Hi,
The attached file should fix the following two bugs in the AJP dissector.
1) The dissector doesn't know about CPING/CPONG
2) The dissector misinterprets multiple requests in one connection if a
prior request has a Body request part.
Yours,
Ian
--
Ian Abel <ianabel@xxxxxxxxxxxxx>
Systems Analyst
Tel: +44 (0) 845 666 7778
http://www.mxtelecom.com/
Index: packet-ajp13.c
===================================================================
--- packet-ajp13.c (revision 18763)
+++ packet-ajp13.c (working copy)
@@ -168,6 +168,8 @@
{ 5, "END RESPONSE" },
{ 6, "GET BODY CHUNK" },
{ 7, "SHUTDOWN" },
+ { 9, "CPONG" },
+ {10, "CPING" },
{ 0, NULL }
};
@@ -393,6 +395,8 @@
proto_tree_add_item(ajp13_tree, hf_ajp13_rlen, tvb, pos, 2, 0);
pos+=2;
+ } else if ( mcode == 9 ) {
+
} else {
/* MESSAGE DATA (COPOUT)
*/
@@ -409,10 +413,18 @@
* packets.
*/
static void
-display_req_body(tvbuff_t *tvb, proto_tree *ajp13_tree)
+display_req_body(tvbuff_t *tvb, proto_tree *ajp13_tree, ajp13_conv_data* cd)
{
/*printf("ajp13:display_req_body()\n");*/
+ /*
+ * In a resued connection this is never reset.
+ */
+ guint16 content_length;
+
+ content_length = tvb_get_ntohs( tvb, 4 );
+ cd->content_length -= content_length;
+
if (ajp13_tree) {
guint8 body_bytes[128*1024]; /* DANGER WILL ROBINSON */
@@ -487,6 +499,11 @@
proto_tree_add_string(ajp13_tree, hf_ajp13_code, tvb, pos, 1, mcode_buf);
}
pos+=1;
+ if ( cod == 10 ) {
+ if(check_col(pinfo->cinfo, COL_INFO))
+ col_append_str(pinfo->cinfo, COL_INFO, "CPING" );
+ return;
+ }
/* HTTP METHOD (ENCODED AS INTEGER)
*/
@@ -712,7 +729,7 @@
if (mag == 0x1234) {
if (fd->is_request_body)
- display_req_body(tvb, ajp13_tree);
+ display_req_body(tvb, ajp13_tree, cd);
else
display_req_forward(tvb, pinfo, ajp13_tree, cd);