Project

General

Profile

Actions
Copy link

Documentation #5485

open

Documentation #5182: userguide: better document rule keywords

userguide: explain that the http.header_names buffer is normalized

Added by Juliana Fajardini Reichow over 1 year ago. Updated 29 days ago.

Status:
New
Priority:
Normal
Assignee:
Jason Taylor
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:

Description

libhtp normalizes the http.header_names buffer, as it resides in a structure that does not allow duplicates.

As someone inspecting Wireshark packet traffic may be expecting something different when writing a rule, make this behavior clear on our documentation.

Related issues 1 (1 open0 closed)

Related to Suricata - Bug #6779: http.header_names behavior when encountering duplicate header namesNewOISF DevActions
Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow over 1 year ago

  • Parent task set to #5182
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow over 1 year ago

  • Subject changed from userguide: explain that the http.header_names is normalized to userguide: explain that the http.header_names buffer is normalized
Actions
Copy link
 #3

Updated by Jason Taylor 29 days ago

  • Assignee changed from OISF Dev to Jason Taylor

This will be/is resolved with the work being done on ticket #3025

Actions
Copy link
 #4

Updated by Brandon Murphy 29 days ago

looks like #6779 might be a duplicate of this.

Actions
Copy link
 #5

Updated by Juliana Fajardini Reichow 21 days ago

  • Related to Bug #6779: http.header_names behavior when encountering duplicate header names added
Actions
Copy link

Also available in: Atom PDF