Feature #2312
closedhttp: parsing for async streams
Description
Currently the parser requires traffic from both sides to be useful/effective.
Updated by Victor Julien about 7 years ago
- Related to Task #2309: SuriCon 2017 brainstorm added
Updated by Raymond Hansen about 6 years ago
Jeffrey has created an http parser that we should evaluate for use. Should include http2?
Updated by Philippe Antoine over 5 years ago
Currently the parser requires traffic from both sides to be useful/effective.
How so ?
From my experience of the code, it is "effective" as it should match signature with http keywords
I did not test it yet but I would like what is expected first.
Updated by Victor Julien over 5 years ago
Not sure if this is still true. Some updates were made to libhtp and suricata to allow for this. I think it's a good idea to create some test cases (suricata-verify) for both all request and all response traffic. I'm especially curious how multi-tx sessions work.
Updated by Victor Julien over 5 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Philippe Antoine
Philippe, can you make some SV tests for this? TS only, TC only. Checking logging, file extraction, signature matching?
Updated by Victor Julien almost 5 years ago
- Target version changed from TBD to 6.0.0beta1
Updated by Philippe Antoine almost 5 years ago
- Status changed from Assigned to In Review
Updated by Philippe Antoine almost 5 years ago
- Status changed from In Review to Closed