2 * Routines for HTTP packet disassembly
4 * Guy Harris <guy@netapp.com>
6 * $Id: packet-http.c,v 1.12 1999/12/06 20:27:19 guy Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@zing.org>
10 * Copyright 1998 Gerald Combs
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 #include <sys/types.h>
44 static int proto_http = -1;
45 static int hf_http_response = -1;
46 static int hf_http_request = -1;
48 static gint ett_http = -1;
50 static proto_tree *http_tree;
52 static int is_http_request_or_reply(const u_char *data, int linelen);
54 void dissect_http(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
56 gboolean is_ipp = (pi.srcport == 631 || pi.destport == 631);
58 const u_char *data, *dataend;
59 const u_char *linep, *lineend, *eol;
64 dataend = data + END_OF_FRAME;
66 if (check_col(fd, COL_PROTOCOL))
67 col_add_str(fd, COL_PROTOCOL, is_ipp ? "IPP" : "HTTP");
68 if (check_col(fd, COL_INFO)) {
70 * Put the first line from the buffer into the summary,
71 * if it's an HTTP request or reply.
72 * Otherwise, just call it a continuation.
74 lineend = find_line_end(data, dataend, &eol);
75 linelen = lineend - data;
76 if (is_http_request_or_reply(data, linelen))
77 col_add_str(fd, COL_INFO, format_text(data, linelen));
79 col_add_str(fd, COL_INFO, "Continuation");
83 ti = proto_tree_add_item(tree, proto_http, offset, END_OF_FRAME, NULL);
84 http_tree = proto_item_add_subtree(ti, ett_http);
86 while (data < dataend) {
88 * Find the end of the line.
90 lineend = find_line_end(data, dataend, &eol);
91 linelen = lineend - data;
94 * OK, does it look like an HTTP request or
97 if (is_http_request_or_reply(data, linelen))
101 * No. Does it look like a blank line (as would
102 * appear at the end of an HTTP request)?
109 if (strncmp(data, "\r\n", 2) == 0 ||
110 strncmp(data, "\n\r", 2) == 0)
115 * No. Does it look like a MIME header?
118 while (linep < lineend) {
121 break; /* not printable, not a MIME header */
141 * It's a tspecial, so it's not
142 * part of a token, so it's not
143 * a field name for the beginning
150 * This ends the token; we consider
151 * this to be a MIME header.
159 * We don't consider this part of an HTTP request or
160 * reply, so we don't display it.
161 * (Yeah, that means we don't display, say, a
162 * text/http page, but you can get that from the
171 proto_tree_add_text(http_tree, offset, linelen, "%s",
172 format_text(data, linelen));
177 if (data < dataend) {
179 dissect_ipp(pd, offset, fd, tree);
181 dissect_data(&pd[offset], offset, fd, http_tree);
187 * XXX - this won't handle HTTP 0.9 replies, but they're all data
191 is_http_request_or_reply(const u_char *data, int linelen)
194 if (strncasecmp(data, "GET", 3) == 0 ||
195 strncasecmp(data, "PUT", 3) == 0) {
196 proto_tree_add_item_hidden(http_tree,
197 hf_http_request, 0, 0, 1);
202 if (strncasecmp(data, "HEAD", 4) == 0 ||
203 strncasecmp(data, "POST", 4) == 0) {
204 proto_tree_add_item_hidden(http_tree,
205 hf_http_request, 0, 0, 1);
210 if (strncasecmp(data, "TRACE", 5) == 0)
212 if (strncasecmp(data, "HTTP/", 5) == 0) {
213 proto_tree_add_item_hidden(http_tree,
214 hf_http_response, 0, 0, 1);
215 return TRUE; /* response */
219 if (strncasecmp(data, "DELETE", 6) == 0) {
220 proto_tree_add_item_hidden(http_tree,
221 hf_http_request, 0, 0, 1);
226 if (strncasecmp(data, "OPTIONS", 7) == 0) {
227 proto_tree_add_item_hidden(http_tree,
228 hf_http_request, 0, 0, 1);
233 if (strncasecmp(data, "CONNECT", 7) == 0) {
234 proto_tree_add_item_hidden(http_tree,
235 hf_http_request, 0, 0, 1);
243 proto_register_http(void)
246 static hf_register_info hf[] = {
248 { "Response", "http.response",
249 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
250 "TRUE if HTTP response" }},
252 { "Request", "http.request",
253 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
254 "TRUE if HTTP request (GET, PUT, HEAD, POST)" }},
256 static gint *ett[] = {
260 proto_http = proto_register_protocol("Hypertext Transfer Protocol", "http");
261 proto_register_field_array(proto_http, hf, array_length(hf));
262 proto_register_subtree_array(ett, array_length(ett));
git.samba.org / obnox / wireshark / wip.git / blob