Wireshark-dev: [Wireshark-dev] AJP13 Fixes
From: Ian Abel <ianabel@xxxxxxxxxxxxx>
Date: Wed, 19 Jul 2006 15:33:20 +0100
Hi,

The attached file should fix the following two bugs in the AJP dissector.

1) The dissector doesn't know about CPING/CPONG
2) The dissector misinterprets multiple requests in one connection if a prior request has a Body request part.

Yours,

Ian

--
Ian Abel <ianabel@xxxxxxxxxxxxx>
Systems Analyst
Tel: +44 (0) 845 666 7778 http://www.mxtelecom.com/

Index: packet-ajp13.c
===================================================================
--- packet-ajp13.c	(revision 18763)
+++ packet-ajp13.c	(working copy)
@@ -168,6 +168,8 @@
   { 5, "END RESPONSE" },
   { 6, "GET BODY CHUNK" },
   { 7, "SHUTDOWN" },
+  { 9, "CPONG" },
+  {10, "CPING" },
   { 0, NULL }
 };
 
@@ -393,6 +395,8 @@
       proto_tree_add_item(ajp13_tree, hf_ajp13_rlen, tvb, pos, 2, 0);
     pos+=2;
 
+  } else if ( mcode == 9 ) {
+
   } else {
     /* MESSAGE DATA (COPOUT)
      */
@@ -409,10 +413,18 @@
  * packets.
  */
 static void
-display_req_body(tvbuff_t *tvb, proto_tree *ajp13_tree)
+display_req_body(tvbuff_t *tvb, proto_tree *ajp13_tree, ajp13_conv_data* cd)
 {
   /*printf("ajp13:display_req_body()\n");*/
 
+  /*
+   * In a resued connection this is never reset.
+   */
+  guint16 content_length;
+
+  content_length = tvb_get_ntohs( tvb, 4 );
+  cd->content_length -= content_length;
+
   if (ajp13_tree) {
 
     guint8 body_bytes[128*1024]; /* DANGER WILL ROBINSON */
@@ -487,6 +499,11 @@
     proto_tree_add_string(ajp13_tree, hf_ajp13_code, tvb, pos, 1, mcode_buf);
   }
   pos+=1;
+  if ( cod == 10 ) {
+    if(check_col(pinfo->cinfo, COL_INFO))
+      col_append_str(pinfo->cinfo, COL_INFO, "CPING" );
+    return;
+  }
 
   /* HTTP METHOD (ENCODED AS INTEGER)
    */
@@ -712,7 +729,7 @@
   if (mag == 0x1234) {
 
     if (fd->is_request_body)
-      display_req_body(tvb, ajp13_tree);
+      display_req_body(tvb, ajp13_tree, cd);
     else
       display_req_forward(tvb, pinfo, ajp13_tree, cd);