diff options
| author | Luis Ontanon <luis.ontanon@gmail.com> | 2005-09-29 20:05:24 +0000 |
|---|---|---|
| committer | Luis Ontanon <luis.ontanon@gmail.com> | 2005-09-29 20:05:24 +0000 |
| commit | 8ee088f9cde1830e06226a76bfd6246311ce9ab1 (patch) | |
| tree | 2b07e2bc2a46c247e78580026c9ac7bf514db67f /plugins | |
| parent | 2b57849529b7a2e8dc9ccbcce9be3182e5e5380e (diff) | |
at this point this makes a good parser for http headers...
svn path=/trunk/; revision=16053
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/tpg/http.tpg | 75 | ||||
| -rw-r--r-- | plugins/tpg/packet-http.c | 63 |
2 files changed, 85 insertions, 53 deletions
diff --git a/plugins/tpg/http.tpg b/plugins/tpg/http.tpg index a1cfb17169..8a64de9154 100644 --- a/plugins/tpg/http.tpg +++ b/plugins/tpg/http.tpg @@ -48,12 +48,15 @@ typedef struct _http_info_value_t %rule sp = [ ]+ . -%field version hyttp.version "HTTP Version" FT_STRING. -%rule http_version = "HTTP/" ( "1.0" | "1.1" )<version> . +%choice versions = "1.0" | "1.1". + +%field version hyttp.version "HTTP Version" FT_STRING . + +%sequence http_version = "HTTP/" & versions<version> . %field response hyttp.response "Response" FT_STRING . %field response_code hyttp.response.code "Response Code" FT_UINT32 BASE_DEC %{ http_response_codes %} . -%rule response = (http_version sp [0-9]+<response_code:RESPONSE> ... { crlf } )<response:%plain_text> . { +%sequence response = http_version & sp & [0-9]+<response_code:RESPONSE> & ... ( crlf ) . <response:%plain_text> { %root response %code %{ TT_DATA->is_response = TRUE; @@ -61,10 +64,11 @@ typedef struct _http_info_value_t %} } + %field request hyttp.request "Request" FT_STRING . %field method hyttp.request.method "Request Method" FT_STRING . %field uri hyttp.request.uri "Request URI" FT_STRING . -%rule request = ([A-Z]+<method:METHOD> sp [^ ]+<uri:URI> sp http_version crlf )<request:%plain_text> . { +%sequence request = [A-Z]+<method:METHOD> & sp & [^ ]+<uri:URI> & sp & http_version & crlf . <request:%plain_text> { %root request %code %{ TT_DATA->is_response = FALSE; @@ -73,92 +77,92 @@ typedef struct _http_info_value_t %} } -%rule req_resp = ( request | response ). +%choice req_resp = request | response. -%rule media = [a-z]+ "/" [a-z]+ . - -%field content_type hyttp.content_type "Content-Type" FT_STRING . +%field media hyttp.content_type.media "Content-Type Media" FT_STRING . -#crash %rule content_type = 'Content-type: ' (media<content_type:MEDIA> crlf | ( media<content_type:MEDIA> ... { crlf } )) . { -%rule content_type = 'Content-type: ' media<content_type:MEDIA> ... { crlf } . { -%code %{ +%sequence media = [a-z]+ & "/" & [a-z]+ . <MEDIA> { + %code %{ TT_DATA->media = TPG_STRING(MEDIA); %} } +%field content_type hyttp.content_type "Content-Type" FT_STRING . +%sequence content_type_hdr = 'Content-type: ' & media<media> & ... ( crlf %leave ) & crlf . + %field content_length hyttp.headers.content_length "Content-Length" FT_UINT32 BASE_DEC . -%rule content_length = 'Content-length: ' [0-9]+<content_length:LENGTH> crlf . { +%sequence content_length = 'Content-length: ' & [0-9]+<content_length:LENGTH> & crlf. { %code %{ TT_DATA->content_length = TPG_UINT(LENGTH); %} } %field transfer_encoding hyttp.transfer_encoding "Transfer-Encoding" FT_STRING . -%rule transfer_encoding = 'Transfer-encoding: ' ...<transfer_encoding:ENCODING> { crlf }. { +%sequence transfer_encoding = 'Transfer-encoding: ' & ...<transfer_encoding:ENCODING> ( crlf %leave ) & crlf. { %code %{ TT_DATA->transfer_encoding = TPG_STRING(ENCODING); %} } %field authorization hyttp.authorization "Authorization" FT_STRING . -%rule authorization = 'Authorization: ' ...<authorization> { crlf } . +%sequence authorization = 'Authorization: ' & ...<authorization> ( crlf %leave ) & crlf. %field proxy_authorization hyttp.proxy_authorization "Proxy-Authorization" FT_STRING . -%rule proxy_author = 'Proxy-authorization: ' ...<proxy_authorization> { crlf } . +%sequence proxy_author = 'Proxy-authorization: ' & ...<proxy_authorization> ( crlf %leave ) & crlf. %field proxy_authen hyttp.proxy_authenti "Proxy-Authenticate" FT_STRING . -%rule proxy_authen = 'Proxy-authenticate: ' ...<proxy_authen> { crlf } . +%sequence proxy_authen = 'Proxy-authenticate: ' & ...<proxy_authen> ( crlf %leave ) & crlf. %field www_auth hyttp.www_authenticate "WWW-Authenticate" FT_STRING . -%rule www_auth = 'WWW-authenticate: ' ...<www_auth> { crlf } . +%sequence www_auth = 'WWW-authenticate: ' & ...<www_auth> ( crlf %leave ) & crlf. %field content_encoding hyttp.content_encoding "Content-Encoding" FT_STRING . -%rule content_encoding = 'Content-Encoding: ' ...<content_encoding> { crlf } . +%sequence content_encoding = 'Content-Encoding: ' & ...<content_encoding> ( crlf %leave ) & crlf. %field user_agent hyttp.content_encoding "User-Agent" FT_STRING . -%rule user_agent = 'User-Agent: ' ...<user_agent> { crlf } . +%sequence user_agent = 'User-Agent: ' & ...<user_agent> ( crlf %leave ) & crlf. %field host hyttp.host "Host" FT_STRING . -%rule host = 'Host: ' ...<host> { crlf } . +%sequence host = 'Host: ' & ...<host> ( crlf %leave ) & crlf. %field accept hyttp.accept "Accept" FT_STRING . -%rule accept = 'Accept: ' ...<accept> { crlf } . +%sequence accept = 'Accept: ' & ...<accept> ( crlf %leave ) & crlf. %field accept_language hyttp.accept_language "Accept-Language" FT_STRING . -%rule accept_language = 'Accept-language: ' ...<accept_language> { crlf } . +%sequence accept_language = 'Accept-language: ' & ...<accept_language> ( crlf %leave ) & crlf. %field accept_encoding hyttp.accept_encoding "Accept-Language" FT_STRING . -%rule accept_encoding = 'Accept-encoding: ' ...<accept_encoding> { crlf } . +%sequence accept_encoding = 'Accept-encoding: ' & ...<accept_encoding> ( crlf %leave ) & crlf. %field accept_ranges hyttp.accept_encoding "Accept-Ranges" FT_STRING . -%rule accept_ranges = 'Accept-Ranges: ' ...<accept_ranges> { crlf } . +%sequence accept_ranges = 'Accept-Ranges: ' & ...<accept_ranges> ( crlf %leave ) & crlf. %field keep_alive hyttp.keep_alive "Keep-Alive" FT_UINT32 BASE_DEC . -%rule keep_alive = 'Keep-Alive: ' ...<keep_alive> { crlf } . +%sequence keep_alive = 'Keep-Alive: ' & ...<keep_alive> ( crlf %leave ) & crlf. %field connection hyttp.connection "Connection" FT_STRING . -%rule connection = 'Connection: ' ...<connection> { crlf } . +%sequence connection = 'Connection: ' & ...<connection> ( crlf %leave ) & crlf. %field referer hyttp.referer "Referer" FT_STRING . -%rule referer = 'Referer: ' ...<referer> { crlf } . +%sequence referer = 'Referer: ' & ...<referer> ( crlf %leave ) & crlf. %field cookie hyttp.cookie "Cookie" FT_STRING . -%rule cookie = 'Cookie: ' ...<cookie> { crlf } . +%sequence cookie = 'Cookie: ' & ...<cookie> ( crlf %leave ) & crlf. %field etag hyttp.etag "Etag" FT_STRING . -%rule etag = 'Etag: ' ["] [^"]+<etag> ["] crlf . +%sequence etag = 'Etag: ' & ["] & [^"]+<etag> & ["] & crlf . %field last_modified hyttp.last_modified "Last-Modified" FT_STRING . -%rule last_modified = 'Last-Modified: ' ...<last_modified> { crlf } . +%sequence last_modified = 'Last-Modified: ' & ...<last_modified> ( crlf %leave ) & crlf. %field server hyttp.server "Server" FT_STRING . -%rule server = 'Server: ' ...<server> { crlf } . +%sequence server = 'Server: ' & ...<server> ( crlf %leave ) & crlf. -%rule other_header = ([A-Z] [a-zA-Z-]+) ": " ... { crlf } . +%sequence other_header = [A-Z] & [a-zA-Z-]+ & ": " & ... ( crlf %leave ) & crlf. %field header hyttp.headers.line "HTTP Header Line" FT_BOOLEAN . -%rule header = ( - content_type +%choice header = + content_type_hdr | transfer_encoding | content_length | authorization @@ -179,10 +183,11 @@ typedef struct _http_info_value_t | etag | last_modified | server - | other_header)<header:%plain_text> . { + | other_header . <header:%plain_text> { %root header } + %tail %{ /* tail */ %}
\ No newline at end of file diff --git a/plugins/tpg/packet-http.c b/plugins/tpg/packet-http.c index db27c0ebff..266fecfc50 100644 --- a/plugins/tpg/packet-http.c +++ b/plugins/tpg/packet-http.c @@ -15,14 +15,24 @@ static const value_string http_response_codes[] = { static gint ett_http = -1; static int proto_http = -1; -static tvbparse_wanted_t* rule_http_crlf; -static tvbparse_wanted_t* rule_http_header; -static tvbparse_wanted_t* rule_http_req_resp; +static int hf_http_is_response = -1; +static int hf_http_request_method = -1; +static int hf_http_response_code = -1; +static int hf_http_transfer_encoding = -1; +static int hf_http_content_length = -1; +static int hf_http_media = -1; +static int hf_http_request_uri = -1; static dissector_handle_t http_handle; + +struct _elem_tree_stack_frame { + proto_tree* tree; + tvbparse_elem_t* elem; +}; + static void dissect_http(tvbuff_t* tvb, packet_info* pinfo _U_, proto_tree* tree) { - http_info_value_t* msgdata = ep_alloc(sizeof(http_info_value_t)); + http_info_value_t* msgdata = ep_alloc0(sizeof(http_info_value_t)); tvbparse_elem_t* reqresp; tpg_parser_data_t* tpg; proto_item* pi = proto_tree_add_item(tree,proto_http,tvb,0,-1,FALSE); @@ -30,41 +40,58 @@ static void dissect_http(tvbuff_t* tvb, packet_info* pinfo _U_, proto_tree* tree tpg = tpg_start(pt,tvb,0,-1,msgdata); - if (( reqresp = TPG_GET(tpg,rule_http_req_resp) )) { + if (( reqresp = TPG_GET(tpg,http_tpg_data.wanted_http_req_resp) )) { tvbparse_elem_t* hdr; - while(( hdr = TPG_GET(tpg,rule_http_header) )) ; + while(( hdr = TPG_GET(tpg,http_tpg_data.wanted_http_header) )) ; - if ( TPG_GET(tpg,rule_http_crlf) ) { - return; + if ( TPG_GET(tpg,http_tpg_data.wanted_http_crlf) ) { + pi = proto_tree_add_boolean(pt,hf_http_is_response,tvb,0,0,msgdata->is_response); + pt = proto_item_add_subtree(pi,ett_http); + + if (msgdata->is_response) { + proto_tree_add_uint(pt,hf_http_response_code,tvb,0,0,msgdata->response_code); + proto_tree_add_uint(pt,hf_http_content_length,tvb,0,0,msgdata->content_length); + if (msgdata->transfer_encoding) proto_tree_add_string(pt,hf_http_transfer_encoding,tvb,0,0,msgdata->transfer_encoding); + if (msgdata->media) proto_tree_add_string(pt,hf_http_media,tvb,0,0,msgdata->media); + } else { + if (msgdata->request_method) proto_tree_add_string(pt,hf_http_request_method,tvb,0,0,msgdata->request_method); + if (msgdata->request_uri) proto_tree_add_string(pt,hf_http_request_uri,tvb,0,0,msgdata->request_uri); + } + + } else { + /* header fragment */ } - } else { + /* no header */ return; } } static void proto_register_http(void) { static hf_register_info hf[] = { - HF_HTTP_PARSER + HF_HTTP_PARSER, + { &hf_http_is_response, { "=Is Response", "hyttp.info.is_response", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "", HFILL }}, + { &hf_http_request_method, { "=Method", "hyttp.info.method", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, + { &hf_http_response_code, { "=Response Code", "hyttp.info.response.code", FT_UINT32, BASE_DEC, VALS( http_response_codes ), 0x0, "", HFILL }}, + { &hf_http_transfer_encoding, { "=Transfer-Encoding", "hyttp.info.transfer_encoding", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, + { &hf_http_content_length, { "=Content-Length", "hyttp.info.content_length", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_http_request_uri, { "=Request URI", "hyttp.info.uri", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, + { &hf_http_media, { "=Media", "hyttp.info.media", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }} }; - static gint *ett[] = { + gint *ett[] = { ETT_HTTP_PARSER, &ett_http }; tpg_http_init(); - proto_http = proto_register_protocol("HyTeTrP", - "HyTeTrP", "hytetrpr"); + proto_http = proto_register_protocol("HyTTP", + "HyTTP", "hyttp"); proto_register_field_array(proto_http, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); - - rule_http_crlf = wanted_http_crlf(); - rule_http_header = wanted_http_header(); - rule_http_req_resp = wanted_http_req_resp(); - + } |