2001-08-18 04:27:08 +00:00
|
|
|
/* packet-icap.c
|
|
|
|
* Routines for ICAP packet disassembly
|
2004-07-09 23:37:40 +00:00
|
|
|
* RFC 3507
|
2001-08-18 04:27:08 +00:00
|
|
|
*
|
|
|
|
* Srishylam Simharajan simha@netapp.com
|
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2001-08-18 04:27:08 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-08-18 04:27:08 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-08-18 04:27:08 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-08-18 04:27:08 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2001-08-18 04:27:08 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
#include <ctype.h>
|
|
|
|
|
|
|
|
#include <glib.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
|
|
|
#include <epan/strutil.h>
|
2001-08-18 04:27:08 +00:00
|
|
|
|
2013-12-15 23:44:12 +00:00
|
|
|
void proto_register_icap(void);
|
|
|
|
void proto_reg_handoff_icap(void);
|
|
|
|
|
2001-08-18 04:27:08 +00:00
|
|
|
typedef enum _icap_type {
|
|
|
|
ICAP_OPTIONS,
|
|
|
|
ICAP_REQMOD,
|
|
|
|
ICAP_RESPMOD,
|
|
|
|
ICAP_RESPONSE,
|
|
|
|
ICAP_OTHER
|
|
|
|
} icap_type_t;
|
|
|
|
|
|
|
|
static int proto_icap = -1;
|
|
|
|
static int hf_icap_response = -1;
|
|
|
|
static int hf_icap_reqmod = -1;
|
|
|
|
static int hf_icap_respmod = -1;
|
|
|
|
static int hf_icap_options = -1;
|
2013-01-31 17:55:31 +00:00
|
|
|
/* static int hf_icap_other = -1; */
|
2001-08-18 04:27:08 +00:00
|
|
|
|
|
|
|
static gint ett_icap = -1;
|
|
|
|
|
2001-11-26 04:52:51 +00:00
|
|
|
static dissector_handle_t data_handle;
|
2014-06-18 19:37:32 +00:00
|
|
|
static dissector_handle_t http_handle;
|
2001-11-26 04:52:51 +00:00
|
|
|
|
2001-08-18 04:27:08 +00:00
|
|
|
#define TCP_PORT_ICAP 1344
|
2002-08-02 23:36:07 +00:00
|
|
|
static int is_icap_message(const guchar *data, int linelen, icap_type_t *type);
|
2001-08-18 04:27:08 +00:00
|
|
|
static void
|
|
|
|
dissect_icap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
{
|
|
|
|
proto_tree *icap_tree = NULL;
|
|
|
|
proto_item *ti = NULL;
|
2008-05-13 01:23:37 +00:00
|
|
|
proto_item *hidden_item;
|
2014-06-18 19:37:32 +00:00
|
|
|
tvbuff_t *new_tvb;
|
2001-08-18 04:27:08 +00:00
|
|
|
gint offset = 0;
|
2002-08-02 23:36:07 +00:00
|
|
|
const guchar *line;
|
2001-08-18 04:27:08 +00:00
|
|
|
gint next_offset;
|
2002-08-02 23:36:07 +00:00
|
|
|
const guchar *linep, *lineend;
|
2001-08-18 04:27:08 +00:00
|
|
|
int linelen;
|
2002-08-02 23:36:07 +00:00
|
|
|
guchar c;
|
2001-08-18 04:27:08 +00:00
|
|
|
icap_type_t icap_type;
|
|
|
|
int datalen;
|
|
|
|
|
2009-08-09 06:26:46 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ICAP");
|
2001-08-18 04:27:08 +00:00
|
|
|
|
2013-06-14 01:02:11 +00:00
|
|
|
/*
|
|
|
|
* Put the first line from the buffer into the summary
|
|
|
|
* if it's an ICAP header (but leave out the
|
|
|
|
* line terminator).
|
|
|
|
* Otherwise, just call it a continuation.
|
|
|
|
*
|
|
|
|
* Note that "tvb_find_line_end()" will return a value that
|
|
|
|
* is not longer than what's in the buffer, so the
|
|
|
|
* "tvb_get_ptr()" call won't throw an exception.
|
|
|
|
*/
|
|
|
|
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
|
|
|
|
line = tvb_get_ptr(tvb, offset, linelen);
|
|
|
|
icap_type = ICAP_OTHER; /* type not known yet */
|
|
|
|
if (is_icap_message(line, linelen, &icap_type))
|
|
|
|
col_add_str(pinfo->cinfo, COL_INFO,
|
|
|
|
format_text(line, linelen));
|
|
|
|
else
|
|
|
|
col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
|
2001-08-18 04:27:08 +00:00
|
|
|
|
|
|
|
if (tree) {
|
2002-01-24 09:20:54 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_icap, tvb, offset, -1,
|
2011-10-21 02:10:19 +00:00
|
|
|
ENC_NA);
|
2001-08-18 04:27:08 +00:00
|
|
|
icap_tree = proto_item_add_subtree(ti, ett_icap);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Process the packet data, a line at a time.
|
|
|
|
*/
|
|
|
|
icap_type = ICAP_OTHER; /* type not known yet */
|
|
|
|
while (tvb_offset_exists(tvb, offset)) {
|
|
|
|
gboolean is_icap = FALSE;
|
|
|
|
gboolean loop_done = FALSE;
|
|
|
|
/*
|
|
|
|
* Find the end of the line.
|
|
|
|
*/
|
2002-07-17 06:55:29 +00:00
|
|
|
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset,
|
|
|
|
FALSE);
|
2001-08-18 04:27:08 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Get a buffer that refers to the line.
|
|
|
|
*/
|
|
|
|
line = tvb_get_ptr(tvb, offset, linelen);
|
|
|
|
lineend = line + linelen;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* find header format
|
|
|
|
*/
|
|
|
|
if (is_icap_message(line, linelen, &icap_type)) {
|
|
|
|
goto is_icap_header;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* if it looks like a blank line, end of header perhaps?
|
|
|
|
*/
|
|
|
|
if (linelen == 0) {
|
|
|
|
goto is_icap_header;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2004-07-09 23:37:40 +00:00
|
|
|
* No. Does it look like a header?
|
2001-08-18 04:27:08 +00:00
|
|
|
*/
|
|
|
|
linep = line;
|
|
|
|
loop_done = FALSE;
|
|
|
|
while (linep < lineend && (!loop_done)) {
|
|
|
|
c = *linep++;
|
2004-07-09 23:37:40 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* This must be a CHAR to be part of a token; that
|
|
|
|
* means it must be ASCII.
|
|
|
|
*/
|
|
|
|
if (!isascii(c)) {
|
|
|
|
is_icap = FALSE;
|
|
|
|
break; /* not ASCII, thus not a CHAR */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This mustn't be a CTL to be part of a token.
|
|
|
|
*
|
|
|
|
* XXX - what about leading LWS on continuation
|
|
|
|
* lines of a header?
|
|
|
|
*/
|
|
|
|
if (iscntrl(c)) {
|
2001-08-18 04:27:08 +00:00
|
|
|
is_icap = FALSE;
|
2004-07-09 23:37:40 +00:00
|
|
|
break; /* CTL, not part of a header */
|
2001-08-18 04:27:08 +00:00
|
|
|
}
|
2004-07-09 23:37:40 +00:00
|
|
|
|
2001-08-18 04:27:08 +00:00
|
|
|
switch (c) {
|
2004-07-09 23:37:40 +00:00
|
|
|
|
2001-08-18 04:27:08 +00:00
|
|
|
case '(':
|
|
|
|
case ')':
|
|
|
|
case '<':
|
|
|
|
case '>':
|
|
|
|
case '@':
|
|
|
|
case ',':
|
|
|
|
case ';':
|
|
|
|
case '\\':
|
|
|
|
case '"':
|
|
|
|
case '/':
|
|
|
|
case '[':
|
|
|
|
case ']':
|
|
|
|
case '?':
|
|
|
|
case '=':
|
|
|
|
case '{':
|
|
|
|
case '}':
|
2004-07-09 23:37:40 +00:00
|
|
|
/*
|
|
|
|
* It's a separator, so it's not part of a
|
|
|
|
* token, so it's not a field name for the
|
|
|
|
* beginning of a header.
|
|
|
|
*
|
|
|
|
* (We don't have to check for HT; that's
|
|
|
|
* already been ruled out by "iscntrl()".)
|
|
|
|
*
|
|
|
|
* XXX - what about ' '? HTTP's checks
|
|
|
|
* check for that.
|
|
|
|
*/
|
2001-08-18 04:27:08 +00:00
|
|
|
is_icap = FALSE;
|
|
|
|
loop_done = TRUE;
|
|
|
|
break;
|
2004-07-09 23:37:40 +00:00
|
|
|
|
|
|
|
case ':':
|
|
|
|
/*
|
|
|
|
* This ends the token; we consider this
|
|
|
|
* to be a header.
|
|
|
|
*/
|
|
|
|
goto is_icap_header;
|
2001-08-18 04:27:08 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We don't consider this part of an ICAP message,
|
|
|
|
* so we don't display it.
|
|
|
|
* (Yeah, that means we don't display, say, a text/icap
|
|
|
|
* page, but you can get that from the data pane.)
|
|
|
|
*/
|
|
|
|
if (!is_icap)
|
|
|
|
break;
|
|
|
|
is_icap_header:
|
2014-05-18 07:56:20 +00:00
|
|
|
proto_tree_add_format_text(icap_tree, tvb, offset, next_offset - offset);
|
2001-08-18 04:27:08 +00:00
|
|
|
offset = next_offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tree) {
|
|
|
|
switch (icap_type) {
|
|
|
|
|
|
|
|
case ICAP_OPTIONS:
|
2008-05-13 01:23:37 +00:00
|
|
|
hidden_item = proto_tree_add_boolean(icap_tree,
|
|
|
|
hf_icap_options, tvb, 0, 0, 1);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
2001-08-18 04:27:08 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case ICAP_REQMOD:
|
2008-05-13 01:23:37 +00:00
|
|
|
hidden_item = proto_tree_add_boolean(icap_tree,
|
|
|
|
hf_icap_reqmod, tvb, 0, 0, 1);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
2001-08-18 04:27:08 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case ICAP_RESPMOD:
|
2008-05-13 01:23:37 +00:00
|
|
|
hidden_item = proto_tree_add_boolean(icap_tree,
|
|
|
|
hf_icap_respmod, tvb, 0, 0, 1);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
2001-08-18 04:27:08 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case ICAP_RESPONSE:
|
2008-05-13 01:23:37 +00:00
|
|
|
hidden_item = proto_tree_add_boolean(icap_tree,
|
|
|
|
hf_icap_response, tvb, 0, 0, 1);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
2001-08-18 04:27:08 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case ICAP_OTHER:
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-06-19 17:18:16 +00:00
|
|
|
datalen = tvb_length_remaining(tvb, offset);
|
2014-06-18 19:37:32 +00:00
|
|
|
if (datalen > 0) {
|
|
|
|
if(http_handle){
|
|
|
|
new_tvb = tvb_new_subset_remaining(tvb, offset);
|
|
|
|
call_dissector(http_handle, new_tvb, pinfo, icap_tree);
|
|
|
|
}
|
2001-08-18 04:27:08 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2001-08-18 04:27:08 +00:00
|
|
|
static int
|
2002-08-02 23:36:07 +00:00
|
|
|
is_icap_message(const guchar *data, int linelen, icap_type_t *type)
|
2001-08-18 04:27:08 +00:00
|
|
|
{
|
|
|
|
#define ICAP_COMPARE(string, length, msgtype) { \
|
|
|
|
if (strncmp(data, string, length) == 0) { \
|
|
|
|
if (*type == ICAP_OTHER) \
|
|
|
|
*type = msgtype; \
|
|
|
|
return TRUE; \
|
|
|
|
} \
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* From draft-elson-opes-icap-01(72).txt
|
|
|
|
*/
|
|
|
|
if (linelen >= 5) {
|
|
|
|
ICAP_COMPARE("ICAP/", 5, ICAP_RESPONSE); /* response */
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2001-08-18 04:27:08 +00:00
|
|
|
if (linelen >= 7) {
|
|
|
|
ICAP_COMPARE("REQMOD ", 7, ICAP_REQMOD); /* request mod */
|
2002-08-28 21:04:11 +00:00
|
|
|
}
|
2001-08-18 04:27:08 +00:00
|
|
|
if (linelen >= 8) {
|
|
|
|
ICAP_COMPARE("OPTIONS ", 8, ICAP_OPTIONS); /* options */
|
|
|
|
ICAP_COMPARE("RESPMOD ", 8, ICAP_RESPMOD); /* response mod */
|
|
|
|
}
|
|
|
|
return FALSE;
|
|
|
|
#undef ICAP_COMPARE
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_icap(void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_icap_response,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "Response", "icap.response",
|
2001-08-18 04:27:08 +00:00
|
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
"TRUE if ICAP response", HFILL }},
|
|
|
|
{ &hf_icap_reqmod,
|
|
|
|
{ "Reqmod", "icap.reqmod",
|
|
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
"TRUE if ICAP reqmod", HFILL }},
|
|
|
|
{ &hf_icap_respmod,
|
|
|
|
{ "Respmod", "icap.respmod",
|
|
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
"TRUE if ICAP respmod", HFILL }},
|
|
|
|
{ &hf_icap_options,
|
|
|
|
{ "Options", "icap.options",
|
|
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
"TRUE if ICAP options", HFILL }},
|
2013-01-31 17:55:31 +00:00
|
|
|
#if 0
|
2001-08-18 04:27:08 +00:00
|
|
|
{ &hf_icap_other,
|
|
|
|
{ "Other", "icap.other",
|
|
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
"TRUE if ICAP other", HFILL }},
|
2013-01-31 17:55:31 +00:00
|
|
|
#endif
|
2001-08-18 04:27:08 +00:00
|
|
|
};
|
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_icap,
|
|
|
|
};
|
|
|
|
|
|
|
|
proto_icap = proto_register_protocol(
|
2002-08-28 21:04:11 +00:00
|
|
|
"Internet Content Adaptation Protocol",
|
2001-08-18 04:27:08 +00:00
|
|
|
"ICAP", "icap");
|
|
|
|
proto_register_field_array(proto_icap, hf, array_length(hf));
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_icap(void)
|
|
|
|
{
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_handle_t icap_handle;
|
|
|
|
|
2014-06-18 19:37:32 +00:00
|
|
|
data_handle = find_dissector("data");
|
|
|
|
http_handle = find_dissector("http");
|
|
|
|
|
2001-12-03 04:00:26 +00:00
|
|
|
icap_handle = create_dissector_handle(dissect_icap, proto_icap);
|
2010-12-20 05:35:29 +00:00
|
|
|
dissector_add_uint("tcp.port", TCP_PORT_ICAP, icap_handle);
|
2001-08-18 04:27:08 +00:00
|
|
|
}
|