diff --git a/scripts/base/protocols/conn/main.zeek b/scripts/base/protocols/conn/main.zeek
index f948b440c5..7c80c4b0bb 100644
--- a/scripts/base/protocols/conn/main.zeek
+++ b/scripts/base/protocols/conn/main.zeek
@@ -243,26 +243,31 @@ function conn_state(c: connection, trans: transport_proto): string
 ## Fill out the c$conn record for logging
 function set_conn(c: connection, eoc: bool)
 	{
-	if ( ! c?$conn )
-		{
-		local p = get_port_transport_proto(c$id$resp_p);
-		c$conn = Info($ts=c$start_time, $uid=c$uid, $proto=p);
-		}
+	if ( ! eoc ) {
+		if ( ! c?$conn )
+			{
+			local p = get_port_transport_proto(c$id$resp_p);
+			c$conn = Info($ts=c$start_time, $uid=c$uid, $proto=p);
+			}
 
-	c$conn$id=c$id;
-	if ( c?$tunnel && |c$tunnel| > 0 )
-		{
-		if ( ! c$conn?$tunnel_parents )
-			c$conn$tunnel_parents = set();
-		add c$conn$tunnel_parents[c$tunnel[|c$tunnel|-1]$uid];
-		}
-	if( |Site::local_nets| > 0 )
-		{
-		c$conn$local_orig=Site::is_local_addr(c$id$orig_h);
-		c$conn$local_resp=Site::is_local_addr(c$id$resp_h);
-		}
+		c$conn$id=c$id;
+		if ( c?$tunnel && |c$tunnel| > 0 )
+			{
+			if ( ! c$conn?$tunnel_parents )
+				c$conn$tunnel_parents = set();
+			add c$conn$tunnel_parents[c$tunnel[|c$tunnel|-1]$uid];
+			}
 
-	if ( eoc )
+		if ( c$id$proto != 65535 )
+			c$conn$ip_proto = c$id$proto;
+
+		if( |Site::local_nets| > 0 )
+			{
+			c$conn$local_orig = Site::is_local_addr(c$id$orig_h);
+			c$conn$local_resp = Site::is_local_addr(c$id$resp_h);
+			}
+		}
+	else
 		{
 		if ( c$duration > 0secs )
 			{
@@ -288,9 +293,6 @@ function set_conn(c: connection, eoc: bool)
 		if ( c$history != "" )
 			c$conn$history=c$history;
 		}
-
-	if ( c$id$proto != 65535 )
-		c$conn$ip_proto = c$id$proto;
 	}
 
 event content_gap(c: connection, is_orig: bool, seq: count, length: count) &priority=5
@@ -314,6 +316,16 @@ event new_connection(c: connection) &priority=100
 	set_conn(c, F);
 	}
 
+event connection_flipped(c: connection) &priority=5
+	{
+	# otherwise, set-conn has not been called yet. In that case we don't have to do anything
+	if ( c?$conn )
+		{
+		c$conn$local_orig = Site::is_local_addr(c$id$orig_h);
+		c$conn$local_resp = Site::is_local_addr(c$id$resp_h);
+		}
+	}
+
 event connection_state_remove(c: connection) &priority=5
 	{
 	set_conn(c, T);
diff --git a/testing/btest/Baseline/core.history-flip/conn.log b/testing/btest/Baseline/core.history-flip/conn.log
index 26f8b8917f..89713442ea 100644
--- a/testing/btest/Baseline/core.history-flip/conn.log
+++ b/testing/btest/Baseline/core.history-flip/conn.log
@@ -7,5 +7,5 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents	ip_proto	orig_l2_addr	resp_l2_addr
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]	count	string	string
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.42.64.125	56730	125.190.109.199	80	tcp	http	1.550793	98	9417	SF	F	F	0	^hADdFaf	11	670	10	9945	-	6	00:d0:03:3b:f4:00	00:b0:c2:86:ec:00
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.42.64.125	56730	125.190.109.199	80	tcp	http	1.550793	98	9417	SF	F	T	0	^hADdFaf	11	670	10	9945	-	6	00:d0:03:3b:f4:00	00:b0:c2:86:ec:00
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/core.local-flip/conn.log b/testing/btest/Baseline/core.local-flip/conn.log
new file mode 100644
index 0000000000..dc8990428d
--- /dev/null
+++ b/testing/btest/Baseline/core.local-flip/conn.log
@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents	ip_proto	orig_l2_addr	resp_l2_addr
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]	count	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	1080	44.1.1.1	8000	tcp	http	0.020403	5958	182	SF	T	F	0	^hADadFf	10	6486	9	650	-	6	-	-
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index 69a2c34488..49ea442278 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -3295,8 +3295,6 @@ XXXXXXXXXX.XXXXXX   MetaHookPost  CallFunction(HTTP::get_file_handle, <frame>, (
 XXXXXXXXXX.XXXXXX   MetaHookPost  CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>, ip_proto=6])) -> <no result>
 XXXXXXXXXX.XXXXXX   MetaHookPost  CallFunction(Log::log_stream_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>, ip_proto=6], Conn::LOG)) -> <no result>
 XXXXXXXXXX.XXXXXX   MetaHookPost  CallFunction(Log::write, <frame>, (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>, ip_proto=6])) -> <no result>
-XXXXXXXXXX.XXXXXX   MetaHookPost  CallFunction(Site::is_local_addr, <frame>, (141.142.228.5)) -> <no result>
-XXXXXXXXXX.XXXXXX   MetaHookPost  CallFunction(Site::is_local_addr, <frame>, (192.150.187.43)) -> <no result>
 XXXXXXXXXX.XXXXXX   MetaHookPost  CallFunction(cat, ..., ...) -> <no result>
 XXXXXXXXXX.XXXXXX   MetaHookPost  CallFunction(connection_state_remove, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, service_violation={}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=<uninitialized>, local_orig=F, local_resp=F, missed_bytes=0, history=<uninitialized>, orig_pkts=<uninitialized>, orig_ip_bytes=<uninitialized>, resp_pkts=<uninitialized>, resp_ip_bytes=<uninitialized>, tunnel_parents=<uninitialized>, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=<uninitialized>, resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]])) -> <no result>
 XXXXXXXXXX.XXXXXX   MetaHookPost  CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp)) -> <no result>
@@ -3326,8 +3324,6 @@ XXXXXXXXXX.XXXXXX   MetaHookPre   CallFunction(HTTP::get_file_handle, <frame>, (
 XXXXXXXXXX.XXXXXX   MetaHookPre   CallFunction(Log::__write, <frame>, (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>, ip_proto=6]))
 XXXXXXXXXX.XXXXXX   MetaHookPre   CallFunction(Log::log_stream_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>, ip_proto=6], Conn::LOG))
 XXXXXXXXXX.XXXXXX   MetaHookPre   CallFunction(Log::write, <frame>, (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>, ip_proto=6]))
-XXXXXXXXXX.XXXXXX   MetaHookPre   CallFunction(Site::is_local_addr, <frame>, (141.142.228.5))
-XXXXXXXXXX.XXXXXX   MetaHookPre   CallFunction(Site::is_local_addr, <frame>, (192.150.187.43))
 XXXXXXXXXX.XXXXXX   MetaHookPre   CallFunction(cat, ..., ...)
 XXXXXXXXXX.XXXXXX   MetaHookPre   CallFunction(connection_state_remove, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, service_violation={}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=<uninitialized>, local_orig=F, local_resp=F, missed_bytes=0, history=<uninitialized>, orig_pkts=<uninitialized>, orig_ip_bytes=<uninitialized>, resp_pkts=<uninitialized>, resp_ip_bytes=<uninitialized>, tunnel_parents=<uninitialized>, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=<uninitialized>, resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]]))
 XXXXXXXXXX.XXXXXX   MetaHookPre   CallFunction(fmt, <frame>, (%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp))
@@ -3358,8 +3354,6 @@ XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.2
 XXXXXXXXXX.XXXXXX | HookCallFunction Log::__write(Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>, ip_proto=6])
 XXXXXXXXXX.XXXXXX | HookCallFunction Log::log_stream_policy([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>, ip_proto=6], Conn::LOG)
 XXXXXXXXXX.XXXXXX | HookCallFunction Log::write(Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>, ip_proto=6])
-XXXXXXXXXX.XXXXXX | HookCallFunction Site::is_local_addr(141.142.228.5)
-XXXXXXXXXX.XXXXXX | HookCallFunction Site::is_local_addr(192.150.187.43)
 XXXXXXXXXX.XXXXXX | HookCallFunction cat(...)
 XXXXXXXXXX.XXXXXX | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, service_violation={}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=<uninitialized>, local_orig=F, local_resp=F, missed_bytes=0, history=<uninitialized>, orig_pkts=<uninitialized>, orig_ip_bytes=<uninitialized>, resp_pkts=<uninitialized>, resp_ip_bytes=<uninitialized>, tunnel_parents=<uninitialized>, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=<uninitialized>, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, tags={}, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=<uninitialized>, resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]])
 XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp)
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.flip-content-line-orig/conn.log.cut b/testing/btest/Baseline/scripts.base.protocols.http.flip-content-line-orig/conn.log.cut
index 197f268773..f96e63943c 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.flip-content-line-orig/conn.log.cut
+++ b/testing/btest/Baseline/scripts.base.protocols.http.flip-content-line-orig/conn.log.cut
@@ -1,3 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 id.orig_h	id.orig_p	id.resp_h	id.resp_p	history	service
-127.0.0.1	1080	127.0.0.1	8000	^hADadFf	http
+127.0.0.1	1080	44.1.1.1	8000	^hADadFf	http
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.flip-content-line-orig/files.log.cut b/testing/btest/Baseline/scripts.base.protocols.http.flip-content-line-orig/files.log.cut
index b0788b8a39..11b1881967 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.flip-content-line-orig/files.log.cut
+++ b/testing/btest/Baseline/scripts.base.protocols.http.flip-content-line-orig/files.log.cut
@@ -1,4 +1,4 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 id.orig_h	id.orig_p	id.resp_h	id.resp_p	analyzers	mime_type	sha1
-127.0.0.1	1080	127.0.0.1	8000	SHA1	image/png	1991cedee47909e324ac1b8bee2020d5690891e1
-127.0.0.1	1080	127.0.0.1	8000	SHA1	text/json	eae909a9c2827d827ef30a6675a6388770ddc88d
+127.0.0.1	1080	44.1.1.1	8000	SHA1	image/png	1991cedee47909e324ac1b8bee2020d5690891e1
+127.0.0.1	1080	44.1.1.1	8000	SHA1	text/json	eae909a9c2827d827ef30a6675a6388770ddc88d
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.flip-content-line-orig/http.log.cut b/testing/btest/Baseline/scripts.base.protocols.http.flip-content-line-orig/http.log.cut
index a8665ed118..0cb8892469 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.flip-content-line-orig/http.log.cut
+++ b/testing/btest/Baseline/scripts.base.protocols.http.flip-content-line-orig/http.log.cut
@@ -1,3 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 id.orig_h	id.orig_p	id.resp_h	id.resp_p	host	method	uri	version	user_agent	status_code	status_msg
-127.0.0.1	1080	127.0.0.1	8000	localhost:8000	POST	/	1.1	curl/7.81.0	200	OK
+127.0.0.1	1080	44.1.1.1	8000	localhost:8000	POST	/	1.1	curl/7.81.0	200	OK
diff --git a/testing/btest/Traces/http/zeek-image-post-1080-8000-x.pcap b/testing/btest/Traces/http/zeek-image-post-1080-8000-x.pcap
index 184888de8c..d0947b39c7 100644
Binary files a/testing/btest/Traces/http/zeek-image-post-1080-8000-x.pcap and b/testing/btest/Traces/http/zeek-image-post-1080-8000-x.pcap differ
diff --git a/testing/btest/core/history-flip.zeek b/testing/btest/core/history-flip.zeek
index b14c3671c0..9020e60694 100644
--- a/testing/btest/core/history-flip.zeek
+++ b/testing/btest/core/history-flip.zeek
@@ -1,5 +1,8 @@
+# @TEST-DOC: Check that connection flip appears in history. Also check that local-orig is flipped correctly.
 # @TEST-EXEC: zeek -b -C -r $TRACES/tcp/missing-syn.pcap %INPUT
 # @TEST-EXEC: btest-diff conn.log
 
 @load base/protocols/http
 @load policy/protocols/conn/mac-logging
+
+redef Site::local_nets = { 125.190.109.0/24 };
diff --git a/testing/btest/core/local-flip.zeek b/testing/btest/core/local-flip.zeek
new file mode 100644
index 0000000000..08352efa56
--- /dev/null
+++ b/testing/btest/core/local-flip.zeek
@@ -0,0 +1,6 @@
+# @TEST-DOC: This check that local origin/responders are correctly flipped when the flip occurs later in the connection.
+# @TEST-EXEC: zeek -b -C -r $TRACES/http/zeek-image-post-1080-8000-x.pcap %INPUT
+# @TEST-EXEC: btest-diff conn.log
+
+@load base/protocols/http
+@load policy/protocols/conn/mac-logging