From: Tom DeCanio <decanio.tom@gmail.com>
Date: Wed, 23 Apr 2014 15:41:15 +0000 (-0700)
Subject: eve-log: swap ip/port pairs in dns answers
X-Git-Tag: suricata-2.0.1rc1~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=11ca25ddcaa5491f51b25cfb39bb566dcd94e8a7;p=thirdparty%2Fsuricata.git

eve-log: swap ip/port pairs in dns answers
---

diff --git a/src/output-json-dns.c b/src/output-json-dns.c
index d94ffcbe3f..e9e579009c 100644
--- a/src/output-json-dns.c
+++ b/src/output-json-dns.c
@@ -217,16 +217,23 @@ static int JsonDnsLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flo
 
     LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
     DNSTransaction *tx = txptr;
-
-    json_t *js = CreateJSONHeader((Packet *)p, 1, "dns");//TODO const
-    if (unlikely(js == NULL))
-        return TM_ECODE_OK;
+    json_t *js;
 
     DNSQueryEntry *query = NULL;
     TAILQ_FOREACH(query, &tx->query_list, next) {
+        js = CreateJSONHeader((Packet *)p, 1, "dns");
+        if (unlikely(js == NULL))
+            return TM_ECODE_OK;
+
         LogQuery(td, js, tx, query);
+
+        json_decref(js);
     }
 
+    js = CreateJSONHeader((Packet *)p, 0, "dns");
+    if (unlikely(js == NULL))
+        return TM_ECODE_OK;
+
     LogAnswers(td, js, tx);
 
     json_decref(js);