search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: pinfo->private_data points to smb_info again
[wireshark-wip.git] / epan / req_resp_hdrs.c
blob808daa7840bc78c6c6d0dea64c6b3f7ecd5b4d5e
1 /* req_resp_hdrs.c
2 * Routines handling protocols with a request/response line, headers,
3 * a blank line, and an optional body.
4 *
5 * $Id$
6 *
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
10 *
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26 #include "config.h"
27
28 #include <glib.h>
29 #include <stdio.h>
30 #include <string.h>
31
32 #include <epan/packet.h>
33 #include <epan/strutil.h>
34
35 #include <epan/req_resp_hdrs.h>
36
37 /*
38 * Optionally do reassembly of the request/response line, headers, and body.
39 */
40 gboolean
41 req_resp_hdrs_do_reassembly(tvbuff_t *tvb, const int offset, packet_info *pinfo,
42 const gboolean desegment_headers, const gboolean desegment_body)
43 {
44 gint next_offset;
45 gint next_offset_sav;
46 gint length_remaining, reported_length_remaining;
47 int linelen;
48 gchar *header_val;
49 int content_length;
50 gboolean content_length_found = FALSE;
51 gboolean content_type_found = FALSE;
52 gboolean chunked_encoding = FALSE;
53 gboolean keepalive_found = FALSE;
54 gchar *line;
55 gchar *content_type = NULL;
56
57 /*
58 * Do header desegmentation if we've been told to.
59 *
60 * RFC 2616 defines HTTP messages as being either of the
61 * Request or the Response type
62 * (HTTP-message = Request | Response).
63 * Request and Response are defined as:
64 * Request = Request-Line
65 * *(( general-header
66 * | request-header
67 * | entity-header ) CRLF)
68 * CRLF
69 * [ message-body ]
70 * Response = Status-Line
71 * *(( general-header
72 * | response-header
73 * | entity-header ) CRLF)
74 * CRLF
75 * [ message-body ]
76 * that's why we can always assume two consecutive line
77 * endings (we allow CR, LF, or CRLF, as some clients
78 * or servers might not use a full CRLF) to mark the end
79 * of the headers. The worst thing that would happen
80 * otherwise would be the packet not being desegmented
81 * or being interpreted as only headers.
82 *
83 * RFC 2326 says RTSP works the same way; RFC 3261 says SIP
84 * works the same way.
85 */
86
87 /*
88 * If header desegmentation is activated, check that all
89 * headers are in this tvbuff (search for an empty line
90 * marking end of headers) or request one more byte (we
91 * don't know how many bytes we'll need, so we just ask
92 * for one).
93 */
94 if (desegment_headers && pinfo->can_desegment) {
95 next_offset = offset;
96 for (;;) {
97 next_offset_sav = next_offset;
98
99 reported_length_remaining =
100 tvb_reported_length_remaining(tvb, next_offset);
101
102 /*
103 * Request one more byte if there're no
104 * bytes left in the reported data (if there're
105 * bytes left in the reported data, but not in
106 * the available data, requesting more bytes
107 * won't help, as those bytes weren't captured).
108 */
109 if (reported_length_remaining < 1) {
110 pinfo->desegment_offset = offset;
111 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
112 return FALSE;
113 }
114
115 length_remaining = tvb_length_remaining(tvb,
116 next_offset);
117
118 /*
119 * Request one more byte if we cannot find a
120 * header (i.e. a line end).
121 */
122 linelen = tvb_find_line_end(tvb, next_offset,
123 -1, &next_offset, TRUE);
124 if (linelen == -1 &&
125 length_remaining >= reported_length_remaining) {
126 /*
127 * Not enough data; ask for one more
128 * byte.
129 */
130 pinfo->desegment_offset = offset;
131 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
132 return FALSE;
133 }
134
135 if (linelen == 0) {
136 /*
137 * We found the end of the headers.
138 */
139 break;
140 }
141
142 /*
143 * Is this a Content-Length or Transfer-Encoding
144 * header? If not, it either means that we are in
145 * a different header line, or that we are
146 * at the end of the headers, or that there
147 * isn't enough data; the two latter cases
148 * have already been handled above.
149 */
150 if (desegment_body) {
151 /* Optimization to avoid fetching the whole (potentially very long)
152 * line and doing expensive string comparisons if the first
153 * character doesn't match. Shaves about 20% off the load time of
154 * one of my sample files that's HTTP-alike. */
155 guchar first_byte = tvb_get_guint8(tvb, next_offset_sav);
156 if (! (first_byte == 'c' || first_byte == 'C' ||
157 first_byte == 't' || first_byte == 'T')) {
158 continue;
159 }
160
161 /*
162 * Check if we've found Content-Length.
163 */
164 line = tvb_get_string(wmem_packet_scope(), tvb, next_offset_sav, linelen);
165 if (g_ascii_strncasecmp(line, "Content-Length:", 15) == 0) {
166 /* XXX - what if it doesn't fit in an int?
167 (Do not "fix" that by making this
168 a "long"; make it a gint64 or a
169 guint64.) */
170 if (sscanf(line+15,"%i", &content_length) == 1)
171 content_length_found = TRUE;
172 } else if (g_ascii_strncasecmp(line, "Content-Type:", 13) == 0) {
173 content_type_found = TRUE;
174 content_type = line+13;
175 while (*content_type == ' ') {
176 content_type++;
177 }
178 } else if (g_ascii_strncasecmp(line, "Connection:", 11) == 0) {
179 /* Check for keep-alive */
180 header_val = line+11;
181 if(header_val){
182 while(*header_val==' '){
183 header_val++;
184 }
185 if(!g_ascii_strncasecmp(header_val, "Keep-Alive", 10)){
186 keepalive_found = TRUE;
187 }
188 }
189 } else if (g_ascii_strncasecmp( line, "Transfer-Encoding:", 18) == 0) {
190 /*
191 * Find out if this Transfer-Encoding is
192 * chunked. It should be, since there
193 * really aren't any other types, but
194 * RFC 2616 allows for them.
195 */
196 gchar *p;
197 guint len;
198
199 header_val = line+18;
200 p = header_val;
201 len = (guint) strlen(header_val);
202 /* Skip white space */
203 while (p < header_val + len &&
204 (*p == ' ' || *p == '\t'))
205 p++;
206 if (p <= header_val + len) {
207 if (g_ascii_strncasecmp(p, "chunked", 7)
208 == 0) {
209 /*
210 * Don't bother looking
211 * for extensions;
212 * since we don't
213 * understand them,
214 * they should be
215 * ignored.
216 */
217 chunked_encoding = TRUE;
218 }
219 }
220 }
221 }
222 }
223 }
224
225 /*
226 * The above loop ends when we reached the end of the headers, so
227 * there should be content_length bytes after the 4 terminating bytes
228 * and next_offset points to after the end of the headers.
229 */
230 if (desegment_body) {
231 if (chunked_encoding) {
232 /*
233 * This data is chunked, so we need to keep pulling
234 * data until we reach the end of the stream, or a
235 * zero sized chunk.
236 *
237 * XXX
238 * This doesn't bother with trailing headers; I don't
239 * think they are really used, and we'd have to use
240 * is_http_request_or_reply() to determine if it was
241 * a trailing header, or the start of a new response.
242 */
243 gboolean done_chunking = FALSE;
244
245 while (!done_chunking) {
246 guint chunk_size = 0;
247 gint chunk_offset = 0;
248 gchar *chunk_string = NULL;
249 gchar *c = NULL;
250
251 reported_length_remaining =
252 tvb_reported_length_remaining(tvb,
253 next_offset);
254
255 if (reported_length_remaining < 1) {
256 pinfo->desegment_offset = offset;
257 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
258 return FALSE;
259 }
260
261 length_remaining = tvb_length_remaining(tvb,
262 next_offset);
263
264 linelen = tvb_find_line_end(tvb, next_offset,
265 -1, &chunk_offset, TRUE);
266
267 if (linelen == -1 &&
268 length_remaining >=
269 reported_length_remaining) {
270 pinfo->desegment_offset = offset;
271 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
272 return FALSE;
273 }
274
275 /* We have a line with the chunk size in it.*/
276 chunk_string = tvb_get_string(wmem_packet_scope(), tvb, next_offset,
277 linelen);
278 c = chunk_string;
279
280 /*
281 * We don't care about the extensions.
282 */
283 if ((c = strchr(c, ';'))) {
284 *c = '\0';
285 }
286
287 if (sscanf(chunk_string, "%x", &chunk_size) < 1) {
288 /* We couldn't get the chunk size,
289 * so stop trying.
290 */
291 return TRUE;
292 }
293 if (chunk_size > (guint)1<<31) {
294 /* Chunk size is unreasonable. */
295 /* XXX What /is/ reasonable? */
296 return TRUE;
297 }
298
299 if (chunk_size == 0) {
300 /*
301 * This is the last chunk. Let's pull in the
302 * trailing CRLF.
303 */
304 linelen = tvb_find_line_end(tvb,
305 chunk_offset, -1, &chunk_offset, TRUE);
306
307 if (linelen == -1 &&
308 length_remaining >=
309 reported_length_remaining) {
310 pinfo->desegment_offset = offset;
311 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
312 return FALSE;
313 }
314
315 pinfo->desegment_offset = chunk_offset;
316 pinfo->desegment_len = 0;
317 done_chunking = TRUE;
318 } else {
319 /*
320 * Skip to the next chunk if we
321 * already have it
322 */
323 if (reported_length_remaining >
324 (gint) chunk_size) {
325
326 next_offset = chunk_offset
327 + chunk_size + 2;
328 } else {
329 /*
330 * Fetch this chunk, plus the
331 * trailing CRLF.
332 */
333 pinfo->desegment_offset = offset;
334 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
335 return FALSE;
336 }
337 }
338
339 }
340 } else if (content_length_found) {
341 if (content_length >= 128*1024) { /* MS-RPCH stipulate that the content-length must be between 128K and 2G */
342 gchar *tmp;
343 if (content_type_found &&
344 strncmp(content_type, "application/rpc", 15) == 0) {
345 /* It looks like a RPC_IN_DATA request or a RPC_OUT_DATA response
346 * in which the content-length is meaningless
347 */
348 return TRUE;
349 }
350 /* Following sizeof will return the length of the string + \0 we need to not count it*/
351 tmp = tvb_get_string(wmem_packet_scope(), tvb, 0, sizeof("RPC_OUT_DATA") - 1);
352 if ((strncmp(tmp, "RPC_IN_DATA", sizeof("RPC_IN_DATA") - 1) == 0) ||
353 (strncmp(tmp, "RPC_OUT_DATA", sizeof("RPC_OUT_DATA") - 1) == 0)) {
354 return TRUE;
355 }
356 }
357 /* next_offset has been set to the end of the headers */
358 if (!tvb_bytes_exist(tvb, next_offset, content_length)) {
359 length_remaining = tvb_length_remaining(tvb,
360 next_offset);
361 reported_length_remaining =
362 tvb_reported_length_remaining(tvb, next_offset);
363 if (length_remaining < reported_length_remaining) {
364 /*
365 * It's a waste of time asking for more
366 * data, because that data wasn't captured.
367 */
368 return TRUE;
369 }
370 if (length_remaining == -1)
371 length_remaining = 0;
372 pinfo->desegment_offset = offset;
373 pinfo->desegment_len =
374 content_length - length_remaining;
375 return FALSE;
376 }
377 } else if (content_type_found && pinfo->can_desegment) {
378 /* We found a content-type but no content-length.
379 * This is probably a HTTP header for a session with
380 * only one HTTP PDU and where the content spans
381 * until the end of the tcp session, unless there
382 * is a keepalive header present in which case we
383 * assume there is no message body at all and thus
384 * we wont do any reassembly.
385 * Set up tcp reassembly until the end of this session.
386 */
387 length_remaining = tvb_length_remaining(tvb, next_offset);
388 reported_length_remaining = tvb_reported_length_remaining(tvb, next_offset);
389 if (length_remaining < reported_length_remaining) {
390 /*
391 * It's a waste of time asking for more
392 * data, because that data wasn't captured.
393 */
394 return TRUE;
395 }
396
397 if (keepalive_found) {
398 /* We have a keep-alive but no content-length.
399 * Assume there is no message body and dont
400 * do any reassembly.
401 */
402 return TRUE;
403 }
404
405 pinfo->desegment_offset = offset;
406 pinfo->desegment_len = DESEGMENT_UNTIL_FIN;
407
408 return FALSE;
409 }
410
411 }
412
413 /*
414 * No further desegmentation needed.
415 */
416 return TRUE;
417 }
418
419 /*
420 * Editor modelines - http://www.wireshark.org/tools/modelines.html
421 *
422 * Local variables:
423 * c-basic-offset: 8
424 * tab-width: 8
425 * indent-tabs-mode: t
426 * End:
427 *
428 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
429 * :indentSize=8:tabSize=8:noTabs=false:
430 */