Project

General

Profile

Actions

Bug #4190

closed

dnp3: SV tests fail on big endian

Added by Shivani Bhardwaj over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

For test

- filter:
    count: 1
    match:
      dest_ip: 127.0.0.1
      dest_port: 20000
      dnp3.application.complete: true
      dnp3.application.control.con: false
      dnp3.application.control.fin: true
      dnp3.application.control.fir: true
      dnp3.application.control.sequence: 0
      dnp3.application.control.uns: false
      dnp3.application.function_code: 21
      dnp3.application.objects[0].count: 0
      dnp3.application.objects[0].group: 60
      dnp3.application.objects[0].prefix_code: 0
      dnp3.application.objects[0].qualifier: 6
      dnp3.application.objects[0].range_code: 6
      dnp3.application.objects[0].start: 0
      dnp3.application.objects[0].stop: 0
      dnp3.application.objects[0].variation: 2
      dnp3.application.objects[1].count: 0
      dnp3.application.objects[1].group: 60
      dnp3.application.objects[1].prefix_code: 0
      dnp3.application.objects[1].qualifier: 6
      dnp3.application.objects[1].range_code: 6
      dnp3.application.objects[1].start: 0
      dnp3.application.objects[1].stop: 0
      dnp3.application.objects[1].variation: 3
      dnp3.application.objects[2].count: 0
      dnp3.application.objects[2].group: 60
      dnp3.application.objects[2].prefix_code: 0
      dnp3.application.objects[2].qualifier: 6
      dnp3.application.objects[2].range_code: 6
      dnp3.application.objects[2].start: 0
      dnp3.application.objects[2].stop: 0
      dnp3.application.objects[2].variation: 4
      dnp3.control.dir: true
      dnp3.control.fcb: false
      dnp3.control.fcv: false
      dnp3.control.function_code: 4
      dnp3.control.pri: true
      dnp3.dst: 10
      dnp3.src: 1
      dnp3.type: request
      event_type: dnp3
      pcap_cnt: 5
      proto: TCP
      src_ip: 127.0.0.1
      src_port: 59602

big-endian produces
{
  "timestamp": "2015-07-14T17:45:56.279893+0000",
  "flow_id": 1726533011260404,
  "pcap_cnt": 5,
  "event_type": "dnp3",
  "src_ip": "127.0.0.1",
  "src_port": 59602,
  "dest_ip": "127.0.0.1",
  "dest_port": 20000,
  "proto": "TCP",
  "dnp3": {
    "type": "request",
    "control": {
      "dir": true,
      "pri": true,
      "fcb": false,
      "fcv": false,
      "function_code": 4
    },
    "src": 256,
    "dst": 2560,
    "application": {
      "control": {
        "fir": true,
        "fin": true,
        "con": false,
        "uns": false,
        "sequence": 0
      },
      "function_code": 21,
      "objects": [
        {
          "group": 60,
          "variation": 2,
          "qualifier": 6,
          "prefix_code": 0,
          "range_code": 6,
          "start": 0,
          "stop": 0,
          "count": 0
        },
        {
          "group": 60,
          "variation": 3,
          "qualifier": 6,
          "prefix_code": 0,
          "range_code": 6,
          "start": 0,
          "stop": 0,
          "count": 0
        },
        {
          "group": 60,
          "variation": 4,
          "qualifier": 6,
          "prefix_code": 0,
          "range_code": 6,
          "start": 0,
          "stop": 0,
          "count": 0
        }
      ],
      "complete": true
    }
  }
}

Note that at least dnp3.src and dnp3.dst are wrong.


Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4173: dnp3: SV tests fail on big endianClosedJason IshActions
Actions #1

Updated by Shivani Bhardwaj over 3 years ago

  • Copied from Bug #4173: dnp3: SV tests fail on big endian added
Actions #2

Updated by Shivani Bhardwaj over 3 years ago

  • Status changed from Assigned to In Review
  • Label deleted (Needs backport to 4.1, Needs backport to 5.0)
Actions #3

Updated by Victor Julien over 3 years ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF