dns: convert dns logger to TX logger API

Make sure to use the new logger TX API. For this the transaction
handling was improved as well.

src/app-layer-dns-common.c

@@ -185,12 +185,20 @@ uint64_t DNSGetTxCnt(void *alstate) {
 
 int DNSGetAlstateProgress(void *tx, uint8_t direction) {
     DNSTransaction *dns_tx = (DNSTransaction *)tx;
-    return dns_tx->replied|dns_tx->reply_lost;
+    if (direction == 1)
+        return dns_tx->replied|dns_tx->reply_lost;
+    else {
+        /* toserver/query is complete if we have stored a query */
+        return (TAILQ_FIRST(&dns_tx->query_list) != NULL);
+    }
 }
 
-/* value for tx->replied value */
+/** \brief get value for 'complete' status in DNS
+ *
+ *  For DNS we use a simple bool.
+ */
 int DNSGetAlstateProgressCompletionStatus(uint8_t direction) {
-    return (direction & STREAM_TOSERVER) ? 0 : 1;
+    return 1;
 }
 
 void DNSSetEvent(DNSState *s, uint8_t e) {

src/log-dnslog.c

@@ -122,8 +122,6 @@ static void LogQuery(LogDnsLogThread *aft, char *timebuf, char *srcip, char *dst
             " [**] %s [**] %s:%" PRIu16 " -> %s:%" PRIu16 "\n",
             record, srcip, sp, dstip, dp);
 
-    aft->dns_cnt++;
-
     SCMutexLock(&hlog->file_ctx->fp_mutex);
     (void)MemBufferPrintToFPAsString(aft->buffer, hlog->file_ctx->fp);
     fflush(hlog->file_ctx->fp);
@@ -184,47 +182,27 @@ static void LogAnswer(LogDnsLogThread *aft, char *timebuf, char *srcip, char *ds
             " [**] %s:%" PRIu16 " -> %s:%" PRIu16 "\n",
             srcip, sp, dstip, dp);
 
-    aft->dns_cnt++;
-
     SCMutexLock(&hlog->file_ctx->fp_mutex);
     (void)MemBufferPrintToFPAsString(aft->buffer, hlog->file_ctx->fp);
     fflush(hlog->file_ctx->fp);
     SCMutexUnlock(&hlog->file_ctx->fp_mutex);
 }
 
-static TmEcode LogDnsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
+static int LogDnsLogger(ThreadVars *tv, void *data, const Packet *p, Flow *f,
-                            PacketQueue *postpq, int ipproto)
+    void *state, void *tx, uint64_t tx_id)
 {
-    SCEnter();
-
     LogDnsLogThread *aft = (LogDnsLogThread *)data;
+    DNSTransaction *dns_tx = (DNSTransaction *)tx;
+    SCLogDebug("pcap_cnt %ju", p->pcap_cnt);
     char timebuf[64];
-
-    /* no flow, no htp state */
-    if (p->flow == NULL) {
-        SCLogDebug("no flow");
-        SCReturnInt(TM_ECODE_OK);
-    }
-
-    /* check if we have DNS state or not */
-    FLOWLOCK_WRLOCK(p->flow); /* WRITE lock before we updated flow logged id */
-    if (FlowGetAppProtocol(p->flow) != ALPROTO_DNS) {
-        SCLogDebug("proto not ALPROTO_DNS_UDP: %u", FlowGetAppProtocol(p->flow));
-        goto end;
-    }
-
-    DNSState *dns_state = (DNSState *)FlowGetAppState(p->flow);
-    if (dns_state == NULL) {
-        SCLogDebug("no dns state, so no request logging");
-        goto end;
-    }
-
-    uint64_t total_txs = AppLayerParserGetTxCnt(p->flow->proto, ALPROTO_DNS, dns_state);
-    uint64_t tx_id = AppLayerParserGetTransactionLogId(p->flow->alparser);
-
-    SCLogDebug("pcap_cnt %"PRIu64, p->pcap_cnt);
     CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
 
+    int ipproto = 0;
+    if (PKT_IS_IPV4(p))
+        ipproto = AF_INET;
+    else if (PKT_IS_IPV6(p))
+        ipproto = AF_INET6;
+
     char srcip[46], dstip[46];
     Port sp, dp;
     if ((PKT_IS_TOCLIENT(p))) {
@@ -258,91 +236,30 @@ static TmEcode LogDnsLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQ
         sp = p->dp;
         dp = p->sp;
     }
-#if QUERY
-    if (PKT_IS_TOSERVER(p)) {
-        DNSTransaction *tx = NULL;
-        TAILQ_FOREACH(tx, &dns_state->tx_list, next) {
-            DNSQueryEntry *entry = NULL;
-            TAILQ_FOREACH(entry, &tx->query_list, next) {
-                LogQuery(aft, timebuf, srcip, dstip, sp, dp, tx, entry);
-            }
-        }
-    } else
-#endif
-
-    DNSTransaction *tx = NULL;
-    for (; tx_id < total_txs; tx_id++)
-    {
-        tx = AppLayerParserGetTx(p->flow->proto, ALPROTO_DNS, dns_state, tx_id);
-        if (tx == NULL)
-            continue;
-
-        /* only consider toserver logging if tx has reply lost set */
-        if (PKT_IS_TOSERVER(p) && tx->reply_lost == 0)
-            continue;
-
-        DNSQueryEntry *query = NULL;
-        TAILQ_FOREACH(query, &tx->query_list, next) {
-            LogQuery(aft, timebuf, dstip, srcip, dp, sp, tx, query);
-        }
 
-        if (tx->no_such_name)
+    DNSQueryEntry *query = NULL;
-            LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, NULL);
+    TAILQ_FOREACH(query, &dns_tx->query_list, next) {
-        if (tx->recursion_desired)
+        LogQuery(aft, timebuf, dstip, srcip, dp, sp, dns_tx, query);
-            LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, NULL);
-
-        DNSAnswerEntry *entry = NULL;
-        TAILQ_FOREACH(entry, &tx->answer_list, next) {
-            LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, entry);
-        }
-
-        entry = NULL;
-        TAILQ_FOREACH(entry, &tx->authority_list, next) {
-            LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, entry);
-        }
-
-        SCLogDebug("calling AppLayerTransactionUpdateLoggedId");
-        AppLayerParserSetTransactionLogId(p->flow->alparser);
     }
 
-end:
+    if (dns_tx->no_such_name)
-    FLOWLOCK_UNLOCK(p->flow);
+        LogAnswer(aft, timebuf, srcip, dstip, sp, dp, dns_tx, NULL);
-    SCReturnInt(TM_ECODE_OK);
+    if (dns_tx->recursion_desired)
-}
+        LogAnswer(aft, timebuf, srcip, dstip, sp, dp, dns_tx, NULL);
-
-static TmEcode LogDnsLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
-{
-    return LogDnsLogIPWrapper(tv, p, data, pq, postpq, AF_INET);
-}
-
-static TmEcode LogDnsLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
-{
-    return LogDnsLogIPWrapper(tv, p, data, pq, postpq, AF_INET6);
-}
-
-TmEcode LogDnsLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
-{
-    SCEnter();
-
-    SCLogDebug("pcap_cnt %"PRIu64, p->pcap_cnt);
-    /* no flow, no htp state */
-    if (p->flow == NULL) {
-        SCReturnInt(TM_ECODE_OK);
-    }
 
-    if (!(PKT_IS_UDP(p)) && !(PKT_IS_TCP(p))) {
+    DNSAnswerEntry *entry = NULL;
-        SCReturnInt(TM_ECODE_OK);
+    TAILQ_FOREACH(entry, &dns_tx->answer_list, next) {
+        LogAnswer(aft, timebuf, srcip, dstip, sp, dp, dns_tx, entry);
     }
 
-    if (PKT_IS_IPV4(p)) {
+    entry = NULL;
-        int r  = LogDnsLogIPv4(tv, p, data, pq, postpq);
+    TAILQ_FOREACH(entry, &dns_tx->authority_list, next) {
-        SCReturnInt(r);
+        LogAnswer(aft, timebuf, srcip, dstip, sp, dp, dns_tx, entry);
-    } else if (PKT_IS_IPV6(p)) {
-        int r  = LogDnsLogIPv6(tv, p, data, pq, postpq);
-        SCReturnInt(r);
     }
 
-    SCReturnInt(TM_ECODE_OK);
+    aft->dns_cnt++;
+end:
+    return 0;
 }
 
 static TmEcode LogDnsLogThreadInit(ThreadVars *t, void *initdata, void **data)
@@ -393,7 +310,7 @@ static void LogDnsLogExitPrintStats(ThreadVars *tv, void *data) {
         return;
     }
 
-    SCLogInfo("DNS logger logged %" PRIu32 " requests", aft->dns_cnt);
+    SCLogInfo("DNS logger logged %" PRIu32 " transactions", aft->dns_cnt);
 }
 
 static void LogDnsLogDeInitCtx(OutputCtx *output_ctx)
@@ -452,13 +369,13 @@ static OutputCtx *LogDnsLogInitCtx(ConfNode *conf)
 void TmModuleLogDnsLogRegister (void) {
     tmm_modules[TMM_LOGDNSLOG].name = MODULE_NAME;
     tmm_modules[TMM_LOGDNSLOG].ThreadInit = LogDnsLogThreadInit;
-    tmm_modules[TMM_LOGDNSLOG].Func = LogDnsLog;
     tmm_modules[TMM_LOGDNSLOG].ThreadExitPrintStats = LogDnsLogExitPrintStats;
     tmm_modules[TMM_LOGDNSLOG].ThreadDeinit = LogDnsLogThreadDeinit;
     tmm_modules[TMM_LOGDNSLOG].RegisterTests = NULL;
     tmm_modules[TMM_LOGDNSLOG].cap_flags = 0;
 
-    OutputRegisterModule(MODULE_NAME, "dns-log", LogDnsLogInitCtx);
+    OutputRegisterTxModule(MODULE_NAME, "dns-log", LogDnsLogInitCtx,
+            ALPROTO_DNS, LogDnsLogger);
 
     /* enable the logger for the app layer */
     SCLogDebug("registered %s", MODULE_NAME);