From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 12 Jan 2021 15:42:48 +0000 (+0100)
Subject: http2: allow http1 keywords for http2 traffic
X-Git-Tag: suricata-6.0.3~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=333a512269039dfb934533ba74ab1d1e56b7abdd;p=thirdparty%2Fsuricata.git

http2: allow http1 keywords for http2 traffic

Adding a special case in DetectSignatureSetAppProto
---

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 59517b5591..5464835a7d 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1491,14 +1491,18 @@ int DetectSignatureSetAppProto(Signature *s, AppProto alproto)
         return -1;
     }
 
-    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != alproto) {
+    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != alproto &&
+            // allow to keep HTTP2 with HTTP1 keywords
+            !(s->alproto == ALPROTO_HTTP2 && alproto == ALPROTO_HTTP)) {
         SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS,
             "can't set rule app proto to %s: already set to %s",
             AppProtoToString(alproto), AppProtoToString(s->alproto));
         return -1;
     }
 
-    s->alproto = alproto;
+    if (!(s->alproto == ALPROTO_HTTP2 && alproto == ALPROTO_HTTP)) {
+        s->alproto = alproto;
+    }
     s->flags |= SIG_FLAG_APPLAYER;
     return 0;
 }