Project

General

Profile

Actions
Copy link

Bug #7740

open

doh2: events are always dns even if there is no DNS info (pure HTTP2 settings)

Added by Jason Ish 12 days ago. Updated 12 days ago.

Status:
New
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
TBD
Affected Versions:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

For example:

{
  "timestamp": "2022-12-27T21:26:18.000575+0000",
  "flow_id": 564142465108817,
  "pcap_cnt": 5,
  "event_type": "dns",
  "src_ip": "10.200.30.140",
  "src_port": 49792,
  "dest_ip": "8.8.4.4",
  "dest_port": 80,
  "proto": "TCP",
  "ip_v": 4,
  "pkt_src": "wire/pcap",
  "http": {
    "version": "2",
    "http2": {
      "stream_id": 0,
      "request": {
        "settings": [
          {
            "settings_id": "SETTINGSHEADERTABLESIZE",
            "settings_value": 65536
          },
          {
            "settings_id": "SETTINGSENABLEPUSH",
            "settings_value": 0
          },
          {
            "settings_id": "SETTINGSMAXCONCURRENTSTREAMS",
            "settings_value": 1000
          },
          {
            "settings_id": "SETTINGSINITIALWINDOWSIZE",
            "settings_value": 6291456
          },
          {
            "settings_id": "SETTINGSMAXHEADERLISTSIZE",
            "settings_value": 262144
          }
        ]
      },
      "response": {}
    }
  }
}

Can be seen in the S-V test dns-over-http2, however is no DNS information logged. It does come later in the flow though.

Actions
Copy link
 #1

Updated by Philippe Antoine 12 days ago

  • Subject changed from http2: events that contain dns request can be wrongly logged as dns events to doh2: events are always dns even if there is no DNS info (pure HTTP2 settings)
  • Assignee changed from OISF Dev to Philippe Antoine
Actions
Copy link

Also available in: Atom PDF