From ebbdf2f57f30eaa2d5e610db0de0af359497b043 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Tue, 29 Oct 2024 22:29:06 +0100
Subject: [PATCH] sip: remove UPDATE method for detection

As it is also used for HTTP/1
Remove it only for TCP and keep it for UDP.

Ticket: 7436
---
 rust/src/sip/sip.rs | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/rust/src/sip/sip.rs b/rust/src/sip/sip.rs
index 1a73d4e46a66..5f52e0c8db07 100755
--- a/rust/src/sip/sip.rs
+++ b/rust/src/sip/sip.rs
@@ -496,7 +496,6 @@ fn register_pattern_probe(proto: u8) -> i8 {
         "ACK\0",
         "BYE\0",
         "CANCEL\0",
-        "UPDATE\0",
         "REFER\0",
         "PRACK\0",
         "SUBSCRIBE\0",
@@ -526,6 +525,16 @@ fn register_pattern_probe(proto: u8) -> i8 {
             0,
             core::Direction::ToClient as u8,
         );
+        if proto == core::IPPROTO_UDP {
+            r |= AppLayerProtoDetectPMRegisterPatternCS(
+                proto,
+                ALPROTO_SIP,
+                "UPDATE\0".as_ptr() as *const std::os::raw::c_char,
+                "UPDATE".len() as u16,
+                0,
+                core::Direction::ToServer as u8,
+            );
+        }
     }
 
     if r == 0 {