DNS: trigger logging for toserver dir when previous reply is lost.

12 years ago · 6730f3d5cc
parent 61cdd9be6b
commit 6730f3d5cc
1 changed files with 28 additions and 25 deletions
--- a/src/log-dnslog.c
+++ b/src/log-dnslog.c
@ -295,36 +295,39 @@ static TmEcode LogDnsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQ
        }
    } else
 #endif
-    if ((PKT_IS_TOCLIENT(p))) {
-        DNSTransaction *tx = NULL;
-        for (; tx_id < total_txs; tx_id++)
-        {
-            tx = AppLayerGetTx(proto, dns_state, tx_id);
-            if (tx == NULL)
-                continue;
-
-            DNSQueryEntry *query = NULL;
-            TAILQ_FOREACH(query, &tx->query_list, next) {
-                LogQuery(aft, timebuf, dstip, srcip, dp, sp, tx, query);
-            }

-            if (tx->no_such_name) {
-                LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, NULL);
-            }
+    DNSTransaction *tx = NULL;
+    for (; tx_id < total_txs; tx_id++)
+    {
+        tx = AppLayerGetTx(proto, dns_state, tx_id);
+        if (tx == NULL)
+            continue;

-            DNSAnswerEntry *entry = NULL;
-            TAILQ_FOREACH(entry, &tx->answer_list, next) {
-                LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, entry);
-            }
+        /* only consider toserver logging if tx has reply lost set */
+        if (PKT_IS_TOSERVER(p) && tx->reply_lost == 0)
+            continue;

-            entry = NULL;
-            TAILQ_FOREACH(entry, &tx->authority_list, next) {
-                LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, entry);
-            }
+        DNSQueryEntry *query = NULL;
+        TAILQ_FOREACH(query, &tx->query_list, next) {
+            LogQuery(aft, timebuf, dstip, srcip, dp, sp, tx, query);
+        }
+
+        if (tx->no_such_name) {
+            LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, NULL);
+        }

-            SCLogDebug("calling AppLayerTransactionUpdateLoggedId");
-            AppLayerTransactionUpdateLogId(p->flow);
+        DNSAnswerEntry *entry = NULL;
+        TAILQ_FOREACH(entry, &tx->answer_list, next) {
+            LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, entry);
        }
+
+        entry = NULL;
+        TAILQ_FOREACH(entry, &tx->authority_list, next) {
+            LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, entry);
+        }
+
+        SCLogDebug("calling AppLayerTransactionUpdateLoggedId");
+        AppLayerTransactionUpdateLogId(p->flow);
    }

 end: