Task #4201: http2: full protocol support
http2: overload existing http keywords to support http/2
Meta tickets. Please create evaluate all existing http keywords and see if we can support them in http/2. For the ones we can, please create a sub-ticket each keyword. For the ones we can't support we need an explanation of why (in this ticket) and a documentation update in the user guide.
Updated by Philippe Antoine about 2 months ago
HTTP2MimicHttp1Request translate headers names ? like
:authority from HTTP1 to HTTP2
How would we do the
http.host normalisation ?
Should we concatenate the values in case there are multiple times the same header (name) in HTTP2 ?
Updated by Philippe Antoine about 1 month ago
What remains to be done :
- http.host : do the same normalization... same for http.header. For http.header.raw it is not raw in HTTP2, we need to concatenate key and value. For http.header_names, we can have linefeeds in HTTP2 header names, should we escape them ?
- Concatenate when we get multiple values for one header name cf https://suricata.readthedocs.io/en/suricata-6.0.0/rules/http-keywords.html#id2 example request with 2 Hosts ?
- Make HTTP2MimicHttp1Request translate header names (Host becomes :authority) ?
- http.request_body and http.response_body, covered by file_data. Should we have these specifically ?
- http.request_line and http.response_line do not exist in HTTP2, should we emulate them ? What about http.start ?
- http.protocol and http.stat_msg are implicit, should we emulate them ?