diff options
| author | Mikael Kanstrup <mikael.kanstrup@axis.com> | 2023-01-13 18:43:49 +0100 |
|---|---|---|
| committer | John Thacker <johnthacker@gmail.com> | 2023-01-19 03:14:18 +0000 |
| commit | c4db402db579f9232e858a8f4d2ff045e170fd24 (patch) | |
| tree | d8ea88a2122352ad82e0800569b774eaf5c742f3 /epan | |
| parent | 06519be2052776e4f052838905b230623e41befe (diff) | |
Add follow websocket stream support
The websocket protocol masking feature makes follow TCP stream
on websocket traffic show masked payload. To easily view unmasked
and reassembled websocket payload add follow websocket stream
support.
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-websocket.c | 13 | ||||
| -rw-r--r-- | epan/follow.h | 1 |
2 files changed, 14 insertions, 0 deletions
diff --git a/epan/dissectors/packet-websocket.c b/epan/dissectors/packet-websocket.c index 22a56120f9..74ab98be67 100644 --- a/epan/dissectors/packet-websocket.c +++ b/epan/dissectors/packet-websocket.c @@ -13,7 +13,9 @@ #include "config.h" #include <wsutil/wslog.h> +#include <epan/addr_resolv.h> #include <epan/conversation.h> +#include <epan/follow.h> #include <epan/proto_data.h> #include <epan/packet.h> #include <epan/expert.h> @@ -75,6 +77,8 @@ typedef struct { } websocket_packet_t; #endif +static int websocket_follow_tap = -1; + /* Initialize the protocol and registered fields */ static int proto_websocket = -1; static int proto_http = -1; @@ -691,6 +695,10 @@ dissect_websocket_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, voi tvb_payload = tvb_new_subset_length_caplen(tvb, payload_offset, payload_length, payload_length); } dissect_websocket_payload(tvb_payload, pinfo, tree, ws_tree, fin, opcode, websocket_conv, pmc, tvb_raw_offset(tvb)); + + if (have_tap_listener(websocket_follow_tap)) { + tap_queue_packet(websocket_follow_tap, pinfo, tvb_payload); + } } return tvb_captured_length(tvb); @@ -978,6 +986,11 @@ proto_register_websocket(void) reassembly_table_register(&ws_reassembly_table, &addresses_reassembly_table_functions); + websocket_follow_tap = register_tap("websocket_follow"); /* websocket follow tap */ + register_follow_stream(proto_websocket, "websocket_follow", tcp_follow_conv_filter, tcp_follow_index_filter, + tcp_follow_address_filter, tcp_port_to_display, follow_tvb_tap_listener, + get_tcp_stream_count, NULL); + proto_register_field_array(proto_websocket, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); expert_websocket = expert_register_protocol(proto_websocket); diff --git a/epan/follow.h b/epan/follow.h index f17b3f0c19..e23e387412 100644 --- a/epan/follow.h +++ b/epan/follow.h @@ -47,6 +47,7 @@ typedef enum { FOLLOW_HTTP2, FOLLOW_QUIC, FOLLOW_SIP, + FOLLOW_WEBSOCKET, } follow_type_t; /* Show Type */ |