--- /dev/null
+# Makefile.am
+# Automake file for MATE Ethereal plugin
+#
+# $Id$
+#
+# Ethereal - Network traffic analyzer
+# By Gerald Combs <gerald@ethereal.com>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+
+INCLUDES = -I$(top_srcdir)
+
+plugindir = @plugindir@
+
+plugin_LTLIBRARIES = tpg.la
+
+tpg_la_SOURCES = \
+ moduleinfo.h \
+ http-parser.c \
+ http-parser.h \
+ packet-http.c
+
+tpg_la_LDFLAGS = -module -avoid-version
+tpg_la_LIBADD = @PLUGIN_LIBS@
+
+# Libs must be cleared, or else libtool won't create a shared module.
+# If your module needs to be linked against any particular libraries,
+# add them here.
+LIBS =
+
+CLEANFILES = \
+ tpg \
+ *~
+
+DISTCLEANFILES = \
+ http-parser.c \
+ http-parser.h
+
+MAINTAINERCLEANFILES = \
+ Makefile.in \
+ http-parser.c \
+ http-parser.h
+
+EXTRA_DIST = \
+ http.tpg \
+ Makefile.nmake
+
+TPG = ../../tools/tpg
+
+http-parser.h: http-parser.c
+
+$(TPG)/TPG.pm: $(TPG)/TPG.yp
+ cd $(TPG) && make
+
+http-parser.c: http.tpg $(TPG)/tpg.pl $(TPG)/TPG.pm
+ $(PERL) -I$(TPG) $(TPG)/tpg.pl http.tpg
+
--- /dev/null
+#
+# $Id$
+#
+
+include ..\..\config.nmake
+include <win32.mak>
+
+############### no need to modify below this line #########
+
+LEMON=..\..\tools\lemon
+
+CFLAGS=/DHAVE_CONFIG_H /I../.. /I../../wiretap $(GLIB_CFLAGS) /I$(LEMON)\
+ /I$(PCAP_DIR)\include -D_U_="" $(LOCAL_CFLAGS)
+
+.c.obj::
+ $(CC) $(CFLAGS) -Fdmate.pdb -c $<
+
+LDFLAGS = /NOLOGO /INCREMENTAL:no /MACHINE:I386 $(LOCAL_LDFLAGS)
+
+!IFDEF ENABLE_LIBETHEREAL
+LINK_PLUGIN_WITH=..\..\epan\libethereal.lib
+CFLAGS=/DHAVE_WIN32_LIBETHEREAL_LIB /D_NEED_VAR_IMPORT_ $(CFLAGS)
+
+OBJECTS=packet-mate.obj\
+ mate_setup.obj\
+ mate_runtime.obj\
+ mate_util.obj\
+ mate_plugin.obj\
+ mate_grammar.obj\
+ mate_parser.obj
+
+mate.dll mate.exp mate.lib : $(OBJECTS) $(LINK_PLUGIN_WITH)
+ link -dll /out:mate.dll $(LDFLAGS) $(OBJECTS) $(LINK_PLUGIN_WITH) \
+ $(GLIB_LIBS)
+
+!ENDIF
+
+clean:
+ rm -f $(OBJECTS) mate.dll mate.exp mate.lib *.pdb
+
+#
+# We remove the generated files with "distclean" because one of them,
+# "mate_parser.c", needs different #includes for UN*X and Windows
+# (UN*X versions of Flex make it include <unistd.h>, but that's a
+# UN*X-only header), so if you're going to build from source, you need
+# to build "mate_parser.c" from "mate_parser.l" with Flex.
+# This might not be necessary for "mate_grammar.{c,h}", but we handle them
+# the same for now.
+#
+distclean: clean
+ rm -f mate_parser.c mate_grammar.c mate_grammar.h mate_grammar.out
+
+maintainer-clean: distclean
+
+mate_parser.c : mate_parser.l
+ $(LEX) -Pdf_ -omate_parser.c mate_parser.l
+
+mate_grammar.h : mate_grammar.c
+mate_grammar.c : mate_grammar.lemon $(LEMON)\lemon.exe
+ $(LEMON)\lemon.exe t=$(LEMON)\lempar.c mate_grammar.lemon
+
+$(LEMON)\lemon.exe:
+ cd ../../tools/lemon
+ $(MAKE) -f makefile.nmake
+ cd ../../plugins/mate
--- /dev/null
+#
+# HTTP header TPG description
+#
+# (c) 2005 Luis E. Garcia Ontanon <luis.ontanon@gmail.com>
+#
+# $Id $
+#
+# Ethereal - Network traffic analyzer
+# By Gerald Combs <gerald@ethereal.com>
+# Copyright 2004 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+%header_head %{
+typedef struct _http_info_value_t
+{
+ guint32 framenum;
+ gchar *request_method;
+ guint response_code;
+ gchar *http_host;
+ gchar *request_uri;
+ guint content_length;
+ gchar* media;
+ gboolean is_response;
+ gchar* transfer_encoding;
+} http_info_value_t;
+%}
+
+%parser_name http .
+%export req_resp header crlf .
+
+
+%tt_type %{ http_info_value_t %}
+
+%rule crlf = "\r\n" .
+
+%rule sp = [ ]+ .
+
+%field version hyttp.version "HTTP Version" FT_STRING.
+%rule http_version = "HTTP/" ( "1.0" | "1.1" )<version> .
+
+%field response hyttp.response "Response" FT_BOOLEAN .
+%field response_code hyttp.response.code "Response Code" FT_UINT32 BASE_DEC %{ http_response_codes %} .
+%rule response = (http_version sp [0-9]+<response_code:RESPONSE> ... { crlf } )<response:%plain_text> . {
+ %root response
+ %code %{
+ TT_DATA->is_response = TRUE;
+ TT_DATA->response_code = TPG_UINT(RESPONSE);
+ %}
+}
+
+%field request hyttp.request "Request" FT_BOOLEAN .
+%field method hyttp.request.method "Request Method" FT_STRING .
+%field uri hyttp.request.uri "Request URI" FT_STRING .
+%rule request = ([A-Z]+<method:METHOD> sp [^ ]+<uri:URI> sp http_version crlf )<request:%plain_text> . {
+ %root request
+ %code %{
+ TT_DATA->is_response = FALSE;
+ TT_DATA->request_method = TPG_STRING(METHOD);
+ TT_DATA->request_uri = TPG_STRING(URI);
+ %}
+}
+
+%rule req_resp = ( request | response ).
+
+%rule media = [a-z]+ "/" [a-z]+ .
+
+%field content_type hyttp.content_type "Content-Type" FT_STRING .
+%rule content_type = "Content-Type: " media<content_type:MEDIA> sp? crlf . {
+ %code %{
+ TT_DATA->media = TPG_STRING(MEDIA);
+ %}
+}
+
+%field content_length hyttp.headers.content_length "Content-Length" FT_UINT32 BASE_DEC .
+%rule content_length = "Content-Length: " media<content_length:LENGTH> sp? crlf . {
+ %code %{
+ TT_DATA->content_length = TPG_UINT(LENGTH);
+ %}
+}
+
+%field transfer_encoding hyttp.transfer_encoding "Transfer-Encoding" FT_STRING .
+%rule transfer_encoding = "Transfer-Encoding: " ...<transfer_encoding:ENCODING> { crlf }. {
+ %code %{
+ TT_DATA->transfer_encoding = TPG_STRING(ENCODING);
+ %}
+}
+
+%field authorization hyttp.authorization "Authorization" FT_STRING .
+%rule authorization = "Authorization: " ...<authorization> { crlf } .
+
+%field proxy_authorization hyttp.proxy_authorization "Proxy-Authorization" FT_STRING .
+%rule proxy_author = "Proxy-Authorization: " ...<proxy_authorization> { crlf } .
+
+%field proxy_authen hyttp.proxy_authenti "Proxy-Authenticate" FT_STRING .
+%rule proxy_authen = "Proxy-Authenticate: " ...<proxy_authen> { crlf } .
+
+%field www_auth hyttp.www_authenticate "WWW-Authenticate" FT_STRING .
+%rule www_auth = "WWW-Authenticate: " ...<www_auth> { crlf } .
+
+%field content_encoding hyttp.content_encoding "Content-Encoding" FT_STRING .
+%rule content_encoding = "Content-Encoding: " ...<content_encoding> { crlf } .
+
+%field user_agent hyttp.content_encoding "User-Agent" FT_STRING .
+%rule user_agent = "User-Agent: " ...<user_agent> { crlf } .
+
+%field host hyttp.host "Host" FT_STRING .
+%rule host = "Host: " ...<host> { crlf } .
+
+%rule other_header = ([A-Z] [a-zA-Z-]+)<NAME> ": " ...<VALUE> { crlf } .
+
+%field header hyttp.headers.line "HTTP Header Line" FT_BOOLEAN .
+%rule header = (
+ content_type
+ | transfer_encoding
+ | content_length
+ | authorization
+ | proxy_author
+ | proxy_authen
+ | www_auth
+ | content_encoding
+ | user_agent
+ | host
+ | other_header)<header:%plain_text> . {
+ %root header
+}
+
+%tail %{
+/* tail */
+%}
\ No newline at end of file
--- /dev/null
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "http-parser.h"
+#include <gmodule.h>
+
+static const value_string http_response_codes[] = {
+{ 200, "OK" },
+{ 302, "Later" },
+{0,NULL}
+};
+
+static gint ett_http = -1;
+static int proto_http = -1;
+
+static tvbparse_wanted_t* rule_http_crlf;
+static tvbparse_wanted_t* rule_http_header;
+static tvbparse_wanted_t* rule_http_req_resp;
+
+static dissector_handle_t http_handle;
+
+static void dissect_http(tvbuff_t* tvb, packet_info* pinfo _U_, proto_tree* tree) {
+ http_info_value_t* msgdata = ep_alloc(sizeof(http_info_value_t));
+ tvbparse_elem_t* reqresp;
+ tpg_parser_data_t* tpg;
+ proto_item* pi = proto_tree_add_item(tree,proto_http,tvb,0,-1,FALSE);
+ proto_tree* pt = proto_item_add_subtree(pi,ett_http);
+
+ tpg = tpg_start(pt,tvb,0,-1,msgdata);
+
+ if (( reqresp = TPG_GET(tpg,rule_http_req_resp) )) {
+ tvbparse_elem_t* hdr;
+
+ while(( hdr = TPG_GET(tpg,rule_http_header) )) ;
+
+ if ( TPG_GET(tpg,rule_http_crlf) ) {
+ return;
+ }
+
+ } else {
+ return;
+ }
+}
+
+static void proto_register_http(void) {
+ static hf_register_info hf[] = {
+ HF_HTTP_PARSER
+ };
+
+ static gint *ett[] = {
+ ETT_HTTP_PARSER,
+ &ett_http
+ };
+
+ tpg_http_init();
+
+ proto_http = proto_register_protocol("HyTeTrP",
+ "HyTeTrP", "hytetrpr");
+ proto_register_field_array(proto_http, hf, array_length(hf));
+ proto_register_subtree_array(ett, array_length(ett));
+
+ rule_http_crlf = wanted_http_crlf();
+ rule_http_header = wanted_http_header();
+ rule_http_req_resp = wanted_http_req_resp();
+
+}
+
+
+static void proto_reg_handoff_http(void) {
+ http_handle = create_dissector_handle(dissect_http, proto_http);
+
+ dissector_delete("tcp.port", 80, NULL);
+ dissector_add("tcp.port", 80, http_handle);
+
+}
+
+#ifndef ENABLE_STATIC
+
+G_MODULE_EXPORT const gchar version[] = "0.0.0";
+
+G_MODULE_EXPORT void
+plugin_register(void)
+{
+ /* register the new protocol, protocol fields, and subtrees */
+ if (proto_http == -1) { /* execute protocol initialization only once */
+ proto_register_http();
+ }
+}
+
+G_MODULE_EXPORT void
+plugin_reg_handoff(void){
+ proto_reg_handoff_http();
+}
+
+#endif
+