From: Jason Ish Date: Mon, 23 Nov 2020 18:11:42 +0000 (-0600) Subject: dnp3: set byte order when logging dnp3 src and dst X-Git-Tag: suricata-6.0.1~40 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76e011a5ba9ef50b53692bbfeaf25ad28bc96389;p=thirdparty%2Fsuricata.git dnp3: set byte order when logging dnp3 src and dst DNP3 uses little endian on the wire, for the most part this is handled as the messages are deserialize. However, the link header is a cast over raw data, so swap these bytes as they are being logged. Redmine issue: https://redmine.openinfosecfoundation.org/issues/4173 --- diff --git a/src/output-json-dnp3.c b/src/output-json-dnp3.c index 0e558bb98d..9292b1387e 100644 --- a/src/output-json-dnp3.c +++ b/src/output-json-dnp3.c @@ -152,8 +152,8 @@ void JsonDNP3LogRequest(JsonBuilder *js, DNP3Transaction *dnp3tx) JsonDNP3LogLinkControl(js, dnp3tx->request_lh.control); jb_close(js); - jb_set_uint(js, "src", dnp3tx->request_lh.src); - jb_set_uint(js, "dst", dnp3tx->request_lh.dst); + jb_set_uint(js, "src", DNP3_SWAP16(dnp3tx->request_lh.src)); + jb_set_uint(js, "dst", DNP3_SWAP16(dnp3tx->request_lh.dst)); jb_open_object(js, "application"); @@ -186,8 +186,8 @@ void JsonDNP3LogResponse(JsonBuilder *js, DNP3Transaction *dnp3tx) JsonDNP3LogLinkControl(js, dnp3tx->response_lh.control); jb_close(js); - jb_set_uint(js, "src", dnp3tx->response_lh.src); - jb_set_uint(js, "dst", dnp3tx->response_lh.dst); + jb_set_uint(js, "src", DNP3_SWAP16(dnp3tx->response_lh.src)); + jb_set_uint(js, "dst", DNP3_SWAP16(dnp3tx->response_lh.dst)); jb_open_object(js, "application");