can follow a linked list (norm_heads
) to the HTTP header field in which it is interested. For example, if AppId
is interested in the HTTP header’s host
field, it will look for this value in the HEAD_HOST
(HEADer’s HOST field) NormalizedHeader
field (in the diagram above, "www.myfavoriteamazingsite.com"). What AppId
does with these fields is discussed in my AppId
Just because HttpEvent only has a pointer to the HttpMsgHeader doesn’t mean that the subscriber (which is currently only the AppId Inspector) can’t access the fields of the HttpUri (e.g., path, method_id) of the associated HttpMsgRequest. The subscriber simply follows the transaction pointer to the HttpTransaction of the HttpMsgHeader for the HttpMsgRequest fields.