I'm working from latest git. It seems that dns.bro is only logging to the DNS log on connection_state_remove().
dns$ready is never set to T .. what is the following if supposed to be doing? dns$total answers == 0 here.
if ( c$dns?$answers && c$dns?$total_answers &&
>c$dns$answers| == c$dns$total_answers )
{
add c$dns_state$finished_answers[c$dns$trans_id];
# Indicate this request/reply pair is ready to be logged.
c$dns$ready = T;
}
}
Cheers,
Matt
I think I figured it out.
if ( ! c$dns?$total_answers )
c$dns$total_answers = msg$num_answers;
That sets total_answers if the total_answers field does not exist (?$). It does exist with a default of 0, so the field was never set. Removing this if statement results in c$dns$ready becoming true.
I noticed this because the following wasn't working in my local scripts
event DNS::do_reply(c: connection, msg: dns_msg, ans: dns_answer, reply: string) &priority=4
{
if ( c$dns$ready )
{
print "DNS!";
}
}
Cheers,
Matt
Good catch, thanks! I'll fix it in fastpath.
I'm actually going to fix it slightly differently though by setting the field to be &optional which seems to be what I had in mind in the first place.
Thanks again,
.Seth