output-json-alert: add dns info

This changes LogQuery and LogAnswer functions
returning a json object instead of writing it in a log file.
In this way it's possible to reuse them to add dns info
into an alert.

The following is an alert record with dns:

{
  "timestamp": "2017-07-31T15:01:17.885281+0200",
  "event_type": "alert",
  "src_ip": "8.8.8.8",
  ...
  "dns": {
    "query": [
      {
        "type": "query",
        "id": 25394,
        "rrname": "notifications.google.com",
        "rrtype": "A",
        "tx_id": 0
      }
    ],
    "answer": {
      "type": "answer",
      "id": 25394,
      "rcode": "NOERROR",
      "answers": [
        {
          "rrname": "notifications.google.com",
          "rrtype": "CNAME",
          "ttl": 3599,
          "rdata": "plus.l.google.com"
        },
        {
          "rrname": "plus.l.google.com",
          "rrtype": "A",
          "ttl": 299,
          "rdata": "216.58.205.174"
        }
      ]
    }
  }
}

src/output-json-alert.c

@@ -46,6 +46,7 @@
 #include "detect-metadata.h"
 #include "app-layer-parser.h"
 #include "app-layer-dnp3.h"
+#include "app-layer-dns-common.h"
 #include "app-layer-htp.h"
 #include "app-layer-htp-xff.h"
 #include "app-layer-ftp.h"
@@ -57,6 +58,7 @@
 #include "output-json.h"
 #include "output-json-alert.h"
 #include "output-json-dnp3.h"
+#include "output-json-dns.h"
 #include "output-json-http.h"
 #include "output-json-tls.h"
 #include "output-json-ssh.h"
@@ -185,6 +187,35 @@ static void AlertJsonDnp3(const Flow *f, json_t *js)
     return;
 }
 
+static void AlertJsonDns(const Flow *f, json_t *js)
+{
+#ifndef HAVE_RUST
+    DNSState *dns_state = (DNSState *)FlowGetAppState(f);
+    if (dns_state) {
+        uint64_t tx_id = AppLayerParserGetTransactionLogId(f->alparser);
+        DNSTransaction *tx = AppLayerParserGetTx(f->proto, ALPROTO_DNS,
+                                                 dns_state, tx_id);
+        if (tx) {
+            json_t *dnsjs = json_object();
+            if (unlikely(dnsjs == NULL)) {
+                return;
+            }
+
+            json_t *qjs = JsonDNSLogQuery(tx, tx_id);
+            if (qjs != NULL) {
+                json_object_set_new(dnsjs, "query", qjs);
+            }
+            json_t *ajs = JsonDNSLogAnswer(tx, tx_id);
+            if (ajs != NULL) {
+                json_object_set_new(dnsjs, "answer", ajs);
+            }
+            json_object_set_new(js, "dns", dnsjs);
+        }
+    }
+#endif
+    return;
+}
+
 static void AlertJsonSourceTarget(const Packet *p, const PacketAlert *pa,
                                   json_t *js, json_t* ajs)
 {
@@ -478,6 +509,9 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
                 AlertJsonDnp3(p->flow, js);
             }
 
+            if (proto == ALPROTO_DNS) {
+                AlertJsonDns(p->flow, js);
+            }
         }
 
         if (p->flow) {
@@ -493,7 +527,6 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
             }
         }
 
-
         /* payload */
         if (json_output_ctx->flags & (LOG_JSON_PAYLOAD | LOG_JSON_PAYLOAD_BASE64)) {
             int stream = (p->proto == IPPROTO_TCP) ?