Bug 9042

Summary: Proposed new dissector for HTTP/2.0
Product: Wireshark Reporter: Stephen Ludin <sludin>
Component: Dissection engine (libwireshark)Assignee: Alexis La Goutte <alexis.lagoutte>
Status: RESOLVED FIXED    
Severity: Normal CC: alexis.lagoutte, casalui, darkjames-ws, eapache, shahbhatti
Priority: Low    
Version: 1.11.x (Experimental)   
Target Milestone: ---   
Hardware: x86-64   
OS: OS X 10.8   
Attachments: Patch for the dissector and makefile updates
Capture file with HTTP-draft-04/2.0 traffic
Private key
Revised patch
Sample of HTTP2 Upgrade

Description Stephen Ludin 2013-08-14 16:22:18 UTC
Build Information:

--
A proposed start for a dissector for HTTP/2.0 ( built on the HTTP-draft-04/2.0 draft ).  Basic frame parsing and reassembly is present.  There is plenty of room for extracting addition details from the frames in the future and the protocol evolves to RFC.
Comment 1 Stephen Ludin 2013-08-14 16:23:16 UTC
Created attachment 11382 [details]
Patch for the dissector and makefile updates
Comment 2 Alexis La Goutte 2013-08-15 00:39:44 UTC
Hi

Thanks !

I work also in HTTP2 dissector... I will take a look

Do you have some capture ?
Comment 3 Stephen Ludin 2013-08-15 07:10:32 UTC
Created attachment 11384 [details]
Capture file with HTTP-draft-04/2.0 traffic

TLS using RC4-MD5.  The private key is (or soon will be) also attached to this bug.
Comment 4 Stephen Ludin 2013-08-15 07:11:41 UTC
Created attachment 11385 [details]
Private key

Use for the generation of the gallery2.pcap capture.
Comment 5 Stephen Ludin 2013-08-15 07:12:28 UTC
I thought I already uploaded one - obviously not.  Corrected that now, along with the necessary private key.
Comment 6 Jakub Zawadzki 2013-08-15 09:01:15 UTC
Hi,

+  magic = tvb_get_ephemeral_string(tvb, offset, MAGIC_FRAME_LENGTH);
+  if ( magic && memcmp( magic, kMagicHello, MAGIC_FRAME_LENGTH ) == 0 )

why yotvb_memeql() ?
Comment 7 Jakub Zawadzki 2013-08-15 09:01:52 UTC
(In reply to comment #6)
> Hi,
> 
> +  magic = tvb_get_ephemeral_string(tvb, offset, MAGIC_FRAME_LENGTH);
> +  if ( magic && memcmp( magic, kMagicHello, MAGIC_FRAME_LENGTH ) == 0 )
> 
> why yotvb_memeql() ?

Why you don't use tvb_memeql() ?
Comment 8 Stephen Ludin 2013-08-15 10:08:08 UTC
Ignorance of all of the available calls.  I will change to using tvb_memeql and submit a new patch.  Do you see anything else that could the dissector conform to standard and style?
Comment 9 Stephen Ludin 2013-08-15 10:22:02 UTC
Created attachment 11386 [details]
Revised patch

Substituted a 4-5 lines of code with tvb_memeql
Comment 10 Alexis La Goutte 2013-08-23 00:48:42 UTC
Comment on attachment 11386 [details]
Revised patch

See directly with Stephen,
Work in Progress...
Comment 11 Alexis La Goutte 2013-08-30 05:33:55 UTC
Committed a merged version inrevision 51591

And support of HTTP Upgrade inrevision 51592 and colorfilters inrevision 51593
Comment 12 Alexis La Goutte 2013-08-30 05:43:41 UTC
Created attachment 11476 [details]
Sample of HTTP2 Upgrade
Comment 13 shahbhatti 2014-04-09 02:00:48 UTC
Hi,
I am a newbie so please forgive me if it seems like I don't know what I am talking about... You help or guidance will be much appreciated!

1. I am using the following version of Wireshark on a PC w/ Windows 7:
Version 1.11.3-2266-g26f46d4 (wireshark-1.11.3-rc1-2266-g26f46d4-dirty from master)

2. I am trying to capture a HTTP 2.0 exchange (similar to the one you show in the attached file "Sample of HTTP2 Upgrade"). 


3. I get a capture similar to the attached file "Capture file with HTTP-draft-04/2.0 traffic".

What do I need to do to see the HTTP2 Upgrade in Wireshark? Am I using the correct version of Wireshark?


(In reply to comment #12)
> Created attachment 11476 [details]
> Sample of HTTP2 Upgrade
Comment 14 Alexis La Goutte 2014-04-09 09:24:14 UTC
(In reply to comment #13)
> Hi,
> I am a newbie so please forgive me if it seems like I don't know what I am
> talking about... You help or guidance will be much appreciated!
> 
> 1. I am using the following version of Wireshark on a PC w/ Windows 7:
> Version 1.11.3-2266-g26f46d4 (wireshark-1.11.3-rc1-2266-g26f46d4-dirty from
> master)
> 
> 2. I am trying to capture a HTTP 2.0 exchange (similar to the one you show
> in the attached file "Sample of HTTP2 Upgrade"). 
> 
> 
> 3. I get a capture similar to the attached file "Capture file with
> HTTP-draft-04/2.0 traffic".
> 
> What do I need to do to see the HTTP2 Upgrade in Wireshark? Am I using the
> correct version of Wireshark?

And ? what the problem ?
If you using HTTP2 Upgrade, Wireshark will be automatically upgrade to HTTP2 (no yet support HTTP draft 10, there is some change in HTTP2 Upgrade)

And if you use a HTTP2 in TLS, you need to select HTTP2 when decrypt traffic
Comment 15 Luis Espla 2015-01-22 11:01:18 UTC
Hello,
I'm using wireshark versión v1.12.2-0-g898fa22 from master-1.12, and I'm trying to read your http2 capture files examples, but I don't see http2 packets.
Do I need to do any special thing?
Best Regards
Comment 16 Alexis La Goutte 2015-01-22 11:46:36 UTC
(In reply to Luis Espla from comment #15)
> Hello,
> I'm using wireshark versión v1.12.2-0-g898fa22 from master-1.12, and I'm
> trying to read your http2 capture files examples, but I don't see http2
> packets.
> Do I need to do any special thing?
> Best Regards

Hi Luis,

It is same pcap based on old draft (and Wireshark 1.12 is only compatible with draft-12)

If you want look some HTTP2 traffic, you can look pcap from https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10054