1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
|
/* http_stats_tree.c
* Stats tree for HTTP
*
* (c) 2005, Luis E. G. Ontanon <luis.ontanon@gmail.com>
*
* $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <epan/stats_tree.h>
#include <epan/dissectors/packet-http.h>
static const value_string vals_status_code[] = {
{ 100, "Continue" },
{ 101, "Switching Protocols" },
{ 199, "Informational - Others" },
{ 200, "OK"},
{ 201, "Created"},
{ 202, "Accepted"},
{ 203, "Non-authoritative Information"},
{ 204, "No Content"},
{ 205, "Reset Content"},
{ 206, "Partial Content"},
{ 299, "Success - Others"},
{ 300, "Multiple Choices"},
{ 301, "Moved Permanently"},
{ 302, "Moved Temporarily"},
{ 303, "See Other"},
{ 304, "Not Modified"},
{ 305, "Use Proxy"},
{ 399, "Redirection - Others"},
{ 400, "Bad Request"},
{ 401, "Unauthorized"},
{ 402, "Payment Required"},
{ 403, "Forbidden"},
{ 404, "Not Found"},
{ 405, "Method Not Allowed"},
{ 406, "Not Acceptable"},
{ 407, "Proxy Authentication Required"},
{ 408, "Request Time-out"},
{ 409, "Conflict"},
{ 410, "Gone"},
{ 411, "Length Required"},
{ 412, "Precondition Failed"},
{ 413, "Request Entity Too Large"},
{ 414, "Request-URI Too Large"},
{ 415, "Unsupported Media Type"},
{ 499, "Client Error - Others"},
{ 500, "Internal Server Error"},
{ 501, "Not Implemented"},
{ 502, "Bad Gateway"},
{ 503, "Service Unavailable"},
{ 504, "Gateway Time-out"},
{ 505, "HTTP Version not supported"},
{ 599, "Server Error - Others"},
{ 0, NULL}
};
static const gchar* st_str_reqs = "HTTP Requests by Server";
static const gchar* st_str_reqs_by_srv_addr = "HTTP Requests by Server Address";
static const gchar* st_str_reqs_by_http_host = "HTTP Requests by HTTP Host";
static const gchar* st_str_resps_by_srv_addr = "HTTP Responses by Server Address";
static int st_node_reqs = -1;
static int st_node_reqs_by_srv_addr = -1;
static int st_node_reqs_by_http_host = -1;
static int st_node_resps_by_srv_addr = -1;
static void http_reqs_stats_tree_init(stats_tree* st) {
st_node_reqs = create_node(st, st_str_reqs, 0, TRUE);
st_node_reqs_by_srv_addr = create_node(st, st_str_reqs_by_srv_addr, st_node_reqs, TRUE);
st_node_reqs_by_http_host = create_node(st, st_str_reqs_by_http_host, st_node_reqs, TRUE);
st_node_resps_by_srv_addr = create_node(st, st_str_resps_by_srv_addr, 0, TRUE);
}
static int http_reqs_stats_tree_packet(stats_tree* st, packet_info* pinfo, epan_dissect_t* edt _U_, const void* p) {
const http_info_value_t* v = p;
int reqs_by_this_host;
int reqs_by_this_addr;
int resps_by_this_addr;
int i = v->response_code;
static gchar ip_str[256];
if (v->request_method) {
g_snprintf(ip_str,sizeof(ip_str),"%s",address_to_str(&pinfo->dst));
tick_stat_node(st, st_str_reqs, 0, FALSE);
tick_stat_node(st, st_str_reqs_by_srv_addr, st_node_reqs, TRUE);
tick_stat_node(st, st_str_reqs_by_http_host, st_node_reqs, TRUE);
reqs_by_this_addr = tick_stat_node(st, ip_str, st_node_reqs_by_srv_addr, TRUE);
if (v->http_host) {
reqs_by_this_host = tick_stat_node(st, v->http_host, st_node_reqs_by_http_host, TRUE);
tick_stat_node(st, ip_str, reqs_by_this_host, FALSE);
tick_stat_node(st, v->http_host, reqs_by_this_addr, FALSE);
}
return 1;
} else if (i != 0) {
g_snprintf(ip_str,sizeof(ip_str),"%s",address_to_str(&pinfo->src));
tick_stat_node(st, st_str_resps_by_srv_addr, 0, FALSE);
resps_by_this_addr = tick_stat_node(st, ip_str, st_node_resps_by_srv_addr, TRUE);
if ( (i>100)&&(i<400) ) {
tick_stat_node(st, "OK", resps_by_this_addr, FALSE);
} else {
tick_stat_node(st, "KO", resps_by_this_addr, FALSE);
}
return 1;
}
return 0;
}
static int st_node_requests_by_host = -1;
static const guint8* st_str_requests_by_host = "HTTP requests by HTTP Host";
static void http_req_stats_tree_init(stats_tree* st) {
st_node_requests_by_host = create_node(st, st_str_requests_by_host, 0, TRUE);
}
static int http_req_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p) {
const http_info_value_t* v = p;
int reqs_by_this_host;
if (v->request_method) {
tick_stat_node(st, st_str_requests_by_host, 0, FALSE);
if (v->http_host) {
reqs_by_this_host = tick_stat_node(st, v->http_host, st_node_requests_by_host, TRUE);
if (v->request_uri) {
tick_stat_node(st, v->request_uri, reqs_by_this_host, TRUE);
}
}
return 1;
}
return 0;
}
static const guint8* st_str_packets = "Total HTTP Packets";
static const guint8* st_str_responses = "HTTP responses";
static const guint8* st_str_resp_broken = "???: broken";
static const guint8* st_str_resp_100 = "1xx: Informational";
static const guint8* st_str_resp_200 = "2xx: Success";
static const guint8* st_str_resp_300 = "3xx: Redirection";
static const guint8* st_str_resp_400 = "4xx: Client Error";
static const guint8* st_str_resp_500 = "5xx: Server Error";
static const guint8* st_str_requests = "HTTP requests";
static const guint8* st_str_other = "Other HTTP packets";
static int st_node_packets = -1;
static int st_node_responses = -1;
static int st_node_resp_broken = -1;
static int st_node_resp_100 = -1;
static int st_node_resp_200 = -1;
static int st_node_resp_300 = -1;
static int st_node_resp_400 = -1;
static int st_node_resp_500 = -1;
static int st_node_requests = -1;
static int st_node_other = -1;
static void http_stats_tree_init(stats_tree* st) {
st_node_packets = create_node(st, st_str_packets, 0, TRUE);
st_node_responses = create_node(st, st_str_responses, st_node_packets, TRUE);
st_node_resp_broken = create_node(st, st_str_resp_broken, st_node_responses, TRUE);
st_node_resp_100 = create_node(st, st_str_resp_100, st_node_responses, TRUE);
st_node_resp_200 = create_node(st, st_str_resp_200, st_node_responses, TRUE);
st_node_resp_300 = create_node(st, st_str_resp_300, st_node_responses, TRUE);
st_node_resp_400 = create_node(st, st_str_resp_400, st_node_responses, TRUE);
st_node_resp_500 = create_node(st, st_str_resp_500, st_node_responses, TRUE);
st_node_requests = create_pivot_node(st, st_str_requests, st_node_packets);
st_node_other = create_node(st, st_str_other, st_node_packets,FALSE);
}
static int http_stats_tree_packet(stats_tree* st, packet_info* pinfo _U_, epan_dissect_t* edt _U_, const void* p) {
const http_info_value_t* v = p;
guint i = v->response_code;
int resp_grp;
const guint8* resp_str;
static gchar str[64];
tick_stat_node(st, st_str_packets, 0, FALSE);
if (i) {
tick_stat_node(st, st_str_responses, st_node_packets, FALSE);
if ( (i<100)||(i>=600) ) {
resp_grp = st_node_resp_broken;
resp_str = st_str_resp_broken;
} else if (i<200) {
resp_grp = st_node_resp_100;
resp_str = st_str_resp_100;
} else if (i<300) {
resp_grp = st_node_resp_200;
resp_str = st_str_resp_200;
} else if (i<400) {
resp_grp = st_node_resp_300;
resp_str = st_str_resp_300;
} else if (i<500) {
resp_grp = st_node_resp_400;
resp_str = st_str_resp_400;
} else {
resp_grp = st_node_resp_500;
resp_str = st_str_resp_500;
}
tick_stat_node(st, resp_str, st_node_responses, FALSE);
g_snprintf(str, sizeof(str),"%u %s",i,match_strval(i,vals_status_code));
tick_stat_node(st, str, resp_grp, FALSE);
} else if (v->request_method) {
tick_pivot(st,st_node_requests,v->request_method);
} else {
tick_stat_node(st, st_str_other, st_node_packets, FALSE);
}
return 1;
}
/* register all http trees */
extern void register_http_stat_trees(void) {
register_stats_tree("http","http","HTTP Tree/General", http_stats_tree_packet, http_stats_tree_init );
register_stats_tree("http","http_req","HTTP Tree/Requests", http_req_stats_tree_packet, http_req_stats_tree_init );
register_stats_tree("http","http_srv","HTTP Tree/Servers",http_reqs_stats_tree_packet,http_reqs_stats_tree_init);
}
|
