rust/sip: register parser for tcp v7

[glongo]

Make sure these boxes are signed before submitting your Pull Request -- thank you.

• I have read the contributing guide lines at https://docs.suricata.io/en/latest/devguide/codebase/contributing/contribution-process.html
• I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/
• I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3351

Describe changes:

• Rebase
• Commits squashed
• Added comment with reference to RFC3261

Provide values to any of the below to override the defaults.

To use a pull request use a branch name like pr/N where N is the
pull request number.

Alternatively, SV_BRANCH may also be a link to an
OISF/suricata-verify pull-request.

SV_REPO=
SV_BRANCH=pr/1386
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

[codecov]

Codecov Report

Merging #9483 (d9c9fa3) into master (2b57179) will decrease coverage by 0.03%.
The diff coverage is 80.41%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #9483      +/-   ##
==========================================
- Coverage   82.18%   82.16%   -0.03%     
==========================================
  Files         968      968              
  Lines      274199   274336     +137     
==========================================
+ Hits       225363   225406      +43     
- Misses      48836    48930      +94     

Flag	Coverage Δ
fuzzcorpus	64.05% <39.17%> (-0.05%)	⬇️
suricata-verify	60.88% <80.41%> (-0.03%)	⬇️
unittests	62.85% <7.73%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

[catenacyber]

This is meant to be used in signatures, right ?

git grep SIP_PORTS does not yield anything else

[glongo]

yes, that's right.

[catenacyber]

How can we end up here ? stream_slice.is_empty() && AppLayerParserStateIssetFlag(pstate, APP_LAYER_PARSER_EOF_TS) == 0

[glongo]

I'm not really sure it's needed actually, but I thought that it would be good to check if eof is reached.

[catenacyber]

Maybe commit message rust/sip: register parser for sip can be rust/sip: register parser for tcp

[catenacyber]

Where should we document this change @jufajardini ? upgrade section ?

[glongo]

Maybe commit message rust/sip: register parser for sip can be rust/sip: register parser for tcp

It's meant to be tcp indeed, but I don't know why I wrote sip :)

[jufajardini]

Where should we document this change @jufajardini ? upgrade section ?

(Sorry for the belated answer, I obviously missed this.)

I think that:

• upgrade section
• suricata.yaml (for the ports config portion)
• maybe something related to output, to indicate at least the sip_tcp and sip_udp bit?

[catenacyber]

Thanks Giuseppe. Still need some nit and a bit of doc

[victorjulien]

Since 8 development is now started, we can get this in when you're ready.

[glongo]

Replaced by #9880