From 11ca25ddcaa5491f51b25cfb39bb566dcd94e8a7 Mon Sep 17 00:00:00 2001
From: Tom DeCanio <decanio.tom@gmail.com>
Date: Wed, 23 Apr 2014 08:41:15 -0700
Subject: [PATCH] eve-log: swap ip/port pairs in dns answers

---
 src/output-json-dns.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/output-json-dns.c b/src/output-json-dns.c
index d94ffcbe3f..e9e579009c 100644
--- a/src/output-json-dns.c
+++ b/src/output-json-dns.c
@@ -217,16 +217,23 @@ static int JsonDnsLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flo
 
     LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
     DNSTransaction *tx = txptr;
-
-    json_t *js = CreateJSONHeader((Packet *)p, 1, "dns");//TODO const
-    if (unlikely(js == NULL))
-        return TM_ECODE_OK;
+    json_t *js;
 
     DNSQueryEntry *query = NULL;
     TAILQ_FOREACH(query, &tx->query_list, next) {
+        js = CreateJSONHeader((Packet *)p, 1, "dns");
+        if (unlikely(js == NULL))
+            return TM_ECODE_OK;
+
         LogQuery(td, js, tx, query);
+
+        json_decref(js);
     }
 
+    js = CreateJSONHeader((Packet *)p, 0, "dns");
+    if (unlikely(js == NULL))
+        return TM_ECODE_OK;
+
     LogAnswers(td, js, tx);
 
     json_decref(js);