Wireshark-dev: [Wireshark-dev] [PATCH] Enhancements to dissecting proxy CONNECT sessions
From: Sake Blok <[email protected]>
Date: Tue, 17 Apr 2007 11:43:25 +0200
Hi,

At the moment I'm looking into a problem that James Small has reported
on the users-list:

http://www.wireshark.org/lists/wireshark-users/200704/msg00047.html

Although the problem seems to be a non-functional re-assembly of
the SSL packets when they are proxied. I will take some time to
get familiar with the re-assembly code in wireshark...

While looking into the http-dissector I improved a few things on
how it dissects a proxy CONNECT session. This is what I have changed:

- added the fields hf_http_proxy_connect_host and -port

- changed proto_tree_add_text to proto_tree_add_string and -uint
  so that it's possible to filter on them

- make these two fields "PROTO_ITEM_SET_GENERATED"

- removed the alteration of the ports within pinfo, now the
  ports in the column info are not changed to the port used to 
  connect to the backend server. It is now possible to use 
  follow-tcp-stream again on proxied ssl sessions.

The patch has been tested on FC4.

Could someone review this patch?

Cheers,


Sake

Attachment: proxy-connect.patch.gz
Description: application/gunzip