Moved DPD signatures into script specific directories.

- This caused us to lose signatures for POP3 and Bittorrent. These will need discovered in the repository again when we add scripts for those analyzers.
2025-10-16 21:48:21 +00:00 · 2013-07-09 22:44:55 -04:00 · 2013-07-09 22:44:55 -04:00 · 39444b5af7
commit 39444b5af7
parent 841604bebe
19 changed files with 181 additions and 216 deletions
--- a/scripts/base/protocols/http/load.bro
+++ b/scripts/base/protocols/http/load.bro
@ -4,3 +4,5 @@
@load ./file-ident
@load ./file-hash
@load ./file-extract
+
+@load-sigs ./dpd.sig
--- a/scripts/base/protocols/http/dpd.sig
+++ b/scripts/base/protocols/http/dpd.sig
@ -0,0 +1,13 @@
+signature dpd_http_client {
+  ip-proto == tcp
+  payload /^[[:space:]]*(GET|HEAD|POST)[[:space:]]*/
+  tcp-state originator
+}
+
+signature dpd_http_server {
+  ip-proto == tcp
+  payload /^HTTP\/[0-9]/
+  tcp-state responder
+  requires-reverse-signature dpd_http_client
+  enable "http"
+}