From: Jason Ish <ish@unx.ca>
Date: Mon, 11 Jul 2016 17:35:51 +0000 (-0600)
Subject: dns: directional logging
X-Git-Tag: suricata-3.1.1~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2173%2Fhead;p=thirdparty%2Fsuricata.git

dns: directional logging

Register loggers for to server and to client so requests
and responses can be logged independently of each other.

This results in the request log having the actual timestamp of
the request instead of the reply.
---

diff --git a/src/output-json-dns.c b/src/output-json-dns.c
index db8ae40f17..11173ccc0e 100644
--- a/src/output-json-dns.c
+++ b/src/output-json-dns.c
@@ -274,7 +274,8 @@ static void LogAnswers(LogDnsLogThread *aft, json_t *js, DNSTransaction *tx, uin
 
 }
 
-static int JsonDnsLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
+static int JsonDnsLoggerToServer(ThreadVars *tv, void *thread_data,
+    const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
 {
     SCEnter();
 
@@ -293,6 +294,18 @@ static int JsonDnsLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flo
         json_decref(js);
     }
 
+    SCReturnInt(TM_ECODE_OK);
+}
+
+static int JsonDnsLoggerToClient(ThreadVars *tv, void *thread_data,
+    const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
+{
+    SCEnter();
+
+    LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
+    DNSTransaction *tx = txptr;
+    json_t *js;
+
     js = CreateJSONHeader((Packet *)p, 0, "dns");
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
@@ -449,10 +462,21 @@ void TmModuleJsonDnsLogRegister (void)
     tmm_modules[TMM_JSONDNSLOG].cap_flags = 0;
     tmm_modules[TMM_JSONDNSLOG].flags = TM_FLAG_LOGAPI_TM;
 
-    OutputRegisterTxModule(MODULE_NAME, "dns-json-log", JsonDnsLogInitCtx,
-            ALPROTO_DNS, JsonDnsLogger);
-    OutputRegisterTxSubModule("eve-log", MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub,
-            ALPROTO_DNS, JsonDnsLogger);
+    /* Logger for requests. */
+    OutputRegisterTxModuleWithProgress(MODULE_NAME, "dns-json-log",
+        JsonDnsLogInitCtx, ALPROTO_DNS, JsonDnsLoggerToServer, 0, 1);
+
+    /* Logger for replies. */
+    OutputRegisterTxModuleWithProgress(MODULE_NAME, "dns-json-log",
+        JsonDnsLogInitCtx, ALPROTO_DNS, JsonDnsLoggerToClient, 1, 1);
+
+    /* Sub-logger for requests. */
+    OutputRegisterTxSubModuleWithProgress("eve-log", MODULE_NAME, "eve-log.dns",
+        JsonDnsLogInitCtxSub, ALPROTO_DNS, JsonDnsLoggerToServer, 0, 1);
+
+    /* Sub-logger for replies. */
+    OutputRegisterTxSubModuleWithProgress("eve-log", MODULE_NAME, "eve-log.dns",
+        JsonDnsLogInitCtxSub, ALPROTO_DNS, JsonDnsLoggerToClient, 1, 1);
 }
 
 #else