From: Tom DeCanio <decanio.tom@gmail.com>
Date: Wed, 2 Apr 2014 01:03:28 +0000 (-0700)
Subject: json: somewhere along the way  IP/port pairs had gotten swapped in
X-Git-Tag: suricata-2.0.1rc1~85
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F915%2Fhead;p=thirdparty%2Fsuricata.git

json: somewhere along the way  IP/port pairs had gotten swapped in
http and ssh eve logs
---

diff --git a/src/output-json-ssh.c b/src/output-json-ssh.c
index 80a81c97fe..14cc7231e6 100644
--- a/src/output-json-ssh.c
+++ b/src/output-json-ssh.c
@@ -88,7 +88,7 @@ static int JsonSshLogger(ThreadVars *tv, void *thread_data, const Packet *p) {
     if (ssh_state->cli_hdr.software_version == NULL || ssh_state->srv_hdr.software_version == NULL)
         goto end;
 
-    json_t *js = CreateJSONHeader((Packet *)p, 0, "ssh");//TODO
+    json_t *js = CreateJSONHeader((Packet *)p, 1, "ssh");//TODO
     if (unlikely(js == NULL))
         goto end;
 
diff --git a/src/output-json.c b/src/output-json.c
index 7c357cebba..b369d03262 100644
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -163,7 +163,7 @@ json_t *CreateJSONHeader(Packet *p, int direction_sensitive, char *event_type)
     srcip[0] = '\0';
     dstip[0] = '\0';
     if (direction_sensitive) {
-        if ((PKT_IS_TOCLIENT(p))) {
+        if ((PKT_IS_TOSERVER(p))) {
             if (PKT_IS_IPV4(p)) {
                 PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
                 PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));