diff --git a/rust/src/mqtt/detect.rs b/rust/src/mqtt/detect.rs index b47a84f74409..a56e2ea22a3d 100644 --- a/rust/src/mqtt/detect.rs +++ b/rust/src/mqtt/detect.rs @@ -365,7 +365,7 @@ pub unsafe extern "C" fn rs_mqtt_tx_get_reason_code(tx: &MQTTTransaction, result return 1; } } - _ => return 0, + _ => {}, } } return 0; @@ -373,6 +373,27 @@ pub unsafe extern "C" fn rs_mqtt_tx_get_reason_code(tx: &MQTTTransaction, result #[no_mangle] pub extern "C" fn rs_mqtt_tx_unsuback_has_reason_code(tx: &MQTTTransaction, code: u8) -> u8 { + for msg in tx.msg.iter() { + match msg.op { + MQTTOperation::UNSUBACK(ref unsuback) => { + if let Some(ref reason_codes) = unsuback.reason_codes { + for rc in reason_codes.iter() { + if *rc == code { + return 1; + } + } + } + } + MQTTOperation::SUBACK(ref suback) => { + for rc in suback.qoss.iter() { + if *rc == code { + return 1; + } + } + } + _ => {} + } + } for msg in tx.msg.iter() { if let MQTTOperation::UNSUBACK(ref unsuback) = msg.op { if let Some(ref reason_codes) = unsuback.reason_codes { diff --git a/src/detect-mqtt-connack-sessionpresent.c b/src/detect-mqtt-connack-sessionpresent.c index 7ec902f1172c..d713e6edffdf 100644 --- a/src/detect-mqtt-connack-sessionpresent.c +++ b/src/detect-mqtt-connack-sessionpresent.c @@ -63,7 +63,7 @@ void DetectMQTTConnackSessionPresentRegister (void) DetectSetupParseRegexes(PARSE_REGEX, &parse_regex); DetectAppLayerInspectEngineRegister2("mqtt.connack.session_present", ALPROTO_MQTT, - SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); + SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); mqtt_connack_session_present_id = DetectBufferTypeGetByName("mqtt.connack.session_present"); } diff --git a/src/detect-mqtt-publish-topic.c b/src/detect-mqtt-publish-topic.c index c03a47b5eda7..045a2b4c550c 100644 --- a/src/detect-mqtt-publish-topic.c +++ b/src/detect-mqtt-publish-topic.c @@ -81,10 +81,14 @@ void DetectMQTTPublishTopicRegister(void) DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOSERVER, 0, DetectEngineInspectBufferGeneric, GetData); + DetectAppLayerInspectEngineRegister2(BUFFER_NAME, ALPROTO_MQTT, SIG_FLAG_TOCLIENT, 0, + DetectEngineInspectBufferGeneric, GetData); DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister, GetData, ALPROTO_MQTT, 1); + DetectAppLayerMpmRegister2(BUFFER_NAME, SIG_FLAG_TOCLIENT, 2, PrefilterGenericMpmRegister, + GetData, ALPROTO_MQTT, 1); DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC); diff --git a/src/detect-mqtt-reason-code.c b/src/detect-mqtt-reason-code.c index 085c9c047c9f..b193190849c6 100644 --- a/src/detect-mqtt-reason-code.c +++ b/src/detect-mqtt-reason-code.c @@ -66,6 +66,8 @@ void DetectMQTTReasonCodeRegister (void) DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL); + DetectAppLayerInspectEngineRegister2("mqtt.reason_code", ALPROTO_MQTT, SIG_FLAG_TOCLIENT, 1, + DetectEngineInspectGenericList, NULL); mqtt_reason_code_id = DetectBufferTypeGetByName("mqtt.reason_code"); } diff --git a/src/detect-mqtt-subscribe-topic.c b/src/detect-mqtt-subscribe-topic.c index c2793bb13a80..7a977dddd6ad 100644 --- a/src/detect-mqtt-subscribe-topic.c +++ b/src/detect-mqtt-subscribe-topic.c @@ -214,10 +214,14 @@ void DetectMQTTSubscribeTopicRegister (void) DetectAppLayerMpmRegister2("mqtt.subscribe.topic", SIG_FLAG_TOSERVER, 1, PrefilterMpmMQTTSubscribeTopicRegister, NULL, ALPROTO_MQTT, 1); + DetectAppLayerMpmRegister2("mqtt.subscribe.topic", SIG_FLAG_TOCLIENT, 1, + PrefilterMpmMQTTSubscribeTopicRegister, NULL, ALPROTO_MQTT, 1); DetectAppLayerInspectEngineRegister2("mqtt.subscribe.topic", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectMQTTSubscribeTopic, NULL); + DetectAppLayerInspectEngineRegister2("mqtt.subscribe.topic", ALPROTO_MQTT, SIG_FLAG_TOCLIENT, 1, + DetectEngineInspectMQTTSubscribeTopic, NULL); DetectBufferTypeSetDescriptionByName("mqtt.subscribe.topic", "subscribe topic query"); diff --git a/src/detect-mqtt-type.c b/src/detect-mqtt-type.c index 3bc7f1e4f593..fc5713a4cd0b 100644 --- a/src/detect-mqtt-type.c +++ b/src/detect-mqtt-type.c @@ -57,6 +57,8 @@ void DetectMQTTTypeRegister (void) sigmatch_table[DETECT_AL_MQTT_TYPE].RegisterTests = MQTTTypeRegisterTests; #endif + DetectAppLayerInspectEngineRegister2( + "mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOCLIENT, 1, DetectEngineInspectGenericList, NULL); DetectAppLayerInspectEngineRegister2( "mqtt.type", ALPROTO_MQTT, SIG_FLAG_TOSERVER, 1, DetectEngineInspectGenericList, NULL);