sip: disable by default in 5.0

diff --git a/rust/src/sip/sip.rs b/rust/src/sip/sip.rs
index 0c1f366d3e55c84e75af3d87f3c16ee88a34938d..f882531b7f3ebf88f21e69b0d06d3f1c439e7d10 100755 (executable)
--- a/rust/src/sip/sip.rs
+++ b/rust/src/sip/sip.rs
@@ -27,6 +27,7 @@ use core::{AppProto,Flow,ALPROTO_UNKNOWN,sc_detect_engine_state_free};
 use parser::*;
 use log::*;
 use sip::parser::*;
+use conf;
 
 #[repr(u32)]
 pub enum SIPEvent {
@@ -420,6 +421,12 @@ pub unsafe extern "C" fn rs_sip_register_parser() {
         get_tx_iterator    : None,
     };
 
+    /* For 5.0 we want this disabled by default, so check that it
+     * has been explicitly enabled. */
+    if !conf::conf_get_bool("app-layer.protocols.sip.enabled") {
+        return;
+    }
+
     let ip_proto_str = CString::new("udp").unwrap();
     if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
         let alproto = AppLayerRegisterProtocolDetection(&parser, 1);

diff --git a/suricata.yaml.in b/suricata.yaml.in
index c3e827d6a60becd21d9b9dfad04d1fa02c01326d..1b4cd62fe49e692f113c82f13bf71bca6d93a8b4 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1043,8 +1043,9 @@ app-layer:
     dhcp:
       enabled: yes
 
+    # SIP, disabled by default.
     sip:
-      enabled: yes
+      #enabled: no
 
 # Limit for the maximum number of asn1 frames to decode (default 256)
 asn1-max-frames: 256