http: Fix src/dest mapping for proxied connections

Using value_is_in_range is making quite some assumptions, namely (1) the
proxy server is always run on a registered HTTP port, and (2) the
source (client) port is always not HTTP. The former is quite a strong
assertion which fails to hold when using a custom port (8008) that got
detected through heuristics.

Fix this by recording the source address and port pair for the server
and then check this against the current packet.

This fixes detection of a SSL conversation where two conversations got
detected instead of one. Example: 8008 is proxy, 443 is target server.
Now the proxied conversation got detected as 443 --> "client port"
(server to client, ok) and 443 --> 8008 (client to server, not ok,
should be "client port" --> 443).

bug:7717
Change-Id: I05113ec2aca6c9296184759a8a62eb32cbfcbb4f
Reviewed-on: https://code.wireshark.org/review/1380
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

1 files changed, 3 insertions, 0 deletions

diff --git a/epan/dissectors/packet-http.h b/epan/dissectors/packet-http.h
index ae7e342e9e..e92deb1e0b 100644
--- a/epan/dissectors/packet-http.h
+++ b/epan/dissectors/packet-http.h
@@ -73,6 +73,9 @@ typedef struct _http_conv_t {
 	gchar   *request_uri;
 	guint8   upgrade;
 	guint32	startframe;	/* First frame of proxied connection */
+	/* Server address and port, known after first server response */
+	address server_addr;
+	guint16 server_port;
 	/** the tail node of req_res */
 	http_req_res_t *req_res_tail;
 	/** the number of requests on the conversation. */