aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dnp3: set byte order when logging dnp3 src and dst

Browse Source 
DNP3 uses little endian on the wire, for the most part this
is handled as the messages are deserialize. However, the link
header is a cast over raw data, so swap these bytes as they
are being logged.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4173
pull/5594/head
Jason Ish 4 years ago
parent 75c0f9bd0a
commit 76e011a5ba
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File

8
src/output-json-dnp3.c
Unescape Escape View File

@ -152,8 +152,8 @@ void JsonDNP3LogRequest(JsonBuilder *js, DNP3Transaction *dnp3tx)
JsonDNP3LogLinkControl(js, dnp3tx->request_lh.control);
jb_close(js);
jb_set_uint(js, "src", dnp3tx->request_lh.src);
jb_set_uint(js, "dst", dnp3tx->request_lh.dst);
jb_set_uint(js, "src", DNP3_SWAP16(dnp3tx->request_lh.src));
jb_set_uint(js, "dst", DNP3_SWAP16(dnp3tx->request_lh.dst));
jb_open_object(js, "application");
@ -186,8 +186,8 @@ void JsonDNP3LogResponse(JsonBuilder *js, DNP3Transaction *dnp3tx)
JsonDNP3LogLinkControl(js, dnp3tx->response_lh.control);
jb_close(js);
jb_set_uint(js, "src", dnp3tx->response_lh.src);
jb_set_uint(js, "dst", dnp3tx->response_lh.dst);
jb_set_uint(js, "src", DNP3_SWAP16(dnp3tx->response_lh.src));
jb_set_uint(js, "dst", DNP3_SWAP16(dnp3tx->response_lh.dst));
jb_open_object(js, "application");

Write Preview
Loading…
Cancel
Save