From bee5ff172b69c6ff129d94335953859b95bbc0c6 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 14 Nov 2013 15:44:35 +0100
Subject: [PATCH] dns: fix transaction handling

When logging is disabled, the app layer would still be flagged
as logging. This caused transactions not to be freed until the
end of the flow as the logged tx id would never increment.

This fix postpones the setting of the app layer parser "logger"
flag to the point where we know the logger is enabled.
---
 src/app-layer-dns-common.c | 6 ++++++
 src/app-layer-parser.c     | 3 +++
 src/log-dnslog.c           | 5 +++--
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c
index b56593b54c..5110902ec7 100644
--- a/src/app-layer-dns-common.c
+++ b/src/app-layer-dns-common.c
@@ -159,6 +159,8 @@ DNSTransaction *DNSTransactionAlloc(const uint16_t tx_id) {
  *  \brief Free a DNS TX
  *  \param tx DNS TX to free */
 static void DNSTransactionFree(DNSTransaction *tx) {
+    SCEnter();
+
     DNSQueryEntry *q = NULL;
     while ((q = TAILQ_FIRST(&tx->query_list))) {
         TAILQ_REMOVE(&tx->query_list, q, next);
@@ -177,6 +179,7 @@ static void DNSTransactionFree(DNSTransaction *tx) {
 
     AppLayerDecoderEventsFreeEvents(tx->decoder_events);
     SCFree(tx);
+    SCReturn;
 }
 
 /**
@@ -211,6 +214,7 @@ void DNSStateTransactionFree(void *state, uint64_t tx_id) {
         DNSTransactionFree(tx);
         break;
     }
+    SCReturn;
 }
 
 /** \internal
@@ -252,6 +256,7 @@ void *DNSStateAlloc(void) {
 }
 
 void DNSStateFree(void *s) {
+    SCEnter();
     if (s) {
         DNSState *dns_state = (DNSState *) s;
 
@@ -267,6 +272,7 @@ void DNSStateFree(void *s) {
         SCFree(s);
         s = NULL;
     }
+    SCReturn;
 }
 
 /** \brief Validation checks for DNS request header
diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index 7dc15e4663..b9f98836cb 100644
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -1008,6 +1008,9 @@ static void AppLayerTransactionsCleanup(AppLayerProto *p, AppLayerParserStateSto
         inspect = parser_state_store->inspect_id[1];
     log = parser_state_store->log_id;
 
+    SCLogDebug("inspect %"PRIu64", log %"PRIu64", logger: %s",
+            inspect, log, p->logger ? "true" : "false");
+
     if (p->logger == TRUE) {
         uint64_t min = log < inspect ? log : inspect;
         if (min > 0) {
diff --git a/src/log-dnslog.c b/src/log-dnslog.c
index 9fc82ca842..43a1ab3d49 100644
--- a/src/log-dnslog.c
+++ b/src/log-dnslog.c
@@ -78,8 +78,6 @@ void TmModuleLogDnsLogRegister (void) {
     OutputRegisterModule(MODULE_NAME, "dns-log", LogDnsLogInitCtx);
 
     /* enable the logger for the app layer */
-    AppLayerRegisterLogger(ALPROTO_DNS_UDP);
-    AppLayerRegisterLogger(ALPROTO_DNS_TCP);
     SCLogDebug("registered %s", MODULE_NAME);
 }
 
@@ -460,6 +458,9 @@ OutputCtx *LogDnsLogInitCtx(ConfNode *conf)
 
     SCLogDebug("DNS log output initialized");
 
+    AppLayerRegisterLogger(ALPROTO_DNS_UDP);
+    AppLayerRegisterLogger(ALPROTO_DNS_TCP);
+
     return output_ctx;
 }