +#[no_mangle] +pub extern "C" fn rs_dns_tx_is_response(tx: &mut DNSTransaction) -> bool { + tx.response.is_some() +} + #[no_mangle] pub extern "C" fn rs_dns_state_set_tx_detect_state( tx: *mut std::os::raw::c_void, diff --git a/src/output-json-dns.c b/src/output-json-dns.c index 42d2bcd8d3..e62c3f1f5d 100644 --- a/src/output-json-dns.c +++ b/src/output-json-dns.c @@ -410,6 +410,17 @@ static int JsonDnsLoggerToClient(ThreadVars *tv, void *thread_data, SCReturnInt(TM_ECODE_OK); } +static int JsonDnsLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *alstate, + void *txptr, uint64_t tx_id) +{ + if (rs_dns_tx_is_request(txptr)) { + return JsonDnsLoggerToServer(tv, thread_data, p, f, alstate, txptr, tx_id); + } else if (rs_dns_tx_is_response(txptr)) { + return JsonDnsLoggerToClient(tv, thread_data, p, f, alstate, txptr, tx_id); + } + return TM_ECODE_OK; +} + static TmEcode LogDnsLogThreadInit(ThreadVars *t, const void *initdata, void **data) { LogDnsLogThread *aft = SCCalloc(1, sizeof(LogDnsLogThread)); @@ -649,15 +660,7 @@ static OutputInitResult JsonDnsLogInitCtxSub(ConfNode *conf, OutputCtx *parent_c #define MODULE_NAME "JsonDnsLog" void JsonDnsLogRegister (void) { - /* Sub-logger for requests. */ - OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_DNS_TS, "eve-log", - MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub, ALPROTO_DNS, - JsonDnsLoggerToServer, 0, 1, LogDnsLogThreadInit, - LogDnsLogThreadDeinit, NULL); - - /* Sub-logger for replies. */ - OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_DNS_TC, "eve-log", - MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub, ALPROTO_DNS, - JsonDnsLoggerToClient, 1, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, - NULL); + OutputRegisterTxSubModule(LOGGER_JSON_DNS, "eve-log", MODULE_NAME, "eve-log.dns", + JsonDnsLogInitCtxSub, ALPROTO_DNS, JsonDnsLogger, LogDnsLogThreadInit, + LogDnsLogThreadDeinit, NULL); } diff --git a/src/suricata-common.h b/src/suricata-common.h index 6dbcb3d0f5..6e24a9fd76 100644 --- a/src/suricata-common.h +++ b/src/suricata-common.h @@ -442,8 +442,7 @@ typedef enum { LOGGER_HTTP, LOGGER_TLS_STORE, LOGGER_TLS, - LOGGER_JSON_DNS_TS, - LOGGER_JSON_DNS_TC, + LOGGER_JSON_DNS, LOGGER_JSON_HTTP, LOGGER_JSON_SMTP, LOGGER_JSON_TLS, diff --git a/src/util-profiling.c b/src/util-profiling.c index 7967e98d75..9e7dd7cfdd 100644 --- a/src/util-profiling.c +++ b/src/util-profiling.c @@ -1302,8 +1302,7 @@ const char * PacketProfileLoggertIdToString(LoggerId id) CASE_CODE (LOGGER_JSON_SMB); CASE_CODE (LOGGER_JSON_NFS); CASE_CODE (LOGGER_HTTP); - CASE_CODE (LOGGER_JSON_DNS_TS); - CASE_CODE (LOGGER_JSON_DNS_TC); + CASE_CODE(LOGGER_JSON_DNS); CASE_CODE (LOGGER_JSON_DNP3_TS); CASE_CODE (LOGGER_JSON_DNP3_TC); CASE_CODE (LOGGER_JSON_HTTP);