2 * Netgrind -- HTTP Analyser
4 * (c) 2003 Martin Mares <mj@ucw.cz>
6 * This software may be freely distributed and used according to the terms
7 * of the GNU General Public License.
13 #include "lib/pools.h"
14 #include "netgrind/pkt.h"
15 #include "netgrind/netgrind.h"
21 #include <netinet/in.h>
33 HTTP_IDLE, /* initialized, waiting for request */
34 HTTP_ERROR, /* protocol error, ignoring everything else */
35 HTTP_CUT, /* unexpected EOF in one direction, ignoring everything else */
36 HTTP_REQUEST, /* parsing request */
37 HTTP_BODY_CHUNKED, /* receiving body: chunked encoding */
38 HTTP_BODY_LENGTH, /* receiving body: length given */
39 HTTP_BODY_INF, /* receiving body: till EOF */
40 HTTP_RESPONSE, /* parsing response */
41 HTTP_DONE, /* transaction finished, logging it */
42 HTTP_CONNECT, /* inside CONNECT transaction */
45 u64 req_start_time, resp_start_time;
48 list tx_queue, rx_queue;
49 byte *req_line, *resp_line;
50 list req_headers, resp_headers;
61 static void http_open(struct flow *f, u64 when)
63 static int http_counter;
64 struct http_state *s = xmalloc_zero(sizeof(*s));
66 s->id = http_counter++;
67 DBG("HTTP: %d NEW %d.%d.%d.%d:%d -> %d.%d.%d.%d:%d\n", s->id,
68 IPQUAD(f->saddr), ntohs(f->sport), IPQUAD(f->daddr), ntohs(f->dport));
69 list_init(&s->tx_queue);
70 list_init(&s->rx_queue);
71 s->req_start_time = when;
74 static byte *http_lookup_hdr(list *l, byte *name)
76 struct http_header *h;
78 if (!strcasecmp(h->name, name))
83 static uns find_token(byte *hay, byte *needle)
89 if (*hay == ' ' || *hay == '\t' || *hay == ',')
94 while (*hay && *hay != ',' && *hay != ' ' && *hay != '\t')
98 uns found = !strcasecmp(h, needle);
107 static void http_report(struct flow *f, struct http_state *s, u64 when, byte *reason)
109 byte *method, *url, *x, *y, *stat;
110 static uns http_counter;
112 if (!(method = s->req_line))
115 /* Analyse request line */
117 while (*url && *url != ' ')
126 /* Analyse response line */
127 if (stat = s->resp_line)
129 while (*stat && *stat != ' ')
134 while (*x && *x != ' ')
141 reason = stat[0] ? stat : (byte*)"???";
143 /* Reconstruct full URL */
144 if (!strstr(url, "://") && strcasecmp(method, "CONNECT"))
146 if (!(x = http_lookup_hdr(&s->req_headers, "Host:")))
149 url = alloca(7 + strlen(x) + strlen(y) + 1);
150 sprintf(url, "http://%s%s", x, y);
152 char *ffor = http_lookup_hdr(&s->req_headers, "X-Forwarded-For:");
154 /* Find out cacheability */
155 byte *rq_pragma = http_lookup_hdr(&s->req_headers, "Pragma:");
156 byte *rp_pragma = http_lookup_hdr(&s->resp_headers, "Pragma:");
157 byte *rq_cc = http_lookup_hdr(&s->req_headers, "Cache-control:");
158 byte *rp_cc = http_lookup_hdr(&s->resp_headers, "Cache-control:");
159 byte *rp_cache = http_lookup_hdr(&s->resp_headers, "X-Cache:");
160 uns rq_cflag, rp_cflag, rp_hit;
161 if (find_token(rq_pragma, "no-cache") || find_token(rq_cc, "no-cache"))
163 else if (find_token(rq_cc, "max-age=0") || find_token(rq_cc, "must-revalidate"))
167 if (find_token(rp_pragma, "no-cache") || find_token(rp_cc, "no-cache"))
169 else if (find_token(rp_cc, "private"))
171 else if (find_token(rp_cc, "no-store"))
173 else if (find_token(rp_cc, "must-revalidate"))
179 else if (!strncmp(rp_cache, "HIT ", 4))
181 else if (!strncmp(rp_cache, "MISS ", 5))
186 byte stamp[TIMESTAMP_LEN], src[22], dst[22];
187 sprintf(src, "%d.%d.%d.%d:%d", IPQUAD(f->saddr), ntohs(f->sport));
188 sprintf(dst, "%d.%d.%d.%d:%d", IPQUAD(f->daddr), ntohs(f->dport));
189 format_timestamp(stamp, s->req_start_time);
190 u64 ttotal = when - s->req_start_time;
191 u64 tresp = (s->resp_line ? (s->resp_start_time - s->req_start_time) : 0);
192 byte *ctype = (http_lookup_hdr(&s->resp_headers, "Content-type:") ? : http_lookup_hdr(&s->req_headers, "Content-type:")) ? : (byte*)"-";
194 if (sep = strchr(ctype, ';'))
197 printf("# timestamp source destination forwarded-for res cac que length total time wait time ctype method URL\n");
198 /* 2003-06-06 22:53:38.642 81.27.194.19:1175 205.217.153.53:80 123.123.123.123 200 ... 0 14030 0.957 0.444 text/plain GET http://... */
199 printf("%s %-21s %-21s %-15s %-3s %c%c%c %3d %8d %6d.%03d %6d.%03d %-12s %s %s\n",
200 stamp, src, dst, (ffor ? : "-"), reason,
201 rq_cflag, rp_cflag, rp_hit,
204 (uns)(ttotal/1000000), (uns)(ttotal%1000000)/1000,
205 (uns)(tresp/1000000), (uns)(tresp%1000000)/1000,
211 static void http_close(struct flow *f, int cause, u64 when)
213 struct http_state *s = f->appl_data;
214 DBG("HTTP: %d CLOSE in state %d (cause %d)\n", s->id, s->state, cause);
215 if (cause != CAUSE_CLOSE)
217 if (s->state != HTTP_IDLE)
220 sprintf(buf, "T%s", flow_cause_names_short[cause]);
221 http_report(f, s, when, buf);
228 http_report(f, s, when, "ERR");
231 http_report(f, s, when, "CUT");
234 http_report(f, s, when, "FIN");
237 pkt_flush_queue(&s->rx_queue);
238 pkt_flush_queue(&s->tx_queue);
244 static struct http_header *http_get_line(struct http_state *s, list *l)
248 struct pkt *p = list_head(l);
251 while (p->data < p->stop)
258 struct http_header *h = mp_alloc(s->pool, sizeof(*h) + s->line_len);
259 memcpy(h->buf, s->line, s->line_len);
260 h->buf[s->line_len] = 0;
261 h->name = h->value = NULL;
265 else if (s->line_len >= MAXLINE-1)
267 DBG("HTTP: Line too long!\n");
268 s->state = HTTP_ERROR;
272 s->line[s->line_len++] = c;
279 static int http_skip_body_bytes(struct http_state *s)
283 struct pkt *p = list_head(s->body_queue);
286 uns avail = pkt_len(p);
287 uns want = s->body_len;
288 uns go = MIN(avail, want);
291 s->body_total_size += go;
302 static int http_have_input(list *l)
306 struct pkt *p = list_head(l);
316 static void http_init_xact(struct http_state *s)
318 list_init(&s->req_headers);
319 list_init(&s->resp_headers);
323 s->pool = mp_new(4096);
324 s->req_line = s->resp_line = NULL;
326 s->body_total_size = 0;
329 static void http_parse_hdr(list *l, struct http_header *h)
333 while (*x && *x != ' ' && *x != '\t')
335 while (*x == ' ' || *x == '\t')
338 list_add_tail(l, &h->n);
341 static int http_ask_body(struct http_state *s, list *hdr)
344 if (x = http_lookup_hdr(hdr, "Transfer-Encoding:"))
346 DBG("\tBody encoding: %s\n", x);
347 if (!strcasecmp(x, "chunked"))
349 s->state = HTTP_BODY_CHUNKED;
354 s->state = HTTP_ERROR;
356 else if (x = http_lookup_hdr(hdr, "Content-Length:"))
358 s->body_len = atol(x);
359 DBG("\tBody length: %d\n", s->body_len);
360 s->state = HTTP_BODY_LENGTH;
367 static void http_parse_req(struct http_state *s)
369 if (!strstr(s->req_line, " HTTP/1"))
371 DBG("\tNot a HTTP/1.x request!\n");
372 s->state = HTTP_ERROR;
374 else if (http_ask_body(s, &s->req_headers))
376 else if (!strncasecmp(s->req_line, "POST ", 4))
378 DBG("\tPOST with no request body, that smells!\n");
379 s->state = HTTP_BODY_INF;
383 DBG("\tNo request body, awaiting reply\n");
384 s->state = HTTP_RESPONSE;
386 s->body_queue = &s->tx_queue;
387 s->body_end_state = HTTP_RESPONSE;
390 static void http_parse_resp(struct http_state *s)
392 if (!strncasecmp(s->req_line, "HEAD ", 5))
394 DBG("\tHEAD has no body :)\n");
395 s->state = HTTP_DONE;
397 else if (http_ask_body(s, &s->resp_headers))
399 else if (!strncasecmp(s->req_line, "GET ", 4) && strstr(s->resp_line, " 200 "))
401 DBG("\tGET with no response body, that smells!\n");
402 s->state = HTTP_BODY_INF;
406 DBG("\tNo response body\n");
407 s->state = HTTP_DONE;
409 s->body_queue = &s->rx_queue;
410 s->body_end_state = HTTP_DONE;
413 static void http_input(struct flow *f, int dir, struct pkt *p)
415 struct http_state *s = f->appl_data;
416 struct http_header *h;
417 int fin_tx = (f->pipe[0].state == FLOW_FINISHED);
418 int fin_rx = (f->pipe[1].state == FLOW_FINISHED);
420 // DBG("dir=%d txf=%d rxf=%d len=%d\n", dir, fin_tx, fin_rx, pkt_len(p));
421 if (s->state == HTTP_ERROR || s->state == HTTP_CUT)
423 DBG("HTTP: %d DROPPING INPUT\n", s->id);
428 list_add_tail((dir ? &s->tx_queue : &s->rx_queue), &p->n);
431 DBG("HTTP: %d STATE %d\n", s->id, s->state);
435 if (fin_tx || !http_have_input(&s->tx_queue))
437 s->state = HTTP_REQUEST;
439 if (!s->req_start_time)
440 s->req_start_time = p->timestamp;
443 if (fin_tx || fin_rx)
445 if (!(h = http_get_line(s, &s->tx_queue)))
447 DBG("\t>> %s\n", h->buf);
452 s->req_line = h->buf;
455 http_parse_hdr(&s->req_headers, h);
459 case HTTP_BODY_LENGTH:
462 if (!http_skip_body_bytes(s))
464 DBG("\tEnd of body\n");
465 s->state = s->body_end_state;
467 case HTTP_BODY_CHUNKED:
472 if (!http_skip_body_bytes(s))
475 else if (s->body_trailer)
477 if (!(h = http_get_line(s, s->body_queue)))
481 DBG("\tEnd of chunk-encoded body\n");
482 s->state = s->body_end_state;
487 if (!(h = http_get_line(s, s->body_queue)))
489 if (sscanf(h->buf, "%x", &s->body_len) != 1)
492 s->body_len += 2; /* extra CRLF */
493 else /* last chunk */
499 http_skip_body_bytes(s);
502 DBG("\tEnd of FIN-delimited body\n");
503 s->state = s->body_end_state;
511 if (!(h = http_get_line(s, &s->rx_queue)))
513 DBG("\t<< %s\n", h->buf);
518 s->resp_line = h->buf;
519 s->resp_start_time = p->timestamp;
522 http_parse_hdr(&s->resp_headers, h);
527 DBG("\tTransaction finished.\n");
528 if (!strncasecmp(s->req_line, "CONNECT ", 8))
530 s->state = HTTP_CONNECT;
533 http_report(f, s, p->timestamp, NULL);
534 s->state = HTTP_IDLE;
535 s->req_start_time = 0;
539 s->body_queue = &s->rx_queue;
540 http_skip_body_bytes(s);
542 s->body_queue = &s->tx_queue;
543 http_skip_body_bytes(s);
554 DBG("HTTP: %d ERROR: PROTOCOL VIOLATION\n", s->id);
555 s->state = HTTP_ERROR;
559 DBG("HTTP: %d ERROR: UNEXPECTED EOF\n", s->id);
563 struct appl_hooks appl_http = {