dnp3: probing parser fixes direction based on dnp3 header

author Philippe Antoine <contact@catenacyber.fr>

Fri, 19 Jun 2020 09:53:16 +0000 (11:53 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 7 Jul 2020 08:41:02 +0000 (10:41 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Fri, 19 Jun 2020 09:53:16 +0000 (11:53 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 7 Jul 2020 08:41:02 +0000 (10:41 +0200)
diff --git a/src/app-layer-dnp3.c b/src/app-layer-dnp3.c

index be682bb0194c5cab4958d9b87672927323554f8b..c1ce7898f062637165c774b3f044ce15555b84e6 100644 (file)
--- a/src/app-layer-dnp3.c
+++ b/src/app-layer-dnp3.c
@@ -298,6 +298,11 @@ static uint16_t DNP3ProbingParser(Flow *f, uint8_t direction,
      }
  
  end:
+    // Test compatibility between direction and dnp3.ctl.direction
+    if ((DNP3_LINK_DIR(hdr->control) != 0) ^
+        ((direction & STREAM_TOCLIENT) != 0)) {
+        *rdir = 1;
+    }
      SCLogDebug("Detected DNP3.");
      return ALPROTO_DNP3;
  }
author	Philippe Antoine <contact@catenacyber.fr>
	Fri, 19 Jun 2020 09:53:16 +0000 (11:53 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 7 Jul 2020 08:41:02 +0000 (10:41 +0200)