diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs index 3697208bce..9d47a68a27 100644 --- a/rust/src/dns/dns.rs +++ b/rust/src/dns/dns.rs @@ -393,15 +393,17 @@ impl DNSState { return false; } - if request.header.flags & 0x0040 != 0 { - SCLogDebug!("Z-flag set on DNS response"); - self.set_event(DNSEvent::ZFlagSet); - return false; - } + let z_flag = request.header.flags & 0x0040 != 0; let mut tx = self.new_tx(); tx.request = Some(request); self.transactions.push(tx); + + if z_flag { + SCLogDebug!("Z-flag set on DNS response"); + self.set_event(DNSEvent::ZFlagSet); + } + return true; } Err(Err::Incomplete(_)) => { @@ -430,11 +432,7 @@ impl DNSState { self.set_event(DNSEvent::NotResponse); } - if response.header.flags & 0x0040 != 0 { - SCLogDebug!("Z-flag set on DNS response"); - self.set_event(DNSEvent::ZFlagSet); - return false; - } + let z_flag = response.header.flags & 0x0040 != 0; let mut tx = self.new_tx(); if let Some(ref mut config) = &mut self.config { @@ -444,6 +442,12 @@ impl DNSState { } tx.response = Some(response); self.transactions.push(tx); + + if z_flag { + SCLogDebug!("Z-flag set on DNS response"); + self.set_event(DNSEvent::ZFlagSet); + } + return true; } Err(Err::Incomplete(_)) => { diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index 50728041f2..c256f2a30e 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -829,8 +829,8 @@ static int DetectDnsQueryTest05(void) FLOWLOCK_WRLOCK(&f); r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_DNS, STREAM_TOCLIENT, buf2, sizeof(buf2)); - if (r != -1) { - printf("toserver client 1 returned %" PRId32 ", expected -1\n", r); + if (r != 0) { + printf("toserver client 1 returned %" PRId32 ", expected 0\n", r); FLOWLOCK_UNLOCK(&f); FAIL; }