From: Victor Julien <victor@inliniac.net>
Date: Mon, 21 Jun 2021 19:10:55 +0000 (+0200)
Subject: mqtt: move sub/unsub limits into app-layer config
X-Git-Tag: suricata-6.0.3~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f3524f7e23d437cbc1424382f3aa6fdbacc79ae;p=thirdparty%2Fsuricata.git

mqtt: move sub/unsub limits into app-layer config

(cherry picked from commit 3c1cc1e345bc9f78988411efa8461351d24efe98)
---

diff --git a/src/detect-mqtt-subscribe-topic.c b/src/detect-mqtt-subscribe-topic.c
index daedf77a91..7132cad2bd 100644
--- a/src/detect-mqtt-subscribe-topic.c
+++ b/src/detect-mqtt-subscribe-topic.c
@@ -205,7 +205,7 @@ void DetectMQTTSubscribeTopicRegister (void)
     sigmatch_table[DETECT_AL_MQTT_SUBSCRIBE_TOPIC].flags |= SIGMATCH_INFO_STICKY_BUFFER;
 
     intmax_t val = 0;
-    if (ConfGetInt("mqtt.subscribe-topic-match-limit", &val)) {
+    if (ConfGetInt("app-layer.protocols.mqtt.subscribe-topic-match-limit", &val)) {
         subscribe_topic_match_limit = val;
     }
     if (subscribe_topic_match_limit <= 0) {
diff --git a/src/detect-mqtt-unsubscribe-topic.c b/src/detect-mqtt-unsubscribe-topic.c
index 2c218029be..dc69a4652a 100644
--- a/src/detect-mqtt-unsubscribe-topic.c
+++ b/src/detect-mqtt-unsubscribe-topic.c
@@ -205,7 +205,7 @@ void DetectMQTTUnsubscribeTopicRegister (void)
     sigmatch_table[DETECT_AL_MQTT_UNSUBSCRIBE_TOPIC].flags |= SIGMATCH_INFO_STICKY_BUFFER;
 
     intmax_t val = 0;
-    if (ConfGetInt("mqtt.unsubscribe-topic-match-limit", &val)) {
+    if (ConfGetInt("app-layer.protocols.mqtt.unsubscribe-topic-match-limit", &val)) {
         unsubscribe_topic_match_limit = val;
     }
     if (unsubscribe_topic_match_limit <= 0) {
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 7aa29b12dc..0148c178aa 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -722,6 +722,8 @@ app-layer:
     mqtt:
       # enabled: no
       # max-msg-length: 1mb
+      # subscribe-topic-match-limit: 100
+      # unsubscribe-topic-match-limit: 100
     krb5:
       enabled: yes
     snmp:
@@ -1111,11 +1113,6 @@ pcre:
   match-limit: 3500
   match-limit-recursion: 1500
 
-# MQTT topic detection depth
-#mqtt:
-#  subscribe-topic-match-limit: 100
-#  unsubscribe-topic-match-limit: 100
-
 ##
 ## Advanced Traffic Tracking and Reconstruction Settings
 ##