mqtt: double-check detection directions

author Jason Ish <jason.ish@oisf.net>

Tue, 26 Nov 2024 23:16:58 +0000 (17:16 -0600)

committer Victor Julien <victor@inliniac.net>

Sun, 1 Dec 2024 06:49:45 +0000 (07:49 +0100)
author Jason Ish <jason.ish@oisf.net>
Tue, 26 Nov 2024 23:16:58 +0000 (17:16 -0600)
committer Victor Julien <victor@inliniac.net>
Sun, 1 Dec 2024 06:49:45 +0000 (07:49 +0100)
diff --git a/src/detect-mqtt-connack-sessionpresent.c b/src/detect-mqtt-connack-sessionpresent.c

index 7ec902f1172cc1e3d6ddf4e86e715b3720ec08b6..d713e6edffdfe8174b691dccd2a789ff2e89ac14 100644 (file)
--- a/src/detect-mqtt-connack-sessionpresent.c
+++ b/src/detect-mqtt-connack-sessionpresent.c
@@ -63,7 +63,7 @@ void DetectMQTTConnackSessionPresentRegister (void)
      DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
  
      DetectAppLayerInspectEngineRegister2("mqtt.connack.session_present", ALPROTO_MQTT,
-            SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
+            SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL);
  
      mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present");
  }
diff --git a/src/detect-mqtt-publish-topic.c b/src/detect-mqtt-publish-topic.c

index c03a47b5eda7be7f52e106d04a183563bc6437db..045a2b4c550c444c8831892bdfb854fe932c40b5 100644 (file)
--- a/src/detect-mqtt-publish-topic.c
+++ b/src/detect-mqtt-publish-topic.c
@@ -81,10 +81,14 @@ void DetectMQTTPublishTopicRegister(void)
      DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT,
              SIG_FLAG_TOSERVER, 0,
              DetectEngineInspectBufferGeneric, GetData);
+    DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOCLIENT, 0,
+            DetectEngineInspectBufferGeneric, GetData);
  
      DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2,
              PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT,
                 1);
+    DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister,
+            GetData, ALPROTO_MQTT, 1);
  
      DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);
  
diff --git a/src/detect-mqtt-reason-code.c b/src/detect-mqtt-reason-code.c

index 085c9c047c9fcf20d751bcb4661dda4ab433ceb6..b193190849c64c9d2709805b2cda0b7b87598fb5 100644 (file)
--- a/src/detect-mqtt-reason-code.c
+++ b/src/detect-mqtt-reason-code.c
@@ -66,6 +66,8 @@ void DetectMQTTReasonCodeRegister (void)
  
      DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
              DetectEngineInspectGenericList, NULL);
+    DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOCLIENT, 1,
+            DetectEngineInspectGenericList, NULL);
  
      mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code");
  }
diff --git a/src/detect-mqtt-subscribe-topic.c b/src/detect-mqtt-subscribe-topic.c

index c2793bb13a80c95930feaf44ec7eddac59b9466d..7a977dddd6adcefa6b6aa94532948838234dc099 100644 (file)
--- a/src/detect-mqtt-subscribe-topic.c
+++ b/src/detect-mqtt-subscribe-topic.c
@@ -214,10 +214,14 @@ void DetectMQTTSubscribeTopicRegister (void)
      DetectAppLayerMpmRegister2("mqtt.subscribe.topic", SIG_FLAG_TOSERVER, 1,
              PrefilterMpmMQTTSubscribeTopicRegister, NULL,
              ALPROTO_MQTT, 1);
+    DetectAppLayerMpmRegister2("mqtt.subscribe.topic", SIG_FLAG_TOCLIENT, 1,
+            PrefilterMpmMQTTSubscribeTopicRegister, NULL, ALPROTO_MQTT, 1);
  
      DetectAppLayerInspectEngineRegister2("mqtt.subscribe.topic",
              ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1,
              DetectEngineInspectMQTTSubscribeTopic, NULL);
+    DetectAppLayerInspectEngineRegister2("mqtt.subscribe.topic", ALPROTO_MQTT, SIG_FLAG_TOCLIENT, 1,
+            DetectEngineInspectMQTTSubscribeTopic, NULL);
  
      DetectBufferTypeSetDescriptionByName("mqtt.subscribe.topic",
              "subscribe topic query");
diff --git a/src/detect-mqtt-type.c b/src/detect-mqtt-type.c

index 3bc7f1e4f5936f94dcdd2d51952a0337110fc79a..fc5713a4cd0b7f74fe198d6b9382b7df33b5d2bc 100644 (file)
--- a/src/detect-mqtt-type.c
+++ b/src/detect-mqtt-type.c
@@ -57,6 +57,8 @@ void DetectMQTTTypeRegister (void)
      sigmatch_table[DETECT_AL_MQTT_TYPE].RegisterTests = MQTTTypeRegisterTests;
  #endif
  
+    DetectAppLayerInspectEngineRegister2(
+            "mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL);
      DetectAppLayerInspectEngineRegister2(
              "mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);
author	Jason Ish <jason.ish@oisf.net>
	Tue, 26 Nov 2024 23:16:58 +0000 (17:16 -0600)
committer	Victor Julien <victor@inliniac.net>
	Sun, 1 Dec 2024 06:49:45 +0000 (07:49 +0100)
src/detect-mqtt-connack-sessionpresent.c		patch \| blob \| blame \| history
src/detect-mqtt-publish-topic.c		patch \| blob \| blame \| history
src/detect-mqtt-reason-code.c		patch \| blob \| blame \| history
src/detect-mqtt-subscribe-topic.c		patch \| blob \| blame \| history
src/detect-mqtt-type.c		patch \| blob \| blame \| history