sip: remove UPDATE method for detection

As it is also used for HTTP/1
Remove it only for TCP and keep it for UDP.

Ticket: 7436

diff --git a/rust/src/sip/sip.rs b/rust/src/sip/sip.rs
index 1a73d4e46a66d48f95bdb8b1b8bc927ce01534a2..5f52e0c8db079d3a7e54f78a2eed931d6d4e8d4b 100755 (executable)
--- a/rust/src/sip/sip.rs
+++ b/rust/src/sip/sip.rs
@@ -496,7 +496,6 @@ fn register_pattern_probe(proto: u8) -> i8 {
         "ACK\0",
         "BYE\0",
         "CANCEL\0",
-        "UPDATE\0",
         "REFER\0",
         "PRACK\0",
         "SUBSCRIBE\0",
@@ -526,6 +525,16 @@ fn register_pattern_probe(proto: u8) -> i8 {
             0,
             core::Direction::ToClient as u8,
         );
+        if proto == core::IPPROTO_UDP {
+            r |= AppLayerProtoDetectPMRegisterPatternCS(
+                proto,
+                ALPROTO_SIP,
+                "UPDATE\0".as_ptr() as *const std::os::raw::c_char,
+                "UPDATE".len() as u16,
+                0,
+                core::Direction::ToServer as u8,
+            );
+        }
     }
 
     if r == 0 {