Project

General

Profile

Actions
Copy link

Documentation #5485

open

Documentation #5182: userguide: better document rule keywords

userguide: explain that the http.header_names buffer is normalized

Added by Juliana Fajardini Reichow about 2 years ago. Updated 6 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Jason Taylor
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

libhtp normalizes the http.header_names buffer, as it resides in a structure that does not allow duplicates.

As someone inspecting Wireshark packet traffic may be expecting something different when writing a rule, make this behavior clear on our documentation.

Related issues 1 (1 open0 closed)

Related to Suricata - Bug #6779: http.header_names behavior when encountering duplicate header namesNewOISF DevActions
Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow about 2 years ago

  • Parent task set to #5182
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow about 2 years ago

  • Subject changed from userguide: explain that the http.header_names is normalized to userguide: explain that the http.header_names buffer is normalized
Actions
Copy link
 #3

Updated by Jason Taylor 7 months ago

  • Assignee changed from OISF Dev to Jason Taylor

This will be/is resolved with the work being done on ticket #3025

Actions
Copy link
 #4

Updated by Brandon Murphy 7 months ago

looks like #6779 might be a duplicate of this.

Actions
Copy link
 #5

Updated by Juliana Fajardini Reichow 7 months ago

  • Related to Bug #6779: http.header_names behavior when encountering duplicate header names added
Actions
Copy link
 #6

Updated by Jason Taylor 6 months ago

  • Status changed from New to Assigned
Actions
Copy link
 #7

Updated by Juliana Fajardini Reichow 6 months ago

  • Target version changed from TBD to 8.0.0-beta1
Actions
Copy link

Also available in: Atom PDF