output: Display ethertype properly

Ethertype values are now converted from network format to host format
before display occurs. Displayed values are now in hex instead of
integers.

Without this change, ethertype values such as 0xfbb7 are
displayed in decimal as: 47099 (0xb7fb).

The actual value is 64439 (0xfbb7); all logged ether_type values
will be displayed in host order in decimal format. This example
will log the ether type as 64439

Issue: 7855
(cherry picked from commit 0af77934100df64c8d050cc162cd133344c19838)

diff --git a/src/output-json.c b/src/output-json.c
index 1e04e13c49dd1e9e67784f57dc112bc546fdac21..a2ebf1e77afe5cb5a45e6c0633d9e71a46e551c6 100644 (file)
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -761,7 +761,7 @@ static int CreateJSONEther(
         if (PacketIsEthernet(p)) {
             const EthernetHdr *ethh = PacketGetEthernet(p);
             SCJbOpenObject(js, "ether");
-            SCJbSetUint(js, "ether_type", ethh->eth_type);
+            SCJbSetUint(js, "ether_type", SCNtohs(ethh->eth_type));
             const uint8_t *src;
             const uint8_t *dst;
             switch (dir) {