dnp3: probing parser fixes direction based on dnp3 header

author Philippe Antoine <contact@catenacyber.fr>

Fri, 19 Jun 2020 09:53:16 +0000 (11:53 +0200)

committer Victor Julien <victor@inliniac.net>

Mon, 13 Jul 2020 13:39:04 +0000 (15:39 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Fri, 19 Jun 2020 09:53:16 +0000 (11:53 +0200)
committer Victor Julien <victor@inliniac.net>
Mon, 13 Jul 2020 13:39:04 +0000 (15:39 +0200)
diff --git a/src/app-layer-dnp3.c b/src/app-layer-dnp3.c

index cd50972fec05c2f038b75732237f264c47df65ac..2e764cc46c57795533854cec08620a8efa4905b2 100644 (file)
--- a/src/app-layer-dnp3.c
+++ b/src/app-layer-dnp3.c
@@ -295,6 +295,11 @@ static uint16_t DNP3ProbingParser(Flow *f, uint8_t direction,
      }
  
  end:
+    // Test compatibility between direction and dnp3.ctl.direction
+    if ((DNP3_LINK_DIR(hdr->control) != 0) ^
+        ((direction & STREAM_TOCLIENT) != 0)) {
+        *rdir = 1;
+    }
      SCLogDebug("Detected DNP3.");
      return ALPROTO_DNP3;
  }
author	Philippe Antoine <contact@catenacyber.fr>
	Fri, 19 Jun 2020 09:53:16 +0000 (11:53 +0200)
committer	Victor Julien <victor@inliniac.net>
	Mon, 13 Jul 2020 13:39:04 +0000 (15:39 +0200)