From 3c1cc1e345bc9f78988411efa8461351d24efe98 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 21 Jun 2021 21:10:55 +0200
Subject: [PATCH] mqtt: move sub/unsub limits into app-layer config

---
 src/detect-mqtt-subscribe-topic.c   | 2 +-
 src/detect-mqtt-unsubscribe-topic.c | 2 +-
 suricata.yaml.in                    | 7 ++-----
 3 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/detect-mqtt-subscribe-topic.c b/src/detect-mqtt-subscribe-topic.c
index 390da5c298..32d7b16083 100644
--- a/src/detect-mqtt-subscribe-topic.c
+++ b/src/detect-mqtt-subscribe-topic.c
@@ -204,7 +204,7 @@ void DetectMQTTSubscribeTopicRegister (void)
     sigmatch_table[DETECT_AL_MQTT_SUBSCRIBE_TOPIC].flags |= SIGMATCH_INFO_STICKY_BUFFER;
 
     intmax_t val = 0;
-    if (ConfGetInt("mqtt.subscribe-topic-match-limit", &val)) {
+    if (ConfGetInt("app-layer.protocols.mqtt.subscribe-topic-match-limit", &val)) {
         subscribe_topic_match_limit = val;
     }
     if (subscribe_topic_match_limit <= 0) {
diff --git a/src/detect-mqtt-unsubscribe-topic.c b/src/detect-mqtt-unsubscribe-topic.c
index 24f0a3696a..671cfebaf4 100644
--- a/src/detect-mqtt-unsubscribe-topic.c
+++ b/src/detect-mqtt-unsubscribe-topic.c
@@ -204,7 +204,7 @@ void DetectMQTTUnsubscribeTopicRegister (void)
     sigmatch_table[DETECT_AL_MQTT_UNSUBSCRIBE_TOPIC].flags |= SIGMATCH_INFO_STICKY_BUFFER;
 
     intmax_t val = 0;
-    if (ConfGetInt("mqtt.unsubscribe-topic-match-limit", &val)) {
+    if (ConfGetInt("app-layer.protocols.mqtt.unsubscribe-topic-match-limit", &val)) {
         unsubscribe_topic_match_limit = val;
     }
     if (unsubscribe_topic_match_limit <= 0) {
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 2f1b44787c..ba1a983b38 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -726,6 +726,8 @@ app-layer:
     mqtt:
       # enabled: no
       # max-msg-length: 1mb
+      # subscribe-topic-match-limit: 100
+      # unsubscribe-topic-match-limit: 100
     krb5:
       enabled: yes
     snmp:
@@ -1115,11 +1117,6 @@ pcre:
   match-limit: 3500
   match-limit-recursion: 1500
 
-# MQTT topic detection depth
-#mqtt:
-#  subscribe-topic-match-limit: 100
-#  unsubscribe-topic-match-limit: 100
-
 ##
 ## Advanced Traffic Tracking and Reconstruction Settings
 ##