From: Victor Julien <victor@inliniac.net>
Date: Thu, 14 Nov 2013 14:44:35 +0000 (+0100)
Subject: dns: fix transaction handling
X-Git-Tag: suricata-2.0beta2~163
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bee5ff172b69c6ff129d94335953859b95bbc0c6;p=thirdparty%2Fsuricata.git

dns: fix transaction handling

When logging is disabled, the app layer would still be flagged
as logging. This caused transactions not to be freed until the
end of the flow as the logged tx id would never increment.

This fix postpones the setting of the app layer parser "logger"
flag to the point where we know the logger is enabled.
---

diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c
index b56593b54c..5110902ec7 100644
--- a/src/app-layer-dns-common.c
+++ b/src/app-layer-dns-common.c
@@ -159,6 +159,8 @@ DNSTransaction *DNSTransactionAlloc(const uint16_t tx_id) {
  *  \brief Free a DNS TX
  *  \param tx DNS TX to free */
 static void DNSTransactionFree(DNSTransaction *tx) {
+    SCEnter();
+
     DNSQueryEntry *q = NULL;
     while ((q = TAILQ_FIRST(&tx->query_list))) {
         TAILQ_REMOVE(&tx->query_list, q, next);
@@ -177,6 +179,7 @@ static void DNSTransactionFree(DNSTransaction *tx) {
 
     AppLayerDecoderEventsFreeEvents(tx->decoder_events);
     SCFree(tx);
+    SCReturn;
 }
 
 /**
@@ -211,6 +214,7 @@ void DNSStateTransactionFree(void *state, uint64_t tx_id) {
         DNSTransactionFree(tx);
         break;
     }
+    SCReturn;
 }
 
 /** \internal
@@ -252,6 +256,7 @@ void *DNSStateAlloc(void) {
 }
 
 void DNSStateFree(void *s) {
+    SCEnter();
     if (s) {
         DNSState *dns_state = (DNSState *) s;
 
@@ -267,6 +272,7 @@ void DNSStateFree(void *s) {
         SCFree(s);
         s = NULL;
     }
+    SCReturn;
 }
 
 /** \brief Validation checks for DNS request header
diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index 7dc15e4663..b9f98836cb 100644
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -1008,6 +1008,9 @@ static void AppLayerTransactionsCleanup(AppLayerProto *p, AppLayerParserStateSto
         inspect = parser_state_store->inspect_id[1];
     log = parser_state_store->log_id;
 
+    SCLogDebug("inspect %"PRIu64", log %"PRIu64", logger: %s",
+            inspect, log, p->logger ? "true" : "false");
+
     if (p->logger == TRUE) {
         uint64_t min = log < inspect ? log : inspect;
         if (min > 0) {
diff --git a/src/log-dnslog.c b/src/log-dnslog.c
index 9fc82ca842..43a1ab3d49 100644
--- a/src/log-dnslog.c
+++ b/src/log-dnslog.c
@@ -78,8 +78,6 @@ void TmModuleLogDnsLogRegister (void) {
     OutputRegisterModule(MODULE_NAME, "dns-log", LogDnsLogInitCtx);
 
     /* enable the logger for the app layer */
-    AppLayerRegisterLogger(ALPROTO_DNS_UDP);
-    AppLayerRegisterLogger(ALPROTO_DNS_TCP);
     SCLogDebug("registered %s", MODULE_NAME);
 }
 
@@ -460,6 +458,9 @@ OutputCtx *LogDnsLogInitCtx(ConfNode *conf)
 
     SCLogDebug("DNS log output initialized");
 
+    AppLayerRegisterLogger(ALPROTO_DNS_UDP);
+    AppLayerRegisterLogger(ALPROTO_DNS_TCP);
+
     return output_ctx;
 }