Project

General

Profile

Actions

Feature #2312

closed

http: parsing for async streams

Added by Victor Julien about 7 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Currently the parser requires traffic from both sides to be useful/effective.


Related issues 1 (1 open0 closed)

Related to Suricata - Task #2309: SuriCon 2017 brainstormAssignedVictor JulienActions
Actions #1

Updated by Victor Julien about 7 years ago

  • Related to Task #2309: SuriCon 2017 brainstorm added
Actions #2

Updated by Raymond Hansen about 6 years ago

Jeffrey has created an http parser that we should evaluate for use. Should include http2?

Actions #3

Updated by Pierre Chifflier about 6 years ago

  • Geoffroy :)
Actions #4

Updated by Philippe Antoine over 5 years ago

Currently the parser requires traffic from both sides to be useful/effective.

How so ?
From my experience of the code, it is "effective" as it should match signature with http keywords
I did not test it yet but I would like what is expected first.

Actions #5

Updated by Victor Julien over 5 years ago

Not sure if this is still true. Some updates were made to libhtp and suricata to allow for this. I think it's a good idea to create some test cases (suricata-verify) for both all request and all response traffic. I'm especially curious how multi-tx sessions work.

Actions #6

Updated by Victor Julien about 5 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Philippe Antoine

Philippe, can you make some SV tests for this? TS only, TC only. Checking logging, file extraction, signature matching?

Actions #7

Updated by Victor Julien almost 5 years ago

  • Target version changed from TBD to 6.0.0beta1
Actions #8

Updated by Philippe Antoine almost 5 years ago

  • Status changed from Assigned to In Review
Actions #9

Updated by Philippe Antoine over 4 years ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF