Actions
Bug #7740
closeddoh2: events are always dns even if there is no DNS info (pure HTTP2 settings)
Affected Versions:
Effort:
Difficulty:
Label:
Description
For example:
{
"timestamp": "2022-12-27T21:26:18.000575+0000",
"flow_id": 564142465108817,
"pcap_cnt": 5,
"event_type": "dns",
"src_ip": "10.200.30.140",
"src_port": 49792,
"dest_ip": "8.8.4.4",
"dest_port": 80,
"proto": "TCP",
"ip_v": 4,
"pkt_src": "wire/pcap",
"http": {
"version": "2",
"http2": {
"stream_id": 0,
"request": {
"settings": [
{
"settings_id": "SETTINGSHEADERTABLESIZE",
"settings_value": 65536
},
{
"settings_id": "SETTINGSENABLEPUSH",
"settings_value": 0
},
{
"settings_id": "SETTINGSMAXCONCURRENTSTREAMS",
"settings_value": 1000
},
{
"settings_id": "SETTINGSINITIALWINDOWSIZE",
"settings_value": 6291456
},
{
"settings_id": "SETTINGSMAXHEADERLISTSIZE",
"settings_value": 262144
}
]
},
"response": {}
}
}
}
Can be seen in the S-V test dns-over-http2, however is no DNS information logged. It does come later in the flow though.
Actions