rdp: disable rdp by default for 5.0

diff --git a/rust/src/rdp/rdp.rs b/rust/src/rdp/rdp.rs
index f00aa2e57253b072ff92ec81692ebf456077b2c8..2867485b47230c9f8881d831cc75a90f54000d2e 100644 (file)
--- a/rust/src/rdp/rdp.rs
+++ b/rust/src/rdp/rdp.rs
@@ -22,6 +22,7 @@
 use core::{
     self, AppProto, DetectEngineState, Flow, ALPROTO_UNKNOWN, IPPROTO_TCP,
 };
+use conf;
 use nom;
 use parser::*;
 use rdp::parser::*;
@@ -532,6 +533,12 @@ pub unsafe extern "C" fn rs_rdp_register_parser() {
         get_tx_iterator: None,
     };
 
+    /* For 5.0 we want this disabled by default, so check that it
+     * has been explicitly enabled. */
+    if !conf::conf_get_bool("app-layer.protocols.rdp.enabled") {
+        return;
+    }
+
     let ip_proto_str = std::ffi::CString::new("tcp").unwrap();
 
     if AppLayerProtoDetectConfProtoDetectionEnabled(

diff --git a/src/app-layer-rdp.c b/src/app-layer-rdp.c
index f02dae1480cd445ad9f86b5bdcd7cb70df5e7e97..1bae56227fb51ab65065b36b0c1be347e9915906 100644 (file)
--- a/src/app-layer-rdp.c
+++ b/src/app-layer-rdp.c
@@ -33,10 +33,6 @@
 #include "rust-rdp-rdp-gen.h"
 
 void RegisterRdpParsers(void) {
-    /* only register if enabled in config */
-    if (ConfGetNode("app-layer.protocols.rdp") == NULL) {
-        return;
-    }
     SCLogDebug("Registering rdp parser");
     rs_rdp_register_parser();
 }

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 422e3a0c51c665532da3704b04856473fc58850f..5e172946280c5043a124edc8b7c94e7480e1a266 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -786,8 +786,9 @@ app-layer:
     ftp:
       enabled: yes
       # memcap: 64mb
+    # RDP, disabled by default.
     rdp:
-      enabled: yes
+      #enabled: no
     ssh:
       enabled: yes
     smtp: