Actions
Bug #7740
closeddoh2: events are always dns even if there is no DNS info (pure HTTP2 settings)
Affected Versions:
Effort:
Difficulty:
Label:
Description
For example:
{
"timestamp": "2022-12-27T21:26:18.000575+0000",
"flow_id": 564142465108817,
"pcap_cnt": 5,
"event_type": "dns",
"src_ip": "10.200.30.140",
"src_port": 49792,
"dest_ip": "8.8.4.4",
"dest_port": 80,
"proto": "TCP",
"ip_v": 4,
"pkt_src": "wire/pcap",
"http": {
"version": "2",
"http2": {
"stream_id": 0,
"request": {
"settings": [
{
"settings_id": "SETTINGSHEADERTABLESIZE",
"settings_value": 65536
},
{
"settings_id": "SETTINGSENABLEPUSH",
"settings_value": 0
},
{
"settings_id": "SETTINGSMAXCONCURRENTSTREAMS",
"settings_value": 1000
},
{
"settings_id": "SETTINGSINITIALWINDOWSIZE",
"settings_value": 6291456
},
{
"settings_id": "SETTINGSMAXHEADERLISTSIZE",
"settings_value": 262144
}
]
},
"response": {}
}
}
}
Can be seen in the S-V test dns-over-http2, however is no DNS information logged. It does come later in the flow though.
Updated by Philippe Antoine 5 months ago
- Subject changed from http2: events that contain dns request can be wrongly logged as dns events to doh2: events are always dns even if there is no DNS info (pure HTTP2 settings)
- Assignee changed from OISF Dev to Philippe Antoine
Updated by Philippe Antoine 4 months ago
- Target version changed from TBD to 9.0.0-beta1
Updated by Philippe Antoine 4 months ago
- Target version changed from 9.0.0-beta1 to 8.0.1
Updated by Philippe Antoine 4 months ago
- Status changed from New to In Review
Updated by Philippe Antoine 4 months ago
- Affected Versions 8.0.0 added
- Affected Versions deleted (
8.0.0-beta1)
Updated by Jason Ish 3 months ago
- Status changed from In Review to Closed
Merged via https://github.com/OISF/suricata/pull/13683.
Actions