diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c index 57c96917fc..8c12ebe2d8 100644 --- a/src/app-layer-dns-common.c +++ b/src/app-layer-dns-common.c @@ -185,12 +185,20 @@ uint64_t DNSGetTxCnt(void *alstate) { int DNSGetAlstateProgress(void *tx, uint8_t direction) { DNSTransaction *dns_tx = (DNSTransaction *)tx; - return dns_tx->replied|dns_tx->reply_lost; + if (direction == 1) + return dns_tx->replied|dns_tx->reply_lost; + else { + /* toserver/query is complete if we have stored a query */ + return (TAILQ_FIRST(&dns_tx->query_list) != NULL); + } } -/* value for tx->replied value */ +/** \brief get value for 'complete' status in DNS + * + * For DNS we use a simple bool. + */ int DNSGetAlstateProgressCompletionStatus(uint8_t direction) { - return (direction & STREAM_TOSERVER) ? 0 : 1; + return 1; } void DNSSetEvent(DNSState *s, uint8_t e) { diff --git a/src/log-dnslog.c b/src/log-dnslog.c index 80b9e94c7b..9ca4f0c24e 100644 --- a/src/log-dnslog.c +++ b/src/log-dnslog.c @@ -122,8 +122,6 @@ static void LogQuery(LogDnsLogThread *aft, char *timebuf, char *srcip, char *dst " [**] %s [**] %s:%" PRIu16 " -> %s:%" PRIu16 "\n", record, srcip, sp, dstip, dp); - aft->dns_cnt++; - SCMutexLock(&hlog->file_ctx->fp_mutex); (void)MemBufferPrintToFPAsString(aft->buffer, hlog->file_ctx->fp); fflush(hlog->file_ctx->fp); @@ -184,47 +182,27 @@ static void LogAnswer(LogDnsLogThread *aft, char *timebuf, char *srcip, char *ds " [**] %s:%" PRIu16 " -> %s:%" PRIu16 "\n", srcip, sp, dstip, dp); - aft->dns_cnt++; - SCMutexLock(&hlog->file_ctx->fp_mutex); (void)MemBufferPrintToFPAsString(aft->buffer, hlog->file_ctx->fp); fflush(hlog->file_ctx->fp); SCMutexUnlock(&hlog->file_ctx->fp_mutex); } -static TmEcode LogDnsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, - PacketQueue *postpq, int ipproto) +static int LogDnsLogger(ThreadVars *tv, void *data, const Packet *p, Flow *f, + void *state, void *tx, uint64_t tx_id) { - SCEnter(); - LogDnsLogThread *aft = (LogDnsLogThread *)data; + DNSTransaction *dns_tx = (DNSTransaction *)tx; + SCLogDebug("pcap_cnt %ju", p->pcap_cnt); char timebuf[64]; - - /* no flow, no htp state */ - if (p->flow == NULL) { - SCLogDebug("no flow"); - SCReturnInt(TM_ECODE_OK); - } - - /* check if we have DNS state or not */ - FLOWLOCK_WRLOCK(p->flow); /* WRITE lock before we updated flow logged id */ - if (FlowGetAppProtocol(p->flow) != ALPROTO_DNS) { - SCLogDebug("proto not ALPROTO_DNS_UDP: %u", FlowGetAppProtocol(p->flow)); - goto end; - } - - DNSState *dns_state = (DNSState *)FlowGetAppState(p->flow); - if (dns_state == NULL) { - SCLogDebug("no dns state, so no request logging"); - goto end; - } - - uint64_t total_txs = AppLayerParserGetTxCnt(p->flow->proto, ALPROTO_DNS, dns_state); - uint64_t tx_id = AppLayerParserGetTransactionLogId(p->flow->alparser); - - SCLogDebug("pcap_cnt %"PRIu64, p->pcap_cnt); CreateTimeString(&p->ts, timebuf, sizeof(timebuf)); + int ipproto = 0; + if (PKT_IS_IPV4(p)) + ipproto = AF_INET; + else if (PKT_IS_IPV6(p)) + ipproto = AF_INET6; + char srcip[46], dstip[46]; Port sp, dp; if ((PKT_IS_TOCLIENT(p))) { @@ -258,91 +236,30 @@ static TmEcode LogDnsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQ sp = p->dp; dp = p->sp; } -#if QUERY - if (PKT_IS_TOSERVER(p)) { - DNSTransaction *tx = NULL; - TAILQ_FOREACH(tx, &dns_state->tx_list, next) { - DNSQueryEntry *entry = NULL; - TAILQ_FOREACH(entry, &tx->query_list, next) { - LogQuery(aft, timebuf, srcip, dstip, sp, dp, tx, entry); - } - } - } else -#endif - - DNSTransaction *tx = NULL; - for (; tx_id < total_txs; tx_id++) - { - tx = AppLayerParserGetTx(p->flow->proto, ALPROTO_DNS, dns_state, tx_id); - if (tx == NULL) - continue; - - /* only consider toserver logging if tx has reply lost set */ - if (PKT_IS_TOSERVER(p) && tx->reply_lost == 0) - continue; - - DNSQueryEntry *query = NULL; - TAILQ_FOREACH(query, &tx->query_list, next) { - LogQuery(aft, timebuf, dstip, srcip, dp, sp, tx, query); - } - if (tx->no_such_name) - LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, NULL); - if (tx->recursion_desired) - LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, NULL); - - DNSAnswerEntry *entry = NULL; - TAILQ_FOREACH(entry, &tx->answer_list, next) { - LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, entry); - } - - entry = NULL; - TAILQ_FOREACH(entry, &tx->authority_list, next) { - LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, entry); - } - - SCLogDebug("calling AppLayerTransactionUpdateLoggedId"); - AppLayerParserSetTransactionLogId(p->flow->alparser); + DNSQueryEntry *query = NULL; + TAILQ_FOREACH(query, &dns_tx->query_list, next) { + LogQuery(aft, timebuf, dstip, srcip, dp, sp, dns_tx, query); } -end: - FLOWLOCK_UNLOCK(p->flow); - SCReturnInt(TM_ECODE_OK); -} - -static TmEcode LogDnsLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) -{ - return LogDnsLogIPWrapper(tv, p, data, pq, postpq, AF_INET); -} - -static TmEcode LogDnsLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) -{ - return LogDnsLogIPWrapper(tv, p, data, pq, postpq, AF_INET6); -} - -TmEcode LogDnsLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) -{ - SCEnter(); - - SCLogDebug("pcap_cnt %"PRIu64, p->pcap_cnt); - /* no flow, no htp state */ - if (p->flow == NULL) { - SCReturnInt(TM_ECODE_OK); - } + if (dns_tx->no_such_name) + LogAnswer(aft, timebuf, srcip, dstip, sp, dp, dns_tx, NULL); + if (dns_tx->recursion_desired) + LogAnswer(aft, timebuf, srcip, dstip, sp, dp, dns_tx, NULL); - if (!(PKT_IS_UDP(p)) && !(PKT_IS_TCP(p))) { - SCReturnInt(TM_ECODE_OK); + DNSAnswerEntry *entry = NULL; + TAILQ_FOREACH(entry, &dns_tx->answer_list, next) { + LogAnswer(aft, timebuf, srcip, dstip, sp, dp, dns_tx, entry); } - if (PKT_IS_IPV4(p)) { - int r = LogDnsLogIPv4(tv, p, data, pq, postpq); - SCReturnInt(r); - } else if (PKT_IS_IPV6(p)) { - int r = LogDnsLogIPv6(tv, p, data, pq, postpq); - SCReturnInt(r); + entry = NULL; + TAILQ_FOREACH(entry, &dns_tx->authority_list, next) { + LogAnswer(aft, timebuf, srcip, dstip, sp, dp, dns_tx, entry); } - SCReturnInt(TM_ECODE_OK); + aft->dns_cnt++; +end: + return 0; } static TmEcode LogDnsLogThreadInit(ThreadVars *t, void *initdata, void **data) @@ -393,7 +310,7 @@ static void LogDnsLogExitPrintStats(ThreadVars *tv, void *data) { return; } - SCLogInfo("DNS logger logged %" PRIu32 " requests", aft->dns_cnt); + SCLogInfo("DNS logger logged %" PRIu32 " transactions", aft->dns_cnt); } static void LogDnsLogDeInitCtx(OutputCtx *output_ctx) @@ -452,13 +369,13 @@ static OutputCtx *LogDnsLogInitCtx(ConfNode *conf) void TmModuleLogDnsLogRegister (void) { tmm_modules[TMM_LOGDNSLOG].name = MODULE_NAME; tmm_modules[TMM_LOGDNSLOG].ThreadInit = LogDnsLogThreadInit; - tmm_modules[TMM_LOGDNSLOG].Func = LogDnsLog; tmm_modules[TMM_LOGDNSLOG].ThreadExitPrintStats = LogDnsLogExitPrintStats; tmm_modules[TMM_LOGDNSLOG].ThreadDeinit = LogDnsLogThreadDeinit; tmm_modules[TMM_LOGDNSLOG].RegisterTests = NULL; tmm_modules[TMM_LOGDNSLOG].cap_flags = 0; - OutputRegisterModule(MODULE_NAME, "dns-log", LogDnsLogInitCtx); + OutputRegisterTxModule(MODULE_NAME, "dns-log", LogDnsLogInitCtx, + ALPROTO_DNS, LogDnsLogger); /* enable the logger for the app layer */ SCLogDebug("registered %s", MODULE_NAME);