From 76e011a5ba9ef50b53692bbfeaf25ad28bc96389 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Mon, 23 Nov 2020 12:11:42 -0600 Subject: [PATCH] dnp3: set byte order when logging dnp3 src and dst DNP3 uses little endian on the wire, for the most part this is handled as the messages are deserialize. However, the link header is a cast over raw data, so swap these bytes as they are being logged. Redmine issue: https://redmine.openinfosecfoundation.org/issues/4173 --- src/output-json-dnp3.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/output-json-dnp3.c b/src/output-json-dnp3.c index 0e558bb98d..9292b1387e 100644 --- a/src/output-json-dnp3.c +++ b/src/output-json-dnp3.c @@ -152,8 +152,8 @@ void JsonDNP3LogRequest(JsonBuilder *js, DNP3Transaction *dnp3tx) JsonDNP3LogLinkControl(js, dnp3tx->request_lh.control); jb_close(js); - jb_set_uint(js, "src", dnp3tx->request_lh.src); - jb_set_uint(js, "dst", dnp3tx->request_lh.dst); + jb_set_uint(js, "src", DNP3_SWAP16(dnp3tx->request_lh.src)); + jb_set_uint(js, "dst", DNP3_SWAP16(dnp3tx->request_lh.dst)); jb_open_object(js, "application"); @@ -186,8 +186,8 @@ void JsonDNP3LogResponse(JsonBuilder *js, DNP3Transaction *dnp3tx) JsonDNP3LogLinkControl(js, dnp3tx->response_lh.control); jb_close(js); - jb_set_uint(js, "src", dnp3tx->response_lh.src); - jb_set_uint(js, "dst", dnp3tx->response_lh.dst); + jb_set_uint(js, "src", DNP3_SWAP16(dnp3tx->response_lh.src)); + jb_set_uint(js, "dst", DNP3_SWAP16(dnp3tx->response_lh.dst)); jb_open_object(js, "application"); -- 2.47.2