Tiny bit of cleanup and adapting the new test.

src/analyzer/protocol/dnp3/DNP3.cc

@@ -189,7 +189,7 @@ bool DNP3_Analyzer::ProcessData(int len, const u_char* data, bool orig)
 				}
 
 			// Make sure header checksum is correct.
-			if ( ! CheckCRC(PSEUDO_LINK_LAYER_LEN, endp->buffer, endp->buffer + PSEUDO_LINK_LAYER_LEN, "header") ) 
+			if ( ! CheckCRC(PSEUDO_LINK_LAYER_LEN, endp->buffer, endp->buffer + PSEUDO_LINK_LAYER_LEN, "header") )
 				{
 				ProtocolViolation("broken_checksum");
 				return false;
@@ -198,8 +198,9 @@ bool DNP3_Analyzer::ProcessData(int len, const u_char* data, bool orig)
 			// If the checksum works out, we're pretty certainly DNP3.
 			ProtocolConfirmation();
 
-			// (Hui Lin) Make sure that the DNP3 packet includes Pseudo Transport and Pseudo Application Layer data
+			// DNP3 packets without transport and application
-			if ( ( endp->buffer[PSEUDO_LENGTH_INDEX] + 3 ) == (u_char)PSEUDO_LINK_LAYER_LEN  )
+			// layers can happen, we ignore them.
+			if ( (endp->buffer[PSEUDO_LENGTH_INDEX] + 3) == PSEUDO_LINK_LAYER_LEN  )
 				{
 				ClearEndpointState(orig);
 				return true;
@@ -221,9 +222,6 @@ bool DNP3_Analyzer::ProcessData(int len, const u_char* data, bool orig)
 			// BinPAC.
 			if ( ++endp->pkt_cnt == 1 )
 				interp->NewData(orig, endp->buffer, endp->buffer + PSEUDO_LINK_LAYER_LEN);
-
-			
-
 			}
 
 		if ( ! endp->in_hdr )

testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro

@@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.bro >output
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
-# @TEST-EXEC: cat ${DIST}/src/event.bif  | grep "^event dnp3_" | wc -l >total
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif  | grep "^event dnp3_" | wc -l >total
 # @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
 # @TEST-EXEC: btest-diff coverage
 #