From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 19 Jun 2020 09:53:16 +0000 (+0200)
Subject: dnp3: probing parser fixes direction based on dnp3 header
X-Git-Tag: suricata-5.0.4~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=984cc14fce5076a4ad854d1d5b880b327314f8ec;p=thirdparty%2Fsuricata.git

dnp3: probing parser fixes direction based on dnp3 header

(cherry picked from commit 629a16e3733dd577822d0c82d2e81cbeb3b9a4d2)
---

diff --git a/src/app-layer-dnp3.c b/src/app-layer-dnp3.c
index cd50972fec..2e764cc46c 100644
--- a/src/app-layer-dnp3.c
+++ b/src/app-layer-dnp3.c
@@ -295,6 +295,11 @@ static uint16_t DNP3ProbingParser(Flow *f, uint8_t direction,
     }
 
 end:
+    // Test compatibility between direction and dnp3.ctl.direction
+    if ((DNP3_LINK_DIR(hdr->control) != 0) ^
+        ((direction & STREAM_TOCLIENT) != 0)) {
+        *rdir = 1;
+    }
     SCLogDebug("Detected DNP3.");
     return ALPROTO_DNP3;
 }