From ec36885eda09c17b92d9bb6faf69984475f0b2ed Mon Sep 17 00:00:00 2001
From: Huang Qiangxiong <qiangxiong.huang@qq.com>
Date: Thu, 21 Oct 2021 00:26:19 +0800
Subject: [PATCH] http2: fix the stream mode reassembly issue

- Point all MSP related DATA frames to their MSP instead of
  using wmem_tree_lookup32_array_le().
- Add test_grpc_streaming_mode_reassembly testcase for verifying
  this feature.

close #17633
---
 epan/dissectors/packet-http2.c                |  53 +++++++++---------
 .../grpc_stream_reassembly_sample.pcapng.gz   | Bin 0 -> 6642 bytes
 test/suite_dissection.py                      |  30 ++++++++++
 3 files changed, 58 insertions(+), 25 deletions(-)
 create mode 100644 test/captures/grpc_stream_reassembly_sample.pcapng.gz

diff --git a/epan/dissectors/packet-http2.c b/epan/dissectors/packet-http2.c
index 1664b59458..ed61babcb6 100644
--- a/epan/dissectors/packet-http2.c
+++ b/epan/dissectors/packet-http2.c
@@ -187,12 +187,14 @@ typedef struct _http2_multisegment_pdu_t {
 
 /* struct for per-stream, per-direction streaming DATA frame reassembly */
 typedef struct {
-    /* This tree is indexed by http2 frame num and keeps track of all pdus
-     * spanning multiple segments in DATAs for this direction of http2 stream. */
-    wmem_tree_t *multisegment_pdus;
-    /* This tree is indexed by http2 frame num and keeps track of the frag_offset
+    /* This map is keyed by http2 frame num and keeps track of all MSPs for this
+     * direction of http2 stream. Different http2 frames will point to the same
+     * MSP if they contain the data of this MSP. If a frame contains the data of
+     * two MSPs, it will point to the second MSP. */
+    wmem_map_t *multisegment_pdus;
+    /* This map is keyed by http2 frame num and keeps track of the frag_offset
      * of the first byte of a DATA frame for fragment_add() after first scan. */
-    wmem_tree_t *http2fn_frag_offset;
+    wmem_map_t *http2fn_frag_offset;
     /* how many bytes the current uncompleted MSP still need. (only valid for first scan) */
     gint prev_deseg_len;
     /* the current uncompleted MSP (only valid for first scan) */
@@ -2559,7 +2561,7 @@ dissect_http2_data_partial_body(tvbuff_t *tvb, packet_info *pinfo, http2_session
  * Part1.
  *
  * And another case is the entire DATA is one of middle parts of a multisegment PDU. We call it MoMSP. Following
- * case shows a multisegment PDU composed of Part3 + MoMSP + MoMSP + MoMSP + Part3:
+ * case shows a multisegment PDU composed of Part3 + MoMSP + MoMSP + MoMSP + Part1:
  *
  *                 +-------------------------------- One Multisegment PDU ---------------------------------+
  *                 |                                                                                       |
@@ -2580,15 +2582,15 @@ dissect_http2_data_partial_body(tvbuff_t *tvb, packet_info *pinfo, http2_session
  *    of entire message).
  *  - If a DATA contains Part2, we will need only call subdissector once on it. The subdissector need dissect
  *    all non-fragment PDUs in it. (no desegment_len should output)
- *  - If a DATA contains Part3, we will need call subdissector once on Part3 or Parts2+3 (because unknown
+ *  - If a DATA contains Part3, we will need call subdissector once on Part3 or Part2+3 (because unknown
  *    during first scan). The subdissector will output desegment_len (!= 0). Then we will call fragment_add()
  *    with a new reassembly id on Part3 for starting a new MSP.
  *  - If a DATA only contains MoMSP (entire DATA is part of a MSP), we will only call fragment_add() once or twice
  *    (at first scan) on it. The subdissector will not be called.
  *
- * In this implementation, only multisegment PDUs are recorded in multisegment_pdus tree with first frame
- * number (guint64) as key. Each MSP in the tree has a pointer referred to previous MSP, because we may need
- * two MSPs to dissect a DATA contains Part1 + Part3 at the same time. The multisegment_pdus tree is built during
+ * In this implementation, only multisegment PDUs are recorded in multisegment_pdus map keyed by the numbers (guint64)
+ * of frames belongs to MSPs. Each MSP in the map has a pointer referred to previous MSP, because we may need
+ * two MSPs to dissect a DATA that contains Part1 + Part3 at the same time. The multisegment_pdus map is built during
  * first scan (pinfo->visited == FALSE) with help of prev_deseg_len and last_msp fields of http2_streaming_reassembly_info_t
  * for each direction of a HTTP2 STREAM. The prev_deseg_len record how many bytes of next DATAs belong to previous
  * PDU during first scan. The last_msp member of http2_streaming_reassembly_info_t is always point to last MSP which
@@ -2611,10 +2613,9 @@ reassemble_http2_data_according_to_subdissector(tvbuff_t *tvb, packet_info *pinf
 {
     guint orig_offset = offset;
     gint orig_length = length;
-    wmem_tree_key_t key[2];
     gint datalen = 0;
     gint bytes_belong_to_prev_msp = 0; /* bytes belongs to previous MSP */
-    guint32 num32[2], reassembly_id = 0, frag_offset = 0;
+    guint32 reassembly_id = 0, frag_offset = 0;
     fragment_head *head = NULL;
     gboolean need_more = FALSE;
     http2_multisegment_pdu_t *cur_msp = NULL, *prev_msp = NULL;
@@ -2623,17 +2624,11 @@ reassemble_http2_data_according_to_subdissector(tvbuff_t *tvb, packet_info *pinf
     guint16 save_can_desegment;
     int save_desegment_offset;
     guint32 save_desegment_len;
+    http2_frame_num_t *frame_ptr;
 
     proto_tree_add_bytes_format(http2_tree, hf_http2_data_data, tvb, offset,
         length, NULL, "DATA payload (%u byte%s)", length, plurality(length, "", "s"));
 
-    num32[0] = (guint32) (cur_frame_num >> 32);
-    num32[1] = (guint32) cur_frame_num;
-    key[0].length = 2;
-    key[0].key = num32;
-    key[1].length = 0;
-    key[1].key = NULL;
-
     save_can_desegment = pinfo->can_desegment;
     save_desegment_offset = pinfo->desegment_offset;
     save_desegment_len = pinfo->desegment_len;
@@ -2653,13 +2648,18 @@ reassemble_http2_data_according_to_subdissector(tvbuff_t *tvb, packet_info *pinf
             reassembly_id = reassembly_info->last_msp->streaming_reassembly_id;
             frag_offset = reassembly_info->last_msp->length;
             if (reassembly_info->http2fn_frag_offset == NULL) {
-                reassembly_info->http2fn_frag_offset = wmem_tree_new(wmem_file_scope());
+                reassembly_info->http2fn_frag_offset = wmem_map_new(wmem_file_scope(), g_int64_hash, g_int64_equal);
             }
-            wmem_tree_insert32_array(reassembly_info->http2fn_frag_offset, key, GUINT_TO_POINTER(frag_offset));
+            frame_ptr = (http2_frame_num_t*)wmem_memdup(wmem_file_scope(), &cur_frame_num, sizeof(http2_frame_num_t));
+            wmem_map_insert(reassembly_info->http2fn_frag_offset, frame_ptr, GUINT_TO_POINTER(frag_offset));
+            /* This DATA contains the data of previous msp, so we point to it. That may be override late. */
+            wmem_map_insert(reassembly_info->multisegment_pdus, frame_ptr, reassembly_info->last_msp);
         }
     } else {
         /* not first scan, use information of multisegment_pdus built during first scan */
-        cur_msp = (http2_multisegment_pdu_t *) wmem_tree_lookup32_array_le(reassembly_info->multisegment_pdus, key);
+        if (reassembly_info->multisegment_pdus) {
+            cur_msp = (http2_multisegment_pdu_t*)wmem_map_lookup(reassembly_info->multisegment_pdus, &cur_frame_num);
+        }
         if (cur_msp) {
             if (cur_msp->first_frame == cur_frame_num) {
                 /* Current DATA contains a beginning of a MSP. (Part3)
@@ -2685,7 +2685,9 @@ reassemble_http2_data_according_to_subdissector(tvbuff_t *tvb, packet_info *pinf
             }
             reassembly_id = prev_msp->streaming_reassembly_id;
         }
-        frag_offset = GPOINTER_TO_UINT(wmem_tree_lookup32_array(reassembly_info->http2fn_frag_offset, key));
+        if (reassembly_info->http2fn_frag_offset) {
+            frag_offset = GPOINTER_TO_UINT(wmem_map_lookup(reassembly_info->http2fn_frag_offset, &cur_frame_num));
+        }
     }
 
     /* handling Part1 or MoMSP (entire DATA being middle part of a MSP) */
@@ -2814,9 +2816,10 @@ reassemble_http2_data_according_to_subdissector(tvbuff_t *tvb, packet_info *pinf
             cur_msp->prev_msp = reassembly_info->last_msp;
             reassembly_info->last_msp = cur_msp;
             if (reassembly_info->multisegment_pdus == NULL) {
-                reassembly_info->multisegment_pdus = wmem_tree_new(wmem_file_scope());
+                reassembly_info->multisegment_pdus = wmem_map_new(wmem_file_scope(), g_int64_hash, g_int64_equal);
             }
-            wmem_tree_insert32_array(reassembly_info->multisegment_pdus, key, cur_msp);
+            frame_ptr = (http2_frame_num_t*)wmem_memdup(wmem_file_scope(), &cur_frame_num, sizeof(http2_frame_num_t));
+            wmem_map_insert(reassembly_info->multisegment_pdus, frame_ptr, cur_msp);
         } else {
             DISSECTOR_ASSERT(cur_msp && cur_msp->start_offset_at_first_frame == offset);
             reassembly_id = cur_msp->streaming_reassembly_id;
diff --git a/test/captures/grpc_stream_reassembly_sample.pcapng.gz b/test/captures/grpc_stream_reassembly_sample.pcapng.gz
new file mode 100644
index 0000000000000000000000000000000000000000..f5e22e0b08fe46fea508bb326352c33c1551c4c6
GIT binary patch
literal 6642
zcmZ`-dpwhU++K%unjS^1SUM<qB!?x32#H9E5MmD1l+0n6L)#oOowe`?b1uqZNOBk&
z%R|$FO_*Ue%3+xEm^1JF$oszkJkS2v=d<1S=eO&7UDx;ee(xQM+_vqWs?SZ(CO1DH
zqzlI1@AgeE7vK$px$Sk!6YGMx>E+{jTiFMB)5qHlG{W8P_>#r@G^yq(`z!<7SaANG
zg2Rc!Pm&<gNyhu-Zb!QB|MSENWmi;B-}$Tyi&^o!(~5W{PWQJ<UcE`SY+j&Ccd~mT
zIx!#*Ve7}l^hohl-54R=7LmF$i=kt!=lmFFBc?vCCQc@n&&`!vo`2F+EnhnMHH_W*
zbdUVAv>~T@b5f#~-`_9)&Mm%kEGz5S@odqhA?|!%UD0jHOFJa3)zt8!XctL2>1Q#L
zS^FCQR3_<}w)(aCw;>#7$CIRw$QmW>k8|=LdT{xf@lGb})Sa>D=hNYa%`G23X6+nd
zWqK_1G&H=cQafc`DH`J{;;(i_8@TIQ;a);2DlO{1s7pu24tHlY)a|~|k_wg-?odvA
zNgC#rG^8oy4hNPmQlb;wht({HD~owj0hAf8<&Rr;Kjz9g_01@UFP`g5{b*W8r*Ct~
zfAaLN$ebumu1=HPqRo_p<EZou8>e`;ptDedsMFm#_3)F!?$SefdkMAy>=R-Rf^okB
zgQ-eP?lQTOBew+-Gp5Lpu!rlWa(-cK7ex&IK36mCi8Nv4^6sa%tX@#rnHh&>E*R4n
zf-QHKda%1QmwgTJo4cJ$AMauuO#IAPVCXSb=0ptYhRb>}i_~#6PbbjUk$ccDq{1TN
zC_ZIhiAi`@W;T`A;(y?4_4Z*cX_n55*?zr6p+xX6p>Bq^t{Zo+fxuiL-NCPd8d~Ab
zRj7W-sFYIK&-Ut<jAgvs8Z3HWr~K4VC=^y^2V8y{6&VGK5iD6hv9&B+G|CAxZd)ER
z&8gb^l(Ds_l=dojqCoWk#^FK}oK16y-51)^RrVO26GR(hlBThX)XnhT9@Coo5%Fr3
zWX4G;rNStUf@F#h#UY5`%eB2lkImM0X`_y{%kt0AShX@Xqt%R+eOpIY1DT0(oBC!p
zWG$X$X?~r?TaD@7aL4fV^sipUo3yRKE8E|Pezi9cu=T53A08t2ezelBe%r|H)$#dM
z5;`&4-y*!zS*?O^U0}B%Xa$b6NMXqQQe@Bg<zCWJf!=_kV#gt+2bkP2n$h@loR%P~
zkNwf5Qp-b!RxeCCBQTo`@Chqam$}ZmJDcMjl3qO!{=iZ$!}Xk~0K8K(zk0FG;AoI?
zlt4`|@F>Ad#dO6LncfGEL&hJp6D_pQy;x>^Q99A^jAVZ;@#Ep63$G;y94Ve2Gm@KD
zI|dr{16EKiUox7p_BK;$F!I)_0AX`+Qke@SxMnJ7JR$7wO|;L+2a{k4B+}{3yAD=|
z=7p^l&JL;{T~P)<pKQlG>*N2`Y-ObuOIVE%e%%O~tIhQ~w+uatMAx{o2)l8R>dyYM
zp3idU4~+J11TA&TxEoARColLXdhy!x28iS)tfA<zfnzDnx*VG+OYbBpkl}6u;u-%4
z4(YMWYdC1vNriXRmD<DZw6~898iaH!JS2+@O?g}T%1F!?G2y771OlnRnXp*cbv`kw
zmFjzCkb1-|VsjCSnd2j*m+s6bD%cRew!kDqzIZic;oZeR_nu;T<uyElI~nXYtaNw!
zK8HX||FN-0{L93|rKs-aTE+LOOxV^@A-x{OE7x}A`5X+pw98_oQm=~|Bje%K;Ljrc
z#37T20Wi#L)aflCYTa3M${lo#7>nRo1+FjiNBHcG(%o=Bo5UxY+$s>#_0-WPccyA)
zh=0ZQvVxp<Xrifi&<$oRlG-%Agfpx$Fr$8Y3(fA)W3Ogx`xc&Cnr2`-;%b&dbSC9+
z?%!Spx7-{+Am>|YnzAqlKGC9;T6D~x2LMme6phURsC-QgJ&?*a#4}E4GruGbiTrRK
z)$?M?jd)azY8BW?-w)wauj<g_9w1)0*}P6-N$c{KsA3S!WB}W1x=1Z@X@uE5WWXBf
z->|)lqq#o^h!G;XW0thqHMCjOZEvKse9L~&goKbfSx^Nowt<+pAe!*y90DZr?uIo=
zwd5Jv=%vCWP3U6=tiJ4}(%qG*azKI^-!^)KB~dCv^Uk>k98#LIw!Y11uVyV%9M_(e
zJ#;g<b<fj!FVK=+BA<vDRU+j%s9r}Kh<d#tq6@ejFzCLj@X=k@R82kgYMKdRCP+yl
zI8{?cToXNwcJ*rLC&N2%Nb~eTjXRDS#0_g+z>1(R^PnkY%Hi>Q6fob#6axBm8SqZ2
z2-~Zsj=uJY0W;nE0c>wUJLt`u%d3L#CBq}8=_$pvUJY|z>(l`X)tqG!!f_Dgd_Yh`
z#dQh1-91w^|H#22EeEMFDaR42Q<H;0l`rUR^f?>khiUqrX<t}uBmV4f{bxs%%FmbH
zxX&Z_ZrxZ|5E2gs-A@2~v3s%&+lv8wA(pCH8F~z%img=uIDa?^kYz_4D%8yCQ>MV}
z0<+=wkNXf3GD8eOYC>vJ9ghGegO{hFX8LR|1IA<t2t+;BFz=HLxIY5LyS_^sJ$?N+
zqQ^y34X{P9qz4j8rcbkA82c0sNqKU;wh{{EMhvP(0SEb(9)M`-J-%KWox>-pv{K>v
z{=7k5$Ff(Rjfy`9cG9Zgab$SNH2oxLOd|_<WSwQ<s8YFA=_?A4kf&X#bdh%+0$PIa
zHxEi0`rMM5#3$|>5z-TY29ovX?ca3-q3V0vsvL{Vu7XF}AaO&)TpZKO45cHzY0cPy
z9SEN|ltC7ckWB7^`m1DvK|OK<*i36{0d-Pb9X)5rCyvzLhS0n8bb!K8)*i_C9Qt%C
ztk^S}L((|=_zzGT&>veki1*h@4;!LuzM;FIbMLZ#AA>9i;muuYgbB~{i7oQqpedMM
z4}k0|fWZr-W8Y~Gj0JcjGxT4<*M1ZkSp{b2K&P7!KC5>r;M<fR8$q-^KUNEe-S*1g
znm_Y!e(~3KKs^t@N)H$?Z2fm=iZct|Mg4KArjvAnMLJyt7grC06;B(iSLeV%_!OWF
z$UH*5iyvZQSpFZ`fY1;tV#2y}u$gE5d0K9dJ!|fN?gwD~0AOWH#{&J*dw>F`{E_h+
zR^}%jL0|)^6ezVfH+t24II%9;yAmdB^_r00|5`|Y8214zCG6g&iS9z78+MZ6+-W+M
z%JFJQqTKx*eAm6vHAFJlX$I;^`|MQ{A+z4S_jr2fU?7nzUJH#44s{Te`<?!7gpGH?
zFtMnHuQ()6i|f_UA-R6ay>37#AOo5a6O5ZIf~}tK$Z`ot>ylWu+i3simf~M_chWRN
z0bt#^Sfu$N6+U)91!7JLxB#TQubKza+mbj0)W@zJqryuztQ%^(2--z<XtGDwr1^S7
zI@64Qx2^FVH38N4Vk4{=@W5XmT_Fx;c=>z0c4&Yr_op8>U<%2%qQNZ{gDGbOSx^D7
zqnjRL=J7-P^p;PBc_O##%jq%2Bl<^acKSzEAj?u`mL2ESPQ81Bm|%YC2}t0umkkPZ
z6#cp1e@#gkHI`ra*~V?}svL_#aW5OPb+5{?b;o+fe4>tw>e96}yWR~vGGAa$ZwjCN
zkyCvo)W&ucm9l*cD0Hy_xC7{_M3jL^71#yL8_%dzT3tN|$h@@Q%04E5r<FfI{LqB$
z{fO?P{<tw7@N<CFOGmH^ECmd);xRaW-=k#YBO;~DqXNZ#iu+g%q3YK!^IMdG%*A}<
zsg$YTiMdKl+}%k^3NS~m@MnC8?plD|fasE$rnhe9rT135tqr#d_&&1|4SKe;n(iBT
zY^I405nJd~PCuD)*Q-H>3=eCQ?#;Jnlj5w`w5)&=FXa=T0!KqTNyd$-^d&pra=O1l
zk;Z^Ii*&3CPTV-YScHPCX{4Fe?dpM)wLxAogvCz$)k3m6w3AJWi7g=7=SsIYqs`9u
zEE~nE|28b$Gv$_-*-KPIYZJXB<tR+8WFgLn*rEQplVn4NKgA&(4r29V9M@VTbacua
z4_V1@@FDOBf#I`~70Y|p?Co9SjE9U_DQP*Q4HiEwhB^w5tqpui4-yZt&4V7uro6K5
z3DK`~YuVVtx5PVe_ZCN(=W#gx4&2k`d6DVI8oJSdE<}`p4lo2ajWZ`}BpfD+f7QW3
zp*IJh!6<YMmkjorfxeLmL`1KMt({KO8xrQWvE?u1vE{F94+*g<d@PhOS}hHFfDf_i
zwemo=k?AErU@eLhD+dY>yjkzhr&ZwD9B4@!qDde4ei0iY0lN3B0;~i~0K3vxaXi9^
zhBrjJAY(0)pd}@g9z7NTIRh2Lv%CzNVQZPtML>=!UC(xCvO?D+3c1j;i9oCZ!;5LE
zuT{H{;{P0Hj`JJDH1ntZ8Hq)2+{^iIf*9{L20~dR{UKtEN1OV<r<3ccvjVhw7yt;!
zv6@f{_-P@KV-tU=@-044Zd9Ra;J{?7Zt<$Yg#AuQ=tvQzX9J5cfP>IeN6UJeT-Oya
z5kb%9I5e4|4NRY-3>4ERTrNW<5OPM6E!!_@scc{AX;5l+L)UC!5jIzWThjda1S!1x
zKRdzvjH%bR{6Y)VE9dlU5(^7&?5$JS^29KmE<vohVzI`+5f&*6hwMuVAXW^Tt)n)l
zP<nt!IS$OG*e>V@HD+yKBBFtf@+cWRiGvK#fQ^#GU8n0O01gO^>*$(aa^8?;?G~U$
z2@GUvMCqPc>8ltXfxO}k;W-+uv8c5FCc37V4EDuAyqB82YQDnO(htBXRSe*KW>aX9
zv<JY+VQY^Msm)dU0H5LCJ4y1_kkZ3z>}Hu7uH(GZftW}qgNtwwTj!p#!ycP|`|?Iv
z71)9dJq?f^BuN3QbpKvHl>P+DQeYAGSAhj(<w|!c_o1LL$CUeZkqt@{9K=Kk%AkZt
z*qKnNG^d@oR&jc)sIg2>o_keSUKc)nW~lz77QbPzOQQ?ZtWaD)?8uRpe5+~v4(R0Z
z6=USuf@3U>hoo65J!wTuOe<5skIw{Yt~pQ&;3&^w*K5iR;ZASJifHF=sIL;Lz|36e
z+%%MWw$7{OC`-QpZ0g(Z$JvV+pvxUU-uP!ye5*WMz2B7|(M;%&vxe+2F(X+Y(@%UE
zFDnOL-N!H1XFF{Ih3y}JP8U&b#G=BR5bsB$IRvbV+P;6*97Ge7M`$#MRI&$^+9!cM
zTRimDn)})E>M0&TU!~wenjbW=<*U@%upw3rkAFI+zl5_pNlIk+;~DxFb%AuTd=wox
z>H+rP-#h}}1`^tec%S!{L$F!Wbq7tnRAm~rBPIx_8gU#%uWPvMhQRF~V;pM`?h-+%
zISvz5Jc7lEF6cDZ1On=DJG|hsBuKg6cM)=_@3XuLi<9~JG1|6J&(K*vQ)F!Pw9<Ur
z>$InX$zjRX5h0`euPVOE9?#f(|MopqU*`Ab$)b3ADY8aJ*BUvNyNi5N1IwI;f_eL-
zI$jw)7z>!_9+7)cY}cLLRn^ANS1|YfangFsu7ZqhRGgXhQ?9}9-7-3p*`<hZW@?Pb
zrG<Uee%FVqw^5iC^jkdH^*FX)KEy<%kk83HeK)Fh{8}L+j*V%=Pjdpv#U}3dRlP&~
zBfV(3*^4_zipXQtk$!f6svoc}3|ei3D_PgKe)TciB#?<M?mjU~+OcdRx*mFU?1+A#
z@@xEDi!eb4zb8nHVse51>7Yld?iAx-e7l_Q-Oy0y*%EJsN#9A|qkgGjTVw>M(=m;9
zQZ@l!N2of^!F^vp^F`nE-*!{Mn+hw2dLzvboSrI+N@xswFZh;EzKzJ!ye5tl47_zy
z_o8{v2Mk4y3GNL<%&HGdpUJ;9swwF)b;3hmjW0b9IixdMx#*TQ{Bdw#^<eRI`3H7A
zJ!mAz*xT}^ZCyjgw=S^M5AoEVv;~ucIM?7n;g#>wtIc7XH-P^2b?$n&<c0&Iu#NwE
z74%8vO_Pez^IaKD^NTZ6R#mzVp1Rkov;pF6!vuP#E-i1AvlWBNh9CmtzdTb=N|&eA
zRpc{)bn43J`1D6I)Mi04xPMKM-y#bfQ%YF}SB~OG0!7h>bP}3$mxksQQ*@tM_|IOq
zrs~z(cX!lxpE!Tbzin2lbGCOCB7gedk%4+Njl^<(8vV!B``t0;X}jR(pZuYBq;J(|
zMs&Am{Km}iw)t?(ZrT6E{p<UZ&IcpghWg%t|2OCXr$hk!xv;!#zH>+CO<g=4vr`M$
z+Q5UubNwr$A-!GThrhmrv`$A3vpS}5WvV=rA<h<^S<9jRv5*oyw<|@MRsZ$_v7;6f
zAz@nfw5XKQRJltLA}!0Y7{x+<((GVDSaxxJwZ_8ik>ffOAs1P*(JuS@^AN8~ylI~e
z7W<boaWnU@Ayh0ahVv)~sm=5;t5~s}BKd7x<XWR?Iqj8kOX1?d!x5hYD7A<Dbq>Z-
zkR?>T&S0HKXq_wE7m)()i@!TLN22gompQxJL!GZQi5Oc~Dwk9Bw~nnG3YMc$fJIND
zlBTa4_O>|8*Q#n!*N*pSN7(rXIfMD5VNqWsQVRaV4)?ovm~Z|M#y?qF5AKsS-sYPq
zv|H_ei^G@PoeG#4#`Mo%Slc(qX11zaz4iIVkw<-n-++J07LypUF25Yx_7pOQ-dCK`
zthi9T;~&b)qn6&NXuNA-0Qx61IeE-t;+4cYXP<@H7Bb@5#f^(uXxQ)wLYu=43SlJO
za<izI-5*Bi(meBiyoyo%aO@v%xdtoF{-3$Rd_{kn=LdNrTZ_Kxp3wHdcYSx4TwyV|
z56kR7`yN>32Nacg4?WAO-5%ks<a{RnnfFWGc-!|wk+*YeDPnG}2D@ZEn<6{U?ufTF
z09$5#+!dUGP_#ruhi{A6IX!gIK;<QThqIY6I!K;lc9!4wcBth&K~wZ=G2D=e{elVQ
zr^hB^er)=8&OT|#ntXTsPeNCZdPP3C;A*uhprOVtU3{@Lsx3*@zp1==+vdit&!31r
z6FW{TsoPPg8*N=U7|+}z;gnD-kJHX*32ab#E6*}?dGi)uDkOL(pU=bMI{gjDqQA*p
zT@D|pnEa)tt*K-GUFq1ARBG;rV$r*+6|Kc^O{d29uv2N}quL5A3w7pxr9Tp%CnVpg
zyJoyf7mK;^MmzjPu2^tfxKm?#30oLuJI~B5@=g|xX2-r@FiUXNoP38``(>{Ap<F&Q
zIrwsU*?(lt{ZT^XzY_uiwHq59_lkM{q<ujf#OjKR9-;OAgC_Cv#*GHT4M$}oWHUcM
zkh9fVv@);CKpcr-PWu}%1D(>a^)I+~CuZ^<S6{q5i{ewgWos@55F9HsCTzB7+gTK{
zEx)H*&P$^5IRn9X)kOAuVw*##p7q5+&(cS7Is*wqwQ0fcbp8X?jm7B9+sgmZ6QCQ(
zyJAcc$MRP?*D){Ms}Haur=LpLyqPet$=GPi1>?xt`0GDMBG1e`^L}Wg*V3}vX}D5i
zrTs-|+@<B=*DB4;Rh?%FlP{`TrJk$5wx#;pIZfSV3opTZYLF9OO})(v6UuR%QcMk7
zPWV6688X7}%Pnb3WjBB0zQ0Pw-4UkAWRH3K1|ERB)$cp&R)32f$Mpz2xxmzAyr}T2
z?XVO_xz&3bu8jUAc%HLzQMgpy$JP!j2<h$colSD6y%G|5QYN3Ta&1Zxvq(OJtMu53
zEnG-QjU<N^VR`eva&qm?&hV}!Qp~FO!`SXYvzYBJSDE@AArtd9vv|sClm+ilcLn-q
zm)R0`eiO3Wemu86vT%GcZ}$4Tg~2)#JaY;6Vf0-0#21gDsYH)#+P(f3{YB-S^P%HJ
zJ?TjbRX3!U$oj;Jr8!Bs$2na1kg2;T>JV-zI@d%6U-tT4ZTM~e%i(mCGkfwEDc8dj
z=`_k@3ohLgboN4q<_qjgSKf-|X2e6H>@nok+LaZVt(cXf2VdFnp+^A?qmF@Fu7$mt
z*Z%cYct?Nso=6z)@cm`g<xw|_5Si}b(l>ch*|1aIXQ?C4^H%N&pJ)HI&&=4PMQk~F
zsKD*yu-J^+&Q@AKDxUJL7f;FY;JMPzCd$Q1aj&v(A)Sa);U;6LmceZ!Ka<mRQ>@P1
u)**|0bdjd~)8Fs;L_Y5$<n|u1khvWvjCTw3r~j3<=mMidUfeeagZ>9}hZ5ZY

literal 0
HcmV?d00001

diff --git a/test/suite_dissection.py b/test/suite_dissection.py
index 45616d6727..8810b4a0eb 100644
--- a/test/suite_dissection.py
+++ b/test/suite_dissection.py
@@ -165,6 +165,36 @@ class case_dissect_grpc(subprocesstest.SubprocessTestCase):
         self.assertTrue(self.grepOutput('tutorial.PersonSearchService/Search')) # grpc request
         self.assertTrue(self.grepOutput('tutorial.Person')) # grpc response
 
+    def test_grpc_streaming_mode_reassembly(self, cmd_tshark, features, dirs, capture_file):
+        '''gRPC/HTTP2 streaming mode reassembly'''
+        if not features.have_nghttp2:
+            self.skipTest('Requires nghttp2.')
+        self.assertRun((cmd_tshark,
+                '-r', capture_file('grpc_stream_reassembly_sample.pcapng.gz'),
+                '-d', 'tcp.port==50051,http2',
+                '-d', 'tcp.port==44363,http2',
+                '-2', # make http2.body.reassembled.in available
+                '-Y', # Case1: In frame28, one http DATA contains 4 completed grpc messages (json data seq=1,2,3,4).
+                      '(frame.number == 28 && grpc && json.value.number == "1" && json.value.number == "2"'
+                      ' && json.value.number == "3" && json.value.number == "4" && http2.body.reassembled.in == 45) ||'
+                      # Case2: In frame28, last grpc message (the 5th) only has 4 bytes, which need one more byte
+                      # to be a message head. a completed message is reassembled in frame45. (json data seq=5)
+                      '(frame.number == 45 && grpc && http2.body.fragment == 28 && json.value.number == "5"'
+                      ' && http2.body.reassembled.in == 61) ||'
+                      # Case3: In frame45, one http DATA frame contains two partial fragment, one is part of grpc
+                      # message of previous http DATA (frame28), another is first part of grpc message of next http
+                      # DATA (which will be reassembled in next http DATA frame61). (json data seq=6)
+                      '(frame.number == 61 && grpc && http2.body.fragment == 45 && json.value.number == "6") ||'
+                      # Case4: A big grpc message across frame100, frame113, frame126 and finally reassembled in frame139.
+                      '(frame.number == 100 && grpc && http2.body.reassembled.in == 139) ||'
+                      '(frame.number == 113 && !grpc && http2.body.reassembled.in == 139) ||'
+                      '(frame.number == 126 && !grpc && http2.body.reassembled.in == 139) ||'
+                      '(frame.number == 139 && grpc && json.value.number == "9") ||'
+                      # Case5: An large grpc message of 200004 bytes.
+                      '(frame.number == 164 && grpc && grpc.message_length == 200004)',
+            ))
+        self.assertEqual(self.countOutput('DATA'), 8)
+
 @fixtures.mark_usefixtures('test_env')
 @fixtures.uses_fixtures
 class case_dissect_http(subprocesstest.SubprocessTestCase):