Skip to content

Commit

Permalink
[Packetbeat] HTTP: Improve support for 100-continue #15830 (#19349)
Browse files Browse the repository at this point in the history
* refactor(packet beat): Improve support for 100-continue

* test(packetbeat): 100-continue only generate one event without error

* test(packetbeat): 100-continue only generate one event without error

* Update packetbeat/protos/http/http.go

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>

* delete unused string

* Fix format issue

Co-authored-by: Marc Guasch <marc.guasch@elastic.co>
Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
  • Loading branch information
3 people authored Jul 27, 2020
1 parent e95a905 commit 41bc8c6
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -606,6 +606,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
`host` metadata fields when processing network data from network tap or mirror
port. {pull}19209[19209]
- Add ECS fields for x509 certs, event categorization, and related IP info. {pull}19167[19167]
- Add 100-continue support {issue}15830[15830] {pull}19349[19349]


*Functionbeat*
- Add basic ECS categorization and `cloud` fields. {pull}19174[19174]
Expand Down
6 changes: 6 additions & 0 deletions packetbeat/protos/http/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -457,6 +457,12 @@ func (http *httpPlugin) flushResponses(conn *httpConnectionData) {
unmatchedResponses.Add(1)
resp := conn.responses.pop()
debugf("Response from unknown transaction: %s. Reporting error.", resp.tcpTuple)

if resp.statusCode == 100 {
debugf("Drop first 100-continue response")
return
}

event := http.newTransaction(nil, resp)
http.publishTransaction(event)
}
Expand Down
Binary file not shown.
32 changes: 32 additions & 0 deletions packetbeat/tests/system/test_0070_http_100_continue.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
from packetbeat import BaseTest

"""
Tests for checking expect 100-continue only generate 1 event
"""


class Test(BaseTest):

def test_http_100_continue(self):
"""
Should only generate one event
"""
self.render_config_template(
iface_device="lo0",
http_ports=["9200"],
http_send_all_headers=True
)
self.run_packetbeat(pcap="http_100_continue.pcap")
objs = self.read_output_json()

assert len(objs) == 1
o = objs[0]

assert o["type"] == "http"
assert "request" in o["http"]
assert "headers" in o["http"]["request"]
assert o["http"]["request"]["headers"]["expect"] == "100-continue"

assert "response" in o["http"]

assert not "error" in o

0 comments on commit 41bc8c6

Please sign in to comment.