From: Eric Leblond Date: Thu, 21 Jun 2018 19:05:16 +0000 (+0200) Subject: output-json-alert: log correct dns and dnp3 tx X-Git-Tag: suricata-4.1.0-rc1~37 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec0a7b22a5802fa33bd01c484f0a81fddbee4dd9;p=thirdparty%2Fsuricata.git output-json-alert: log correct dns and dnp3 tx Using transaction log entry is not correct to log the transaction that did cause the alert. The tx_id in the PacketAlert is correct so let's use that. --- diff --git a/src/output-json-alert.c b/src/output-json-alert.c index c0f1e7515d..008a5441eb 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -158,11 +158,10 @@ static void AlertJsonSsh(const Flow *f, json_t *js) return; } -static void AlertJsonDnp3(const Flow *f, json_t *js) +static void AlertJsonDnp3(const Flow *f, const uint64_t tx_id, json_t *js) { DNP3State *dnp3_state = (DNP3State *)FlowGetAppState(f); if (dnp3_state) { - uint64_t tx_id = AppLayerParserGetTransactionLogId(f->alparser); DNP3Transaction *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_DNP3, dnp3_state, tx_id); if (tx) { @@ -188,12 +187,11 @@ static void AlertJsonDnp3(const Flow *f, json_t *js) return; } -static void AlertJsonDns(const Flow *f, json_t *js) +static void AlertJsonDns(const Flow *f, const uint64_t tx_id, json_t *js) { #ifndef HAVE_RUST DNSState *dns_state = (DNSState *)FlowGetAppState(f); if (dns_state) { - uint64_t tx_id = AppLayerParserGetTransactionLogId(f->alparser); DNSTransaction *tx = AppLayerParserGetTx(f->proto, ALPROTO_DNS, dns_state, tx_id); if (tx) { @@ -507,11 +505,11 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) /* dnp3 alert */ if (proto == ALPROTO_DNP3) { - AlertJsonDnp3(p->flow, js); + AlertJsonDnp3(p->flow, pa->tx_id, js); } if (proto == ALPROTO_DNS) { - AlertJsonDns(p->flow, js); + AlertJsonDns(p->flow, pa->tx_id, js); } }