3 files changed, 41 insertions, 18 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index b4d9b3dd5..90cc13149 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -923,6 +923,7 @@ typedef enum {
 		 to test connectivity
 	       */
 	      NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK,
+	      NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
 
 	      /* Some custom categories */
 	      CUSTOM_CATEGORY_MINING           = 99,
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 74d34edf8..5ee124ac7 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -847,7 +847,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  ndpi_build_default_ports(ports_a, 11095, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MODBUS, 1 /* no subprotocol */, no_master,
-			  no_master, "Modbus", NDPI_PROTOCOL_CATEGORY_NETWORK, /* Perhaps IoT in the future */
+			  no_master, "Modbus", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
 			  ndpi_build_default_ports(ports_a, 502, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_CALL,
@@ -1457,12 +1457,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNP3, 1 /* no subprotocol */, no_master,
-			  no_master, "DNP3", NDPI_PROTOCOL_CATEGORY_NETWORK,
+			  no_master, "DNP3", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
 			  ndpi_build_default_ports(ports_a, 20000, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IEC60870, 1 /* no subprotocol */,
 			  no_master, no_master, "IEC60870",
-			  NDPI_PROTOCOL_CATEGORY_NETWORK, /* Perhaps IoT in the future */
+			  NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
 			  ndpi_build_default_ports(ports_a, 2404, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BLOOMBERG, 1 /* no subprotocol */,
@@ -1885,7 +1885,7 @@ static const char *categories[] = {
 				   "Productivity",
 				   "FileSharing",
 				   "ConnectivityCheck",
-				   "",
+				   "IoT-Scada",
 				   "",
 				   "",
 				   "",
diff --git a/src/lib/protocols/dnp3.c b/src/lib/protocols/dnp3.c
index 805f8f335..31fc55094 100644
--- a/src/lib/protocols/dnp3.c
+++ b/src/lib/protocols/dnp3.c
@@ -1,40 +1,62 @@
 /*
  * dnp3.c
- * Extension for dnp3 recognition
  *
+ * Copyright (C) 2011-20 - ntop.org
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ * 
  * Created by Cesar HM
+ *
  */
 
 #include "ndpi_protocol_ids.h"
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DNP3
 #include "ndpi_api.h"
 
+/*
+  https://www.ixiacom.com/company/blog/scada-distributed-network-protocol-dnp3
+*/
+
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DNP3
+
+/* ******************************************************** */
+
 void ndpi_search_dnp3_tcp(struct ndpi_detection_module_struct *ndpi_struct,
-                            struct ndpi_flow_struct *flow) {
+			  struct ndpi_flow_struct *flow) {
   struct ndpi_packet_struct *packet = &flow->packet;
-  NDPI_LOG_DBG(ndpi_struct, "search DNP3\n");
 
-  /* Check connection over TCP */
+  NDPI_LOG_DBG(ndpi_struct, "search DNP3\n");
     
   if(packet->tcp) {
     /* The payload of DNP3 is 10 bytes long. 
      * Header bytes: 0x0564
-    */
-    if (  packet->payload_packet_len >= 10 && 
-          packet->payload[0] == 0x05 && packet->payload[1] == 0x64 ){
-	NDPI_LOG_INFO(ndpi_struct, "found DNP3\n");
-	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DNP3, NDPI_PROTOCOL_UNKNOWN);
-	return;
-      }
+     */
+    if ((packet->payload_packet_len >= 10)
+	&& (packet->payload[0] == 0x05)
+	&& (packet->payload[1] == 0x64)) {
+      NDPI_LOG_INFO(ndpi_struct, "found DNP3\n");
+      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DNP3, NDPI_PROTOCOL_UNKNOWN);
+      return;
     }
+  }
   NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
    
 }
 
-
+/* ******************************************************** */
 
 void init_dnp3_dissector(struct ndpi_detection_module_struct *ndpi_struct,
-                           u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) {
+			 u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) {
 	
   ndpi_set_bitmask_protocol_detection("DNP3", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_DNP3,