From f0de1d04a9a9eca4eabf74fba0cf9f60f35fbc1f Mon Sep 17 00:00:00 2001
From: Jason Ish <ish@unx.ca>
Date: Wed, 13 Jul 2016 09:04:15 -0600
Subject: [PATCH] DNP3: Use directional logging.

Instead of waiting for a transaction complete, log the
request as soon as it is completes which will give it a
more accurate timestamp.
---
 src/output-json-dnp3.c | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/src/output-json-dnp3.c b/src/output-json-dnp3.c
index 1ea1c3df87..e726959d48 100644
--- a/src/output-json-dnp3.c
+++ b/src/output-json-dnp3.c
@@ -300,8 +300,8 @@ error:
     return NULL;
 }
 
-static int JsonDNP3Logger(ThreadVars *tv, void *thread_data, const Packet *p,
-    Flow *f, void *state, void *vtx, uint64_t tx_id)
+static int JsonDNP3LoggerToServer(ThreadVars *tv, void *thread_data,
+    const Packet *p, Flow *f, void *state, void *vtx, uint64_t tx_id)
 {
     SCEnter();
     LogDNP3LogThread *thread = (LogDNP3LogThread *)thread_data;
@@ -323,6 +323,18 @@ static int JsonDNP3Logger(ThreadVars *tv, void *thread_data, const Packet *p,
         json_decref(js);
     }
 
+    SCReturnInt(TM_ECODE_OK);
+}
+
+static int JsonDNP3LoggerToClient(ThreadVars *tv, void *thread_data,
+    const Packet *p, Flow *f, void *state, void *vtx, uint64_t tx_id)
+{
+    SCEnter();
+    LogDNP3LogThread *thread = (LogDNP3LogThread *)thread_data;
+    DNP3Transaction *tx = vtx;
+
+    MemBuffer *buffer = (MemBuffer *)thread->buffer;
+
     MemBufferReset(buffer);
     if (tx->has_response && tx->response_done) {
         json_t *js = CreateJSONHeader((Packet *)p, 1, "dnp3");
@@ -417,17 +429,21 @@ static TmEcode JsonDNP3LogThreadDeinit(ThreadVars *t, void *data)
 
 void JsonDNP3LogRegister(void)
 {
-    /* Register as en eve sub-module. */
-    OutputRegisterTxSubModule(LOGGER_JSON_DNP3, "eve-log", "JsonDNP3Log",
-        "eve-log.dnp3", OutputDNP3LogInitSub, ALPROTO_DNP3, JsonDNP3Logger,
-        JsonDNP3LogThreadInit, JsonDNP3LogThreadDeinit, NULL);
+    /* Register direction aware eve sub-modules. */
+    OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_DNP3, "eve-log",
+        "JsonDNP3Log", "eve-log.dnp3", OutputDNP3LogInitSub, ALPROTO_DNP3,
+        JsonDNP3LoggerToServer, 0, 1, JsonDNP3LogThreadInit,
+        JsonDNP3LogThreadDeinit, NULL);
+    OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_DNP3, "eve-log",
+        "JsonDNP3Log", "eve-log.dnp3", OutputDNP3LogInitSub, ALPROTO_DNP3,
+        JsonDNP3LoggerToClient, 1, 1, JsonDNP3LogThreadInit,
+        JsonDNP3LogThreadDeinit, NULL);
 }
 
 #else
 
 void JsonDNP3LogRegister (void)
 {
-    SCLogInfo("Can't init JSON output - JSON support was disabled during build.");
 }
 
 #endif