From: Jason Ish <ish@unx.ca>
Date: Fri, 2 Feb 2018 17:45:20 +0000 (-0600)
Subject: eve/dns-v2: only log responses for enabled types
X-Git-Tag: suricata-4.1.0-beta1~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dfdfc478abb89a05dc9f1373a484f4ac9aac4243;p=thirdparty%2Fsuricata.git

eve/dns-v2: only log responses for enabled types

This changes the logic a bit for v2, checking the rrtype of the
query to see if the response should be logged.
---

diff --git a/src/output-json-dns.c b/src/output-json-dns.c
index 849cd31187..8eb6a6dc71 100644
--- a/src/output-json-dns.c
+++ b/src/output-json-dns.c
@@ -520,10 +520,6 @@ static void OutputAnswerDetailed(DNSAnswerEntry *entry, json_t *js,
         uint64_t flags)
 {
     do {
-        if (!DNSRRTypeEnabled(entry->type, flags)) {
-            continue;
-        }
-
         json_t *jdata = json_object();
         if (jdata == NULL) {
             return;
@@ -978,6 +974,10 @@ static void LogAnswers(LogDnsLogThread *aft, json_t *js, DNSTransaction *tx, uin
     SCLogDebug("got a DNS response and now logging !!");
 
     if (aft->dnslog_ctx->version == DNS_VERSION_2) {
+        DNSQueryEntry *query = TAILQ_FIRST(&tx->query_list);
+        if (query && !DNSRRTypeEnabled(query->type, aft->dnslog_ctx->flags)) {
+            return;
+        }
         OutputAnswerV2(aft, js, tx);
     } else {
         DNSAnswerEntry *entry = NULL;