From 9fff62e2a8a19b94f665b2937242b65fe0ef49fc Mon Sep 17 00:00:00 2001
From: Alexander Gryanko <xpahos@gmail.com>
Date: Wed, 27 Feb 2019 07:55:52 +0300
Subject: Qt, http2: Add Follow HTTP/2 Stream functionality

The HTTP/2 protocol multiplexes a single TCP connection into multiple
independent streams. The Follow TCP output can interleave multiple
HTTP/2 streams, making it harder to analyze a single HTTP/2 stream.

Add the ability to select HTTP/2 Streams within a TCP stream.
Internally, the HTTP/2 dissector now stores the known Stream IDs in a
set for every TCP session which allows an amortized O(n) lookup time for
the previous/next/max Stream ID.

[Peter: make the dissector responsible for clamping the HTTP/2 Stream ID
instead of the Qt code, that should permit future optimizations.]

Change-Id: I5d78f29904ae8f227ae36e1a883155c0ed719200
Reviewed-on: https://code.wireshark.org/review/32221
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexander Gryanko <xpahos@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
---
 test/suite_dissection.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'test')

diff --git a/test/suite_dissection.py b/test/suite_dissection.py
index eac8529d03..ba7500f72e 100644
--- a/test/suite_dissection.py
+++ b/test/suite_dissection.py
@@ -57,6 +57,33 @@ class case_dissect_http2(subprocesstest.SubprocessTestCase):
             ))
         self.assertTrue(self.grepOutput('DATA'))
 
+    def test_http2_follow_0(self, cmd_tshark, features, dirs, capture_file):
+        '''Follow HTTP/2 Stream ID 0 test'''
+        if not features.have_nghttp2:
+            self.skipTest('Requires nghttp2.')
+        key_file = os.path.join(dirs.key_dir, 'http2-data-reassembly.keys')
+        self.assertRun((cmd_tshark,
+                '-r', capture_file('http2-data-reassembly.pcap'),
+                '-o', 'tls.keylog_file: {}'.format(key_file),
+                '-z', 'follow,http2,hex,0,0'
+            ))
+        self.assertTrue(self.grepOutput('00000000  00 00 12 04 00 00 00 00'))
+        self.assertFalse(self.grepOutput('00000000  00 00 2c 01 05 00 00 00'))
+
+    def test_http2_follow_1(self, cmd_tshark, features, dirs, capture_file):
+        '''Follow HTTP/2 Stream ID 1 test'''
+        if not features.have_nghttp2:
+            self.skipTest('Requires nghttp2.')
+        key_file = os.path.join(dirs.key_dir, 'http2-data-reassembly.keys')
+        self.assertRun((cmd_tshark,
+                '-r', capture_file('http2-data-reassembly.pcap'),
+                '-o', 'tls.keylog_file: {}'.format(key_file),
+                '-z', 'follow,http2,hex,0,1'
+            ))
+        self.assertFalse(self.grepOutput('00000000  00 00 12 04 00 00 00 00'))
+        self.assertTrue(self.grepOutput('00000000  00 00 2c 01 05 00 00 00'))
+
+
 @fixtures.mark_usefixtures('test_env')
 @fixtures.uses_fixtures
 class case_dissect_tcp(subprocesstest.SubprocessTestCase):
-- 
cgit v1.2.3