Feature #1576
closedhttp: byte-range support
Description
Not currently supported by libhtp: https://github.com/OISF/libhtp/issues/58
Some discussion: https://lists.openinfosecfoundation.org/pipermail/oisf-devel/2015-October/003492.html
Updated by Andreas Herz over 6 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Victor Julien over 4 years ago
- Related to Task #2309: SuriCon 2017 brainstorm added
Updated by Victor Julien over 4 years ago
- Related to Feature #2485: http: log byte range with file extraction added
Updated by Raymond Hansen over 3 years ago
First step would be to document the chunks of file(s) as identified per sensor, if multiple sensors are in use.
Updated by Victor Julien over 3 years ago
- Has duplicate Bug #2326: File extraction not properly handling http range requests added
Updated by Victor Julien over 3 years ago
- Related to Feature #1017: Add support for content-range added
Updated by Philippe Antoine about 3 years ago
- Assignee changed from OISF Dev to Philippe Antoine
Updated by Philippe Antoine about 3 years ago
My understanding is the following :
We now log the byte-range but we would like suricata to handle the complete file reassembly (in case there is any).
Is that correct ?
Is there already an example of suricata of reassembly over TCP ? And in this case over different flows ?
Updated by Andreas Herz almost 3 years ago
We will split those in multiple smaller tasks.
Updated by Philippe Antoine almost 3 years ago
First is rebuilding the file if multiple requests/responses are in the same flow
Updated by Andreas Herz almost 3 years ago
Does anyone remember WHAT smaller tasks we wanted to create :)?
Updated by Philippe Antoine almost 3 years ago
First is rebuilding file if multiple transactions are in the same flow (maybe first subclass, if they are in the right order)
Then next task would be to see what to do if the transactions are across many flows
Updated by Victor Julien over 2 years ago
- Target version changed from TBD to 6.0.0beta1
Updated by Philippe Antoine over 2 years ago
- Status changed from Assigned to In Review
Updated by Philippe Antoine about 2 years ago
- Status changed from In Review to Assigned
- Target version changed from 6.0.0beta1 to 7.0rc1
PR needs deeper work to have something generic over multiple flows cf https://forum.suricata.io/t/suricata-5-0-1-in-ips-mode/94
https://github.com/OISF/suricata/pull/4818
https://github.com/OISF/suricata-verify/pull/171
Updated by Victor Julien about 2 years ago
- Related to deleted (Feature #1017: Add support for content-range)
Updated by Victor Julien about 2 years ago
- Has duplicate Feature #1017: Add support for content-range added
Updated by Philippe Antoine almost 2 years ago
- Related to Feature #4117: http2: byte-range support added
Updated by Philippe Antoine over 1 year ago
So, we would like :
- To handle ranges over multiple flows, ie use another container than the flow (the url for instance)- This container can be generic with a key, and a type for the key
- To handle unordered ranges - That means storing an unordered range up until we can do the reassembly
- We need to limit the memory consumption... use a global memcap for these containers ?
- We also need timeouts (the new container shall timeout as flow time out)
Updated by Philippe Antoine over 1 year ago
- Status changed from Assigned to In Progress
Updated by Philippe Antoine over 1 year ago
- Status changed from In Progress to In Review
Updated by Philippe Antoine 11 months ago
- Status changed from In Review to Closed