From f397e7bfc23f632fde4c4ded5e0dfec5022bea5e Mon Sep 17 00:00:00 2001
From: Jason Ish <ish@unx.ca>
Date: Mon, 11 Jul 2016 11:35:51 -0600
Subject: [PATCH] dns: directional logging

Register loggers for to server and to client so requests
and responses can be logged independently of each other.

This results in the request log having the actual timestamp of
the request instead of the reply.
---
 src/output-json-dns.c | 34 +++++++++++++++++++++++++++++-----
 1 file changed, 29 insertions(+), 5 deletions(-)

diff --git a/src/output-json-dns.c b/src/output-json-dns.c
index db8ae40f17..11173ccc0e 100644
--- a/src/output-json-dns.c
+++ b/src/output-json-dns.c
@@ -274,7 +274,8 @@ static void LogAnswers(LogDnsLogThread *aft, json_t *js, DNSTransaction *tx, uin
 
 }
 
-static int JsonDnsLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
+static int JsonDnsLoggerToServer(ThreadVars *tv, void *thread_data,
+    const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
 {
     SCEnter();
 
@@ -293,6 +294,18 @@ static int JsonDnsLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flo
         json_decref(js);
     }
 
+    SCReturnInt(TM_ECODE_OK);
+}
+
+static int JsonDnsLoggerToClient(ThreadVars *tv, void *thread_data,
+    const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
+{
+    SCEnter();
+
+    LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
+    DNSTransaction *tx = txptr;
+    json_t *js;
+
     js = CreateJSONHeader((Packet *)p, 0, "dns");
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
@@ -449,10 +462,21 @@ void TmModuleJsonDnsLogRegister (void)
     tmm_modules[TMM_JSONDNSLOG].cap_flags = 0;
     tmm_modules[TMM_JSONDNSLOG].flags = TM_FLAG_LOGAPI_TM;
 
-    OutputRegisterTxModule(MODULE_NAME, "dns-json-log", JsonDnsLogInitCtx,
-            ALPROTO_DNS, JsonDnsLogger);
-    OutputRegisterTxSubModule("eve-log", MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub,
-            ALPROTO_DNS, JsonDnsLogger);
+    /* Logger for requests. */
+    OutputRegisterTxModuleWithProgress(MODULE_NAME, "dns-json-log",
+        JsonDnsLogInitCtx, ALPROTO_DNS, JsonDnsLoggerToServer, 0, 1);
+
+    /* Logger for replies. */
+    OutputRegisterTxModuleWithProgress(MODULE_NAME, "dns-json-log",
+        JsonDnsLogInitCtx, ALPROTO_DNS, JsonDnsLoggerToClient, 1, 1);
+
+    /* Sub-logger for requests. */
+    OutputRegisterTxSubModuleWithProgress("eve-log", MODULE_NAME, "eve-log.dns",
+        JsonDnsLogInitCtxSub, ALPROTO_DNS, JsonDnsLoggerToServer, 0, 1);
+
+    /* Sub-logger for replies. */
+    OutputRegisterTxSubModuleWithProgress("eve-log", MODULE_NAME, "eve-log.dns",
+        JsonDnsLogInitCtxSub, ALPROTO_DNS, JsonDnsLoggerToClient, 1, 1);
 }
 
 #else
-- 
2.47.2