/epan/dissectors/packet-http.c
C | 3187 lines | 2182 code | 382 blank | 623 comment | 385 complexity | a669e9c4fa2a4a2bb6fc252d5a4a4a3d MD5 | raw file
Possible License(s): GPL-2.0, BSD-3-Clause
Large files files are truncated, but you can click here to view the full file
- /* packet-http.c
- * Routines for HTTP packet disassembly
- * RFC 1945 (HTTP/1.0)
- * RFC 2616 (HTTP/1.1)
- *
- * Guy Harris <guy@alum.mit.edu>
- *
- * Copyright 2004, Jerry Talkington <jtalkington@users.sourceforge.net>
- * Copyright 2002, Tim Potter <tpot@samba.org>
- * Copyright 1999, Andrew Tridgell <tridge@samba.org>
- *
- * $Id$
- *
- * Wireshark - Network traffic analyzer
- * By Gerald Combs <gerald@wireshark.org>
- * Copyright 1998 Gerald Combs
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
- #include "config.h"
- #include <stdlib.h>
- #include <string.h>
- #include <ctype.h>
- #include <errno.h>
- #include <glib.h>
- #include <epan/conversation.h>
- #include <epan/packet.h>
- #include <epan/strutil.h>
- #include <epan/base64.h>
- #include <epan/emem.h>
- #include <epan/stats_tree.h>
- #include <epan/req_resp_hdrs.h>
- #include "packet-http.h"
- #include "packet-tcp.h"
- #include "packet-ssl.h"
- #include <epan/prefs.h>
- #include <epan/expert.h>
- #include <epan/uat.h>
- #include <epan/wmem/wmem.h>
- typedef enum _http_type {
- HTTP_REQUEST,
- HTTP_RESPONSE,
- HTTP_NOTIFICATION,
- HTTP_OTHERS
- } http_type_t;
- #include <epan/tap.h>
- static int http_tap = -1;
- static int http_eo_tap = -1;
- static int proto_http = -1;
- static int hf_http_notification = -1;
- static int hf_http_response = -1;
- static int hf_http_request = -1;
- static int hf_http_basic = -1;
- static int hf_http_request_method = -1;
- static int hf_http_request_uri = -1;
- static int hf_http_request_full_uri = -1;
- static int hf_http_version = -1;
- static int hf_http_response_code = -1;
- static int hf_http_response_phrase = -1;
- static int hf_http_authorization = -1;
- static int hf_http_proxy_authenticate = -1;
- static int hf_http_proxy_authorization = -1;
- static int hf_http_proxy_connect_host = -1;
- static int hf_http_proxy_connect_port = -1;
- static int hf_http_www_authenticate = -1;
- static int hf_http_content_type = -1;
- static int hf_http_content_length_header = -1;
- static int hf_http_content_length = -1;
- static int hf_http_content_encoding = -1;
- static int hf_http_transfer_encoding = -1;
- static int hf_http_upgrade = -1;
- static int hf_http_user_agent = -1;
- static int hf_http_host = -1;
- static int hf_http_connection = -1;
- static int hf_http_cookie = -1;
- static int hf_http_accept = -1;
- static int hf_http_referer = -1;
- static int hf_http_accept_language = -1;
- static int hf_http_accept_encoding = -1;
- static int hf_http_date = -1;
- static int hf_http_cache_control = -1;
- static int hf_http_server = -1;
- static int hf_http_location = -1;
- static int hf_http_sec_websocket_accept = -1;
- static int hf_http_sec_websocket_extensions = -1;
- static int hf_http_sec_websocket_key = -1;
- static int hf_http_sec_websocket_protocol = -1;
- static int hf_http_sec_websocket_version = -1;
- static int hf_http_set_cookie = -1;
- static int hf_http_last_modified = -1;
- static int hf_http_x_forwarded_for = -1;
- static int hf_http_request_in = -1;
- static int hf_http_response_in = -1;
- static int hf_http_next_request_in = -1;
- static int hf_http_next_response_in = -1;
- static int hf_http_prev_request_in = -1;
- static int hf_http_prev_response_in = -1;
- static int hf_http_time = -1;
- static gint ett_http = -1;
- static gint ett_http_ntlmssp = -1;
- static gint ett_http_kerberos = -1;
- static gint ett_http_request = -1;
- static gint ett_http_chunked_response = -1;
- static gint ett_http_chunk_data = -1;
- static gint ett_http_encoded_entity = -1;
- static gint ett_http_header_item = -1;
- static expert_field ei_http_chat = EI_INIT;
- static expert_field ei_http_subdissector_failed = EI_INIT;
- static dissector_handle_t http_handle;
- static dissector_handle_t data_handle;
- static dissector_handle_t media_handle;
- static dissector_handle_t websocket_handle;
- /* Stuff for generation/handling of fields for custom HTTP headers */
- typedef struct _header_field_t {
- gchar* header_name;
- gchar* header_desc;
- } header_field_t;
- static header_field_t* header_fields = NULL;
- static guint num_header_fields = 0;
- static GHashTable* header_fields_hash = NULL;
- static void
- header_fields_update_cb(void *r, const char **err)
- {
- header_field_t *rec = (header_field_t *)r;
- char c;
- if (rec->header_name == NULL) {
- *err = ep_strdup_printf("Header name can't be empty");
- return;
- }
- g_strstrip(rec->header_name);
- if (rec->header_name[0] == 0) {
- *err = ep_strdup_printf("Header name can't be empty");
- return;
- }
- /* Check for invalid characters (to avoid asserting out when
- * registering the field).
- */
- c = proto_check_field_name(rec->header_name);
- if (c) {
- *err = ep_strdup_printf("Header name can't contain '%c'", c);
- return;
- }
- *err = NULL;
- }
- static void *
- header_fields_copy_cb(void* n, const void* o, size_t siz _U_)
- {
- header_field_t* new_rec = (header_field_t*)n;
- const header_field_t* old_rec = (const header_field_t*)o;
- if (old_rec->header_name) {
- new_rec->header_name = g_strdup(old_rec->header_name);
- } else {
- new_rec->header_name = NULL;
- }
- if (old_rec->header_desc) {
- new_rec->header_desc = g_strdup(old_rec->header_desc);
- } else {
- new_rec->header_desc = NULL;
- }
- return new_rec;
- }
- static void
- header_fields_free_cb(void*r)
- {
- header_field_t* rec = (header_field_t*)r;
- if (rec->header_name) g_free(rec->header_name);
- if (rec->header_desc) g_free(rec->header_desc);
- }
- UAT_CSTRING_CB_DEF(header_fields, header_name, header_field_t)
- UAT_CSTRING_CB_DEF(header_fields, header_desc, header_field_t)
- /*
- * desegmentation of HTTP headers
- * (when we are over TCP or another protocol providing the desegmentation API)
- */
- static gboolean http_desegment_headers = TRUE;
- /*
- * desegmentation of HTTP bodies
- * (when we are over TCP or another protocol providing the desegmentation API)
- * TODO let the user filter on content-type the bodies he wants desegmented
- */
- static gboolean http_desegment_body = TRUE;
- /*
- * De-chunking of content-encoding: chunk entity bodies.
- */
- static gboolean http_dechunk_body = TRUE;
- /*
- * Decompression of zlib encoded entities.
- */
- #ifdef HAVE_LIBZ
- static gboolean http_decompress_body = TRUE;
- #else
- static gboolean http_decompress_body = FALSE;
- #endif
- /* Simple Service Discovery Protocol
- * SSDP is implemented atop HTTP (yes, it really *does* run over UDP).
- * SSDP is the discovery protocol of Universal Plug and Play
- * UPnP http://www.upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf
- */
- #define TCP_PORT_SSDP 1900
- #define UDP_PORT_SSDP 1900
- /*
- * tcp and ssl ports
- *
- * 2710 is the XBT BitTorrent tracker
- */
- #define TCP_DEFAULT_RANGE "80,3128,3132,5985,8080,8088,11371,1900,2869,2710"
- #define SSL_DEFAULT_RANGE "443"
- #define UPGRADE_WEBSOCKET 1
- static range_t *global_http_tcp_range = NULL;
- static range_t *global_http_ssl_range = NULL;
- static range_t *http_tcp_range = NULL;
- static range_t *http_ssl_range = NULL;
- typedef void (*ReqRespDissector)(tvbuff_t*, proto_tree*, int, const guchar*,
- const guchar*, http_conv_t *);
- /*
- * Structure holding information from headers needed by main
- * HTTP dissector code.
- */
- typedef struct {
- char *content_type;
- char *content_type_parameters;
- gboolean have_content_length;
- gint64 content_length;
- char *content_encoding;
- char *transfer_encoding;
- guint8 upgrade;
- } headers_t;
- static int is_http_request_or_reply(const gchar *data, int linelen,
- http_type_t *type, ReqRespDissector
- *reqresp_dissector, http_conv_t *conv_data);
- static int chunked_encoding_dissector(tvbuff_t **tvb_ptr, packet_info *pinfo,
- proto_tree *tree, int offset);
- static void process_header(tvbuff_t *tvb, int offset, int next_offset,
- const guchar *line, int linelen, int colon_offset,
- packet_info *pinfo, proto_tree *tree,
- headers_t *eh_ptr, http_conv_t *conv_data);
- static gint find_header_hf_value(tvbuff_t *tvb, int offset, guint header_len);
- static gboolean check_auth_ntlmssp(proto_item *hdr_item, tvbuff_t *tvb,
- packet_info *pinfo, gchar *value);
- static gboolean check_auth_basic(proto_item *hdr_item, tvbuff_t *tvb,
- gchar *value);
- static gboolean check_auth_kerberos(proto_item *hdr_item, tvbuff_t *tvb,
- packet_info *pinfo, const gchar *value);
- static dissector_table_t port_subdissector_table;
- static dissector_table_t media_type_subdissector_table;
- static heur_dissector_list_t heur_subdissector_list;
- static dissector_handle_t ntlmssp_handle;
- static dissector_handle_t gssapi_handle;
- /* --- HTTP Status Codes */
- /* Note: The reference for uncommented entries is RFC 2616 */
- static const value_string vals_status_code[] = {
- { 100, "Continue" },
- { 101, "Switching Protocols" },
- { 102, "Processing" }, /* RFC 2518 */
- { 199, "Informational - Others" },
- { 200, "OK"},
- { 201, "Created"},
- { 202, "Accepted"},
- { 203, "Non-authoritative Information"},
- { 204, "No Content"},
- { 205, "Reset Content"},
- { 206, "Partial Content"},
- { 207, "Multi-Status"}, /* RFC 4918 */
- { 226, "IM Used"}, /* RFC 3229 */
- { 299, "Success - Others"},
- { 300, "Multiple Choices"},
- { 301, "Moved Permanently"},
- { 302, "Found"},
- { 303, "See Other"},
- { 304, "Not Modified"},
- { 305, "Use Proxy"},
- { 307, "Temporary Redirect"},
- { 399, "Redirection - Others"},
- { 400, "Bad Request"},
- { 401, "Unauthorized"},
- { 402, "Payment Required"},
- { 403, "Forbidden"},
- { 404, "Not Found"},
- { 405, "Method Not Allowed"},
- { 406, "Not Acceptable"},
- { 407, "Proxy Authentication Required"},
- { 408, "Request Time-out"},
- { 409, "Conflict"},
- { 410, "Gone"},
- { 411, "Length Required"},
- { 412, "Precondition Failed"},
- { 413, "Request Entity Too Large"},
- { 414, "Request-URI Too Long"},
- { 415, "Unsupported Media Type"},
- { 416, "Requested Range Not Satisfiable"},
- { 417, "Expectation Failed"},
- { 418, "I'm a teapot"}, /* RFC 2324 */
- { 422, "Unprocessable Entity"}, /* RFC 4918 */
- { 423, "Locked"}, /* RFC 4918 */
- { 424, "Failed Dependency"}, /* RFC 4918 */
- { 426, "Upgrade Required"}, /* RFC 2817 */
- { 428, "Precondition Required"}, /* RFC 6585 */
- { 429, "Too Many Requests"}, /* RFC 6585 */
- { 431, "Request Header Fields Too Large"}, /* RFC 6585 */
- { 499, "Client Error - Others"},
- { 500, "Internal Server Error"},
- { 501, "Not Implemented"},
- { 502, "Bad Gateway"},
- { 503, "Service Unavailable"},
- { 504, "Gateway Time-out"},
- { 505, "HTTP Version not supported"},
- { 507, "Insufficient Storage"}, /* RFC 4918 */
- { 511, "Network Authentication Required"}, /* RFC 6585 */
- { 599, "Server Error - Others"},
- { 0, NULL}
- };
- static const gchar* st_str_reqs = "HTTP Requests by Server";
- static const gchar* st_str_reqs_by_srv_addr = "HTTP Requests by Server Address";
- static const gchar* st_str_reqs_by_http_host = "HTTP Requests by HTTP Host";
- static const gchar* st_str_resps_by_srv_addr = "HTTP Responses by Server Address";
- static int st_node_reqs = -1;
- static int st_node_reqs_by_srv_addr = -1;
- static int st_node_reqs_by_http_host = -1;
- static int st_node_resps_by_srv_addr = -1;
- /* HTTP/Load Distribution stats init function */
- static void
- http_reqs_stats_tree_init(stats_tree* st)
- {
- st_node_reqs = stats_tree_create_node(st, st_str_reqs, 0, TRUE);
- st_node_reqs_by_srv_addr = stats_tree_create_node(st, st_str_reqs_by_srv_addr, st_node_reqs, TRUE);
- st_node_reqs_by_http_host = stats_tree_create_node(st, st_str_reqs_by_http_host, st_node_reqs, TRUE);
- st_node_resps_by_srv_addr = stats_tree_create_node(st, st_str_resps_by_srv_addr, 0, TRUE);
- }
- /* HTTP/Load Distribution stats packet function */
- static int
- http_reqs_stats_tree_packet(stats_tree* st, packet_info* pinfo, epan_dissect_t* edt _U_, const void* p)
- {
- const http_info_value_t* v = (const http_info_value_t*)p;
- int reqs_by_this_host;
- int reqs_by_this_addr;
- int resps_by_this_addr;
- int i = v->response_code;
- gchar *ip_str;
- if (v->request_method) {
- ip_str = ep_address_to_str(&pinfo->dst);
- tick_stat_node(st, st_str_reqs, 0, FALSE);
- tick_stat_node(st, st_str_reqs_by_srv_addr, st_node_reqs, TRUE);
- tick_stat_node(st, st_str_reqs_by_http_host, st_node_reqs, TRUE);
- reqs_by_this_addr = tick_stat_node(st, ip_str, st_node_reqs_by_srv_addr, TRUE);
- if (v->http_host) {
- reqs_by_this_host = tick_stat_node(st, v->http_host, st_node_reqs_by_http_host, TRUE);
- tick_stat_node(st, ip_str, reqs_by_this_host, FALSE);
- tick_stat_node(st, v->http_host, reqs_by_this_addr, FALSE);
- }
- return 1;
- } else if (i != 0) {
- ip_str = ep_address_to_str(&pinfo->src);
- tick_stat_node(st, st_str_resps_by_srv_addr, 0, FALSE);
- resps_by_this_addr = tick_stat_node(st, ip_str, st_node_resps_by_srv_addr, TRUE);
- if ( (i>100)&&(i<400) ) {
- tick_stat_node(st, "OK", resps_by_this_addr, FALSE);
- } else {
- tick_stat_node(st, "KO", resps_by_this_addr, FALSE);
- }
- return 1;
- }
- return 0;
- }
- static int st_node_requests_by_host = -1;
- static const gchar *st_str_requests_by_host = "HTTP Requests by HTTP Host";
- /* HTTP/Requests stats init function */
- static void
- http_req_stats_tree_init(stats_tree* st)
- {
- st_node_requests_by_host = stats_tree_create_node(st, st_str_requests_by_host, 0, TRUE);
- }
- /* HTTP/Requests stats packet function */
- static int
- http_req_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p)
- {
- const http_info_value_t* v = (const http_info_value_t*)p;
- int reqs_by_this_host;
- if (v->request_method) {
- tick_stat_node(st, st_str_requests_by_host, 0, FALSE);
- if (v->http_host) {
- reqs_by_this_host = tick_stat_node(st, v->http_host, st_node_requests_by_host, TRUE);
- if (v->request_uri) {
- tick_stat_node(st, v->request_uri, reqs_by_this_host, TRUE);
- }
- }
- return 1;
- }
- return 0;
- }
- static const gchar *st_str_packets = "Total HTTP Packets";
- static const gchar *st_str_requests = "HTTP Request Packets";
- static const gchar *st_str_responses = "HTTP Response Packets";
- static const gchar *st_str_resp_broken = "???: broken";
- static const gchar *st_str_resp_100 = "1xx: Informational";
- static const gchar *st_str_resp_200 = "2xx: Success";
- static const gchar *st_str_resp_300 = "3xx: Redirection";
- static const gchar *st_str_resp_400 = "4xx: Client Error";
- static const gchar *st_str_resp_500 = "5xx: Server Error";
- static const gchar *st_str_other = "Other HTTP Packets";
- static int st_node_packets = -1;
- static int st_node_requests = -1;
- static int st_node_responses = -1;
- static int st_node_resp_broken = -1;
- static int st_node_resp_100 = -1;
- static int st_node_resp_200 = -1;
- static int st_node_resp_300 = -1;
- static int st_node_resp_400 = -1;
- static int st_node_resp_500 = -1;
- static int st_node_other = -1;
- /* HTTP/Packet Counter stats init function */
- static void
- http_stats_tree_init(stats_tree* st)
- {
- st_node_packets = stats_tree_create_node(st, st_str_packets, 0, TRUE);
- st_node_requests = stats_tree_create_pivot(st, st_str_requests, st_node_packets);
- st_node_responses = stats_tree_create_node(st, st_str_responses, st_node_packets, TRUE);
- st_node_resp_broken = stats_tree_create_node(st, st_str_resp_broken, st_node_responses, TRUE);
- st_node_resp_100 = stats_tree_create_node(st, st_str_resp_100, st_node_responses, TRUE);
- st_node_resp_200 = stats_tree_create_node(st, st_str_resp_200, st_node_responses, TRUE);
- st_node_resp_300 = stats_tree_create_node(st, st_str_resp_300, st_node_responses, TRUE);
- st_node_resp_400 = stats_tree_create_node(st, st_str_resp_400, st_node_responses, TRUE);
- st_node_resp_500 = stats_tree_create_node(st, st_str_resp_500, st_node_responses, TRUE);
- st_node_other = stats_tree_create_node(st, st_str_other, st_node_packets,FALSE);
- }
- /* HTTP/Packet Counter stats packet function */
- static int
- http_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p)
- {
- const http_info_value_t* v = (const http_info_value_t*)p;
- guint i = v->response_code;
- int resp_grp;
- const gchar *resp_str;
- gchar str[64];
- tick_stat_node(st, st_str_packets, 0, FALSE);
- if (i) {
- tick_stat_node(st, st_str_responses, st_node_packets, FALSE);
- if ( (i<100)||(i>=600) ) {
- resp_grp = st_node_resp_broken;
- resp_str = st_str_resp_broken;
- } else if (i<200) {
- resp_grp = st_node_resp_100;
- resp_str = st_str_resp_100;
- } else if (i<300) {
- resp_grp = st_node_resp_200;
- resp_str = st_str_resp_200;
- } else if (i<400) {
- resp_grp = st_node_resp_300;
- resp_str = st_str_resp_300;
- } else if (i<500) {
- resp_grp = st_node_resp_400;
- resp_str = st_str_resp_400;
- } else {
- resp_grp = st_node_resp_500;
- resp_str = st_str_resp_500;
- }
- tick_stat_node(st, resp_str, st_node_responses, FALSE);
- g_snprintf(str, sizeof(str), "%u %s", i,
- val_to_str(i, vals_status_code, "Unknown (%d)"));
- tick_stat_node(st, str, resp_grp, FALSE);
- } else if (v->request_method) {
- stats_tree_tick_pivot(st,st_node_requests,v->request_method);
- } else {
- tick_stat_node(st, st_str_other, st_node_packets, FALSE);
- }
- return 1;
- }
- static void
- dissect_http_ntlmssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
- const char *line)
- {
- tvbuff_t *ntlmssp_tvb;
- ntlmssp_tvb = base64_to_tvb(tvb, line);
- add_new_data_source(pinfo, ntlmssp_tvb, "NTLMSSP / GSSAPI Data");
- if (tvb_strneql(ntlmssp_tvb, 0, "NTLMSSP", 7) == 0)
- call_dissector(ntlmssp_handle, ntlmssp_tvb, pinfo, tree);
- else
- call_dissector(gssapi_handle, ntlmssp_tvb, pinfo, tree);
- }
- static void
- dissect_http_kerberos(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
- const char *line)
- {
- tvbuff_t *kerberos_tvb;
- kerberos_tvb = base64_to_tvb(tvb, line + 9); /* skip 'Kerberos ' which is 9 chars */
- add_new_data_source(pinfo, kerberos_tvb, "Kerberos Data");
- call_dissector(gssapi_handle, kerberos_tvb, pinfo, tree);
- }
- static http_conv_t *
- get_http_conversation_data(packet_info *pinfo)
- {
- conversation_t *conversation;
- http_conv_t *conv_data;
- conversation = find_or_create_conversation(pinfo);
- /* Retrieve information from conversation
- * or add it if it isn't there yet
- */
- conv_data = (http_conv_t *)conversation_get_proto_data(conversation, proto_http);
- if(!conv_data) {
- /* Setup the conversation structure itself */
- conv_data = (http_conv_t *)wmem_alloc0(wmem_file_scope(), sizeof(http_conv_t));
- conversation_add_proto_data(conversation, proto_http,
- conv_data);
- }
- return conv_data;
- }
- /**
- * create a new http_req_res_t and add it to the conversation.
- * @return the new allocated object which is already added to the linked list
- */
- static http_req_res_t* push_req_res(http_conv_t *conv_data)
- {
- http_req_res_t *req_res = (http_req_res_t *)wmem_alloc0(wmem_file_scope(), sizeof(http_req_res_t));
- nstime_set_unset(&(req_res->req_ts));
- req_res->number = ++conv_data->req_res_num;
- if (! conv_data->req_res_tail) {
- conv_data->req_res_tail = req_res;
- } else {
- req_res->prev = conv_data->req_res_tail;
- conv_data->req_res_tail->next = req_res;
- conv_data->req_res_tail = req_res;
- }
- return req_res;
- }
- /**
- * push a request frame number and its time stamp to the conversation data.
- */
- static void push_req(http_conv_t *conv_data, packet_info *pinfo)
- {
- /* a request will always create a new http_req_res_t object */
- http_req_res_t *req_res = push_req_res(conv_data);
- req_res->req_framenum = pinfo->fd->num;
- req_res->req_ts = pinfo->fd->abs_ts;
- p_add_proto_data(pinfo->fd, proto_http, 0, req_res);
- }
- /**
- * push a response frame number to the conversation data.
- */
- static void push_res(http_conv_t *conv_data, packet_info *pinfo)
- {
- /* a response will create a new http_req_res_t object: if no
- object exists, or if one exists for another response. In
- both cases the corresponding request was not
- detected/included in the conversation. In all other cases
- the http_req_res_t object created by the request is
- used. */
- http_req_res_t *req_res = conv_data->req_res_tail;
- if (!req_res || req_res->res_framenum > 0) {
- req_res = push_req_res(conv_data);
- }
- req_res->res_framenum = pinfo->fd->num;
- p_add_proto_data(pinfo->fd, proto_http, 0, req_res);
- }
- /*
- * TODO: remove this ugly global variable.
- * XXX: do we really want to have to pass this from one function to another?
- */
- static http_info_value_t *stat_info;
- static int
- dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *tree, http_conv_t *conv_data)
- {
- const char *proto_tag;
- proto_tree *http_tree = NULL;
- proto_item *ti = NULL;
- proto_item *hidden_item;
- const guchar *line;
- gint next_offset;
- const guchar *linep, *lineend;
- int orig_offset;
- int first_linelen, linelen;
- gboolean is_request_or_reply;
- gboolean saw_req_resp_or_header;
- guchar c;
- http_type_t http_type;
- proto_item *hdr_item = NULL;
- ReqRespDissector reqresp_dissector;
- proto_tree *req_tree;
- int colon_offset;
- headers_t headers;
- int datalen;
- int reported_datalen = -1;
- dissector_handle_t handle;
- gboolean dissected = FALSE;
- /*guint i;*/
- /*http_info_value_t *si;*/
- http_eo_t *eo_info;
- /*
- * Is this a request or response?
- *
- * Note that "tvb_find_line_end()" will return a value that
- * is not longer than what's in the buffer, so the
- * "tvb_get_ptr()" call won't throw an exception.
- */
- first_linelen = tvb_find_line_end(tvb, offset,
- tvb_ensure_length_remaining(tvb, offset), &next_offset,
- TRUE);
-
- if (first_linelen == -1) {
- /* No complete line was found in this segment, do
- * desegmentation if we're told to.
- */
- if (!req_resp_hdrs_do_reassembly(tvb, offset, pinfo,
- http_desegment_headers, http_desegment_body)) {
- /*
- * More data needed for desegmentation.
- */
- return -1;
- }
- }
- /*
- * Is the first line a request or response?
- */
- line = tvb_get_ptr(tvb, offset, first_linelen);
- http_type = HTTP_OTHERS; /* type not known yet */
- is_request_or_reply = is_http_request_or_reply((const gchar *)line,
- first_linelen, &http_type, NULL, conv_data);
- if (is_request_or_reply) {
- /*
- * Yes, it's a request or response.
- * Do header desegmentation if we've been told to,
- * and do body desegmentation if we've been told to and
- * we find a Content-Length header.
- */
- if (!req_resp_hdrs_do_reassembly(tvb, offset, pinfo,
- http_desegment_headers, http_desegment_body)) {
- /*
- * More data needed for desegmentation.
- */
- return -1;
- }
- }
- stat_info = ep_new(http_info_value_t);
- stat_info->framenum = pinfo->fd->num;
- stat_info->response_code = 0;
- stat_info->request_method = NULL;
- stat_info->request_uri = NULL;
- stat_info->http_host = NULL;
- switch (pinfo->match_uint) {
- case TCP_PORT_SSDP: /* TCP_PORT_SSDP = UDP_PORT_SSDP */
- proto_tag = "SSDP";
- break;
- default:
- proto_tag = "HTTP";
- break;
- }
- col_set_str(pinfo->cinfo, COL_PROTOCOL, proto_tag);
- /*
- * Put the first line from the buffer into the summary
- * if it's an HTTP request or reply (but leave out the
- * line terminator).
- * Otherwise, just call it a continuation.
- *
- * Note that "tvb_find_line_end()" will return a value that
- * is not longer than what's in the buffer, so the
- * "tvb_get_ptr()" call won't throw an exception.
- */
- if (is_request_or_reply) {
- line = tvb_get_ptr(tvb, offset, first_linelen);
- col_add_fstr(pinfo->cinfo, COL_INFO, "%s ", format_text(line, first_linelen));
- }
- else
- col_set_str(pinfo->cinfo, COL_INFO, "Continuation or non-HTTP traffic");
- orig_offset = offset;
- if (tree) {
- ti = proto_tree_add_item(tree, proto_http, tvb, offset, -1,
- ENC_NA);
- http_tree = proto_item_add_subtree(ti, ett_http);
- }
- /*
- * Process the packet data, a line at a time.
- */
- http_type = HTTP_OTHERS; /* type not known yet */
- headers.content_type = NULL; /* content type not known yet */
- headers.content_type_parameters = NULL; /* content type parameters too */
- headers.have_content_length = FALSE; /* content length not known yet */
- headers.content_length = 0; /* content length set to 0 (avoid a gcc warning) */
- headers.content_encoding = NULL; /* content encoding not known yet */
- headers.transfer_encoding = NULL; /* transfer encoding not known yet */
- headers.upgrade = 0; /* assume we're not upgrading */
- saw_req_resp_or_header = FALSE; /* haven't seen anything yet */
- while (tvb_reported_length_remaining(tvb, offset) != 0) {
- /*
- * Find the end of the line.
- * XXX - what if we don't find it because the packet
- * is cut short by a snapshot length or the header is
- * split across TCP segments? How much dissection should
- * we do on it?
- */
- linelen = tvb_find_line_end(tvb, offset,
- tvb_ensure_length_remaining(tvb, offset), &next_offset,
- FALSE);
- if (linelen < 0)
- return -1;
- /*
- * Get a buffer that refers to the line.
- */
- line = tvb_get_ptr(tvb, offset, linelen);
- lineend = line + linelen;
- colon_offset = -1;
- /*
- * OK, does it look like an HTTP request or response?
- */
- reqresp_dissector = NULL;
- is_request_or_reply =
- is_http_request_or_reply((const gchar *)line,
- linelen, &http_type, &reqresp_dissector, conv_data);
- if (is_request_or_reply)
- goto is_http;
- /*
- * No. Does it look like a blank line (as would appear
- * at the end of an HTTP request)?
- */
- if (linelen == 0)
- goto is_http; /* Yes. */
- /*
- * No. Does it look like a header?
- */
- linep = line;
- colon_offset = offset;
- while (linep < lineend) {
- c = *linep++;
- /*
- * This must be a CHAR to be part of a token; that
- * means it must be ASCII.
- */
- if (!isascii(c))
- break; /* not ASCII, thus not a CHAR */
- /*
- * This mustn't be a CTL to be part of a token.
- *
- * XXX - what about leading LWS on continuation
- * lines of a header?
- */
- if (iscntrl(c))
- break; /* CTL, not part of a header */
- /*
- * This mustn't be a SEP to be part of a token;
- * a ':' ends the token, everything else is an
- * indication that this isn't a header.
- */
- switch (c) {
- case '(':
- case ')':
- case '<':
- case '>':
- case '@':
- case ',':
- case ';':
- case '\\':
- case '"':
- case '/':
- case '[':
- case ']':
- case '?':
- case '=':
- case '{':
- case '}':
- case ' ':
- /*
- * It's a separator, so it's not part of a
- * token, so it's not a field name for the
- * beginning of a header.
- *
- * (We don't have to check for HT; that's
- * already been ruled out by "iscntrl()".)
- */
- goto not_http;
- case ':':
- /*
- * This ends the token; we consider this
- * to be a header.
- */
- goto is_http;
- default:
- colon_offset++;
- break;
- }
- }
- /*
- * We haven't seen the colon, but everything else looks
- * OK for a header line.
- *
- * If we've already seen an HTTP request or response
- * line, or a header line, and we're at the end of
- * the tvbuff, we assume this is an incomplete header
- * line. (We quit this loop after seeing a blank line,
- * so if we've seen a request or response line, or a
- * header line, this is probably more of the request
- * or response we're presumably seeing. There is some
- * risk of false positives, but the same applies for
- * full request or response lines or header lines,
- * although that's less likely.)
- *
- * We throw an exception in that case, by checking for
- * the existence of the next byte after the last one
- * in the line. If it exists, "tvb_ensure_bytes_exist()"
- * throws no exception, and we fall through to the
- * "not HTTP" case. If it doesn't exist,
- * "tvb_ensure_bytes_exist()" will throw the appropriate
- * exception.
- */
- if (saw_req_resp_or_header)
- tvb_ensure_bytes_exist(tvb, offset, linelen + 1);
- not_http:
- /*
- * We don't consider this part of an HTTP request or
- * reply, so we don't display it.
- * (Yeah, that means we don't display, say, a text/http
- * page, but you can get that from the data pane.)
- */
- break;
- is_http:
- /*
- * Process this line.
- */
- if (linelen == 0) {
- /*
- * This is a blank line, which means that
- * whatever follows it isn't part of this
- * request or reply.
- */
- proto_tree_add_text(http_tree, tvb, offset,
- next_offset - offset, "%s",
- tvb_format_text(tvb, offset, next_offset - offset));
- offset = next_offset;
- break;
- }
- /*
- * Not a blank line - either a request, a reply, or a header
- * line.
- */
- saw_req_resp_or_header = TRUE;
- if (is_request_or_reply) {
- char *text = tvb_format_text(tvb, offset, next_offset - offset);
- if (tree) {
- hdr_item = proto_tree_add_text(http_tree, tvb,
- offset, next_offset - offset, "%s", text);
- }
- expert_add_info_format_text(pinfo, hdr_item, &ei_http_chat, "%s", text);
- if (reqresp_dissector) {
- if (tree) req_tree = proto_item_add_subtree(hdr_item, ett_http_request);
- else req_tree = NULL;
- reqresp_dissector(tvb, req_tree, offset, line,
- lineend, conv_data);
- }
- } else {
- /*
- * Header.
- */
- process_header(tvb, offset, next_offset, line, linelen,
- colon_offset, pinfo, http_tree, &headers, conv_data);
- }
- offset = next_offset;
- }
- if (tree && stat_info->http_host && stat_info->request_uri) {
- proto_item *e_ti;
- gchar *uri = ep_strdup_printf("%s://%s%s",
- "http", /* XXX, https? */
- g_strstrip(ep_strdup(stat_info->http_host)), stat_info->request_uri);
- e_ti = proto_tree_add_string(http_tree,
- hf_http_request_full_uri, tvb, 0,
- 0, uri);
- PROTO_ITEM_SET_URL(e_ti);
- PROTO_ITEM_SET_GENERATED(e_ti);
- }
- if (!PINFO_FD_VISITED(pinfo)) {
- if (http_type == HTTP_REQUEST) {
- push_req(conv_data, pinfo);
- } else if (http_type == HTTP_RESPONSE) {
- push_res(conv_data, pinfo);
- }
- }
- if (tree) {
- proto_item *pi;
- http_req_res_t *curr = (http_req_res_t *)p_get_proto_data(pinfo->fd, proto_http, 0);
- http_req_res_t *prev = curr ? curr->prev : NULL;
- http_req_res_t *next = curr ? curr->next : NULL;
- switch (http_type) {
- case HTTP_NOTIFICATION:
- hidden_item = proto_tree_add_boolean(http_tree,
- hf_http_notification, tvb, 0, 0, 1);
- PROTO_ITEM_SET_HIDDEN(hidden_item);
- break;
- case HTTP_RESPONSE:
- hidden_item = proto_tree_add_boolean(http_tree,
- hf_http_response, tvb, 0, 0, 1);
- PROTO_ITEM_SET_HIDDEN(hidden_item);
- if (curr) {
- nstime_t delta;
- pi = proto_tree_add_text(http_tree, tvb, 0, 0, "HTTP response %u/%u", curr->number, conv_data->req_res_num);
- PROTO_ITEM_SET_GENERATED(pi);
- if (! nstime_is_unset(&(curr->req_ts))) {
- nstime_delta(&delta, &pinfo->fd->abs_ts, &(curr->req_ts));
- pi = proto_tree_add_time(http_tree, hf_http_time, tvb, 0, 0, &delta);
- PROTO_ITEM_SET_GENERATED(pi);
- }
- }
- if (prev && prev->req_framenum) {
- pi = proto_tree_add_uint(http_tree, hf_http_prev_request_in, tvb, 0, 0, prev->req_framenum);
- PROTO_ITEM_SET_GENERATED(pi);
- }
- if (prev && prev->res_framenum) {
- pi = proto_tree_add_uint(http_tree, hf_http_prev_response_in, tvb, 0, 0, prev->res_framenum);
- PROTO_ITEM_SET_GENERATED(pi);
- }
- if (curr && curr->req_framenum) {
- pi = proto_tree_add_uint(http_tree, hf_http_request_in, tvb, 0, 0, curr->req_framenum);
- PROTO_ITEM_SET_GENERATED(pi);
- }
- if (next && next->req_framenum) {
- pi = proto_tree_add_uint(http_tree, hf_http_next_request_in, tvb, 0, 0, next->req_framenum);
- PROTO_ITEM_SET_GENERATED(pi);
- }
- if (next && next->res_framenum) {
- pi = proto_tree_add_uint(http_tree, hf_http_next_response_in, tvb, 0, 0, next->res_framenum);
- PROTO_ITEM_SET_GENERATED(pi);
- }
- break;
- case HTTP_REQUEST:
- hidden_item = proto_tree_add_boolean(http_tree,
- hf_http_request, tvb, 0, 0, 1);
- PROTO_ITEM_SET_HIDDEN(hidden_item);
- if (curr) {
- pi = proto_tree_add_text(http_tree, tvb, 0, 0, "HTTP request %u/%u", curr->number, conv_data->req_res_num);
- PROTO_ITEM_SET_GENERATED(pi);
- }
- if (prev && prev->req_framenum) {
- pi = proto_tree_add_uint(http_tree, hf_http_prev_request_in, tvb, 0, 0, prev->req_framenum);
- PROTO_ITEM_SET_GENERATED(pi);
- }
- if (curr && curr->res_framenum) {
- pi = proto_tree_add_uint(http_tree, hf_http_response_in, tvb, 0, 0, curr->res_framenum);
- PROTO_ITEM_SET_GENERATED(pi);
- }
- if (next && next->req_framenum) {
- pi = proto_tree_add_uint(http_tree, hf_http_next_request_in, tvb, 0, 0, next->req_framenum);
- PROTO_ITEM_SET_GENERATED(pi);
- }
- break;
- case HTTP_OTHERS:
- default:
- break;
- }
- }
-
- reported_datalen = tvb_reported_length_remaining(tvb, offset);
- datalen = tvb_length_remaining(tvb, offset);
- /*
- * If a content length was supplied, the amount of data to be
- * processed as HTTP payload is the minimum of the content
- * length and the amount of data remaining in the frame.
- *
- * If a message is received with both a Transfer-Encoding
- * header field and a Content-Length header field, the latter
- * MUST be ignored.
- *
- * If no content length was supplied (or if a bad content length
- * was supplied), the amount of data to be processed is the amount
- * of data remaining in the frame.
- *
- * If there was no Content-Length entity header, we should
- * accumulate all data until the end of the connection.
- * That'd require that the TCP dissector call subdissectors
- * for all frames with FIN, even if they contain no data,
- * which would require subdissectors to deal intelligently
- * with empty segments.
- *
- * According to RFC 2616, however, 1xx responses, 204 responses,
- * and 304 responses MUST NOT include a message body; if no
- * content length is specified for them, we don't attempt to
- * dissect the body.
- *
- * XXX - it says the same about responses to HEAD requests;
- * unless there's a way to determine from the response
- * whether it's a response to a HEAD request, we have to
- * keep information about the request and associate that with
- * the response in order to handle that.
- */
- if (headers.have_content_length &&
- headers.content_length != -1 &&
- headers.transfer_encoding == NULL) {
- if (datalen > headers.content_length)
- datalen = (int)headers.content_length;
- /*
- * XXX - limit the reported length in the tvbuff we'll
- * hand to a subdissector to be no greater than the
- * content length.
- *
- * We really need both unreassembled and "how long it'd
- * be if it were reassembled" lengths for tvbuffs, so
- * that we throw the appropriate exceptions for
- * "not enough data captured" (running past the length),
- * "packet needed reassembly" (within the length but
- * running past the unreassembled length), and
- * "packet is malformed" (running past the reassembled
- * length).
- */
- if (reported_datalen > headers.content_length)
- reported_datalen = (int)headers.content_length;
- } else {
- switch (http_type) {
- case HTTP_REQUEST:
- /*
- * Requests have no content if there's no
- * Content-Length header and no Transfer-Encoding
- * header.
- */
- if (headers.transfer_encoding == NULL)
- datalen = 0;
- else
- reported_datalen = -1;
- break;
- case HTTP_RESPONSE:
- if ((stat_info->response_code/100) == 1 ||
- stat_info->response_code == 204 ||
- stat_info->response_code == 304)
- datalen = 0; /* no content! */
- else {
- /*
- * XXX - responses to HEAD requests,
- * and possibly other responses,
- * "MUST NOT" include a
- * message-body.
- */
- reported_datalen = -1;
- }
- break;
- default:
- /*
- * XXX - what about HTTP_NOTIFICATION?
- */
- reported_datalen = -1;
- break;
- }
- }
- if (datalen > 0) {
- /*
- * There's stuff left over; process it.
- */
- tvbuff_t *next_tvb;
- void *save_private_data = NULL;
- gboolean private_data_changed = FALSE;
- gint chunks_decoded = 0;
- /*
- * Create a tvbuff for the payload.
- *
- * The amount of data to be processed that's
- * available in the tvbuff is "datalen", which
- * is the minimum of the amount of data left in
- * the tvbuff and any specified content length.
- *
- * The amount of data to be processed that's in
- * this frame, regardless of whether it was
- * captured or not, is "reported_datalen",
- * which, if no content length was specified,
- * is -1, i.e. "to the end of the frame.
- */
- next_tvb = tvb_new_subset(tvb, offset, datalen,
- reported_datalen);
- /*
- * Handle *transfer* encodings other than "identity".
- */
- if (headers.transfer_encoding != NULL &&
- g_ascii_strcasecmp(headers.transfer_encoding, "identity") != 0) {
- if (http_dechunk_body &&
- (g_ascii_strncasecmp(headers.transfer_encoding, "chunked", 7)
- == 0)) {
- chunks_decoded = chunked_encoding_dissector(
- &next_tvb, pinfo, http_tree, 0);
- if (chunks_decoded <= 0) {
- /*
- * The chunks weren't reassembled,
- * or there was a single zero
- * length chunk.
- */
- goto body_dissected;
- } else {
- /*
- * Add a new data source for the
- * de-chunked data.
- */
- #if 0 /* Handled in chunked_encoding_dissector() */
- tvb_set_child_real_data_tvbuff(tvb,
- next_tvb);
- #endif
- add_new_data_source(pinfo, next_tvb,
- "De-chunked entity body");
- }
- } else {
- /*
- * We currently can't handle, for example,
- * "gzip", "compress", or "deflate" as
- * *transfer* encodings; just handle them
- * as data for now.
- */
- call_dissector(data_handle, next_tvb, pinfo,
- http_tree);
- goto body_dissected;
- }
- }
- /*
- * At this point, any chunked *transfer* coding has been removed
- * (the entity body has been dechunked) so it can be presented
- * for the following operation (*content* encoding), or it has
- * been been handed off to the data dissector.
- *
- * Handle *content* encodings other than "identity" (which
- * shouldn't appear in a Content-Encoding header, but
- * we handle it in any case).
- */
- if (headers.content_encoding != NULL &&
- g_ascii_strcasecmp(headers.content_encoding, "identity") != 0) {
- /*
- * We currently can't handle, for example, "compress";
- * just handle them as data for now.
- *
- * After July 7, 2004 the LZW patent expires, so support
- * might be added then. However, I don't think that
- * anybody ever really implemented "compress", due to
- * the aforementioned patent.
- */
- tvbuff_t *uncomp_tvb = NULL;
- proto_item *e_ti = NULL;
- proto_tree *e_tree = NULL;
- if (http_decompress_body &&
- (g_ascii_strcasecmp(headers.content_encoding, "gzip") == 0 ||
- g_ascii_strcasecmp(headers.content_encoding, "deflate") == 0 ||
- g_ascii_strcasecmp(headers.content_encoding, "x-gzip") == 0 ||
- g_ascii_strcasecmp(headers.content_encoding, "x-deflate") == 0))
- {
- uncomp_tvb = tvb_child_uncompress(tvb, next_tvb, 0,
- tvb_length(next_tvb));
- }
- /*
- * Add the encoded entity to the protocol tree
- */
- e_ti = proto_tree_add_text(http_tree, next_tvb,
- 0, tvb_length(next_tvb),
- "Content-encoded entity body (%s): %u bytes",
- headers.content_encoding,
- tvb_length(next_tvb));
- e_tree = proto_item_add_subtree(e_ti,
- ett_http_encoded_entity);
- if (uncomp_tvb != NULL) {
- /*
- * Decompression worked
- */
- /* XXX - Don't free this, since it's possible
- * that the data was only partially
- * decompressed, such as when desegmentation
- * isn't enabled.
- *
- tvb_free(next_tvb);
- */
- proto_item_append_text(e_ti, " -> %u bytes", tvb_length(uncomp_tvb));
- next_tvb = uncomp_tvb;
- add_new_data_source(pinfo, next_tvb,
- "Uncompressed entity body");
- } else {
- proto_item_append_text(e_ti, " [Error: Decompression failed]");
- call_dissector(data_handle, next_tvb, pinfo,
- e_tree);
- goto body_dissected;
- }
- }
- /*
- * Note that a new data source is added for the entity body
- * only if it was content-encoded and/or transfer-encoded.
- */
- /* Save values for the Export Object GUI feature if we have
- * an active listener to process it (which happens when
- * the export object window is open). */
- if(have_tap_listener(http_eo_tap)) {
- eo_info = ep_new(http_eo_t);
- eo_info->hostname = conv_data->http_host;
- eo_info->filename = conv_data->request_uri;
- eo_info->content_type = headers.content_type;
- eo_info->payload_len = tvb_length(next_tvb);
- eo_info->payload_data = tvb_get_ptr(next_tvb, 0, eo_info->payload_len);
- tap_queue_packet(http_eo_tap, pinfo, eo_info);
- }
- /*
- * Do subdissector checks.
- *
- * First, if we have a Content-Type value, check whether
- * there's a subdissector for that media type.
- */
- handle = NULL;
- if (headers.content_type != NULL) {
- /*
- * We didn't find any subdissector that
- * registered for the port, and we have a
- * Content-Type value. Is there any subdissector
- * for that content type?
- */
- save_private_data = pinfo->private_data;
- private_data_changed = TRUE;
- if (headers.content_type_parameters)
- pinfo->private_data = ep_strdup(headers.content_type_parameters);
- else
- pinfo->private_data = NULL;
- /*
- * Calling the string handle for the media type
- * dissector table will set pinfo->match_string
- * to headers.content_type for us.
- */
- pinfo->match_string = headers.content_type;
- handle = dissector_get_string_handle(
- media_type_subdissector_table,
- headers.content_type);
- if (handle == NULL &&
- strncmp(headers.content_type, "multipart/", sizeof("multipart/")-1) == 0) {
- /* Try to decode the unknown multipart subtype anyway */
- handle = dissector_get_string_handle(
- media_type_subdissector_table,
- "multipart/");
- }
- }
- /*
- * Now, if we didn't find such a subdissector, check
- * whether some subdissector asked that they be called
- * if HTTP traffic was on some particular port. This
- * handles protocols that use HTTP syntax but don't have
- * a media type and instead use a specified port.
- */
- if (handle == NULL) {
- handle = dissector_get_uint_handle(port_subdissector_table,
- pinfo->match_uint);
- }
- if (handle != NULL) {
- /*
- * We have a subdissector - call it.
- */
- dissected = call_dissector_only(handle, next_tvb, pinfo, tree, NULL);
- if (!dissected)
- expert_add_info(pinfo, http_tree, &ei_http_subdissector_failed);
- }
- if (!dissected) {
- /*
- * We don't have a subdissector or we have one and it did not
- * dissect the payload - try the heuristic subdissectors.
- */
- dissected = dissector_try_heuristic(heur_subdissector_list,
- next_tvb, pinfo, tree, NULL);
- }
- if (dissected) {
- /*
- * The subdissector dissected the body.
- * Fix up the top-level item so that it doesn't
- * include the stuff for that protocol.
- */
- if (ti != NULL)
- proto_item_set_len(ti, offset);
- } else {
- if (headers.content_type != NULL) {
- /*
- * Calling the default media handle if there is a content-type that
- * wasn't handled above.
- */
- call_dissector(media_handle, next_tvb, pinfo, tree);
- } else {
- /* Call the default data dissector */
- call_dissector(data_handle, next_tvb, pinfo, http_tree);
- }
- }
- body_dissected:
- /*
- * Do *not* attempt at freeing the private data;
- * it may be in use by subdissectors.
- */
- if (private_data_changed) /*restore even NULL value*/
- pinfo->private_data = save_private_data;
- /*
- * We've processed "datalen" bytes worth of data
- * (which may be no data at all); advance the
- * offset past whatever data we've processed.
- */
- offset += datalen;
- }
- if (http_type == HTTP_RESPONSE && pinfo->desegment_offset<=0 && pinfo->desegment_len<=0) {
- conv_data->upgrade = headers.upgrade;
- conv_data->startframe = pinfo->fd->num + 1;
- }
- tap_queue_packet(http_tap, pinfo, stat_info);
- return offset - orig_offset;
- }
- /* This can be used to dissect an HTTP request until such time
- * that a more complete dissector is written for that HTTP request.
- * This simple dissector only puts the request method, URI, and
- * protocol version into a sub-tree.
- */
- static void
- basic_request_dissector(tvbuff_t *tvb, proto_tree *tree, int offset,
- const guchar *line, const guchar *lineend,
- http_conv_t *conv_data)
- {
- const guchar *next_token;
- const gchar *request_uri;
- int tokenlen;
- /* The first token is the method. */
- tokenlen = get_token_len(line, lineend, &next_token);
- if (tokenlen == 0)
- return;
- proto_tree_add_item(tree, hf_http_request_method, tvb, offset, tokenlen,
- ENC_ASCII|ENC_NA);
- if ((next_token - line) > 2 && next_token[-1] == ' ' && next_token[-2] == ' ') {
- /* Two spaces in a now indicates empty URI, so roll back one here */
- next_token--;
- }
- offset += (int) (next_token - line);
- line = next_token;
- /* The next token is the URI. */
- tokenlen = get_token_len(line, lineend, &next_token);
- /* Save the request URI for various later uses */
- request_uri = tvb_get_ephemeral_string(tvb, offset, tokenlen);
- stat_info->request_uri = ep_strdup(request_uri);
- conv_data->request_uri = se_strdup(request_uri);
- proto_tree_add_string(tree, hf_http_request_uri, tvb, offset, tokenlen,
- request_uri);
- offset += (int) (next_token - line);
- line = next_token;
- /* Everything to the end of the line is the version. */
- tokenlen = (int) (lineend - line);
- proto_tree_add_item(tree, hf_http_version, tvb, offset, tokenlen,
- ENC_ASCII|ENC_NA);
- }
- static void
- basic_response_dissector(tvbuff_t *tvb, proto_tree *tree, int offset,
- const guchar *line, const guchar *lineend,
- http_conv_t *conv_data _U_)
- {
- const guchar *next_token;
- int tokenlen;
- gchar response_code_chars[4];
- /*
- * The first token is the HTTP Version.
- */
- tokenlen = get_token_len(line, lineend, &next_token);
- if (tokenlen == 0)
- return;
- proto_tree_add_item(tree, hf_http_version, tvb, offset, tokenlen,
- ENC_ASCII|ENC_NA);
- /* Advance to the start of the next token. */
- offset += (int) (next_token - line);
- line = next_token;
- /*
- * The second token is the Status Code.
- */
- tokenlen = get_token_len(line, lineend, &next_token);
- if (tokenlen < 3)
- return;
- /* The Status Code characters must be copied into a null-terminated
- * buffer for strtoul() to parse them into an unsigned integer value.
- */
- memcpy(response_code_chars, line, 3);
- response_code_chars[3] = '\0';
- stat_info->response_code = conv_data->response_code =
- (guint)strtoul(response_code_chars, NULL, 10);
- proto_tree_add_uint(tree, hf_http_response_code, tvb, offset, 3,
- stat_info->response_code);
- /* Advance to the start of the next token. */
- offset += (int) (next_token - line);
- line = next_token;
- /*
- * The remaining tokens in the line comprise the Reason Phrase.
- */
- tokenlen = (int) (lineend - line);
- if (tokenlen < 1)
- return;
- proto_tree_add_item(tree, hf_http_response_phrase, tvb, offset,
- tokenlen, ENC_ASCII|ENC_NA);
- }
- #if 0 /* XXX: Replaced by code creating the "Dechunked" tvb O(N) rather tan O(N^2) */
- /*
- * Dissect the http data chunks and add them to the tree.
- */
- static int
- chunked_encoding_dissector(tvbuff_t **tvb_ptr, packet_info *pinfo,
- proto_tree *tree, int offset)
- {
- guint8 *chunk_string = NULL;
- guint32 chunk_size = 0;
- gint chunk_offset = 0;
- guint32 datalen = 0;
- gint linelen = 0;
- gint chunks_decoded = 0;
- tvbuff_t *tvb = NULL;
- tvbuff_t *new_tvb = NULL;
- gint chunked_data_size = 0;
- proto_tree *subtree = NULL;
- proto_item *ti = NULL;
- if (tvb_ptr == NULL || *tvb_ptr == NULL) {
- return 0;
- }
- tvb = *tvb_ptr;
- datalen = tvb_reported_length_remaining(tvb, offset);
- if (tree) {
- ti = proto_tree_add_text(tree, tvb, offset, datalen,
- "HTTP chunked response");
- subtree = proto_item_add_subtree(ti, ett_http_chunked_response);
- }
- while (datalen != 0) {
- proto_item *chunk_ti = NULL;
- proto_tree *chunk_subtree = NULL;
- tvbuff_t *data_tvb = NULL; /* */
- gchar *c = NULL;
- guint8 *raw_data;
- gint raw_len = 0;
- linelen = tvb_find_line_end(tvb, offset, -1, &chunk_offset, TRUE);
- if (linelen <= 0) {
- /* Can't get the chunk size line */
- break;
- }
- chunk_string = tvb_get_ephemeral_string(tvb, offset, linelen);
- if (chunk_string == NULL) {
- /* Can't get the chunk size line */
- break;
- }
- c = (gchar*) chunk_string;
- /*
- * We don't care about the extensions.
- */
- if ((c = strchr(c, ';'))) {
- *c = '\0';
- }
- chunk_size = strtol((gchar*)chunk_string, NULL, 16);
- if (chunk_size > datalen) {
- /*
- * The chunk size is more than what's in the tvbuff,
- * so either the user hasn't enabled decoding, or all
- * of the segments weren't captured.
- */
- chunk_size = datalen;
- }
- #if 0
- else if (new_tvb == NULL) {
- new_tvb = tvb_new_composite();
- }
- if (new_tvb != NULL && chunk_size != 0) {
- tvbuff_t *chunk_tvb = NULL;
- chunk_tvb = tvb_new_subset(tvb, chunk_offset,
- chunk_size, datalen);
- tvb_composite_append(new_tvb, chunk_tvb);
- }
- #endif
- chunked_data_size += chunk_size;
- raw_data = g_malloc(chunked_data_size);
- raw_len = 0;
- if (new_tvb != NULL) {
- raw_len = tvb_length_remaining(new_tvb, 0);
- tvb_memcpy(new_tvb, raw_data, 0, raw_len);
- tvb_free(new_tvb);
- }
- tvb_memcpy(tvb, (guint8 *)(raw_data + raw_len),
- chunk_offset, chunk_size);
- /* Don't create a new tvb if we have a single chunk with
- * a size of zero (meaning it is the end of the chunks). */
- if(chunked_data_size > 0) {
- new_tvb = tvb_new_real_data(raw_data,
- …
Large files files are truncated, but you can click here to view the full file