From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 9 Sep 2019 19:30:07 +0000 (-0600)
Subject: rdp: disable rdp by default for 5.0
X-Git-Tag: suricata-5.0.0-rc1~67
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=664605b5f14553b74984e3015aca77ba939ca086;p=thirdparty%2Fsuricata.git

rdp: disable rdp by default for 5.0
---

diff --git a/rust/src/rdp/rdp.rs b/rust/src/rdp/rdp.rs
index f00aa2e572..2867485b47 100644
--- a/rust/src/rdp/rdp.rs
+++ b/rust/src/rdp/rdp.rs
@@ -22,6 +22,7 @@
 use core::{
     self, AppProto, DetectEngineState, Flow, ALPROTO_UNKNOWN, IPPROTO_TCP,
 };
+use conf;
 use nom;
 use parser::*;
 use rdp::parser::*;
@@ -532,6 +533,12 @@ pub unsafe extern "C" fn rs_rdp_register_parser() {
         get_tx_iterator: None,
     };
 
+    /* For 5.0 we want this disabled by default, so check that it
+     * has been explicitly enabled. */
+    if !conf::conf_get_bool("app-layer.protocols.rdp.enabled") {
+        return;
+    }
+
     let ip_proto_str = std::ffi::CString::new("tcp").unwrap();
 
     if AppLayerProtoDetectConfProtoDetectionEnabled(
diff --git a/src/app-layer-rdp.c b/src/app-layer-rdp.c
index f02dae1480..1bae56227f 100644
--- a/src/app-layer-rdp.c
+++ b/src/app-layer-rdp.c
@@ -33,10 +33,6 @@
 #include "rust-rdp-rdp-gen.h"
 
 void RegisterRdpParsers(void) {
-    /* only register if enabled in config */
-    if (ConfGetNode("app-layer.protocols.rdp") == NULL) {
-        return;
-    }
     SCLogDebug("Registering rdp parser");
     rs_rdp_register_parser();
 }
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 422e3a0c51..5e17294628 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -786,8 +786,9 @@ app-layer:
     ftp:
       enabled: yes
       # memcap: 64mb
+    # RDP, disabled by default.
     rdp:
-      enabled: yes
+      #enabled: no
     ssh:
       enabled: yes
     smtp: