mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
aff54f29f8
Ticket: 5926 HTTP2 continuation frames are defined in RFC 9113. They allow header blocks to be split over multiple HTTP2 frames. For Suricata to process correctly these header blocks, it must do the reassembly of the payload of these HTTP2 frames. Otherwise, we get incomplete decoding for headers names and/or values while decoding a single frame. Design is to add a field to the HTTP2 state, as the RFC states that these continuation frames form a discrete unit : > Field blocks MUST be transmitted as a contiguous sequence of frames, > with no interleaved frames of any other type or from any other stream. So, we do not have to duplicate this reassembly field per stream id. Another design choice is to wait for the reassembly to be complete before doing any decoding, to avoid quadratic complexity on partially decoding of the data. |
8 months ago | |
|---|---|---|
| .. | ||
| Makefile.am | ||
| README.md | ||
| app-layer-events.rules | ||
| decoder-events.rules | ||
| dhcp-events.rules | ||
| dnp3-events.rules | ||
| dns-events.rules | ||
| files.rules | ||
| ftp-events.rules | ||
| http-events.rules | ||
| http2-events.rules | 8 months ago | |
| ipsec-events.rules | ||
| kerberos-events.rules | ||
| modbus-events.rules | ||
| mqtt-events.rules | ||
| nfs-events.rules | ||
| ntp-events.rules | ||
| quic-events.rules | ||
| rfb-events.rules | ||
| smb-events.rules | ||
| smtp-events.rules | ||
| ssh-events.rules | ||
| stream-events.rules | ||
| tls-events.rules | ||
README.md
Suricata Reserved SID Allocations
Unless otherwise noted, each component or protocol is allocated 1000 signature IDs.
Components
| Component | Start | End |
|---|---|---|
| Decoder | 2200000 | 2200999 |
| Stream | 2210000 | 2210999 |
| Generic App-Layer | 2260000 | 2260999 |
App-Layer Protocols
| Protocol | Start | End |
|---|---|---|
| SMTP | 2220000 | 2220999 |
| HTTP | 2221000 | 2221999 |
| NTP | 2222000 | 2222999 |
| NFS | 2223000 | 2223999 |
| IPsec | 2224000 | 2224999 |
| SMB | 2225000 | 2225999 |
| Kerberos | 2226000 | 2226999 |
| DHCP | 2227000 | 2227999 |
| SSH | 2228000 | 2228999 |
| MQTT | 2229000 | 2229999 |
| TLS | 2230000 | 2230999 |
| QUIC | 2231000 | 2231999 |
| FTP | 2232000 | 2232999 |
| DNS | 2240000 | 2240999 |
| MODBUS | 2250000 | 2250999 |
| DNP3 | 2270000 | 2270999 |
| HTTP2 | 2290000 | 2290999 |