From: Jason Ish Date: Mon, 3 Aug 2020 20:41:39 +0000 (-0600) Subject: http2: log headers in the same format as http (1) X-Git-Tag: suricata-6.0.0-beta1~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6a55606adb0537f1e13dae89db4067d0a6962f98;p=thirdparty%2Fsuricata.git http2: log headers in the same format as http (1) Log the headers in request_headers, and response_headers like http1 to remain compatible. --- diff --git a/rust/src/http2/logger.rs b/rust/src/http2/logger.rs index 5a43e629d5..c2f30847d5 100644 --- a/rust/src/http2/logger.rs +++ b/rust/src/http2/logger.rs @@ -42,6 +42,28 @@ fn log_http2_headers( return Ok(()); } +fn log_headers(frames: &Vec, js: &mut JsonBuilder) -> Result { + let mut has_headers = false; + for frame in frames { + match &frame.data { + HTTP2FrameTypeData::HEADERS(hd) => { + log_http2_headers(&hd.blocks, js)?; + has_headers = true; + } + HTTP2FrameTypeData::PUSHPROMISE(hd) => { + log_http2_headers(&hd.blocks, js)?; + has_headers = true; + } + HTTP2FrameTypeData::CONTINUATION(hd) => { + log_http2_headers(&hd.blocks, js)?; + has_headers = true; + } + _ => {} + } + } + Ok(has_headers) +} + fn log_http2_frames(frames: &Vec, js: &mut JsonBuilder) -> Result { let mut has_settings = false; for i in 0..frames.len() { @@ -62,37 +84,6 @@ fn log_http2_frames(frames: &Vec, js: &mut JsonBuilder) -> Result { - if !has_headers { - js.open_array("headers")?; - has_headers = true; - } - log_http2_headers(&hd.blocks, js)?; - } - HTTP2FrameTypeData::PUSHPROMISE(hd) => { - if !has_headers { - js.open_array("headers")?; - has_headers = true; - } - log_http2_headers(&hd.blocks, js)?; - } - HTTP2FrameTypeData::CONTINUATION(hd) => { - if !has_headers { - js.open_array("headers")?; - has_headers = true; - } - log_http2_headers(&hd.blocks, js)?; - } - _ => {} - } - } - if has_headers { - js.close()?; - } - let mut has_error_code = false; let mut has_priority = false; let mut has_multiple = false; @@ -159,19 +150,42 @@ fn log_http2_frames(frames: &Vec, js: &mut JsonBuilder) -> Result {} } } - return Ok(has_settings || has_headers || has_error_code || has_priority); + return Ok(has_settings || has_error_code || has_priority); } fn log_http2(tx: &HTTP2Transaction, js: &mut JsonBuilder) -> Result { + let mut has_headers = false; + + // Request headers. + let mark = js.get_mark(); + js.open_array("request_headers")?; + if log_headers(&tx.frames_ts, js)? { + js.close()?; + has_headers = true; + } else { + js.restore_mark(&mark)?; + } + + // Response headers. + let mark = js.get_mark(); + js.open_array("response_headers")?; + if log_headers(&tx.frames_tc, js)? { + js.close()?; + has_headers = true; + } else { + js.restore_mark(&mark)?; + } + js.set_uint("stream_id", tx.stream_id as u64)?; js.open_object("request")?; let has_request = log_http2_frames(&tx.frames_ts, js)?; js.close()?; + js.open_object("response")?; let has_response = log_http2_frames(&tx.frames_tc, js)?; js.close()?; - return Ok(has_request || has_response); + return Ok(has_request || has_response || has_headers); } #[no_mangle]