From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 16 Sep 2019 22:56:02 +0000 (-0600)
Subject: sip: disable by default in 5.0
X-Git-Tag: suricata-5.0.0-rc1~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a45a2fa1fc46ab7c789a06f0eb0a4c8509c56754;p=thirdparty%2Fsuricata.git

sip: disable by default in 5.0
---

diff --git a/rust/src/sip/sip.rs b/rust/src/sip/sip.rs
index 0c1f366d3e..f882531b7f 100755
--- a/rust/src/sip/sip.rs
+++ b/rust/src/sip/sip.rs
@@ -27,6 +27,7 @@ use core::{AppProto,Flow,ALPROTO_UNKNOWN,sc_detect_engine_state_free};
 use parser::*;
 use log::*;
 use sip::parser::*;
+use conf;
 
 #[repr(u32)]
 pub enum SIPEvent {
@@ -420,6 +421,12 @@ pub unsafe extern "C" fn rs_sip_register_parser() {
         get_tx_iterator    : None,
     };
 
+    /* For 5.0 we want this disabled by default, so check that it
+     * has been explicitly enabled. */
+    if !conf::conf_get_bool("app-layer.protocols.sip.enabled") {
+        return;
+    }
+
     let ip_proto_str = CString::new("udp").unwrap();
     if AppLayerProtoDetectConfProtoDetectionEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
         let alproto = AppLayerRegisterProtocolDetection(&parser, 1);
diff --git a/suricata.yaml.in b/suricata.yaml.in
index c3e827d6a6..1b4cd62fe4 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1043,8 +1043,9 @@ app-layer:
     dhcp:
       enabled: yes
 
+    # SIP, disabled by default.
     sip:
-      enabled: yes
+      #enabled: no
 
 # Limit for the maximum number of asn1 frames to decode (default 256)
 asn1-max-frames: 256