Project

General

Profile

Feature #2312

http: parsing for async streams

Added by Victor Julien over 2 years ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Currently the parser requires traffic from both sides to be useful/effective.


Related issues

Related to Task #2309: SuriCon 2017 brainstormNewVictor JulienActions
#1

Updated by Victor Julien over 2 years ago

  • Related to Task #2309: SuriCon 2017 brainstorm added
#2

Updated by Raymond Hansen over 1 year ago

Jeffrey has created an http parser that we should evaluate for use. Should include http2?

#3

Updated by Pierre Chifflier over 1 year ago

  • Geoffroy :)
#4

Updated by Philippe Antoine about 1 year ago

Currently the parser requires traffic from both sides to be useful/effective.

How so ?
From my experience of the code, it is "effective" as it should match signature with http keywords
I did not test it yet but I would like what is expected first.

#5

Updated by Victor Julien almost 1 year ago

Not sure if this is still true. Some updates were made to libhtp and suricata to allow for this. I think it's a good idea to create some test cases (suricata-verify) for both all request and all response traffic. I'm especially curious how multi-tx sessions work.

#6

Updated by Victor Julien 8 months ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Philippe Antoine

Philippe, can you make some SV tests for this? TS only, TC only. Checking logging, file extraction, signature matching?

#7

Updated by Victor Julien 5 months ago

  • Target version changed from TBD to 6.0.0rc1
#8

Updated by Philippe Antoine 4 months ago

  • Status changed from Assigned to In Review
#9

Updated by Philippe Antoine 3 months ago

  • Status changed from In Review to Closed

Also available in: Atom PDF