Merge remote-tracking branch 'origin/topic/johanna/bit-1644'

BIT-1644 #merged

* origin/topic/johanna/bit-1644:
  Correct endianness of IP addresses in SNMP.

CHANGES

@@ -1,4 +1,9 @@
 
+2.4-731 | 2016-08-01 08:14:06 -0700
+
+  * Correct endianness of IP addresses in SNMP. Addresses BIT-1644.
+    (Anony Mous)
+
 2.4-729 | 2016-08-01 08:00:54 -0700
 
   * Fix behavior of connection_pending event. It is now really only

VERSION

@@ -1 +1 @@
-2.4-729
+2.4-731

src/analyzer/protocol/snmp/snmp-analyzer.pac

@@ -39,7 +39,7 @@ AddrVal* network_address_to_val(const ASN1Encoding* na)
 
 	const u_char* data = reinterpret_cast<const u_char*>(bs.data());
 	uint32 network_order = extract_uint32(data);
-	return new AddrVal(network_order);
+	return new AddrVal(ntohl(network_order));
 	}
 
 Val* asn1_obj_to_val(const ASN1Encoding* obj)

testing/btest/Baseline/scripts.base.protocols.snmp.snmp-addr/.stdout

@@ -0,0 +1,30 @@
+138.68.0.1
+138.68.14.240
+169.254.169.254
+10.46.0.5
+127.0.0.1
+138.68.10.203
+255.255.0.0
+255.0.0.0
+255.255.240.0
+0.0.0.0
+10.46.0.0
+138.68.0.0
+138.68.0.1
+0.0.0.0
+0.0.0.0
+0.0.0.0
+255.255.0.0
+255.255.240.0
+138.68.0.1
+138.68.14.240
+169.254.169.254
+0.0.0.0
+10.46.0.0
+138.68.0.0
+0.0.0.0
+255.255.0.0
+255.255.240.0
+138.68.0.1
+0.0.0.0
+0.0.0.0

testing/btest/Baseline/scripts.base.protocols.snmp.v1/out4

@@ -3,7 +3,7 @@ snmp_trap
   is_orig: T
   [community=public]
     enterprise:    1.3.6.1.4.1.31337.0
-    agent:         1.0.0.127
+    agent:         127.0.0.1
     generic_trap:  0
     specific_trap: 0
     time_stamp:    0

testing/btest/scripts/base/protocols/snmp/snmp-addr.bro

@@ -0,0 +1,15 @@
+# @TEST-EXEC: bro -C -b -r $TRACES/snmp/snmpwalk-short.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/snmp
+
+event snmp_response(c: connection, is_orig: bool, header: SNMP::Header, pdu: SNMP::PDU) {
+
+	for (i in pdu$bindings) {
+		local binding = pdu$bindings[i];
+
+		if (binding$value?$address)
+			print binding$value$address;
+	}
+
+}