From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 23 Nov 2020 18:11:42 +0000 (-0600)
Subject: dnp3: set byte order when logging dnp3 src and dst
X-Git-Tag: suricata-5.0.5~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=56e1176e51e1dbdf32fe16e1d157fcca803fe6c8;p=thirdparty%2Fsuricata.git

dnp3: set byte order when logging dnp3 src and dst

DNP3 uses little endian on the wire, for the most part this
is handled as the messages are deserialize. However, the link
header is a cast over raw data, so swap these bytes as they
are being logged.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4173

(cherry picked from commit 76e011a5ba9ef50b53692bbfeaf25ad28bc96389)
---

diff --git a/src/output-json-dnp3.c b/src/output-json-dnp3.c
index dfa6ba054b..b24320f36a 100644
--- a/src/output-json-dnp3.c
+++ b/src/output-json-dnp3.c
@@ -209,8 +209,8 @@ json_t *JsonDNP3LogRequest(DNP3Transaction *dnp3tx)
         json_object_set_new(dnp3js, "control", lcjs);
     }
 
-    json_object_set_new(dnp3js, "src", json_integer(dnp3tx->request_lh.src));
-    json_object_set_new(dnp3js, "dst", json_integer(dnp3tx->request_lh.dst));
+    json_object_set_new(dnp3js, "src", json_integer(DNP3_SWAP16(dnp3tx->request_lh.src)));
+    json_object_set_new(dnp3js, "dst", json_integer(DNP3_SWAP16(dnp3tx->request_lh.dst)));
 
     /* DNP3 application layer. */
     json_t *al = json_object();
@@ -260,8 +260,8 @@ json_t *JsonDNP3LogResponse(DNP3Transaction *dnp3tx)
         json_object_set_new(dnp3js, "control", lcjs);
     }
 
-    json_object_set_new(dnp3js, "src", json_integer(dnp3tx->response_lh.src));
-    json_object_set_new(dnp3js, "dst", json_integer(dnp3tx->response_lh.dst));
+    json_object_set_new(dnp3js, "src", json_integer(DNP3_SWAP16(dnp3tx->response_lh.src)));
+    json_object_set_new(dnp3js, "dst", json_integer(DNP3_SWAP16(dnp3tx->response_lh.dst)));
 
     /* DNP3 application layer. */
     json_t *al = json_object();