From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Thu, 21 Jan 2021 15:25:45 +0000 (+0100)
Subject: MINOR: contrib: Enhance peers dissector heuristic.
X-Git-Tag: v2.4-dev11~49
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8d4f1dd70473b061bcbed0026e6f41c6b8ca9be1;p=thirdparty%2Fhaproxy.git

MINOR: contrib: Enhance peers dissector heuristic.

When receiving a stick-table message header as two first bytes of a TCP segement
we consider this as being part of a peer protocol session.
---

diff --git a/contrib/wireshark-dissectors/peers/packet-happp.c b/contrib/wireshark-dissectors/peers/packet-happp.c
index 32c0ec2f90..43babd2142 100644
--- a/contrib/wireshark-dissectors/peers/packet-happp.c
+++ b/contrib/wireshark-dissectors/peers/packet-happp.c
@@ -1624,6 +1624,14 @@ dissect_happp_heur_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void
 
 	proto_strlen = strlen(HAPPP_PROTOCOL);
 
+	if (tvb_captured_length(tvb) < 2)
+		return FALSE;
+
+	if (tvb_get_guint8(tvb, 0) == PEER_MSG_CLASS_STICKTABLE &&
+	    tvb_get_guint8(tvb, 1) >= PEER_MSG_STKT_UPDATE &&
+	    tvb_get_guint8(tvb, 1) <= PEER_MSG_STKT_ACK)
+		goto found;
+
 	if (tvb_captured_length(tvb) < proto_strlen + 1)
 		return FALSE;
 
@@ -1634,6 +1642,7 @@ dissect_happp_heur_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void
 	    tvb_get_guint8(tvb, proto_strlen) != ' ')
 		return FALSE;
 
+ found:
 	conversation = find_or_create_conversation(pinfo);
 	if (!conversation)
 		return FALSE;