diff options
author | Peter Wu <peter@lekensteyn.nl> | 2015-03-10 12:05:25 +0100 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2015-03-12 16:25:46 +0000 |
commit | 6c1e4d2e7a9bd4884feff393fe3cd9b18d8dfee3 (patch) | |
tree | b395d519c983f2e85683086deda719ed9fbc4b24 /epan/dissectors/packet-http2.c | |
parent | caebab58ffbd6249ce43c098ac6e081ee1828117 (diff) |
http2: improve heuristics, remember conversation
Enable the reliable Magic Hello heuristics by default and dissect
further packets as HTTP2 as well. The weak frame heuristics is still
disabled by default.
Change-Id: I783d036fb6c6d867daedf251a5264fdf3b475447
Reviewed-on: https://code.wireshark.org/review/7615
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-http2.c')
-rw-r--r-- | epan/dissectors/packet-http2.c | 28 |
1 files changed, 13 insertions, 15 deletions
diff --git a/epan/dissectors/packet-http2.c b/epan/dissectors/packet-http2.c index 8b3a750ee2..9530ceded3 100644 --- a/epan/dissectors/packet-http2.c +++ b/epan/dissectors/packet-http2.c @@ -1422,24 +1422,21 @@ dissect_http2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, static gboolean dissect_http2_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { - - /* It is not easy to write a good http2 heuristic, - this heuristic is disabled by default - */ - - if (!global_http2_heur) - { - return FALSE; - } + conversation_t *conversation; if (tvb_memeql(tvb, 0, kMagicHello, MAGIC_FRAME_LENGTH) != 0) { /* we couldn't find the Magic Hello (PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n) - see if there's a valid frame type (0-11 are defined at the moment) */ - if (tvb_captured_length(tvb)<4 || tvb_get_guint8(tvb, 3)>HTTP2_BLOCKED) - - return (FALSE); + see if there's a valid frame type (0-11 are defined at the moment). + This is weak heuristics, so it is disabled by default. */ + if (!global_http2_heur || + tvb_captured_length(tvb)<4 || tvb_get_guint8(tvb, 3)>HTTP2_BLOCKED) + return FALSE; } + /* Once switched to HTTP2, then future messages are also part of HTTP2. */ + conversation = find_or_create_conversation(pinfo); + conversation_set_dissector(conversation, http2_handle); + dissect_http2(tvb, pinfo, tree, data); return (TRUE); @@ -1857,8 +1854,9 @@ proto_register_http2(void) http2_module = prefs_register_protocol(proto_http2, NULL); prefs_register_bool_preference(http2_module, "heuristic_http2", - "Enable HTTP2 heuristic (disabled by default)", - "The HTTP2 heuristic is weak and there are some false positives", + "Enable weak HTTP2 detection heuristic", + "The weak HTTP2 heuristic has some false positives and is disabled by " + "default. The stronger HTTP2 Magic Hello heuristic is always enabled.", &global_http2_heur); new_register_dissector("http2", dissect_http2, proto_http2); |