From: Ilya Bakhtin <ilya.bakhtin@gmail.com>
Date: Tue, 25 Aug 2020 13:16:40 +0000 (+0200)
Subject: dnp3: test of dnp3 flow direction fix
X-Git-Tag: suricata-6.0.4~228
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ee61e68f5e1138a025f6f7daa4e17634b0ccb4f;p=thirdparty%2Fsuricata-verify.git

dnp3: test of dnp3 flow direction fix
---

diff --git a/tests/dnp3-midstream-confirm/README.md b/tests/dnp3-midstream-confirm/README.md
deleted file mode 100644
index 8330de065..000000000
--- a/tests/dnp3-midstream-confirm/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Description
-
-Test DNP3 probing parser direction when starting midstream
-
-# PCAP
-
-The pcap is a simple packet DNP3 confirm (answer from server)
diff --git a/tests/dnp3-midstream-confirm/dnp3_confirm.pcap b/tests/dnp3-midstream-confirm/dnp3_confirm.pcap
deleted file mode 100644
index 3dcf39d3d..000000000
Binary files a/tests/dnp3-midstream-confirm/dnp3_confirm.pcap and /dev/null differ
diff --git a/tests/dnp3-toclient-start/README.md b/tests/dnp3-toclient-start/README.md
new file mode 100644
index 000000000..8aaae5e0a
--- /dev/null
+++ b/tests/dnp3-toclient-start/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test DNP3 probing parser direction when starting to client from midstream
+
+# PCAP
+
+The pcap is a sequence of 5 packets starting from to client direction
diff --git a/tests/dnp3-toclient-start/dnp3_toclient_start.pcap b/tests/dnp3-toclient-start/dnp3_toclient_start.pcap
new file mode 100644
index 000000000..449b0452a
Binary files /dev/null and b/tests/dnp3-toclient-start/dnp3_toclient_start.pcap differ
diff --git a/tests/dnp3-midstream-confirm/test.yaml b/tests/dnp3-toclient-start/test.yaml
similarity index 78%
rename from tests/dnp3-midstream-confirm/test.yaml
rename to tests/dnp3-toclient-start/test.yaml
index 7089cb101..0643cd1a4 100644
--- a/tests/dnp3-midstream-confirm/test.yaml
+++ b/tests/dnp3-toclient-start/test.yaml
@@ -13,4 +13,6 @@ checks:
       match:
         event_type: flow
         app_proto: dnp3
-        flow.pkts_toclient: 1
+        flow.pkts_toserver: 2
+        flow.pkts_toclient: 3
+        dest_port: 20000