Feature #2312
closed
http: parsing for async streams
Added by Victor Julien about 7 years ago.
Updated over 4 years ago.
Description
Currently the parser requires traffic from both sides to be useful/effective.
Related issues
1 (1 open — 0 closed)
- Related to Task #2309: SuriCon 2017 brainstorm added
Jeffrey has created an http parser that we should evaluate for use. Should include http2?
Currently the parser requires traffic from both sides to be useful/effective.
How so ?
From my experience of the code, it is "effective" as it should match signature with http keywords
I did not test it yet but I would like what is expected first.
Not sure if this is still true. Some updates were made to libhtp and suricata to allow for this. I think it's a good idea to create some test cases (suricata-verify) for both all request and all response traffic. I'm especially curious how multi-tx sessions work.
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Philippe Antoine
Philippe, can you make some SV tests for this? TS only, TC only. Checking logging, file extraction, signature matching?
- Target version changed from TBD to 6.0.0beta1
- Status changed from Assigned to In Review
- Status changed from In Review to Closed
Also available in: Atom
PDF