2 * Routines handling protocols with a request/response line, headers,
3 * a blank line, and an optional body.
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include <epan/packet.h>
32 #include <epan/strutil.h>
35 #include <epan/req_resp_hdrs.h>
38 * Optionally do reassembly of the request/response line, headers, and body.
41 req_resp_hdrs_do_reassembly(tvbuff_t *tvb, int offset, packet_info *pinfo,
42 gboolean desegment_headers, gboolean desegment_body)
46 gint length_remaining, reported_length_remaining;
49 long int content_length;
50 gboolean content_length_found = FALSE;
51 gboolean chunked_encoding = FALSE;
54 * Do header desegmentation if we've been told to.
56 * RFC 2616 defines HTTP messages as being either of the
57 * Request or the Response type
58 * (HTTP-message = Request | Response).
59 * Request and Response are defined as:
60 * Request = Request-Line
63 * | entity-header ) CRLF)
66 * Response = Status-Line
69 * | entity-header ) CRLF)
72 * that's why we can always assume two consecutive line
73 * endings (we allow CR, LF, or CRLF, as some clients
74 * or servers might not use a full CRLF) to mark the end
75 * of the headers. The worst thing that would happen
76 * otherwise would be the packet not being desegmented
77 * or being interpreted as only headers.
79 * RFC 2326 says RTSP works the same way; RFC 3261 says SIP
84 * If header desegmentation is activated, check that all
85 * headers are in this tvbuff (search for an empty line
86 * marking end of headers) or request one more byte (we
87 * don't know how many bytes we'll need, so we just ask
90 if (desegment_headers && pinfo->can_desegment) {
93 next_offset_sav = next_offset;
95 length_remaining = tvb_length_remaining(tvb,
97 reported_length_remaining =
98 tvb_reported_length_remaining(tvb, next_offset);
101 * Request one more byte if there're no
102 * bytes left in the reported data (if there're
103 * bytes left in the reported data, but not in
104 * the available data, requesting more bytes
105 * won't help, as those bytes weren't captured).
107 if (reported_length_remaining < 1) {
108 pinfo->desegment_offset = offset;
109 pinfo->desegment_len = 1;
114 * Request one more byte if we cannot find a
115 * header (i.e. a line end).
117 linelen = tvb_find_line_end(tvb, next_offset,
118 -1, &next_offset, TRUE);
120 length_remaining >= reported_length_remaining) {
122 * Not enough data; ask for one more
125 pinfo->desegment_offset = offset;
126 pinfo->desegment_len = 1;
128 } else if (linelen == 0) {
130 * We found the end of the headers.
136 * Is this a Content-Length or Transfer-Encoding
137 * header? If not, it either means that we are in
138 * a different header line, or that we are
139 * at the end of the headers, or that there
140 * isn't enough data; the two latter cases
141 * have already been handled above.
143 if (desegment_body) {
145 * Check if we've found Content-Length.
147 if (tvb_strncaseeql(tvb, next_offset_sav,
148 "Content-Length:", 15) == 0) {
149 header_val = tvb_get_string(tvb,
150 next_offset_sav + 15,
152 if (sscanf(header_val,
153 "%li", &content_length)
155 content_length_found = TRUE;
157 } else if (tvb_strncaseeql(tvb,
159 "Transfer-Encoding:", 18) == 0) {
161 * Find out if this Transfer-Encoding is
162 * chunked. It should be, since there
163 * really aren't any other types, but
164 * RFC 2616 allows for them.
169 header_val = tvb_get_string(tvb,
170 next_offset_sav + 18, linelen - 18);
172 len = strlen(header_val);
173 /* Skip white space */
174 while (p < header_val + len &&
175 (*p == ' ' || *p == '\t'))
177 if (p <= header_val + len) {
178 if (strncasecmp(p, "chunked", 7)
181 * Don't bother looking
188 chunked_encoding = TRUE;
198 * The above loop ends when we reached the end of the headers, so
199 * there should be content_length bytes after the 4 terminating bytes
200 * and next_offset points to after the end of the headers.
202 if (desegment_body) {
203 if (content_length_found) {
204 /* next_offset has been set to the end of the headers */
205 if (!tvb_bytes_exist(tvb, next_offset, content_length)) {
206 length_remaining = tvb_length_remaining(tvb,
208 reported_length_remaining =
209 tvb_reported_length_remaining(tvb, next_offset);
210 if (length_remaining < reported_length_remaining) {
212 * It's a waste of time asking for more
213 * data, because that data wasn't captured.
217 if (length_remaining == -1)
218 length_remaining = 0;
219 pinfo->desegment_offset = offset;
220 pinfo->desegment_len =
221 content_length - length_remaining;
224 } else if (chunked_encoding) {
226 * This data is chunked, so we need to keep pulling
227 * data until we reach the end of the stream, or a
231 * This doesn't bother with trailing headers; I don't
232 * think they are really used, and we'd have to use
233 * is_http_request_or_reply() to determine if it was
234 * a trailing header, or the start of a new response.
236 gboolean done_chunking = FALSE;
238 while (!done_chunking) {
240 gint chunk_offset = 0;
241 gchar *chunk_string = NULL;
244 length_remaining = tvb_length_remaining(tvb,
246 reported_length_remaining =
247 tvb_reported_length_remaining(tvb,
250 if (reported_length_remaining < 1) {
251 pinfo->desegment_offset = offset;
252 pinfo->desegment_len = 1;
256 linelen = tvb_find_line_end(tvb, next_offset,
257 -1, &chunk_offset, TRUE);
261 reported_length_remaining) {
262 pinfo->desegment_offset = offset;
263 pinfo->desegment_len = 2;
267 /* We have a line with the chunk size in it.*/
268 chunk_string = tvb_get_string(tvb, next_offset,
273 * We don't care about the extensions.
275 if ((c = strchr(c, ';'))) {
279 if ((sscanf(chunk_string, "%x",
280 &chunk_size) < 0) || chunk_size < 0) {
281 /* We couldn't get the chunk size,
284 g_free(chunk_string);
287 g_free(chunk_string);
289 if (chunk_size == 0) {
291 * This is the last chunk. Let's pull in the
294 linelen = tvb_find_line_end(tvb,
295 chunk_offset, -1, &chunk_offset, TRUE);
299 reported_length_remaining) {
300 pinfo->desegment_offset = offset;
301 pinfo->desegment_len = 1;
305 pinfo->desegment_offset = chunk_offset;
306 pinfo->desegment_len = 0;
307 done_chunking = TRUE;
310 * Skip to the next chunk if we
313 if (reported_length_remaining >
316 next_offset = chunk_offset
320 * Fetch this chunk, plus the
323 pinfo->desegment_offset = offset;
324 pinfo->desegment_len =
326 reported_length_remaining;
337 * No further desegmentation needed.