From 34b0e4396cd94155abef4ad68366f5fe6edf6ff0 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Mon, 12 Aug 2024 10:25:58 +0200
Subject: [PATCH] Remove dpd.sig.

With replaces being "fixed" with Zeek 7.0 and later, we do not need to
ship a custom dpd.sig anymore. The enable "HTTP" line in Zeek's HTTP dpd.sig
will actually enable/instantiate the Spicy analyzer now.
---
 analyzer/__load__.zeek |  1 -
 analyzer/dpd.sig       | 17 -----------------
 2 files changed, 18 deletions(-)
 delete mode 100644 analyzer/dpd.sig

diff --git a/analyzer/__load__.zeek b/analyzer/__load__.zeek
index 4f02c79..e69de29 100644
--- a/analyzer/__load__.zeek
+++ b/analyzer/__load__.zeek
@@ -1 +0,0 @@
-@load-sigs ./dpd.sig
diff --git a/analyzer/dpd.sig b/analyzer/dpd.sig
deleted file mode 100644
index 1feb49c..0000000
--- a/analyzer/dpd.sig
+++ /dev/null
@@ -1,17 +0,0 @@
-# Copyright (c) 2021 by the Zeek Project. See LICENSE for details.
-
-# Signatures are copied from Zeek.
-
-signature spicy_http_client {
-  ip-proto == tcp
-  payload /^[[:space:]]*(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK|VERSION-CONTROL|REPORT|CHECKOUT|CHECKIN|UNCHECKOUT|MKWORKSPACE|UPDATE|LABEL|MERGE|BASELINE-CONTROL|MKACTIVITY|ORDERPATCH|ACL|PATCH|SEARCH|BCOPY|BDELETE|BMOVE|BPROPFIND|BPROPPATCH|NOTIFY|POLL|SUBSCRIBE|UNSUBSCRIBE|X-MS-ENUMATTS|RPC_OUT_DATA|RPC_IN_DATA)[[:space:]]*/
-  tcp-state originator
-  enable "spicy_HTTP"
-}
-
-signature spicy_http_server {
-  ip-proto == tcp
-  payload /^HTTP\/[0-9]/
-  tcp-state responder
-  enable "spicy_HTTP"
-}