Suricata

Via a small PCAP file, consisting of some request and response modbus packets, I'm sending an invalid length request modbus packet. I have added logging to ModbusSetEvent() and see it being logged only once as below. I have also added logging for the four spots in app-layer-modbus.c where it detects an INVALID_LENGTH. I see it being logged only once as below. This is consistent with the packets in the PCAP file I play.
[17118] 7/10/2015 -- 12:17:11 - (app-layer-modbus.c:184) <Debug>(ModbusSetEvent) -- ModbusSetEvent
[17118] 7/10/2015 -- 12:17:11 - (app-layer-modbus.c:474) <Debug> (ModbusCheckHeader) -- INVALID LENGTH length=1025

However I always see two alerts in fast.log as follows:
11/23/2011-07:43:30.842526 [**] [1:2250003:1] SURICATA Modbus invalid Length[**][Classification: (null)] [Priority: 3] {TCP} 192.168.1.1:47762 -> 192.168.1.2:502
11/23/2011-07:43:30.842526 [**] [1:2250003:1] SURICATA Modbus invalid Length[**][Classification: (null)] [Priority: 3] {TCP} 192.168.1.2:502 -> 192.168.1.1:47762
The first alert corresponds to the invalid length request modbus packet. The second alert is spurious; it corresponds to a response modbus packet and should not be generated.