blob: 1ad83554c6ef35ea1b44bd19eb4d40e52570823a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
HTTP2 Keywords
==============
HTTP2 frames are grouped into transactions based on the stream identifier it it is not 0.
For frames with stream identifier 0, whose effects are global for the connection, a transaction is created for each frame.
http2.frametype
---------------
Match on the frame type present in a transaction.
Examples::
http2.frametype:GOAWAY;
http2.errorcode
---------------
Match on the error code in a GOWAY or RST_STREAM frame
Examples::
http2.errorcode: NO_ERROR;
http2.errorcode: INADEQUATE_SECURITY;
http2.priority
--------------
Match on the value of the HTTP2 priority field present in a PRIORITY or HEADERS frame.
This keyword takes a numeric argument after a colon and supports additional qualifiers, such as:
* ``>`` (greater than)
* ``<`` (less than)
* ``x-y`` (range between values x and y)
Examples::
http2.priority:2;
http2.priority:>100;
http2.priority:32-64;
http2.window
------------
Match on the value of the HTTP2 value field present in a WINDOWUPDATE frame.
This keyword takes a numeric argument after a colon and supports additional qualifiers, such as:
* ``>`` (greater than)
* ``<`` (less than)
* ``x-y`` (range between values x and y)
Examples::
http2.window:1;
http2.window:<100000;
http2.size_update
-----------------
Match on the size of the HTTP2 Dynamic Headers Table.
More information on the protocol can be found here:
`<https://tools.ietf.org/html/rfc7541#section-6.3>`_
This keyword takes a numeric argument after a colon and supports additional qualifiers, such as:
* ``>`` (greater than)
* ``<`` (less than)
* ``x-y`` (range between values x and y)
Examples::
http2.size_update:1234;
http2.size_update:>4096;
http2.settings
--------------
Match on the name and value of a HTTP2 setting from a SETTINGS frame.
This keyword takes a numeric argument after a colon and supports additional qualifiers, such as:
* ``>`` (greater than)
* ``<`` (less than)
* ``x-y`` (range between values x and y)
Examples::
http2.settings:SETTINGS_ENABLE_PUSH=0;
http2.settings:SETTINGS_HEADER_TABLE_SIZE>4096;
http2.header_name
-----------------
Match on the name of a HTTP2 header from a HEADER frame (or PUSH_PROMISE or CONTINUATION).
Examples::
http2.header_name; content:"agent";
``http2.header_name`` is a 'sticky buffer'.
``http2.header_name`` can be used as ``fast_pattern``.
``http2.header_name`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
Additional information
----------------------
More information on the protocol can be found here:
`<https://tools.ietf.org/html/rfc7540>`_
|
