Skip to content

Comments

Dns over http2 5773 v13#11369

Closed
catenacyber wants to merge 11 commits intoOISF:masterfrom
catenacyber:dns-over-http2-5773-v13
Closed

Dns over http2 5773 v13#11369
catenacyber wants to merge 11 commits intoOISF:masterfrom
catenacyber:dns-over-http2-5773-v13

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Jun 25, 2024

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/5773

Describe changes:

  • analyze DNS over HTTP2

SV_BRANCH=OISF/suricata-verify#1734

#11292 with review taken into account in the 2 latest commits.
@victorjulien should I squash these commits in ?

Draft because of TODO :

catenacyber added 11 commits June 25, 2024 09:24
@catenacyber
output/dcerpc: call jb_get_mark just before jb_open_object
4f82f75
@catenacyber
doc: state that payload-length includes the gaps
1efb97b
@catenacyber
dns: prepare for dns over http2 support
e17d2c0 
by making tx parsing and creation more easily available,
without needing a dns state.

Dns event NotResponse is now set on the right tx, and not the one
before.

Also debug log for Z-flag on request says "request" instead of
"response"

Also rustfmt dns.rs
@catenacyber
http2: rustfmt
9533ee8
@catenacyber
http2: log dns if DoH is recognized
f522002 
Ticket: 5773
@catenacyber
doh: implement dns over http2 app-proto
ae8e621 
Ticket: 5773
@catenacyber
doh: make dns and http keywords for doh2
7e08eb5 
Ticket: 5773
@catenacyber
util/profiling: remove assertion
d1f0777 
Now a flow alproto can be changed by a call to AppLayerParserParse
when HTTP2 forces the flow to turn into DOH2.
@catenacyber
doh2: handle dns message in POST requests
ee475fa 
Ticket: 5773

Handles both directions the same way for data if content type is
application/dns-message
@catenacyber
doh2: use a central function DetectGetInnerTx
bca4947
@catenacyber
doh: move fields into dedicated Optional struct
0ca1644 
So as to consume less memory for HTTP2Transaction
@catenacyber catenacyber mentioned this pull request Jun 25, 2024
Closed
@suricata-qa
Copy link

suricata-qa commented Jun 25, 2024

WARNING:

ERROR: QA failed on SURI_TLPR1_alerts_cmp.

field baseline test %
SURI_TLPW1_stats_chk
.detect.alert 152590 157424 103.17%

Pipeline 21233

@catenacyber catenacyber mentioned this pull request Jun 27, 2024
Closed
@catenacyber
Copy link
Contributor Author

catenacyber commented Jun 27, 2024

Continued in #11376

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@catenacyber @suricata-qa