Skip to content

Commit

Permalink
mqtt: double-check detection directions
Browse files Browse the repository at this point in the history 
Backport of commit 5d82521.

Ticket: 7323
  • Loading branch information
@jasonish @victorjulien
jasonish authored and victorjulien committed Dec 1, 2024
1 parent 378b9bb commit 552dea9
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/detect-mqtt-connack-sessionpresent.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ void DetectMQTTConnackSessionPresentRegister (void)
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);

DetectAppLayerInspectEngineRegister2("mqtt.connack.session_present", ALPROTO_MQTT,
SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL);

mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present");
}
Expand Down
4 changes: 4 additions & 0 deletions src/detect-mqtt-publish-topic.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,10 +81,14 @@ void DetectMQTTPublishTopicRegister(void)
DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT,
SIG_FLAG_TOSERVER, 0,
DetectEngineInspectBufferGeneric, GetData);
DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOCLIENT, 0,
DetectEngineInspectBufferGeneric, GetData);

DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2,
PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT,
1);
DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
GetData, ALPROTO_MQTT, 1);

DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);

Expand Down
2 changes: 2 additions & 0 deletions src/detect-mqtt-reason-code.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@ void DetectMQTTReasonCodeRegister (void)

DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOCLIENT, 1,
DetectEngineInspectGenericList, NULL);

mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code");
}
Expand Down
4 changes: 4 additions & 0 deletions src/detect-mqtt-subscribe-topic.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,10 +214,14 @@ void DetectMQTTSubscribeTopicRegister (void)
DetectAppLayerMpmRegister2("mqtt.subscribe.topic", SIG_FLAG_TOSERVER, 1,
PrefilterMpmMQTTSubscribeTopicRegister, NULL,
ALPROTO_MQTT, 1);
DetectAppLayerMpmRegister2("mqtt.subscribe.topic", SIG_FLAG_TOCLIENT, 1,
PrefilterMpmMQTTSubscribeTopicRegister, NULL, ALPROTO_MQTT, 1);

DetectAppLayerInspectEngineRegister2("mqtt.subscribe.topic",
ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
DetectEngineInspectMQTTSubscribeTopic, NULL);
DetectAppLayerInspectEngineRegister2("mqtt.subscribe.topic", ALPROTO_MQTT, SIG_FLAG_TOCLIENT, 1,
DetectEngineInspectMQTTSubscribeTopic, NULL);

DetectBufferTypeSetDescriptionByName("mqtt.subscribe.topic",
"subscribe topic query");
Expand Down
2 changes: 2 additions & 0 deletions src/detect-mqtt-type.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,8 @@ void DetectMQTTTypeRegister (void)
sigmatch_table[DETECT_AL_MQTT_TYPE].RegisterTests = MQTTTypeRegisterTests;
#endif

DetectAppLayerInspectEngineRegister2(
"mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL);
DetectAppLayerInspectEngineRegister2(
"mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);

Expand Down

0 comments on commit 552dea9

Please sign in to comment.