Project

General

Profile

Actions

Documentation #5485

open

Documentation #5182: userguide: better document rule keywords

userguide: explain that the http.header_names buffer is normalized

Added by Juliana Fajardini Reichow over 2 years ago. Updated 7 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

libhtp normalizes the http.header_names buffer, as it resides in a structure that does not allow duplicates.

As someone inspecting Wireshark packet traffic may be expecting something different when writing a rule, make this behavior clear on our documentation.


Related issues 1 (1 open0 closed)

Related to Suricata - Bug #6779: http.header_names behavior when encountering duplicate header namesNewOISF DevActions
Actions #1

Updated by Juliana Fajardini Reichow over 2 years ago

  • Parent task set to #5182
Actions #2

Updated by Juliana Fajardini Reichow over 2 years ago

  • Subject changed from userguide: explain that the http.header_names is normalized to userguide: explain that the http.header_names buffer is normalized
Actions #3

Updated by Jason Taylor 8 months ago

  • Assignee changed from OISF Dev to Jason Taylor

This will be/is resolved with the work being done on ticket #3025

Actions #4

Updated by Brandon Murphy 8 months ago

looks like #6779 might be a duplicate of this.

Actions #5

Updated by Juliana Fajardini Reichow 8 months ago

  • Related to Bug #6779: http.header_names behavior when encountering duplicate header names added
Actions #6

Updated by Jason Taylor 7 months ago

  • Status changed from New to Assigned
Actions #7

Updated by Juliana Fajardini Reichow 7 months ago

  • Target version changed from TBD to 8.0.0-beta1
Actions

Also available in: Atom PDF