eve: src and dst mixed up in some cases
It seems that in some cases the src and dst ip and ports and in the reverse order.
Updated by Christophe Vandeplas over 8 years ago
Here's my analysis and remarks with the different event_types and the patch from https://github.com/inliniac/suricata/pull/915
http - src/dst switched => Patch OK
http - length = is this the size from client to server or from server to client? What with the other one ? In HTTP POST (for example) it's important to know client-to-server.
fileinfo - toserver - probably not needed => probably out of scope, or otherwise content type must be decoded to be of any use
fileinfo - toclient - src/dst switched => Patch OK
dns - type:query - src/dst switched => Patch OK
dns - type:answer - src/dst correct => Patch ERROR