At the moment I'm looking into a problem that James Small has reported
on the users-list:
Although the problem seems to be a non-functional re-assembly of
the SSL packets when they are proxied. I will take some time to
get familiar with the re-assembly code in wireshark...
While looking into the http-dissector I improved a few things on
how it dissects a proxy CONNECT session. This is what I have changed:
- added the fields hf_http_proxy_connect_host and -port
- changed proto_tree_add_text to proto_tree_add_string and -uint
so that it's possible to filter on them
- make these two fields "PROTO_ITEM_SET_GENERATED"
- removed the alteration of the ports within pinfo, now the
ports in the column info are not changed to the port used to
connect to the backend server. It is now possible to use
follow-tcp-stream again on proxied ssl sessions.
The patch has been tested on FC4.
Could someone review this patch?