Added by Victor Julien about 12 years ago. Updated about 12 years ago.
Description
It seems that in some cases the src and dst ip and ports and in the reverse order.
Here's my analysis and remarks with the different event_types and the patch from https://github.com/inliniac/suricata/pull/915
http - src/dst switched => Patch OK
http - length = is this the size from client to server or from server to client? What with the other one ? In HTTP POST (for example) it's important to know client-to-server.
fileinfo - toserver - probably not needed => probably out of scope, or otherwise content type must be decoded to be of any use
fileinfo - toclient - src/dst switched => Patch OK
dns - type:query - src/dst switched => Patch OK
dns - type:answer - src/dst correct => Patch ERROR