HTTP/1.1 chunked Transfer-Encoding doesn't have a overall length,
but requires scanning through variable length chunks to find the
end. If we determine that additional segments are needed, and
we have a sequence number (or other identifier) for the message,
store the position of the last chunk size found.
Use this to start scanning at that same offset when the next
segment arrives, reducing the algorithm for determining if
when we have the complete chunked message from O(N^2) to O(N),
which can be significant on captures with many chunks.
This does most of #14382, reducing the length of time to process
a file with 2 pass tshark from over 8.5 secs to under 3 seconds
on my machine. There is still some O(N^2) contribution from the
reassembly code itself with many small fragments (see #17311).
Other dissectors need some small changes to enable this for
HTTP over other transport layers. (TLS would be fairly easy and
is the other important case.)
Automated find/replace of wmem_packet_scope() with pinfo->pool in all
files where it didn't cause a build failure.
I also tweaked a few of the docs which got caught up.
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Any request or response with the Content-Type header and no
Content-Length header would cause the HTTP dissector to combine all
segments until the end of the connection. This is bogus, it should only
do this for HTTP responses under stricter conditions.
To fix this issue: 1) explicitly disable body desegmentation for
messages that never have a message body, 2) restrict "desegmentat until
the end" to HTTP responses.
The "Connection: Keep-Alive" case was a fix for bug 1142, but that is
now properly addressed by checking for the 304 status code.
Bug: 13116
Change-Id: I02371ac88ec2de6ee966fdc6df0dd246ad49c46d
Reviewed-on: https://code.wireshark.org/review/33035
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The SSTP capture from bug 8239 failed to be recognized as SSTP. Its
large Content-Length was parsed as -1 which triggered reassembly due to
tvb_bytes_exist returning FALSE for negative lengths.
Test:
# Expect 'SSTP_DUPLEX_POST /' in the output of:
tshark -r sstp.pcapng -ossl.keys_list:localhost,443,http,sstp.pem, -Y frame.number==174 -Px
Change-Id: I40afaff8554f34f24e09bab184121ced59045954
Fixes: v2.9.0rc0-531-gd80acae40d ("tvbuff: make tvb_bytes_exist fail with negative values")
Reviewed-on: https://code.wireshark.org/review/29109
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Almost all replacements were done awhile ago, just put the final nail in the coffin.
Change-Id: I0a708d886da5a500c2a1e2c9ee2736794bdb9411
Reviewed-on: https://code.wireshark.org/review/12206
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Shift 1U instead, to make sure it's unsigned; the result of, for
example, the result of shifting a signed value left is undefined if the
value times 2^{shift count} doesn't fit in the *signed* type of the
shifted value. That means, in particular, that the result of shifting 1
left by {number of bits in an int - 1} is undefined. (In *practice*,
it'll probably be -2^32, with the bit you want set, but that's not
guaranteed, and GCC 5.1 seems not to like it.)
Change-Id: I0d27565c382a04ceda9eec65f45a430ceb74cf53
Reviewed-on: https://code.wireshark.org/review/8255
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Use length_remaining in tvb_find_line_end() rather than -1 it should
give a faster code path.
Change-Id: Ia6c289f1701add48429b25152db8a8e5cea9e053
Reviewed-on: https://code.wireshark.org/review/1632
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
sizeof.
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of
strtol() and strtoul().
Change some data types to avoid those implicit conversion warnings.
When assigning a constant to a float, make sure the constant isn't a
double, by appending "f" to the constant.
Constify a bunch of variables, parameters, and return values to
eliminate warnings due to strings being given const qualifiers. Cast
away those warnings in some cases where an API we don't control forces
us to do so.
Enable a bunch of additional warnings by default. Note why at least
some of the other warnings aren't enabled.
randpkt.c and text2pcap.c are used to build programs, so they don't need
to be in EXTRA_DIST.
If the user specifies --enable-warnings-as-errors, add -Werror *even if
the user specified --enable-extra-gcc-flags; assume they know what
they're doing and are willing to have the compile fail due to the extra
GCC warnings being treated as errors.
svn path=/trunk/; revision=46748
(Prior to rev 30233 there was a check to make sure it was not negative. This
effectively puts that same check back in.)
Fixes the fuzz failure seen in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4083
svn path=/trunk/; revision=30260
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
Adds const declarations to req_resp_hdrs_do_reassembly() and re-orders some actions to occur after tests which may decide that the actions were not required.
svn path=/trunk/; revision=23504
Enclosed is a patch with fixes problems with the desegmentation of chunked HTTP
message bodies.
...
Changing the value of pinfo->desegment_len to DESEGMENT_ONE_MORE_SEGMENT rather
than the current 1 or 2 seems to make everything work. (I'm kind of confused as
to why the headers resassembly code already used DESEGMENT_ONE_MORE_SEGMENT and
the body reassembly code did not).
svn path=/trunk/; revision=22570
if we dont have a content-length but we do have a keepalive in the header then we should not do reassemble-until-fin.
convert some tvb_get_String into tvb_get_ephemeral_string at the same time
svn path=/trunk/; revision=19874
there used to be a bug in tcp reassembly that even if the dissector only asked for x more bytes from the next segment the entire segment would still be added to reassembly.
this caused some issues when there was a new multisegment pdu that started at the end of the segment but this bug was fixed when tcp reassembly was refactored semi-recently.
there was also another "bug" in the http reassembly that it would only ask for one more byte at a time when doing reassembly.
this did work well however when we still had the bug in tcp reassembly but made wireshark become very very very slow once this tcp bug was fixed since it is very very very slow to reassemble a huge http pdu just one byte at a time.
this patch adds partial support (what we need for http which does not use tcp_dissect_pdus() ) for the desegmentation flag : DESEGMENT_ONE_MORE_SEGMENT and also to the http dissector so that reassembly of http headers spanning multiple semgents now become fast again
svn path=/trunk/; revision=19859
add required code to the http (and others) code in req_resp_hdrs.c to signal to tcp
when it wants a session to be reassembled to the FIN.
This is currently done for all HTTP packets where we have a Content-type in the header but no content-length.
svn path=/trunk/; revision=19185
John Thacker