2 * Routines for HTTP packet disassembly
4 * Guy Harris <guy@alum.mit.edu>
6 * $Id: packet-http.c,v 1.33 2001/01/09 06:31:36 guy Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@zing.org>
10 * Copyright 1998 Gerald Combs
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 #include <sys/types.h>
45 typedef enum _http_type {
52 static int proto_http = -1;
53 static int hf_http_notification = -1;
54 static int hf_http_response = -1;
55 static int hf_http_request = -1;
57 static gint ett_http = -1;
59 #define TCP_PORT_HTTP 80
60 #define TCP_PORT_PROXY_HTTP 3128
61 #define TCP_PORT_PROXY_ADMIN_HTTP 3132
62 #define TCP_ALT_PORT_HTTP 8080
64 #define TCP_PORT_SSDP 1900
65 #define UDP_PORT_SSDP 1900
68 * Protocols implemented atop HTTP.
71 PROTO_HTTP, /* just HTTP */
72 PROTO_IPP, /* Internet Printing Protocol */
73 PROTO_SSDP /* Simple Service Discovery Protocol */
76 static int is_http_request_or_reply(const u_char *data, int linelen, http_type_t *type);
78 static dissector_handle_t ipp_handle;
81 dissect_http(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
85 proto_tree *http_tree = NULL;
86 proto_item *ti = NULL;
90 const u_char *linep, *lineend;
93 http_type_t http_type;
96 CHECK_DISPLAY_AS_DATA(proto_http, tvb, pinfo, tree);
98 pinfo->current_proto = "HTTP";
100 switch (pinfo->match_port) {
118 if (check_col(pinfo->fd, COL_PROTOCOL))
119 col_set_str(pinfo->fd, COL_PROTOCOL, proto_tag);
120 if (check_col(pinfo->fd, COL_INFO)) {
122 * Put the first line from the buffer into the summary
123 * if it's an HTTP request or reply (but leave out the
125 * Otherwise, just call it a continuation.
127 linelen = tvb_find_line_end(tvb, offset, -1, &next_offset);
128 line = tvb_get_ptr(tvb, offset, linelen);
129 http_type = HTTP_OTHERS; /* type not known yet */
130 if (is_http_request_or_reply(line, linelen, &http_type))
131 col_add_str(pinfo->fd, COL_INFO,
132 format_text(line, linelen));
134 col_set_str(pinfo->fd, COL_INFO, "Continuation");
138 ti = proto_tree_add_item(tree, proto_http, tvb, offset,
139 tvb_length_remaining(tvb, offset), FALSE);
140 http_tree = proto_item_add_subtree(ti, ett_http);
143 * Process the packet data, a line at a time.
145 http_type = HTTP_OTHERS; /* type not known yet */
146 while (tvb_offset_exists(tvb, offset)) {
148 * Find the end of the line.
150 linelen = tvb_find_line_end(tvb, offset, -1,
154 * Get a buffer that refers to the line.
156 line = tvb_get_ptr(tvb, offset, linelen);
157 lineend = line + linelen;
160 * OK, does it look like an HTTP request or
163 if (is_http_request_or_reply(line, linelen, &http_type))
167 * No. Does it look like a blank line (as would
168 * appear at the end of an HTTP request)?
174 * No. Does it look like a MIME header?
177 while (linep < lineend) {
180 break; /* not printable, not a MIME header */
200 * It's a tspecial, so it's not
201 * part of a token, so it's not
202 * a field name for the beginning
209 * This ends the token; we consider
210 * this to be a MIME header.
218 * We don't consider this part of an HTTP request or
219 * reply, so we don't display it.
220 * (Yeah, that means we don't display, say, a
221 * text/http page, but you can get that from the
230 proto_tree_add_text(http_tree, tvb, offset,
231 next_offset - offset, "%s",
232 tvb_format_text(tvb, offset, next_offset - offset));
233 offset = next_offset;
238 case HTTP_NOTIFICATION:
239 proto_tree_add_boolean_hidden(http_tree,
240 hf_http_notification, tvb, 0, 0, 1);
244 proto_tree_add_boolean_hidden(http_tree,
245 hf_http_response, tvb, 0, 0, 1);
249 proto_tree_add_boolean_hidden(http_tree,
250 hf_http_request, tvb, 0, 0, 1);
259 datalen = tvb_length_remaining(tvb, offset);
261 if (proto == PROTO_IPP) {
262 tvbuff_t *new_tvb = tvb_new_subset(tvb, offset, -1, -1);
265 * Fix up the top-level item so that it doesn't
266 * include the IPP stuff.
269 proto_item_set_len(ti, offset);
271 call_dissector(ipp_handle, new_tvb, pinfo, tree);
273 dissect_data(tvb, offset, pinfo, http_tree);
278 * XXX - this won't handle HTTP 0.9 replies, but they're all data
282 is_http_request_or_reply(const u_char *data, int linelen, http_type_t *type)
285 * From RFC 2774 - An HTTP Extension Framework
287 * Support the command prefix that identifies the presence of
288 * a "mandatory" header.
290 if (strncmp(data, "M-", 2) == 0) {
296 * From draft-cohen-gena-client-01.txt, available from the uPnP forum:
297 * NOTIFY, SUBSCRIBE, UNSUBSCRIBE
299 * From draft-ietf-dasl-protocol-00.txt, a now vanished Microsoft draft:
303 if (strncmp(data, "GET ", 4) == 0 ||
304 strncmp(data, "PUT ", 4) == 0) {
305 if (*type == HTTP_OTHERS)
306 *type = HTTP_REQUEST;
311 if (strncmp(data, "HEAD ", 5) == 0 ||
312 strncmp(data, "POST ", 5) == 0) {
313 if (*type == HTTP_OTHERS)
314 *type = HTTP_REQUEST;
317 if (strncmp(data, "HTTP/", 5) == 0) {
318 if (*type == HTTP_OTHERS)
319 *type = HTTP_RESPONSE;
320 return TRUE; /* response */
324 if (strncmp(data, "TRACE ", 6) == 0) {
325 if (*type == HTTP_OTHERS)
326 *type = HTTP_REQUEST;
331 if (strncmp(data, "DELETE ", 7) == 0) {
332 if (*type == HTTP_OTHERS)
333 *type = HTTP_REQUEST;
336 if (strncmp(data, "NOTIFY ", 7) == 0 ||
337 strncmp(data, "SEARCH ", 7) == 0) {
338 if (*type == HTTP_OTHERS)
339 *type = HTTP_NOTIFICATION;
344 if (strncmp(data, "OPTIONS ", 8) == 0 ||
345 strncmp(data, "CONNECT ", 8) == 0) {
346 if (*type == HTTP_OTHERS)
347 *type = HTTP_REQUEST;
352 if (strncmp(data, "SUBSCRIBE ", 10) == 0) {
353 if (*type == HTTP_OTHERS)
354 *type = HTTP_NOTIFICATION;
359 if (strncmp(data, "UNSUBSCRIBE ", 10) == 0) {
360 if (*type == HTTP_OTHERS)
361 *type = HTTP_NOTIFICATION;
369 proto_register_http(void)
371 static hf_register_info hf[] = {
372 { &hf_http_notification,
373 { "Notification", "http.notification",
374 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
375 "TRUE if HTTP notification" }},
377 { "Response", "http.response",
378 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
379 "TRUE if HTTP response" }},
381 { "Request", "http.request",
382 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
383 "TRUE if HTTP request" }},
385 static gint *ett[] = {
389 proto_http = proto_register_protocol("Hypertext Transfer Protocol",
391 proto_register_field_array(proto_http, hf, array_length(hf));
392 proto_register_subtree_array(ett, array_length(ett));
396 proto_reg_handoff_http(void)
398 dissector_add("tcp.port", TCP_PORT_HTTP, dissect_http, proto_http);
399 dissector_add("tcp.port", TCP_ALT_PORT_HTTP, dissect_http, proto_http);
400 dissector_add("tcp.port", TCP_PORT_PROXY_HTTP, dissect_http,
402 dissector_add("tcp.port", TCP_PORT_PROXY_ADMIN_HTTP, dissect_http,
404 dissector_add("tcp.port", 631, dissect_http, proto_http);
406 dissector_add("tcp.port", TCP_PORT_SSDP, dissect_http, proto_http);
407 dissector_add("udp.port", UDP_PORT_SSDP, dissect_http, proto_http);
410 * Get a handle for the IPP dissector.
412 ipp_handle = find_dissector("ipp");
git.samba.org / obnox / wireshark / wip.git / blob