#include "config.h"
#endif
+#include <stdlib.h>
#include <string.h>
#include <ctype.h>
+#include <errno.h>
#include <glib.h>
#include <epan/conversation.h>
#include <epan/base64.h>
#include <epan/emem.h>
#include <epan/stats_tree.h>
-#include <epan/ws_strsplit.h>
#include <epan/req_resp_hdrs.h>
#include "packet-http.h"
#include "packet-tcp.h"
+#include "packet-ssl.h"
#include <epan/prefs.h>
#include <epan/expert.h>
+#include <epan/uat.h>
typedef enum _http_type {
HTTP_REQUEST,
#include <epan/tap.h>
+
static int http_tap = -1;
+static int http_eo_tap = -1;
static int proto_http = -1;
static int hf_http_notification = -1;
static int hf_http_basic = -1;
static int hf_http_request_method = -1;
static int hf_http_request_uri = -1;
+static int hf_http_request_full_uri = -1;
static int hf_http_version = -1;
static int hf_http_response_code = -1;
+static int hf_http_response_phrase = -1;
static int hf_http_authorization = -1;
static int hf_http_proxy_authenticate = -1;
static int hf_http_proxy_authorization = -1;
+static int hf_http_proxy_connect_host = -1;
+static int hf_http_proxy_connect_port = -1;
static int hf_http_www_authenticate = -1;
static int hf_http_content_type = -1;
+static int hf_http_content_length_header = -1;
static int hf_http_content_length = -1;
static int hf_http_content_encoding = -1;
static int hf_http_transfer_encoding = -1;
static gint ett_http = -1;
static gint ett_http_ntlmssp = -1;
+static gint ett_http_kerberos = -1;
static gint ett_http_request = -1;
static gint ett_http_chunked_response = -1;
static gint ett_http_chunk_data = -1;
static gint ett_http_encoded_entity = -1;
+static gint ett_http_header_item = -1;
static dissector_handle_t data_handle;
static dissector_handle_t media_handle;
static dissector_handle_t http_handle;
+/* Stuff for generation/handling of fields for custom HTTP headers */
+typedef struct _header_field_t {
+ gchar* header_name;
+ gchar* header_desc;
+} header_field_t;
+
+static header_field_t* header_fields = NULL;
+static guint num_header_fields = 0;
+
+static GHashTable* header_fields_hash = NULL;
+
+static void
+header_fields_update_cb(void* r, const char** err)
+{
+ header_field_t* rec = r;
+
+ if (rec->header_name == NULL) {
+ *err = ep_strdup_printf("Header name can't be empty");
+ } else {
+ g_strstrip(rec->header_name);
+ if (rec->header_name[0] != 0) {
+ *err = NULL;
+ } else {
+ *err = ep_strdup_printf("Header name can't be empty");
+ }
+ }
+}
+
+static void *
+header_fields_copy_cb(void* n, const void* o, size_t siz _U_)
+{
+ header_field_t* new_rec = n;
+ const header_field_t* old_rec = o;
+
+ if (old_rec->header_name) {
+ new_rec->header_name = g_strdup(old_rec->header_name);
+ } else {
+ new_rec->header_name = NULL;
+ }
+
+ if (old_rec->header_desc) {
+ new_rec->header_desc = g_strdup(old_rec->header_desc);
+ } else {
+ new_rec->header_desc = NULL;
+ }
+
+ return new_rec;
+}
+
+static void
+header_fields_free_cb(void*r)
+{
+ header_field_t* rec = r;
+
+ if (rec->header_name) g_free(rec->header_name);
+ if (rec->header_desc) g_free(rec->header_desc);
+}
+
+UAT_CSTRING_CB_DEF(header_fields, header_name, header_field_t)
+UAT_CSTRING_CB_DEF(header_fields, header_desc, header_field_t)
+
/*
* desegmentation of HTTP headers
* (when we are over TCP or another protocol providing the desegmentation API)
static gboolean http_decompress_body = FALSE;
#endif
-
-#define TCP_PORT_HTTP 80
-#define TCP_PORT_PROXY_HTTP 3128
-#define TCP_PORT_PROXY_ADMIN_HTTP 3132
-#define TCP_ALT_PORT_HTTP 8080
-#define TCP_RADAN_HTTP 8088
-#define TCP_PORT_HKP 11371
#define TCP_PORT_DAAP 3689
/*
#define UDP_PORT_SSDP 1900
/*
- * tcp alternate port
+ * tcp and ssl ports
*/
-static guint http_alternate_tcp_port = 0;
-static guint alternate_tcp_port = 0;
-/*
- * Protocols implemented atop HTTP.
- */
-typedef enum {
- PROTO_HTTP, /* just HTTP */
- PROTO_SSDP, /* Simple Service Discovery Protocol */
- PROTO_DAAP /* Digital Audio Access Protocol */
-} http_proto_t;
+#define TCP_DEFAULT_RANGE "80,3128,3132,5985,8080,8088,11371,1900,2869"
+#define SSL_DEFAULT_RANGE "443"
+
+static range_t *global_http_tcp_range = NULL;
+static range_t *global_http_ssl_range = NULL;
+
+static range_t *http_tcp_range = NULL;
+static range_t *http_ssl_range = NULL;
typedef void (*ReqRespDissector)(tvbuff_t*, proto_tree*, int, const guchar*,
- const guchar*);
+ const guchar*, http_conv_t *);
/*
* Structure holding information from headers needed by main
char *content_type;
char *content_type_parameters;
gboolean have_content_length;
- long content_length; /* XXX - make it 64-bit? */
+ gint64 content_length;
char *content_encoding;
char *transfer_encoding;
} headers_t;
static int is_http_request_or_reply(const gchar *data, int linelen,
- http_type_t *type, ReqRespDissector *reqresp_dissector);
+ http_type_t *type, ReqRespDissector
+ *reqresp_dissector, http_conv_t *conv_data);
static int chunked_encoding_dissector(tvbuff_t **tvb_ptr, packet_info *pinfo,
- proto_tree *tree, int offset);
-static void http_payload_subdissector(tvbuff_t *next_tvb, proto_tree *tree, proto_tree *sub_tree, packet_info *pinfo);
+ proto_tree *tree, int offset);
static void process_header(tvbuff_t *tvb, int offset, int next_offset,
- const guchar *line, int linelen, int colon_offset, packet_info *pinfo,
- proto_tree *tree, headers_t *eh_ptr);
+ const guchar *line, int linelen, int colon_offset,
+ packet_info *pinfo, proto_tree *tree,
+ headers_t *eh_ptr, http_conv_t *conv_data);
static gint find_header_hf_value(tvbuff_t *tvb, int offset, guint header_len);
static gboolean check_auth_ntlmssp(proto_item *hdr_item, tvbuff_t *tvb,
- packet_info *pinfo, gchar *value);
+ packet_info *pinfo, gchar *value);
static gboolean check_auth_basic(proto_item *hdr_item, tvbuff_t *tvb,
- gchar *value);
+ gchar *value);
+static gboolean check_auth_kerberos(proto_item *hdr_item, tvbuff_t *tvb,
+ packet_info *pinfo, const gchar *value);
static dissector_table_t port_subdissector_table;
static dissector_table_t media_type_subdissector_table;
static heur_dissector_list_t heur_subdissector_list;
-static dissector_handle_t ntlmssp_handle=NULL;
-static dissector_handle_t gssapi_handle=NULL;
+static dissector_handle_t ntlmssp_handle;
+static dissector_handle_t gssapi_handle;
static const value_string vals_status_code[] = {
{ 100, "Continue" },
{ 415, "Unsupported Media Type"},
{ 416, "Requested Range Not Satisfiable"},
{ 417, "Expectation Failed"},
+ { 418, "I'm a teapot"}, /* RFC 2324 */
{ 422, "Unprocessable Entity"},
{ 423, "Locked"},
{ 424, "Failed Dependency"},
static int st_node_resps_by_srv_addr = -1;
/* HTTP/Load Distribution stats init function */
-static void http_reqs_stats_tree_init(stats_tree* st) {
+static void
+http_reqs_stats_tree_init(stats_tree* st)
+{
st_node_reqs = stats_tree_create_node(st, st_str_reqs, 0, TRUE);
st_node_reqs_by_srv_addr = stats_tree_create_node(st, st_str_reqs_by_srv_addr, st_node_reqs, TRUE);
st_node_reqs_by_http_host = stats_tree_create_node(st, st_str_reqs_by_http_host, st_node_reqs, TRUE);
}
/* HTTP/Load Distribution stats packet function */
-static int http_reqs_stats_tree_packet(stats_tree* st, packet_info* pinfo, epan_dissect_t* edt _U_, const void* p) {
+static int
+http_reqs_stats_tree_packet(stats_tree* st, packet_info* pinfo, epan_dissect_t* edt _U_, const void* p)
+{
const http_info_value_t* v = p;
int reqs_by_this_host;
int reqs_by_this_addr;
int resps_by_this_addr;
int i = v->response_code;
- static gchar ip_str[256];
+ gchar *ip_str;
if (v->request_method) {
- g_snprintf(ip_str,sizeof(ip_str),"%s",address_to_str(&pinfo->dst));
+ ip_str = ep_address_to_str(&pinfo->dst);
tick_stat_node(st, st_str_reqs, 0, FALSE);
tick_stat_node(st, st_str_reqs_by_srv_addr, st_node_reqs, TRUE);
return 1;
} else if (i != 0) {
- g_snprintf(ip_str,sizeof(ip_str),"%s",address_to_str(&pinfo->src));
+ ip_str = ep_address_to_str(&pinfo->src);
tick_stat_node(st, st_str_resps_by_srv_addr, 0, FALSE);
resps_by_this_addr = tick_stat_node(st, ip_str, st_node_resps_by_srv_addr, TRUE);
static int st_node_requests_by_host = -1;
-static const guint8* st_str_requests_by_host = "HTTP Requests by HTTP Host";
+static const gchar *st_str_requests_by_host = "HTTP Requests by HTTP Host";
/* HTTP/Requests stats init function */
-static void http_req_stats_tree_init(stats_tree* st) {
+static void
+http_req_stats_tree_init(stats_tree* st)
+{
st_node_requests_by_host = stats_tree_create_node(st, st_str_requests_by_host, 0, TRUE);
}
/* HTTP/Requests stats packet function */
-static int http_req_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p) {
+static int
+http_req_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p)
+{
const http_info_value_t* v = p;
int reqs_by_this_host;
return 0;
}
-static const guint8* st_str_packets = "Total HTTP Packets";
-static const guint8* st_str_requests = "HTTP Request Packets";
-static const guint8* st_str_responses = "HTTP Response Packets";
-static const guint8* st_str_resp_broken = "???: broken";
-static const guint8* st_str_resp_100 = "1xx: Informational";
-static const guint8* st_str_resp_200 = "2xx: Success";
-static const guint8* st_str_resp_300 = "3xx: Redirection";
-static const guint8* st_str_resp_400 = "4xx: Client Error";
-static const guint8* st_str_resp_500 = "5xx: Server Error";
-static const guint8* st_str_other = "Other HTTP Packets";
+static const gchar *st_str_packets = "Total HTTP Packets";
+static const gchar *st_str_requests = "HTTP Request Packets";
+static const gchar *st_str_responses = "HTTP Response Packets";
+static const gchar *st_str_resp_broken = "???: broken";
+static const gchar *st_str_resp_100 = "1xx: Informational";
+static const gchar *st_str_resp_200 = "2xx: Success";
+static const gchar *st_str_resp_300 = "3xx: Redirection";
+static const gchar *st_str_resp_400 = "4xx: Client Error";
+static const gchar *st_str_resp_500 = "5xx: Server Error";
+static const gchar *st_str_other = "Other HTTP Packets";
static int st_node_packets = -1;
static int st_node_requests = -1;
/* HTTP/Packet Counter stats init function */
-static void http_stats_tree_init(stats_tree* st) {
+static void
+http_stats_tree_init(stats_tree* st)
+{
st_node_packets = stats_tree_create_node(st, st_str_packets, 0, TRUE);
st_node_requests = stats_tree_create_pivot(st, st_str_requests, st_node_packets);
st_node_responses = stats_tree_create_node(st, st_str_responses, st_node_packets, TRUE);
}
/* HTTP/Packet Counter stats packet function */
-static int http_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p) {
+static int
+http_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p)
+{
const http_info_value_t* v = p;
guint i = v->response_code;
int resp_grp;
- const guint8* resp_str;
- static gchar str[64];
+ const gchar *resp_str;
+ gchar str[64];
tick_stat_node(st, st_str_packets, 0, FALSE);
tick_stat_node(st, resp_str, st_node_responses, FALSE);
- g_snprintf(str, sizeof(str),"%u %s",i,match_strval(i,vals_status_code));
+ g_snprintf(str, sizeof(str), "%u %s", i,
+ val_to_str(i, vals_status_code, "Unknown (%d)"));
tick_stat_node(st, str, resp_grp, FALSE);
} else if (v->request_method) {
stats_tree_tick_pivot(st,st_node_requests,v->request_method);
return 1;
}
-/* Return a tvb that contains the binary representation of a base64
- string */
-
-static tvbuff_t *
-base64_to_tvb(const char *base64)
-{
- tvbuff_t *tvb;
- char *data = g_strdup(base64);
- size_t len;
-
- len = epan_base64_decode(data);
- tvb = tvb_new_real_data((const guint8 *)data, len, len);
-
- tvb_set_free_cb(tvb, g_free);
-
- return tvb;
-}
-
static void
dissect_http_ntlmssp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
- const char *line)
+ const char *line)
{
tvbuff_t *ntlmssp_tvb;
- ntlmssp_tvb = base64_to_tvb(line);
- tvb_set_child_real_data_tvbuff(tvb, ntlmssp_tvb);
+ ntlmssp_tvb = base64_to_tvb(tvb, line);
add_new_data_source(pinfo, ntlmssp_tvb, "NTLMSSP / GSSAPI Data");
if (tvb_strneql(ntlmssp_tvb, 0, "NTLMSSP", 7) == 0)
call_dissector(ntlmssp_handle, ntlmssp_tvb, pinfo, tree);
call_dissector(gssapi_handle, ntlmssp_tvb, pinfo, tree);
}
+static void
+dissect_http_kerberos(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
+ const char *line)
+{
+ tvbuff_t *kerberos_tvb;
+
+ kerberos_tvb = base64_to_tvb(tvb, line + 9); /* skip 'Kerberos ' which is 9 chars */
+ add_new_data_source(pinfo, kerberos_tvb, "Kerberos Data");
+ call_dissector(gssapi_handle, kerberos_tvb, pinfo, tree);
+
+}
+
+
+static http_conv_t *
+get_http_conversation_data(packet_info *pinfo)
+{
+ conversation_t *conversation;
+ http_conv_t *conv_data;
+
+ conversation = find_or_create_conversation(pinfo);
+
+ /* Retrieve information from conversation
+ * or add it if it isn't there yet
+ */
+ conv_data = conversation_get_proto_data(conversation, proto_http);
+ if(!conv_data) {
+ /* Setup the conversation structure itself */
+ conv_data = se_alloc0(sizeof(http_conv_t));
+
+ conversation_add_proto_data(conversation, proto_http,
+ conv_data);
+ }
+
+ return conv_data;
+}
+
/*
* TODO: remove this ugly global variable.
* XXX: do we really want to have to pass this from one function to another?
static int
dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo,
- proto_tree *tree)
+ proto_tree *tree, http_conv_t *conv_data)
{
- http_proto_t proto;
const char *proto_tag;
proto_tree *http_tree = NULL;
proto_item *ti = NULL;
+ proto_item *hidden_item;
const guchar *line;
gint next_offset;
const guchar *linep, *lineend;
int datalen;
int reported_datalen = -1;
dissector_handle_t handle;
- gboolean dissected;
+ gboolean dissected = FALSE;
/*guint i;*/
/*http_info_value_t *si;*/
- conversation_t *conversation;
+ http_eo_t *eo_info;
/*
* Is this a request or response?
line = tvb_get_ptr(tvb, offset, first_linelen);
http_type = HTTP_OTHERS; /* type not known yet */
is_request_or_reply = is_http_request_or_reply((const gchar *)line,
- first_linelen, &http_type, NULL);
+ first_linelen, &http_type, NULL, conv_data);
if (is_request_or_reply) {
/*
* Yes, it's a request or response.
}
}
- conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
-
- if(!conversation) { /* Conversation does not exist yet - create it */
- conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
- }
-
- /* Retrieve information from conversation
- * or add it if it isn't there yet
- */
- stat_info = conversation_get_proto_data(conversation, proto_http);
- if(!stat_info) {
- stat_info = se_alloc(sizeof(http_info_value_t));
- stat_info->response_code = 0;
- stat_info->request_method = NULL;
- stat_info->request_uri = NULL;
- stat_info->http_host = NULL;
-
- conversation_add_proto_data(conversation, proto_http, stat_info);
- }
+ stat_info = ep_alloc(sizeof(http_info_value_t));
+ stat_info->framenum = pinfo->fd->num;
+ stat_info->response_code = 0;
+ stat_info->request_method = NULL;
+ stat_info->request_uri = NULL;
+ stat_info->http_host = NULL;
- switch (pinfo->match_port) {
+ switch (pinfo->match_uint) {
case TCP_PORT_SSDP: /* TCP_PORT_SSDP = UDP_PORT_SSDP */
- proto = PROTO_SSDP;
proto_tag = "SSDP";
break;
case TCP_PORT_DAAP:
- proto = PROTO_DAAP;
proto_tag = "DAAP";
break;
default:
- proto = PROTO_HTTP;
proto_tag = "HTTP";
break;
}
* is not longer than what's in the buffer, so the
* "tvb_get_ptr()" call won't throw an exception.
*/
- line = tvb_get_ptr(tvb, offset, first_linelen);
- if (is_request_or_reply)
- col_add_str(pinfo->cinfo, COL_INFO,
- format_text(line, first_linelen));
+ if (is_request_or_reply) {
+ line = tvb_get_ptr(tvb, offset, first_linelen);
+ col_add_fstr(pinfo->cinfo, COL_INFO, "%s ", format_text(line, first_linelen));
+ }
else
col_set_str(pinfo->cinfo, COL_INFO, "Continuation or non-HTTP traffic");
}
*/
http_type = HTTP_OTHERS; /* type not known yet */
headers.content_type = NULL; /* content type not known yet */
- stat_info->content_type = NULL; /* Reset for each packet */
headers.content_type_parameters = NULL; /* content type parameters too */
headers.have_content_length = FALSE; /* content length not known yet */
+ headers.content_length = 0; /* content length set to 0 (avoid a gcc warning) */
headers.content_encoding = NULL; /* content encoding not known yet */
headers.transfer_encoding = NULL; /* transfer encoding not known yet */
saw_req_resp_or_header = FALSE; /* haven't seen anything yet */
reqresp_dissector = NULL;
is_request_or_reply =
is_http_request_or_reply((const gchar *)line,
- linelen, &http_type, &reqresp_dissector);
+ linelen, &http_type, &reqresp_dissector, conv_data);
if (is_request_or_reply)
goto is_http;
*/
saw_req_resp_or_header = TRUE;
if (is_request_or_reply) {
+ char *text = tvb_format_text(tvb, offset, next_offset - offset);
if (tree) {
hdr_item = proto_tree_add_text(http_tree, tvb,
- offset, next_offset - offset, "%s",
- tvb_format_text(tvb, offset,
- next_offset - offset));
+ offset, next_offset - offset, "%s", text);
}
- expert_add_info_format(pinfo, hdr_item, PI_SEQUENCE, PI_CHAT,
- "%s",
- tvb_format_text(tvb, offset, next_offset - offset));
+ expert_add_info_format(pinfo, hdr_item, PI_SEQUENCE, PI_CHAT, "%s", text);
if (reqresp_dissector) {
if (tree) req_tree = proto_item_add_subtree(hdr_item, ett_http_request);
else req_tree = NULL;
- reqresp_dissector(tvb, req_tree, offset, line, lineend);
+ reqresp_dissector(tvb, req_tree, offset, line,
+ lineend, conv_data);
}
+
} else {
/*
* Header.
*/
process_header(tvb, offset, next_offset, line, linelen,
- colon_offset, pinfo, http_tree, &headers);
+ colon_offset, pinfo, http_tree, &headers, conv_data);
}
offset = next_offset;
}
+ if (tree && stat_info->http_host && stat_info->request_uri) {
+ proto_item *e_ti;
+ size_t size = strlen("http://") + strlen(stat_info->http_host)
+ + strlen(stat_info->request_uri) + 1;
+ char *uri = ep_alloc(size);
+
+ g_snprintf(uri, (gulong)size, "%s://%s%s",
+ "http", /* XXX, https? */
+ stat_info->http_host, stat_info->request_uri);
+
+ e_ti = proto_tree_add_string(http_tree,
+ hf_http_request_full_uri, tvb, 0,
+ 0, uri);
+
+ PROTO_ITEM_SET_URL(e_ti);
+ PROTO_ITEM_SET_GENERATED(e_ti);
+ }
+
if (tree) {
switch (http_type) {
case HTTP_NOTIFICATION:
- proto_tree_add_boolean_hidden(http_tree,
- hf_http_notification, tvb, 0, 0, 1);
+ hidden_item = proto_tree_add_boolean(http_tree,
+ hf_http_notification, tvb, 0, 0, 1);
+ PROTO_ITEM_SET_HIDDEN(hidden_item);
break;
case HTTP_RESPONSE:
- proto_tree_add_boolean_hidden(http_tree,
- hf_http_response, tvb, 0, 0, 1);
+ hidden_item = proto_tree_add_boolean(http_tree,
+ hf_http_response, tvb, 0, 0, 1);
+ PROTO_ITEM_SET_HIDDEN(hidden_item);
break;
case HTTP_REQUEST:
- proto_tree_add_boolean_hidden(http_tree,
- hf_http_request, tvb, 0, 0, 1);
+ hidden_item = proto_tree_add_boolean(http_tree,
+ hf_http_request, tvb, 0, 0, 1);
+ PROTO_ITEM_SET_HIDDEN(hidden_item);
break;
case HTTP_OTHERS:
datalen = tvb_length_remaining(tvb, offset);
if (headers.have_content_length && headers.content_length != -1) {
if (datalen > headers.content_length)
- datalen = headers.content_length;
+ datalen = (int)headers.content_length;
/*
* XXX - limit the reported length in the tvbuff we'll
*/
reported_datalen = tvb_reported_length_remaining(tvb, offset);
if (reported_datalen > headers.content_length)
- reported_datalen = headers.content_length;
+ reported_datalen = (int)headers.content_length;
} else {
switch (http_type) {
*/
tvbuff_t *next_tvb;
void *save_private_data = NULL;
+ gboolean private_data_changed = FALSE;
gint chunks_decoded = 0;
/*
* Handle *transfer* encodings other than "identity".
*/
if (headers.transfer_encoding != NULL &&
- strcasecmp(headers.transfer_encoding, "identity") != 0) {
+ g_ascii_strcasecmp(headers.transfer_encoding, "identity") != 0) {
if (http_dechunk_body &&
- (strncasecmp(headers.transfer_encoding, "chunked", 7)
+ (g_ascii_strncasecmp(headers.transfer_encoding, "chunked", 7)
== 0)) {
chunks_decoded = chunked_encoding_dissector(
* we handle it in any case).
*/
if (headers.content_encoding != NULL &&
- strcasecmp(headers.content_encoding, "identity") != 0) {
+ g_ascii_strcasecmp(headers.content_encoding, "identity") != 0) {
/*
* We currently can't handle, for example, "compress";
* just handle them as data for now.
proto_tree *e_tree = NULL;
if (http_decompress_body &&
- (strcasecmp(headers.content_encoding, "gzip") == 0 ||
- strcasecmp(headers.content_encoding, "deflate")
- == 0)) {
-
- uncomp_tvb = tvb_uncompress(next_tvb, 0,
+ (g_ascii_strcasecmp(headers.content_encoding, "gzip") == 0 ||
+ g_ascii_strcasecmp(headers.content_encoding, "deflate") == 0 ||
+ g_ascii_strcasecmp(headers.content_encoding, "x-gzip") == 0 ||
+ g_ascii_strcasecmp(headers.content_encoding, "x-deflate") == 0))
+ {
+ uncomp_tvb = tvb_child_uncompress(tvb, next_tvb, 0,
tvb_length(next_tvb));
}
0, tvb_length(next_tvb),
"Content-encoded entity body (%s): %u bytes",
headers.content_encoding,
- tvb_length(next_tvb));
+ tvb_length(next_tvb));
e_tree = proto_item_add_subtree(e_ti,
ett_http_encoded_entity);
*
tvb_free(next_tvb);
*/
- proto_item_append_text(e_ti, " -> %u bytes", tvb_length(uncomp_tvb));
+ proto_item_append_text(e_ti, " -> %u bytes", tvb_length(uncomp_tvb));
next_tvb = uncomp_tvb;
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
add_new_data_source(pinfo, next_tvb,
"Uncompressed entity body");
} else {
- if (chunks_decoded > 1) {
- tvb_set_child_real_data_tvbuff(tvb,
- next_tvb);
- add_new_data_source(pinfo, next_tvb,
- "Compressed entity body");
- }
+ proto_item_append_text(e_ti, " [Error: Decompression failed]");
call_dissector(data_handle, next_tvb, pinfo,
e_tree);
* only if it was content-encoded and/or transfer-encoded.
*/
+ /* Save values for the Export Object GUI feature if we have
+ * an active listener to process it (which happens when
+ * the export object window is open). */
+ if(have_tap_listener(http_eo_tap)) {
+ eo_info = ep_alloc(sizeof(http_eo_t));
+
+ eo_info->hostname = conv_data->http_host;
+ eo_info->filename = conv_data->request_uri;
+ eo_info->content_type = headers.content_type;
+ eo_info->payload_len = tvb_length(next_tvb);
+ eo_info->payload_data = tvb_get_ptr(next_tvb, 0, eo_info->payload_len);
+
+ tap_queue_packet(http_eo_tap, pinfo, eo_info);
+ }
+
/*
* Do subdissector checks.
*
* be called if something was on some particular port.
*/
- /* Save values for the Export Object GUI feature */
- stat_info->content_type = se_strdup(headers.content_type);
- stat_info->payload_len = next_tvb->length;
- stat_info->payload_data = se_memdup(next_tvb->real_data,
- next_tvb->length);
-
- handle = dissector_get_port_handle(port_subdissector_table,
- pinfo->match_port);
+ handle = dissector_get_uint_handle(port_subdissector_table,
+ pinfo->match_uint);
if (handle == NULL && headers.content_type != NULL) {
/*
* We didn't find any subdissector that
* for that content type?
*/
save_private_data = pinfo->private_data;
+ private_data_changed = TRUE;
if (headers.content_type_parameters)
pinfo->private_data = ep_strdup(headers.content_type_parameters);
handle = dissector_get_string_handle(
media_type_subdissector_table,
headers.content_type);
+ if (handle == NULL &&
+ !strncmp(headers.content_type, "multipart/", sizeof("multipart/")-1)) {
+ /* Try to decode the unknown multipart subtype anyway */
+ handle = dissector_get_string_handle(
+ media_type_subdissector_table,
+ "multipart/");
+ }
}
+
if (handle != NULL) {
/*
* We have a subdissector - call it.
*/
- dissected = call_dissector(handle, next_tvb, pinfo,
- tree);
- } else {
+ dissected = call_dissector_only(handle, next_tvb, pinfo, tree);
+ if (!dissected)
+ expert_add_info_format(pinfo, http_tree, PI_MALFORMED, PI_NOTE,
+ "HTTP body subdissector failed, trying heuristic subdissector");
+ }
+
+ if (!dissected) {
/*
- * We don't have a subdissector - try the heuristic
- * subdissectors.
+ * We don't have a subdissector or we have one and it did not
+ * dissect the payload - try the heuristic subdissectors.
*/
- dissected = dissector_try_heuristic(
- heur_subdissector_list, next_tvb, pinfo, tree);
+ dissected = dissector_try_heuristic(heur_subdissector_list,
+ next_tvb, pinfo, tree);
}
+
if (dissected) {
/*
* The subdissector dissected the body.
*/
call_dissector(media_handle, next_tvb, pinfo, tree);
} else {
- /* Call the subdissector (defaults to data), otherwise. */
- http_payload_subdissector(next_tvb, tree, http_tree, pinfo);
+ /* Call the default data dissector */
+ call_dissector(data_handle, next_tvb, pinfo, http_tree);
}
}
* Do *not* attempt at freeing the private data;
* it may be in use by subdissectors.
*/
- if (save_private_data)
+ if (private_data_changed) /*restore even NULL value*/
pinfo->private_data = save_private_data;
/*
* We've processed "datalen" bytes worth of data
*/
static void
basic_request_dissector(tvbuff_t *tvb, proto_tree *tree, int offset,
- const guchar *line, const guchar *lineend)
+ const guchar *line, const guchar *lineend,
+ http_conv_t *conv_data)
{
const guchar *next_token;
+ gchar *request_uri;
int tokenlen;
/* The first token is the method. */
if (tokenlen == 0)
return;
proto_tree_add_item(tree, hf_http_request_method, tvb, offset, tokenlen,
- FALSE);
- offset += next_token - line;
+ FALSE);
+ if ((next_token - line) > 2 && next_token[-1] == ' ' && next_token[-2] == ' ') {
+ /* Two spaces in a now indicates empty URI, so roll back one here */
+ next_token--;
+ }
+ offset += (int) (next_token - line);
line = next_token;
/* The next token is the URI. */
tokenlen = get_token_len(line, lineend, &next_token);
- if (tokenlen == 0)
- return;
- stat_info->request_uri = se_strdup((gchar*) tvb_get_ephemeral_string(tvb, offset, tokenlen));
+
+ /* Save the request URI for various later uses */
+ request_uri = (gchar *)tvb_get_ephemeral_string(tvb, offset, tokenlen);
+ stat_info->request_uri = ep_strdup(request_uri);
+ conv_data->request_uri = se_strdup(request_uri);
+
proto_tree_add_string(tree, hf_http_request_uri, tvb, offset, tokenlen,
- stat_info->request_uri);
- offset += next_token - line;
+ request_uri);
+ offset += (int) (next_token - line);
line = next_token;
/* Everything to the end of the line is the version. */
- tokenlen = lineend - line;
- if (tokenlen == 0)
- return;
+ tokenlen = (int) (lineend - line);
proto_tree_add_item(tree, hf_http_version, tvb, offset, tokenlen,
FALSE);
}
static void
basic_response_dissector(tvbuff_t *tvb, proto_tree *tree, int offset,
- const guchar *line, const guchar *lineend)
+ const guchar *line, const guchar *lineend,
+ http_conv_t *conv_data _U_)
{
const guchar *next_token;
int tokenlen;
- gchar response_chars[4];
+ gchar response_code_chars[4];
- /* The first token is the version. */
+ /*
+ * The first token is the HTTP Version.
+ */
tokenlen = get_token_len(line, lineend, &next_token);
if (tokenlen == 0)
return;
proto_tree_add_item(tree, hf_http_version, tvb, offset, tokenlen,
- FALSE);
- offset += next_token - line;
+ FALSE);
+ /* Advance to the start of the next token. */
+ offset += (int) (next_token - line);
line = next_token;
- /* The next token is the status code. */
+ /*
+ * The second token is the Status Code.
+ */
tokenlen = get_token_len(line, lineend, &next_token);
if (tokenlen < 3)
return;
- memcpy(response_chars, line, 3);
- response_chars[3] = '\0';
- stat_info->response_code = strtoul(response_chars,NULL,10);
+ /* The Status Code characters must be copied into a null-terminated
+ * buffer for strtoul() to parse them into an unsigned integer value.
+ */
+ memcpy(response_code_chars, line, 3);
+ response_code_chars[3] = '\0';
+
+ stat_info->response_code = conv_data->response_code =
+ strtoul(response_code_chars, NULL, 10);
proto_tree_add_uint(tree, hf_http_response_code, tvb, offset, 3,
- stat_info->response_code);
+ stat_info->response_code);
+
+ /* Advance to the start of the next token. */
+ offset += (int) (next_token - line);
+ line = next_token;
+
+ /*
+ * The remaining tokens in the line comprise the Reason Phrase.
+ */
+ tokenlen = (int) (lineend - line);
+ if (tokenlen < 1)
+ return;
+ proto_tree_add_item(tree, hf_http_response_phrase, tvb, offset,
+ tokenlen, FALSE);
+
}
/*
*/
static int
chunked_encoding_dissector(tvbuff_t **tvb_ptr, packet_info *pinfo,
- proto_tree *tree, int offset)
+ proto_tree *tree, int offset)
{
guint8 *chunk_string = NULL;
guint32 chunk_size = 0;
if (tree) {
ti = proto_tree_add_text(tree, tvb, offset, datalen,
- "HTTP chunked response");
+ "HTTP chunked response");
subtree = proto_item_add_subtree(ti, ett_http_chunked_response);
}
tvb_memcpy(tvb, (guint8 *)(raw_data + raw_len),
chunk_offset, chunk_size);
- new_tvb = tvb_new_real_data(raw_data,
- chunked_data_size, chunked_data_size);
- tvb_set_free_cb(new_tvb, g_free);
+ /* Don't create a new tvb if we have a single chunk with
+ * a size of zero (meaning it is the end of the chunks). */
+ if(chunked_data_size > 0) {
+ new_tvb = tvb_new_real_data(raw_data,
+ chunked_data_size, chunked_data_size);
+ tvb_set_free_cb(new_tvb, g_free);
+ }
if (subtree) {
"End of chunked encoding");
} else {
chunk_ti = proto_tree_add_text(subtree, tvb,
- offset,
- chunk_offset - offset + chunk_size + 2,
- "Data chunk (%u octets)", chunk_size);
+ offset,
+ chunk_offset - offset + chunk_size + 2,
+ "Data chunk (%u octets)", chunk_size);
}
chunk_subtree = proto_item_add_subtree(chunk_ti,
} else {
/*
* We didn't create a new tvb, so don't allow sub dissectors
- * try to decode the non-existant entity body.
+ * try to decode the non-existent entity body.
*/
chunks_decoded = -1;
}
}
+/* Call a subdissector to handle HTTP CONNECT's traffic */
static void
-http_payload_subdissector(tvbuff_t *next_tvb, proto_tree *tree, proto_tree *sub_tree, packet_info *pinfo)
+http_payload_subdissector(tvbuff_t *tvb, proto_tree *tree,
+ packet_info *pinfo, http_conv_t *conv_data)
{
- /* tree = the main protocol tree that the subdissector would be listed in
- * sub_tree = the http protocol tree
- */
- guint32 *ptr;
- struct tcpinfo *tcpinfo = pinfo->private_data;
- struct tcp_analysis *tcpd=NULL;
+ guint32 *ptr = NULL;
+ guint32 dissect_as, saved_port;
gchar **strings; /* An array for splitting the request URI into hostname and port */
+ proto_item *item;
+ proto_tree *proxy_tree;
- /* Response code 200 means "OK" and strncmp() == 0 means the strings match exactly */
- if(stat_info->request_uri && stat_info->response_code == 200 &&
- stat_info->request_method && strncmp(stat_info->request_method, "CONNECT", 7) == 0) {
+ /* Grab the destination port number from the request URI to find the right subdissector */
+ strings = g_strsplit(conv_data->request_uri, ":", 2);
- /* Call a subdissector to handle HTTP CONNECT's traffic */
- tcpd=get_tcp_conversation_data(pinfo);
+ if(strings[0] != NULL && strings[1] != NULL) {
+ /*
+ * The string was successfuly split in two
+ * Create a proxy-connect subtree
+ */
+ if(tree) {
+ item = proto_tree_add_item(tree, proto_http, tvb, 0, -1, FALSE);
+ proxy_tree = proto_item_add_subtree(item, ett_http);
- /* Grab the destination port number from the request URI to find the right subdissector */
- strings = g_strsplit(stat_info->request_uri, ":", 2);
+ item = proto_tree_add_string(proxy_tree, hf_http_proxy_connect_host,
+ tvb, 0, 0, strings[0]);
+ PROTO_ITEM_SET_GENERATED(item);
+
+ item = proto_tree_add_uint(proxy_tree, hf_http_proxy_connect_port,
+ tvb, 0, 0, strtol(strings[1], NULL, 10) );
+ PROTO_ITEM_SET_GENERATED(item);
+ }
- if(strings[0] != NULL && strings[1] != NULL) { /* The string was successfuly split in two */
- proto_tree_add_text(sub_tree, next_tvb, 0, 0, "Proxy connect hostname: %s", strings[0]);
- proto_tree_add_text(sub_tree, next_tvb, 0, 0, "Proxy connect port: %s", strings[1]);
+ /* We're going to get stuck in a loop if we let process_tcp_payload call
+ us, so call the data dissector instead for proxy connections to http ports. */
+ dissect_as = (int)strtol(strings[1], NULL, 10); /* Convert string to a base-10 integer */
- /* Replaces the pinfo->destport or srcport with the port the http connect was done to by
- * checking to see which is the http port. */
- if (pinfo->destport == TCP_PORT_HTTP || pinfo->destport == TCP_PORT_PROXY_HTTP ||
- pinfo->destport == TCP_PORT_PROXY_ADMIN_HTTP || pinfo->destport == TCP_ALT_PORT_HTTP ||
- pinfo->destport == TCP_RADAN_HTTP || pinfo->destport == TCP_PORT_HKP ||
- pinfo->destport == TCP_PORT_DAAP || pinfo->destport == http_alternate_tcp_port)
+ if (value_is_in_range(http_tcp_range, dissect_as)) {
+ call_dissector(data_handle, tvb, pinfo, tree);
+ } else {
+ /* set pinfo->{src/dst port} and call the TCP sub-dissector lookup */
+ if ( !ptr && value_is_in_range(http_tcp_range, pinfo->destport) )
ptr = &pinfo->destport;
else
ptr = &pinfo->srcport;
- *ptr = (int)strtol(strings[1], NULL, 10); /* Convert string to a base-10 integer */
-
- /* We're going to get stuck in a loop if we call let dissect_tcp_payload call
- us, so call the data dissector instead for proxy connections to http ports. */
- if(*ptr == TCP_PORT_HTTP || *ptr == TCP_PORT_PROXY_HTTP ||
- *ptr == TCP_PORT_PROXY_ADMIN_HTTP || *ptr == TCP_ALT_PORT_HTTP ||
- *ptr == TCP_RADAN_HTTP || *ptr == TCP_PORT_HKP ||
- *ptr == TCP_PORT_DAAP || *ptr == http_alternate_tcp_port) {
- call_dissector(data_handle, next_tvb, pinfo, tree);
- } else {
- dissect_tcp_payload(next_tvb, pinfo, 0, tcpinfo->seq, /* 0 = offset */
- tcpinfo->nxtseq, pinfo->srcport, pinfo->destport,
- tree, tree, tcpd);
- }
+ /* Increase pinfo->can_desegment because we are traversing
+ * http and want to preserve desegmentation functionality for
+ * the proxied protocol
+ */
+ if( pinfo->can_desegment>0 )
+ pinfo->can_desegment++;
+
+ saved_port = *ptr;
+ *ptr = dissect_as;
+ decode_tcp_ports(tvb, 0, pinfo, tree,
+ pinfo->srcport, pinfo->destport, NULL);
+ *ptr = saved_port;
}
-
- g_strfreev(strings); /* Free the result of g_strsplit() above */
-
- } else {
- /* Call the default data dissector */
- call_dissector(data_handle, next_tvb, pinfo, sub_tree);
}
+ g_strfreev(strings); /* Free the result of g_strsplit() above */
}
*/
static int
is_http_request_or_reply(const gchar *data, int linelen, http_type_t *type,
- ReqRespDissector *reqresp_dissector)
+ ReqRespDissector *reqresp_dissector,
+ http_conv_t *conv_data)
{
int isHttpRequestOrReply = FALSE;
- int prefix_len = 0;
/*
* From RFC 2774 - An HTTP Extension Framework
if (linelen >= 2 && strncmp(data, "M-", 2) == 0) {
data += 2;
linelen -= 2;
- prefix_len = 2;
}
/*
*reqresp_dissector = basic_response_dissector;
} else {
const guchar * ptr = (const guchar *)data;
- int index = 0;
+ int indx = 0;
/* Look for the space following the Method */
- while (index < linelen) {
+ while (indx < linelen) {
if (*ptr == ' ')
break;
else {
ptr++;
- index++;
+ indx++;
}
}
/* Check the methods that have same length */
- switch (index) {
+ switch (indx) {
case 3:
- if (strncmp(data, "GET", index) == 0 ||
- strncmp(data, "PUT", index) == 0) {
+ if (strncmp(data, "GET", indx) == 0 ||
+ strncmp(data, "PUT", indx) == 0) {
*type = HTTP_REQUEST;
isHttpRequestOrReply = TRUE;
}
- else if (strncmp(data, "ICY", index) == 0) {
+ else if (strncmp(data, "ICY", indx) == 0) {
*type = HTTP_RESPONSE;
isHttpRequestOrReply = TRUE;
}
break;
case 4:
- if (strncmp(data, "COPY", index) == 0 ||
- strncmp(data, "HEAD", index) == 0 ||
- strncmp(data, "LOCK", index) == 0 ||
- strncmp(data, "MOVE", index) == 0 ||
- strncmp(data, "POLL", index) == 0 ||
- strncmp(data, "POST", index) == 0) {
+ if (strncmp(data, "COPY", indx) == 0 ||
+ strncmp(data, "HEAD", indx) == 0 ||
+ strncmp(data, "LOCK", indx) == 0 ||
+ strncmp(data, "MOVE", indx) == 0 ||
+ strncmp(data, "POLL", indx) == 0 ||
+ strncmp(data, "POST", indx) == 0) {
*type = HTTP_REQUEST;
isHttpRequestOrReply = TRUE;
}
break;
case 5:
- if (strncmp(data, "BCOPY", index) == 0 ||
- strncmp(data, "BMOVE", index) == 0 ||
- strncmp(data, "MKCOL", index) == 0 ||
- strncmp(data, "TRACE", index) == 0 ||
- strncmp(data, "LABEL", index) == 0 || /* RFC 3253 8.2 */
- strncmp(data, "MERGE", index) == 0) { /* RFC 3253 11.2 */
+ if (strncmp(data, "BCOPY", indx) == 0 ||
+ strncmp(data, "BMOVE", indx) == 0 ||
+ strncmp(data, "MKCOL", indx) == 0 ||
+ strncmp(data, "TRACE", indx) == 0 ||
+ strncmp(data, "LABEL", indx) == 0 || /* RFC 3253 8.2 */
+ strncmp(data, "MERGE", indx) == 0) { /* RFC 3253 11.2 */
*type = HTTP_REQUEST;
isHttpRequestOrReply = TRUE;
}
break;
case 6:
- if (strncmp(data, "DELETE", index) == 0 ||
- strncmp(data, "SEARCH", index) == 0 ||
- strncmp(data, "UNLOCK", index) == 0 ||
- strncmp(data, "REPORT", index) == 0 || /* RFC 3253 3.6 */
- strncmp(data, "UPDATE", index) == 0) { /* RFC 3253 7.1 */
+ if (strncmp(data, "DELETE", indx) == 0 ||
+ strncmp(data, "SEARCH", indx) == 0 ||
+ strncmp(data, "UNLOCK", indx) == 0 ||
+ strncmp(data, "REPORT", indx) == 0 || /* RFC 3253 3.6 */
+ strncmp(data, "UPDATE", indx) == 0) { /* RFC 3253 7.1 */
*type = HTTP_REQUEST;
isHttpRequestOrReply = TRUE;
}
- else if (strncmp(data, "NOTIFY", index) == 0) {
+ else if (strncmp(data, "NOTIFY", indx) == 0) {
*type = HTTP_NOTIFICATION;
isHttpRequestOrReply = TRUE;
}
break;
case 7:
- if (strncmp(data, "BDELETE", index) == 0 ||
- strncmp(data, "CONNECT", index) == 0 ||
- strncmp(data, "OPTIONS", index) == 0 ||
- strncmp(data, "CHECKIN", index) == 0) { /* RFC 3253 4.4, 9.4 */
+ if (strncmp(data, "BDELETE", indx) == 0 ||
+ strncmp(data, "CONNECT", indx) == 0 ||
+ strncmp(data, "OPTIONS", indx) == 0 ||
+ strncmp(data, "CHECKIN", indx) == 0) { /* RFC 3253 4.4, 9.4 */
*type = HTTP_REQUEST;
isHttpRequestOrReply = TRUE;
}
break;
case 8:
- if (strncmp(data, "PROPFIND", index) == 0 ||
- strncmp(data, "CHECKOUT", index) == 0 || /* RFC 3253 4.3, 9.3 */
- strncmp(data, "CCM_POST", index) == 0) {
+ if (strncmp(data, "PROPFIND", indx) == 0 ||
+ strncmp(data, "CHECKOUT", indx) == 0 || /* RFC 3253 4.3, 9.3 */
+ strncmp(data, "CCM_POST", indx) == 0) {
*type = HTTP_REQUEST;
isHttpRequestOrReply = TRUE;
}
break;
case 9:
- if (strncmp(data, "SUBSCRIBE", index) == 0) {
+ if (strncmp(data, "SUBSCRIBE", indx) == 0) {
*type = HTTP_NOTIFICATION;
isHttpRequestOrReply = TRUE;
- } else if (strncmp(data, "PROPPATCH", index) == 0 ||
- strncmp(data, "BPROPFIND", index) == 0) {
+ } else if (strncmp(data, "PROPPATCH", indx) == 0 ||
+ strncmp(data, "BPROPFIND", indx) == 0) {
*type = HTTP_REQUEST;
isHttpRequestOrReply = TRUE;
}
break;
case 10:
- if (strncmp(data, "BPROPPATCH", index) == 0 ||
- strncmp(data, "UNCHECKOUT", index) == 0 || /* RFC 3253 4.5 */
- strncmp(data, "MKACTIVITY", index) == 0) { /* RFC 3253 13.5 */
+ if (strncmp(data, "BPROPPATCH", indx) == 0 ||
+ strncmp(data, "UNCHECKOUT", indx) == 0 || /* RFC 3253 4.5 */
+ strncmp(data, "MKACTIVITY", indx) == 0) { /* RFC 3253 13.5 */
*type = HTTP_REQUEST;
isHttpRequestOrReply = TRUE;
}
break;
case 11:
- if (strncmp(data, "MKWORKSPACE", index) == 0) { /* RFC 3253 6.3 */
+ if (strncmp(data, "MKWORKSPACE", indx) == 0 || /* RFC 3253 6.3 */
+ strncmp(data, "RPC_CONNECT", indx) == 0 || /* [MS-RPCH] 2.1.1.1.1 */
+ strncmp(data, "RPC_IN_DATA", indx) == 0) { /* [MS-RPCH] 2.1.2.1.1 */
*type = HTTP_REQUEST;
isHttpRequestOrReply = TRUE;
- } else if (strncmp(data, "UNSUBSCRIBE", index) == 0) {
+ } else if (strncmp(data, "UNSUBSCRIBE", indx) == 0) {
*type = HTTP_NOTIFICATION;
isHttpRequestOrReply = TRUE;
- } else if (strncmp(data, "RPC_CONNECT", index) == 0) {
+ }
+ break;
+
+ case 12:
+ if (strncmp(data, "RPC_OUT_DATA", indx) == 0) { /* [MS-RPCH] 2.1.2.1.2 */
*type = HTTP_REQUEST;
isHttpRequestOrReply = TRUE;
}
break;
case 15:
- if (strncmp(data, "VERSION-CONTROL", index) == 0) { /* RFC 3253 3.5 */
+ if (strncmp(data, "VERSION-CONTROL", indx) == 0) { /* RFC 3253 3.5 */
*type = HTTP_REQUEST;
isHttpRequestOrReply = TRUE;
}
break;
case 16:
- if (strncmp(data, "BASELINE-CONTROL", index) == 0) { /* RFC 3253 12.6 */
+ if (strncmp(data, "BASELINE-CONTROL", indx) == 0) { /* RFC 3253 12.6 */
*type = HTTP_REQUEST;
isHttpRequestOrReply = TRUE;
}
if (isHttpRequestOrReply && reqresp_dissector) {
*reqresp_dissector = basic_request_dissector;
- if (!stat_info->request_method)
- stat_info->request_method = se_strndup(data, index+1);
+
+ stat_info->request_method = ep_strndup(data, indx+1);
+ conv_data->request_method = se_strndup(data, indx+1);
}
+
+
+
}
return isHttpRequestOrReply;
{ "Proxy-Authenticate", &hf_http_proxy_authenticate, HDR_AUTHENTICATE },
{ "WWW-Authenticate", &hf_http_www_authenticate, HDR_AUTHENTICATE },
{ "Content-Type", &hf_http_content_type, HDR_CONTENT_TYPE },
- { "Content-Length", &hf_http_content_length, HDR_CONTENT_LENGTH },
+ { "Content-Length", &hf_http_content_length_header, HDR_CONTENT_LENGTH },
{ "Content-Encoding", &hf_http_content_encoding, HDR_CONTENT_ENCODING },
{ "Transfer-Encoding", &hf_http_transfer_encoding, HDR_TRANSFER_ENCODING },
{ "User-Agent", &hf_http_user_agent, HDR_NO_SPECIAL },
{ "X-Forwarded-For", &hf_http_x_forwarded_for, HDR_NO_SPECIAL },
};
+/*
+ *
+ */
+static gint*
+get_hf_for_header(char* header_name)
+{
+ gint* hf_id = NULL;
+
+ if (header_fields_hash) {
+ hf_id = (gint*) g_hash_table_lookup(header_fields_hash, header_name);
+ } else {
+ hf_id = NULL;
+ }
+
+ return hf_id;
+}
+
+/*
+ *
+ */
+static void
+add_hf_info_for_headers(void)
+{
+ hf_register_info* hf = NULL;
+ gint* hf_id = NULL;
+ guint i = 0;
+ gchar* header_name;
+ GPtrArray* array;
+ guint new_entries = 0;
+ header_field_t* tmp_hdr = NULL;
+
+ if (!header_fields_hash) {
+ header_fields_hash = g_hash_table_new(g_str_hash, g_str_equal);
+ }
+
+ if (num_header_fields) {
+ array = g_ptr_array_new();
+
+ /* Make a list of fields which are not already added. This is useful only if
+ * preferences are reloaded and a new header field has been added. Perhaps unlikely
+ * to be used, but no harm in adding it...
+ */
+
+ /* Not checking if the UAT has more or same number of entries as the hash table
+ * because it is possible that some entries are removed and some more added.
+ * WARNING: We will not de-register fields which have been removed from the UAT
+ *
+ * XXX: PS, it turns out that in case of change in UAT, the prefs apply callback is not
+ * called... so, some of this code will not work at the moment. However, I leave it
+ * in here for now because if the callback is called in future, it will work (at least
+ * in theory ;-).
+ */
+ for (i = 0; i < num_header_fields; i++) {
+ if ((g_hash_table_lookup(header_fields_hash, header_fields[i].header_name)) == NULL) {
+ new_entries++;
+ g_ptr_array_add(array, &header_fields[i]);
+ }
+ }
+
+ if (new_entries) {
+ hf = g_malloc0(sizeof(hf_register_info) * new_entries);
+ for (i = 0; i < new_entries; i++) {
+ tmp_hdr = (header_field_t*) g_ptr_array_index(array, i);
+ hf_id = g_malloc(sizeof(gint));
+ *hf_id = -1;
+ header_name = g_strdup(tmp_hdr->header_name);
+
+ hf[i].p_id = hf_id;
+ hf[i].hfinfo.name = header_name;
+ hf[i].hfinfo.abbrev = g_strdup_printf("http.header.%s", header_name);
+ hf[i].hfinfo.type = FT_STRING;
+ hf[i].hfinfo.display = BASE_NONE;
+ hf[i].hfinfo.strings = NULL;
+ hf[i].hfinfo.blurb = g_strdup(tmp_hdr->header_desc);
+ hf[i].hfinfo.same_name_prev = NULL;
+ hf[i].hfinfo.same_name_next = NULL;
+
+ g_hash_table_insert(header_fields_hash, header_name, hf_id);
+ }
+
+ proto_register_field_array(proto_http, hf, num_header_fields);
+ }
+ }
+}
+
static void
process_header(tvbuff_t *tvb, int offset, int next_offset,
- const guchar *line, int linelen, int colon_offset,
- packet_info *pinfo, proto_tree *tree, headers_t *eh_ptr)
+ const guchar *line, int linelen, int colon_offset,
+ packet_info *pinfo, proto_tree *tree, headers_t *eh_ptr,
+ http_conv_t *conv_data)
{
int len;
int line_end_offset;
int value_offset;
int value_len;
char *value;
+ char *header_name;
char *p;
guchar *up;
proto_item *hdr_item;
int i;
+ int* hf_id;
len = next_offset - offset;
line_end_offset = offset + linelen;
header_len = colon_offset - offset;
+ header_name = se_strndup(&line[0], header_len);
hf_index = find_header_hf_value(tvb, offset, header_len);
+ /*
+ * Skip whitespace after the colon.
+ */
+ value_offset = colon_offset + 1;
+ while (value_offset < line_end_offset
+ && ((c = line[value_offset - offset]) == ' ' || c == '\t'))
+ value_offset++;
+
+ /*
+ * Fetch the value.
+ */
+ value_len = line_end_offset - value_offset;
+ value = ep_strndup(&line[value_offset - offset], value_len);
+
if (hf_index == -1) {
/*
- * Not a header we know anything about. Just put it into
- * the tree as text.
+ * Not a header we know anything about.
+ * Check if a HF generated from UAT information exists.
*/
+ hf_id = get_hf_for_header(header_name);
+
if (tree) {
- proto_tree_add_text(tree, tvb, offset, len,
- "%s", format_text(line, len));
+ if (!hf_id) {
+ proto_tree_add_text(tree, tvb, offset, len,
+ "%s", format_text(line, len));
+ } else {
+ proto_tree_add_string_format(tree,
+ *hf_id, tvb, offset, len,
+ value, "%s", format_text(line, len));
+ }
}
} else {
/*
case HDR_AUTHORIZATION:
if (check_auth_ntlmssp(hdr_item, tvb, pinfo, value))
break; /* dissected NTLMSSP */
- check_auth_basic(hdr_item, tvb, value);
+ if (check_auth_basic(hdr_item, tvb, value))
+ break; /* dissected basic auth */
+ check_auth_kerberos(hdr_item, tvb, pinfo, value);
break;
case HDR_AUTHENTICATE:
- check_auth_ntlmssp(hdr_item, tvb, pinfo, value);
+ if (check_auth_ntlmssp(hdr_item, tvb, pinfo, value))
+ break; /* dissected NTLMSSP */
+ check_auth_kerberos(hdr_item, tvb, pinfo, value);
break;
case HDR_CONTENT_TYPE:
break;
case HDR_CONTENT_LENGTH:
+ errno = 0;
+#if GLIB_CHECK_VERSION(2,12,0)
+ eh_ptr->content_length = g_ascii_strtoll(value, &p, 10);
+#elif defined(HAVE_STRTOLL)
+ eh_ptr->content_length = strtoll(value, &p, 10);
+#else
+ /* Punt and grab a 32-bit value */
eh_ptr->content_length = strtol(value, &p, 10);
+#endif
+
up = (guchar *)p;
- if (eh_ptr->content_length < 0 || p == value ||
+ if (eh_ptr->content_length < 0 ||
+ p == value ||
+ errno == ERANGE ||
(*up != '\0' && !isspace(*up))) {
/*
* Content length not valid; pretend
*/
eh_ptr->have_content_length = FALSE;
} else {
+ proto_tree *header_tree;
+ proto_item *tree_item;
/*
* We do have a valid content length.
*/
eh_ptr->have_content_length = TRUE;
+ header_tree = proto_item_add_subtree(hdr_item, ett_http_header_item);
+ tree_item = proto_tree_add_uint64(header_tree, hf_http_content_length,
+ tvb, offset, len, eh_ptr->content_length);
+ PROTO_ITEM_SET_GENERATED(tree_item);
}
break;
break;
case HDR_HOST:
- stat_info->http_host = se_strndup(value, value_len);
+ stat_info->http_host = ep_strndup(value, value_len);
+ conv_data->http_host = se_strndup(value, value_len);
break;
}
static gint
find_header_hf_value(tvbuff_t *tvb, int offset, guint header_len)
{
- guint i;
+ guint i;
- for (i = 0; i < array_length(headers); i++) {
- if (header_len == strlen(headers[i].name) &&
- tvb_strncaseeql(tvb, offset,
- headers[i].name, header_len) == 0)
- return i;
- }
+ for (i = 0; i < array_length(headers); i++) {
+ if (header_len == strlen(headers[i].name) &&
+ tvb_strncaseeql(tvb, offset,
+ headers[i].name, header_len) == 0)
+ return i;
+ }
- return -1;
+ return -1;
}
/*
return FALSE;
}
+static gboolean
+check_auth_kerberos(proto_item *hdr_item, tvbuff_t *tvb, packet_info *pinfo,
+ const gchar *value)
+{
+ proto_tree *hdr_tree;
+
+ if (strncmp(value, "Kerberos ", 9) == 0) {
+ if (hdr_item != NULL) {
+ hdr_tree = proto_item_add_subtree(hdr_item, ett_http_kerberos);
+ } else
+ hdr_tree = NULL;
+
+ dissect_http_kerberos(tvb, pinfo, hdr_tree, value);
+ return TRUE;
+ }
+ return FALSE;
+}
+
static void
dissect_http(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
+ http_conv_t *conv_data;
int offset = 0;
int len;
- while (tvb_reported_length_remaining(tvb, offset) != 0) {
- len = dissect_http_message(tvb, offset, pinfo, tree);
- if (len == -1)
- break;
- offset += len;
+ /*
+ * Check if this is proxied connection and if so, hand of dissection to the
+ * payload-dissector.
+ * Response code 200 means "OK" and strncmp() == 0 means the strings match exactly */
+ conv_data = get_http_conversation_data(pinfo);
+ if(pinfo->fd->num >= conv_data->startframe &&
+ conv_data->response_code == 200 &&
+ conv_data->request_method &&
+ strncmp(conv_data->request_method, "CONNECT", 7) == 0 &&
+ conv_data->request_uri) {
+ if(conv_data->startframe == 0 && !pinfo->fd->flags.visited)
+ conv_data->startframe = pinfo->fd->num;
+ http_payload_subdissector(tvb, tree, pinfo, conv_data);
+ } else {
+ while (tvb_reported_length_remaining(tvb, offset) != 0) {
+ len = dissect_http_message(tvb, offset, pinfo, tree, conv_data);
+ if (len == -1)
+ break;
+ offset += len;
- /*
- * OK, we've set the Protocol and Info columns for the
- * first HTTP message; make the columns non-writable,
- * so that we don't change it for subsequent HTTP messages.
- */
- col_set_writable(pinfo->cinfo, FALSE);
+ /*
+ * OK, we've set the Protocol and Info columns for the
+ * first HTTP message; set a fence so that subsequent
+ * HTTP messages don't overwrite the Info column.
+ */
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_set_fence(pinfo->cinfo, COL_INFO);
+ }
}
}
static void
dissect_http_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
- dissect_http_message(tvb, 0, pinfo, tree);
+ http_conv_t *conv_data;
+
+ conv_data = get_http_conversation_data(pinfo);
+ dissect_http_message(tvb, 0, pinfo, tree, conv_data);
}
-static void reinit_http(void) {
- if ( http_alternate_tcp_port != alternate_tcp_port ) {
+static void
+range_delete_http_tcp_callback(guint32 port) {
+ dissector_delete_uint("tcp.port", port, http_handle);
+}
+
+static void
+range_add_http_tcp_callback(guint32 port) {
+ dissector_add_uint("tcp.port", port, http_handle);
+}
- if (alternate_tcp_port)
- dissector_delete("tcp.port", alternate_tcp_port, http_handle );
+static void
+range_delete_http_ssl_callback(guint32 port) {
+ ssl_dissector_delete(port, "http", TRUE);
+}
- if (http_alternate_tcp_port)
- dissector_add("tcp.port", http_alternate_tcp_port, http_handle);
+static void
+range_add_http_ssl_callback(guint32 port) {
+ ssl_dissector_add(port, "http", TRUE);
+}
- alternate_tcp_port = http_alternate_tcp_port;
- }
+static void reinit_http(void) {
+ range_foreach(http_tcp_range, range_delete_http_tcp_callback);
+ g_free(http_tcp_range);
+ http_tcp_range = range_copy(global_http_tcp_range);
+ range_foreach(http_tcp_range, range_add_http_tcp_callback);
+
+ range_foreach(http_ssl_range, range_delete_http_ssl_callback);
+ g_free(http_ssl_range);
+ http_ssl_range = range_copy(global_http_ssl_range);
+ range_foreach(http_ssl_range, range_add_http_ssl_callback);
+
+ /* Attempt to add additional headers that might have been added
+ * once the preferences are applied.
+ */
+ add_hf_info_for_headers();
}
void
"TRUE if HTTP request", HFILL }},
{ &hf_http_basic,
{ "Credentials", "http.authbasic",
- FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_http_request_method,
{ "Request Method", "http.request.method",
FT_STRING, BASE_NONE, NULL, 0x0,
{ "Request Version", "http.request.version",
FT_STRING, BASE_NONE, NULL, 0x0,
"HTTP Request HTTP-Version", HFILL }},
+ { &hf_http_request_full_uri,
+ { "Full request URI", "http.request.full_uri",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "The full requested URI (including host name)", HFILL }},
{ &hf_http_response_code,
- { "Response Code", "http.response.code",
+ { "Status Code", "http.response.code",
FT_UINT16, BASE_DEC, NULL, 0x0,
- "HTTP Response Code", HFILL }},
+ "HTTP Response Status Code", HFILL }},
+ { &hf_http_response_phrase,
+ { "Response Phrase", "http.response.phrase",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Response Reason Phrase", HFILL }},
{ &hf_http_authorization,
{ "Authorization", "http.authorization",
FT_STRING, BASE_NONE, NULL, 0x0,
{ "Proxy-Authorization", "http.proxy_authorization",
FT_STRING, BASE_NONE, NULL, 0x0,
"HTTP Proxy-Authorization header", HFILL }},
+ { &hf_http_proxy_connect_host,
+ { "Proxy-Connect-Hostname", "http.proxy_connect_host",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Proxy Connect Hostname", HFILL }},
+ { &hf_http_proxy_connect_port,
+ { "Proxy-Connect-Port", "http.proxy_connect_port",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ "HTTP Proxy Connect Port", HFILL }},
{ &hf_http_www_authenticate,
{ "WWW-Authenticate", "http.www_authenticate",
FT_STRING, BASE_NONE, NULL, 0x0,
{ "Content-Type", "http.content_type",
FT_STRING, BASE_NONE, NULL, 0x0,
"HTTP Content-Type header", HFILL }},
- { &hf_http_content_length,
- { "Content-Length", "http.content_length",
- FT_UINT32, BASE_DEC, NULL, 0x0,
+ { &hf_http_content_length_header,
+ { "Content-Length", "http.content_length_header",
+ FT_STRING, BASE_NONE, NULL, 0x0,
"HTTP Content-Length header", HFILL }},
+ { &hf_http_content_length,
+ { "Content length", "http.content_length",
+ FT_UINT64, BASE_DEC, NULL, 0x0,
+ NULL, HFILL }},
{ &hf_http_content_encoding,
{ "Content-Encoding", "http.content_encoding",
FT_STRING, BASE_NONE, NULL, 0x0,
"HTTP Transfer-Encoding header", HFILL }},
{ &hf_http_user_agent,
{ "User-Agent", "http.user_agent",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP User-Agent header", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP User-Agent header", HFILL }},
{ &hf_http_host,
{ "Host", "http.host",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Host", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Host", HFILL }},
{ &hf_http_connection,
{ "Connection", "http.connection",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Connection", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Connection", HFILL }},
{ &hf_http_cookie,
{ "Cookie", "http.cookie",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Cookie", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Cookie", HFILL }},
{ &hf_http_accept,
{ "Accept", "http.accept",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Accept", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Accept", HFILL }},
{ &hf_http_referer,
{ "Referer", "http.referer",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Referer", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Referer", HFILL }},
{ &hf_http_accept_language,
{ "Accept-Language", "http.accept_language",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Accept Language", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Accept Language", HFILL }},
{ &hf_http_accept_encoding,
{ "Accept Encoding", "http.accept_encoding",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Accept Encoding", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Accept Encoding", HFILL }},
{ &hf_http_date,
{ "Date", "http.date",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Date", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Date", HFILL }},
{ &hf_http_cache_control,
{ "Cache-Control", "http.cache_control",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Cache Control", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Cache Control", HFILL }},
{ &hf_http_server,
{ "Server", "http.server",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Server", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Server", HFILL }},
{ &hf_http_location,
{ "Location", "http.location",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Location", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Location", HFILL }},
{ &hf_http_set_cookie,
{ "Set-Cookie", "http.set_cookie",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Set Cookie", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Set Cookie", HFILL }},
{ &hf_http_last_modified,
{ "Last-Modified", "http.last_modified",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP Last Modified", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP Last Modified", HFILL }},
{ &hf_http_x_forwarded_for,
{ "X-Forwarded-For", "http.x_forwarded_for",
- FT_STRING, BASE_NONE, NULL, 0x0,
- "HTTP X-Forwarded-For", HFILL }},
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ "HTTP X-Forwarded-For", HFILL }}
};
static gint *ett[] = {
&ett_http,
&ett_http_ntlmssp,
+ &ett_http_kerberos,
&ett_http_request,
&ett_http_chunked_response,
&ett_http_chunk_data,
&ett_http_encoded_entity,
+ &ett_http_header_item
+ };
+ /* UAT for header fields */
+ static uat_field_t custom_header_uat_fields[] = {
+ UAT_FLD_CSTRING(header_fields, header_name, "Header name", "HTTP header name"),
+ UAT_FLD_CSTRING(header_fields, header_desc, "Field desc", "Description of the value contained in the header"),
+ UAT_END_FIELDS
};
+
module_t *http_module;
+ uat_t* headers_uat;
+ char* uat_load_err;
proto_http = proto_register_protocol("Hypertext Transfer Protocol",
"HTTP", "http");
"Whether the HTTP dissector should reassemble headers "
"of a request spanning multiple TCP segments. "
"To use this option, you must also enable "
- "\"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
+ "\"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
&http_desegment_headers);
prefs_register_bool_preference(http_module, "desegment_body",
"Reassemble HTTP bodies spanning multiple TCP segments",
"the body of a request spanning multiple TCP segments, "
"and reassemble chunked data spanning multiple TCP segments. "
"To use this option, you must also enable "
- "\"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
+ "\"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
&http_desegment_body);
prefs_register_bool_preference(http_module, "dechunk_body",
"Reassemble chunked transfer-coded bodies",
"using \"Content-Encoding: \"",
&http_decompress_body);
#endif
- prefs_register_uint_preference(http_module, "tcp_alternate_port",
- "Alternate TCP port",
- "Decode packets on this TCP port as HTTP",
- 10,&http_alternate_tcp_port);
+ prefs_register_obsolete_preference(http_module, "tcp_alternate_port");
+
+ range_convert_str(&global_http_tcp_range, TCP_DEFAULT_RANGE, 65535);
+ http_tcp_range = range_empty();
+ prefs_register_range_preference(http_module, "tcp.port", "TCP Ports",
+ "TCP Ports range",
+ &global_http_tcp_range, 65535);
+
+ range_convert_str(&global_http_ssl_range, SSL_DEFAULT_RANGE, 65535);
+ http_ssl_range = range_empty();
+ prefs_register_range_preference(http_module, "ssl.port", "SSL/TLS Ports",
+ "SSL/TLS Ports range",
+ &global_http_ssl_range, 65535);
+ /* UAT */
+ headers_uat = uat_new("Custom HTTP headers fields Table",
+ sizeof(header_field_t),
+ "custom_http_header_fields",
+ TRUE,
+ (void*) &header_fields,
+ &num_header_fields,
+ UAT_CAT_GENERAL,
+ NULL,
+ header_fields_copy_cb,
+ header_fields_update_cb,
+ header_fields_free_cb,
+ NULL,
+ custom_header_uat_fields
+ );
+
+ prefs_register_uat_preference(http_module, "custom_http_header_fields", "Custom HTTP headers fields",
+ "A table to define custom HTTP header for which fields can be setup and used for filtering/data extraction etc.",
+ headers_uat);
http_handle = create_dissector_handle(dissect_http, proto_http);
/*
* Register for tapping
*/
- http_tap = register_tap("http");
+ http_tap = register_tap("http"); /* HTTP statistics tap */
+ http_eo_tap = register_tap("http_eo"); /* HTTP Export Object tap */
+
+ /*
+ * Add additional HFs for HTTP headers from the UAT (which is loaded manually first).
+ */
+ if (uat_load(headers_uat, &uat_load_err)) {
+ add_hf_info_for_headers();
+ }
}
/*
* Register ourselves as the handler for that port number
* over TCP.
*/
- dissector_add("tcp.port", port, http_handle);
+ dissector_add_uint("tcp.port", port, http_handle);
/*
* And register them in *our* table for that port.
*/
- dissector_add("http.port", port, handle);
+ dissector_add_uint("http.port", port, handle);
}
void
data_handle = find_dissector("data");
media_handle = find_dissector("media");
- dissector_add("tcp.port", TCP_PORT_HTTP, http_handle);
- dissector_add("tcp.port", TCP_PORT_PROXY_HTTP, http_handle);
- dissector_add("tcp.port", TCP_ALT_PORT_HTTP, http_handle);
- dissector_add("tcp.port", TCP_RADAN_HTTP, http_handle);
- dissector_add("tcp.port", TCP_PORT_PROXY_ADMIN_HTTP, http_handle);
- dissector_add("tcp.port", TCP_PORT_HKP, http_handle);
-
/*
* XXX - is there anything to dissect in the body of an SSDP
* request or reply? I.e., should there be an SSDP dissector?
*/
- dissector_add("tcp.port", TCP_PORT_SSDP, http_handle);
http_udp_handle = create_dissector_handle(dissect_http_udp, proto_http);
- dissector_add("udp.port", UDP_PORT_SSDP, http_udp_handle);
+ dissector_add_uint("udp.port", UDP_PORT_SSDP, http_udp_handle);
ntlmssp_handle = find_dissector("ntlmssp");
gssapi_handle = find_dissector("gssapi");
- stats_tree_register("http","http","HTTP/Packet Counter", http_stats_tree_packet, http_stats_tree_init, NULL );
- stats_tree_register("http","http_req","HTTP/Requests", http_req_stats_tree_packet, http_req_stats_tree_init, NULL );
- stats_tree_register("http","http_srv","HTTP/Load Distribution",http_reqs_stats_tree_packet,http_reqs_stats_tree_init, NULL );
+ stats_tree_register("http", "http", "HTTP/Packet Counter", 0, http_stats_tree_packet, http_stats_tree_init, NULL );
+ stats_tree_register("http", "http_req", "HTTP/Requests", 0, http_req_stats_tree_packet, http_req_stats_tree_init, NULL );
+ stats_tree_register("http", "http_srv", "HTTP/Load Distribution",0, http_reqs_stats_tree_packet, http_reqs_stats_tree_init, NULL );
}
static gint proto_message_http = -1;
static gint ett_message_http = -1;
-static dissector_handle_t message_http_handle;
static void
dissect_message_http(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
gint offset = 0, next_offset;
gint len;
- if (check_col(pinfo->cinfo, COL_INFO))
- col_append_str(pinfo->cinfo, COL_INFO, " (message/http)");
+ col_append_str(pinfo->cinfo, COL_INFO, " (message/http)");
if (tree) {
ti = proto_tree_add_item(tree, proto_message_http,
tvb, 0, -1, FALSE);
void
proto_reg_handoff_message_http(void)
{
+ dissector_handle_t message_http_handle;
+
message_http_handle = create_dissector_handle(dissect_message_http,
proto_message_http);
dissector_add_string("media_type", "message/http", message_http_handle);
+
+ reinit_http();
}