From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 19 Jun 2020 09:53:16 +0000 (+0200)
Subject: dnp3: probing parser fixes direction based on dnp3 header
X-Git-Tag: suricata-6.0.0-beta1~266
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=629a16e3733dd577822d0c82d2e81cbeb3b9a4d2;p=thirdparty%2Fsuricata.git

dnp3: probing parser fixes direction based on dnp3 header
---

diff --git a/src/app-layer-dnp3.c b/src/app-layer-dnp3.c
index be682bb019..c1ce7898f0 100644
--- a/src/app-layer-dnp3.c
+++ b/src/app-layer-dnp3.c
@@ -298,6 +298,11 @@ static uint16_t DNP3ProbingParser(Flow *f, uint8_t direction,
     }
 
 end:
+    // Test compatibility between direction and dnp3.ctl.direction
+    if ((DNP3_LINK_DIR(hdr->control) != 0) ^
+        ((direction & STREAM_TOCLIENT) != 0)) {
+        *rdir = 1;
+    }
     SCLogDebug("Detected DNP3.");
     return ALPROTO_DNP3;
 }