public override bool HandleSession(IPSession session)
{
logger.AddMessage(String.Format("session.LocalEndpoint.Port={0}, session.RemoteEndpoint.Port={1}",
session.LocalEndpoint.Port, session.RemoteEndpoint.Port));
if (session.RemoteEndpoint.Port == MSN_SB_PORT)
{
return(HandleSwitchboardSession(session));
}
PacketStream stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() < 8)
{
return(false);
}
List <PacketSlice> lenSlices = new List <PacketSlice>(1);
UInt32 len = stream.ReadU32LE(lenSlices);
if (len != 4)
{
return(false);
}
List <PacketSlice> contentSlices = new List <PacketSlice>(1);
string str = stream.ReadCStringASCII((int)len, contentSlices);
if (str != "foo")
{
return(false);
}
TransactionNode magicNode = new TransactionNode("MSNP2PDirectMagic");
magicNode.Description = magicNode.Name;
magicNode.AddField("Length", len, "Magic length.", lenSlices);
magicNode.AddField("Magic", str, "Magic string.", contentSlices);
TransactionNode requestNode = ReadNextP2PDirectMessage(stream, "Request");
stream = session.GetNextStreamDirection();
TransactionNode responseNode = ReadNextP2PDirectMessage(stream, "Response");
TransactionNode handshakeNode = new TransactionNode("MSNP2PDirectHandshake");
handshakeNode.Description = handshakeNode.Name;
handshakeNode.AddChild(requestNode);
handshakeNode.AddChild(responseNode);
session.AddNode(magicNode);
session.AddNode(handshakeNode);
ReadAllP2PDirectMessages(session, session.GetNextStreamDirection());
ReadAllP2PDirectMessages(session, session.GetNextStreamDirection());
return(true);
}
public override bool HandleSession(IPSession session)
{
//List<Configuration.Setting> settings = Configuration.ParserConfiguration.Settings[Name()];
//foreach(Configuration.Setting setting in settings)
// logger.AddMessage("Using property {0} with value {1}", setting.Property, setting.Value);
PacketStream stream = session.GetNextStreamDirection();
if (session.RemoteEndpoint != null && ((session.RemoteEndpoint.Port == 1521) || (session.RemoteEndpoint.Port == redirPort)))
{
//we're either connected to the standard Oracle port or the redirected port
}
else
{
return(false);
}
while (true)
{
try {
TransactionNode transaction = new TransactionNode("OracleTransaction");
transaction.Description = transaction.Name;
TransactionNode tnsNode = ExtractTNSData(stream, StreamDirection.OUT);
if (tnsNode != null)
{
transaction.AddChild(tnsNode);
}
//response stream
stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() != 0)
{
tnsNode = ExtractTNSData(stream, StreamDirection.IN);
if (tnsNode != null)
{
transaction.AddChild(tnsNode);
}
}
if (transaction.Children.Count > 0)
{
session.AddNode(transaction);
}
//request stream (if exists)
stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() == 0)
{
break;
}
} catch (EndOfStreamException) {
break;
}
}
return(true);
}
protected void AddBodyNode(PacketStream stream,
TransactionNode transactionNode,
string contentType,
string contentEncoding,
int bodyLen)
{
List <PacketSlice> slices = new List <PacketSlice>(1);
TransactionNode bodyNode = new TransactionNode("Body");
byte[] body = stream.ReadBytes(bodyLen, slices);
if (contentType == "text/html" || contentType == "text/xml")
{
int realBodyLen = body.Length;
if (body[realBodyLen - 1] == '\0')
{
realBodyLen--;
}
Decoder dec;
if (contentEncoding == "utf-8")
{
dec = Encoding.UTF8.GetDecoder();
}
else
{
dec = Encoding.ASCII.GetDecoder();
}
char[] bodyChars = new char[dec.GetCharCount(body, 0, realBodyLen)];
dec.GetChars(body, 0, realBodyLen, bodyChars, 0);
string bodyStr = new string(bodyChars);
if (contentType == "text/xml")
{
bodyNode.AddXMLField("XML", bodyStr, "Body XML data.", slices);
}
else
{
bodyNode.AddTextField("HTML", bodyStr, "Body HTML data.", slices);
}
}
else if (contentType == "application/vnd.ms-sync.wbxml")
{
string xml = WBXML.ConvertToXML(body);
bodyNode.AddXMLField("WBXML", xml, "Body WBXML data.", slices);
}
else
{
bodyNode.AddField("Raw", body, StaticUtils.FormatByteArray(body),
"Raw body data.", slices);
}
transactionNode.AddChild(bodyNode);
}
public override bool HandleSession(IPSession session) {
//List<Configuration.Setting> settings = Configuration.ParserConfiguration.Settings[Name()];
//foreach(Configuration.Setting setting in settings)
// logger.AddMessage("Using property {0} with value {1}", setting.Property, setting.Value);
PacketStream stream = session.GetNextStreamDirection();
if (session.RemoteEndpoint != null && ((session.RemoteEndpoint.Port == 1521) || (session.RemoteEndpoint.Port == redirPort))) {
//we're either connected to the standard Oracle port or the redirected port
}else
return false;
while (true) {
try {
TransactionNode transaction = new TransactionNode("OracleTransaction");
transaction.Description = transaction.Name;
TransactionNode tnsNode = ExtractTNSData(stream, StreamDirection.OUT);
if(tnsNode != null)
transaction.AddChild(tnsNode);
//response stream
stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() != 0) {
tnsNode = ExtractTNSData(stream, StreamDirection.IN);
if(tnsNode != null)
transaction.AddChild(tnsNode);
}
if(transaction.Children.Count > 0)
session.AddNode(transaction);
//request stream (if exists)
stream = session.GetNextStreamDirection();
if(stream.GetBytesAvailable() == 0)
break;
} catch (EndOfStreamException) {
break;
}
}
return true;
}
private TransactionNode ExtractTNSData(PacketStream stream, StreamDirection direction)
{
TransactionNode node;
OracleTransactionType type;
List<PacketSlice> slices = new List<PacketSlice>();
Int16 pLen = 0;
int packetType;
try {
pLen = stream.PeekInt16();
stream.ReadBytes(2, slices);
stream.ReadBytes(2); //skip checksum
packetType = stream.ReadByte();
type = (OracleTransactionType)packetType;
stream.ReadByte(); //skip the reserved byte
} catch (Exception e) {
logger.AddMessage(e.Message);
return null;
}
switch (type) {
case OracleTransactionType.CONNECT:
try {
node = new TransactionNode("Connect");
node.AddField("Packet Size", pLen, "Packet Size", slices);
Int16 headerChecksum = stream.ReadInt16();
Int16 version = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Version", version, "Version", slices);
Int16 compatVersion = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Version (compatible)", compatVersion, "Compatible Version", slices);
Int16 serviceOptions = stream.ReadInt16();
Int16 sessionDataUnitSize = stream.ReadInt16();
Int16 maxTxDataUnitSize = stream.ReadInt16();
Int16 NTProtCharacteristics = stream.ReadInt16();
Int16 lineTurnValue = stream.ReadInt16();
Int16 valueOfOneInHW = stream.ReadInt16();
Int16 ctDataLen = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Data Length", ctDataLen, "The length of the connect datastring.", slices);
Int16 ctDataOffset = stream.ReadInt16();
Int16 maxRecCtData = stream.ReadInt16();
Int16 ctFlagsA = stream.ReadInt16();
Int16 ctFlagsB = stream.ReadInt16();
Int32 traceItemA = stream.ReadInt32();
Int32 traceItemB = stream.ReadInt32();
Int64 traceID = stream.ReadInt64();
stream.ReadInt64();
byte[] ctData = stream.PeekBytes(ctDataLen);
string connectData = StaticUtils.DecodeASCII(ctData);
stream.ReadBytes(ctDataLen, slices);
node.AddField("Connect data", connectData, "Connect data", slices);
try {
Match match = Regex.Match(connectData, "\\(PROTOCOL=(?<proto>\\w{2,})\\)\\(HOST=(?<host>[.\\w]{7,})\\)\\(PORT=(?<port>\\d{2,})\\)\\).*SERVICE_NAME=(?<sid>[.\\w]{1,})\\)");
string proto = match.Groups["proto"].Value;
string host = match.Groups["host"].Value;
string newPort = match.Groups["port"].Value;
string sid = match.Groups["sid"].Value;
TransactionNode cInfoNode = new TransactionNode("Connection Info");
cInfoNode.AddField("Protocol", proto, "Protocol", slices);
cInfoNode.AddField("Host", host, "Server being connected to", slices);
cInfoNode.AddField("Port", newPort, "Port", slices);
cInfoNode.AddField("Service", sid, "Service", slices);
node.AddChild(cInfoNode);
} catch (ArgumentException) {
}
return node;
} catch (Exception e) {
logger.AddMessage(e.Message);
return null;
}
case OracleTransactionType.ACCEPT:
node = new TransactionNode("Accept");
node.AddField("Packet Size", pLen, "Packet Size", slices);
try {
Int16 headerChecksum = stream.ReadInt16();
Int16 version = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Version", version, "Version", slices);
Int16 serviceOptions = stream.ReadInt16();
Int16 sessionDataUnitSize = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Session Data Unit Size", sessionDataUnitSize, "Session Data Unit Size", slices);
Int16 maxTxDataUnitSize = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Max Tx Unit Size", maxTxDataUnitSize, "Maximum Transmission Data Unit Size", slices);
Int16 valueOfOneInHW = stream.ReadInt16();
Int16 acceptDataLength = stream.ReadInt16();
Int16 dataOffset = stream.ReadInt16();
int connectFlagsA = stream.ReadByte();
int connectFlagsB = stream.ReadByte();
stream.ReadBytes(pLen - 24); //read out empty bytes
} catch (Exception e) {
logger.AddMessage(e.Message);
return null;
}
return node;
case OracleTransactionType.REDIRECT:
node = new TransactionNode("Redirect");
node.AddField("Packet Size", pLen, "Packet Size", slices);
try {
Int16 headerChecksum = stream.ReadInt16();
Int16 redirLen = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Redirection Data Length", redirLen, "Length of the redirection data string", slices);
byte[] redirData = stream.PeekBytes(redirLen);
string sRedir = StaticUtils.DecodeASCII(redirData);
stream.ReadBytes(redirLen, slices);
node.AddField("Redirection Data", sRedir, "Redirection data", slices);
//get the redirected port
string newPort = null;
string proto = null;
string host = null;
try {
Match match = Regex.Match(sRedir, "\\(PROTOCOL=(?<proto>\\w{2,})\\)\\(HOST=(?<host>[.\\w]{7,})\\)\\(PORT=(?<port>\\d{2,})\\)\\)");
proto = match.Groups["proto"].Value;
host = match.Groups["host"].Value;
newPort = match.Groups["port"].Value;
} catch (ArgumentException) {
// Syntax error in the regular expression
}
if(!newPort.Equals(""))
redirPort = Int32.Parse(newPort);
TransactionNode redirInfo = new TransactionNode("Redirection Info");
redirInfo.AddField("Protocol", proto, "Protocol used", slices);
redirInfo.AddField("Host", host, "Host", slices);
redirInfo.AddField("Port", newPort, "Port", slices);
node.AddChild(redirInfo);
} catch (Exception e) {
logger.AddMessage(e.Message);
return null;
}
return node;
case OracleTransactionType.DATA:
string label;
if (direction == StreamDirection.IN)
label = "Response";
else
label = "Request";
node = new TransactionNode("Data - "+label );
node.AddField("Packet Size", pLen, "Packet Size", slices);
try {
Int16 headerChecksum = stream.ReadInt16();
Int16 dataFlags = stream.ReadInt16();
int payLoadLength = pLen - 10;
byte[] payLoad = stream.PeekBytes(payLoadLength);
string sPayload = StaticUtils.DecodeASCII(payLoad);
stream.ReadBytes(payLoadLength, slices);
node.AddField("Data", sPayload, "Data", slices);
} catch (Exception e) {
logger.AddMessage(e.Message);
return null;
}
return node;
default:
logger.AddMessage(String.Format("Packet dissection not implemented [TransactionType={0}]", type));
return null;
}
}
private TransactionNode ExtractTNSData(PacketStream stream, StreamDirection direction)
{
TransactionNode node;
OracleTransactionType type;
List <PacketSlice> slices = new List <PacketSlice>();
Int16 pLen = 0;
int packetType;
try {
pLen = stream.PeekInt16();
stream.ReadBytes(2, slices);
stream.ReadBytes(2); //skip checksum
packetType = stream.ReadByte();
type = (OracleTransactionType)packetType;
stream.ReadByte(); //skip the reserved byte
} catch (Exception e) {
logger.AddMessage(e.Message);
return(null);
}
switch (type)
{
case OracleTransactionType.CONNECT:
try {
node = new TransactionNode("Connect");
node.AddField("Packet Size", pLen, "Packet Size", slices);
Int16 headerChecksum = stream.ReadInt16();
Int16 version = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Version", version, "Version", slices);
Int16 compatVersion = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Version (compatible)", compatVersion, "Compatible Version", slices);
Int16 serviceOptions = stream.ReadInt16();
Int16 sessionDataUnitSize = stream.ReadInt16();
Int16 maxTxDataUnitSize = stream.ReadInt16();
Int16 NTProtCharacteristics = stream.ReadInt16();
Int16 lineTurnValue = stream.ReadInt16();
Int16 valueOfOneInHW = stream.ReadInt16();
Int16 ctDataLen = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Data Length", ctDataLen, "The length of the connect datastring.", slices);
Int16 ctDataOffset = stream.ReadInt16();
Int16 maxRecCtData = stream.ReadInt16();
Int16 ctFlagsA = stream.ReadInt16();
Int16 ctFlagsB = stream.ReadInt16();
Int32 traceItemA = stream.ReadInt32();
Int32 traceItemB = stream.ReadInt32();
Int64 traceID = stream.ReadInt64();
stream.ReadInt64();
byte[] ctData = stream.PeekBytes(ctDataLen);
string connectData = StaticUtils.DecodeASCII(ctData);
stream.ReadBytes(ctDataLen, slices);
node.AddField("Connect data", connectData, "Connect data", slices);
try {
Match match = Regex.Match(connectData, "\\(PROTOCOL=(?<proto>\\w{2,})\\)\\(HOST=(?<host>[.\\w]{7,})\\)\\(PORT=(?<port>\\d{2,})\\)\\).*SERVICE_NAME=(?<sid>[.\\w]{1,})\\)");
string proto = match.Groups["proto"].Value;
string host = match.Groups["host"].Value;
string newPort = match.Groups["port"].Value;
string sid = match.Groups["sid"].Value;
TransactionNode cInfoNode = new TransactionNode("Connection Info");
cInfoNode.AddField("Protocol", proto, "Protocol", slices);
cInfoNode.AddField("Host", host, "Server being connected to", slices);
cInfoNode.AddField("Port", newPort, "Port", slices);
cInfoNode.AddField("Service", sid, "Service", slices);
node.AddChild(cInfoNode);
} catch (ArgumentException) {
}
return(node);
} catch (Exception e) {
logger.AddMessage(e.Message);
return(null);
}
case OracleTransactionType.ACCEPT:
node = new TransactionNode("Accept");
node.AddField("Packet Size", pLen, "Packet Size", slices);
try {
Int16 headerChecksum = stream.ReadInt16();
Int16 version = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Version", version, "Version", slices);
Int16 serviceOptions = stream.ReadInt16();
Int16 sessionDataUnitSize = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Session Data Unit Size", sessionDataUnitSize, "Session Data Unit Size", slices);
Int16 maxTxDataUnitSize = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Max Tx Unit Size", maxTxDataUnitSize, "Maximum Transmission Data Unit Size", slices);
Int16 valueOfOneInHW = stream.ReadInt16();
Int16 acceptDataLength = stream.ReadInt16();
Int16 dataOffset = stream.ReadInt16();
int connectFlagsA = stream.ReadByte();
int connectFlagsB = stream.ReadByte();
stream.ReadBytes(pLen - 24); //read out empty bytes
} catch (Exception e) {
logger.AddMessage(e.Message);
return(null);
}
return(node);
case OracleTransactionType.REDIRECT:
node = new TransactionNode("Redirect");
node.AddField("Packet Size", pLen, "Packet Size", slices);
try {
Int16 headerChecksum = stream.ReadInt16();
Int16 redirLen = stream.PeekInt16();
stream.ReadBytes(2, slices);
node.AddField("Redirection Data Length", redirLen, "Length of the redirection data string", slices);
byte[] redirData = stream.PeekBytes(redirLen);
string sRedir = StaticUtils.DecodeASCII(redirData);
stream.ReadBytes(redirLen, slices);
node.AddField("Redirection Data", sRedir, "Redirection data", slices);
//get the redirected port
string newPort = null;
string proto = null;
string host = null;
try {
Match match = Regex.Match(sRedir, "\\(PROTOCOL=(?<proto>\\w{2,})\\)\\(HOST=(?<host>[.\\w]{7,})\\)\\(PORT=(?<port>\\d{2,})\\)\\)");
proto = match.Groups["proto"].Value;
host = match.Groups["host"].Value;
newPort = match.Groups["port"].Value;
} catch (ArgumentException) {
// Syntax error in the regular expression
}
if (!newPort.Equals(""))
{
redirPort = Int32.Parse(newPort);
}
TransactionNode redirInfo = new TransactionNode("Redirection Info");
redirInfo.AddField("Protocol", proto, "Protocol used", slices);
redirInfo.AddField("Host", host, "Host", slices);
redirInfo.AddField("Port", newPort, "Port", slices);
node.AddChild(redirInfo);
} catch (Exception e) {
logger.AddMessage(e.Message);
return(null);
}
return(node);
case OracleTransactionType.DATA:
string label;
if (direction == StreamDirection.IN)
{
label = "Response";
}
else
{
label = "Request";
}
node = new TransactionNode("Data - " + label);
node.AddField("Packet Size", pLen, "Packet Size", slices);
try {
Int16 headerChecksum = stream.ReadInt16();
Int16 dataFlags = stream.ReadInt16();
int payLoadLength = pLen - 10;
byte[] payLoad = stream.PeekBytes(payLoadLength);
string sPayload = StaticUtils.DecodeASCII(payLoad);
stream.ReadBytes(payLoadLength, slices);
node.AddField("Data", sPayload, "Data", slices);
} catch (Exception e) {
logger.AddMessage(e.Message);
return(null);
}
return(node);
default:
logger.AddMessage(String.Format("Packet dissection not implemented [TransactionType={0}]", type));
return(null);
}
}
public TransactionNode(TransactionNode parent, string name)
{
Initialize(parent, name);
parent.AddChild(this);
}
public override bool HandleSession(IPSession session)
{
logger.AddMessage(String.Format("session.LocalEndpoint={0}, session.RemoteEndpoint={1}",
session.LocalEndpoint, session.RemoteEndpoint));
if (session.RemoteEndpoint != null && session.RemoteEndpoint.Port == MSN_SB_PORT)
return HandleSwitchboardSession(session);
PacketStream stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() < 8)
return false;
List<PacketSlice> lenSlices = new List<PacketSlice>(1);
UInt32 len = stream.ReadU32LE(lenSlices);
if (len != 4)
return false;
List<PacketSlice> contentSlices = new List<PacketSlice>(1);
string str = stream.ReadCStringASCII((int) len, contentSlices);
if (str != "foo")
return false;
TransactionNode magicNode = new TransactionNode("MSNP2PDirectMagic");
magicNode.Description = magicNode.Name;
magicNode.AddField("Length", len, "Magic length.", lenSlices);
magicNode.AddField("Magic", str, "Magic string.", contentSlices);
TransactionNode requestNode = ReadNextP2PDirectMessage(stream, "Request");
stream = session.GetNextStreamDirection();
TransactionNode responseNode = ReadNextP2PDirectMessage(stream, "Response");
TransactionNode handshakeNode = new TransactionNode("MSNP2PDirectHandshake");
handshakeNode.Description = handshakeNode.Name;
handshakeNode.AddChild(requestNode);
handshakeNode.AddChild(responseNode);
session.AddNode(magicNode);
session.AddNode(handshakeNode);
ReadAllP2PDirectMessages(session, session.GetNextStreamDirection());
ReadAllP2PDirectMessages(session, session.GetNextStreamDirection());
return true;
}
public TransactionNode(TransactionNode parent, string name)
{
Initialize(parent, name);
parent.AddChild(this);
}
protected void AddBodyNode(PacketStream stream,
TransactionNode transactionNode,
string contentType,
string contentEncoding,
int bodyLen)
{
List<PacketSlice> slices = new List<PacketSlice>(1);
TransactionNode bodyNode = new TransactionNode("Body");
byte[] body = stream.ReadBytes(bodyLen, slices);
if (contentType == "text/html" || contentType == "text/xml")
{
int realBodyLen = body.Length;
if (body[realBodyLen - 1] == '\0')
realBodyLen--;
Decoder dec;
if (contentEncoding == "utf-8")
{
dec = Encoding.UTF8.GetDecoder();
}
else
{
dec = Encoding.ASCII.GetDecoder();
}
char[] bodyChars = new char[dec.GetCharCount(body, 0, realBodyLen)];
dec.GetChars(body, 0, realBodyLen, bodyChars, 0);
string bodyStr = new string(bodyChars);
if (contentType == "text/xml")
bodyNode.AddXMLField("XML", bodyStr, "Body XML data.", slices);
else
bodyNode.AddTextField("HTML", bodyStr, "Body HTML data.", slices);
}
else if (contentType == "application/vnd.ms-sync.wbxml")
{
string xml = WBXML.ConvertToXML(body);
bodyNode.AddXMLField("WBXML", xml, "Body WBXML data.", slices);
}
else
{
bodyNode.AddField("Raw", body, StaticUtils.FormatByteArray(body),
"Raw body data.", slices);
}
transactionNode.AddChild(bodyNode);
}
private TransactionNode ExtractHttpData(PacketStream stream, HTTPTransactionType type, string nodeName)
{
if (nodeName == null)
{
nodeName = (type == HTTPTransactionType.REQUEST) ? "Request" : "Response";
}
TransactionNode node = new TransactionNode(nodeName);
List<PacketSlice> slices = new List<PacketSlice>();
string line = stream.PeekLineUTF8();
int fieldCount = (type == HTTPTransactionType.REQUEST) ? 3 : 2;
string[] tokens = line.Split(new char[] { ' ' }, fieldCount);
if (tokens.Length < fieldCount)
throw new ProtocolError();
if (type == HTTPTransactionType.REQUEST)
{
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[0]), slices);
node.AddField("Verb", tokens[0], "Request verb.", slices);
stream.ReadByte();
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[1]), slices);
node.AddField("Argument", tokens[1], "Request argument.", slices);
stream.ReadByte();
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[2]), slices);
node.AddField("Protocol", tokens[2], "Protocol identifier.", slices);
// Set a description
node.Description = String.Format("{0} {1}", tokens[0], tokens[1]);
if (node.Description.Length > MAX_DESCRIPTION_LENGTH)
{
node.Description = node.Description.Substring(0, MAX_DESCRIPTION_LENGTH - ellipsis.Length);
node.Description += ellipsis;
}
}
else
{
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[0]), slices);
node.AddField("Protocol", tokens[0], "Protocol identifier.", slices);
if (tokens.Length > 1)
{
stream.ReadByte();
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[1]), slices);
node.AddField("Result", tokens[1], "Result.", slices);
}
// Set a description
string result = tokens[1];
if (result.Length > MAX_DESCRIPTION_LENGTH)
{
result = result.Substring(0, MAX_DESCRIPTION_LENGTH - ellipsis.Length) + ellipsis;
}
node.Description = result;
}
stream.ReadBytes(2);
TransactionNode headersNode = new TransactionNode("Headers");
Dictionary<string, string> headerFields = new Dictionary<string, string>();
do
{
line = stream.PeekLineUTF8();
if (line.Length > 0)
{
tokens = line.Split(new char[] { ':' }, 2);
if (tokens.Length < 2)
throw new ProtocolError();
string key = tokens[0];
string value = tokens[1].TrimStart();
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(line), slices);
headersNode.AddField(key, value, "Header field.", slices);
headerFields[key.ToLower()] = value;
}
stream.ReadBytes(2);
} while (line != "");
if (headersNode.Fields.Count > 0)
{
node.AddChild(headersNode);
}
int contentLen = -1;
if (headerFields.ContainsKey("content-length"))
contentLen = Convert.ToInt32(headerFields["content-length"]);
else if (headerFields.ContainsKey("contentlength"))
contentLen = Convert.ToInt32(headerFields["contentlength"]);
if (contentLen != -1)
{
string contentType = null, contentEncoding = null;
if (headerFields.ContainsKey("content-type"))
contentType = headerFields["content-type"];
else if (headerFields.ContainsKey("contenttype"))
contentType = headerFields["contenttype"];
if (contentType != null)
{
contentType = contentType.ToLower();
tokens = contentType.Split(new char[] { ';' });
contentType = tokens[0].Trim();
if (tokens.Length > 1)
{
string[] encTokens = tokens[1].Split(new char[] { '=' }, 2);
if (encTokens[0].Trim() == "charset" && encTokens.Length > 1)
{
contentEncoding = encTokens[1];
}
}
}
string str = stream.PeekStringASCII(5);
if (str == "<?xml")
{
contentType = "text/xml";
contentEncoding = "utf-8"; // FIXME
}
if (contentLen > 0)
{
AddBodyNode(stream, node, contentType, contentEncoding, contentLen);
}
}
return node;
}
public override bool HandleSession(IPSession session)
{
PacketStream stream = session.GetNextStreamDirection();
string line;
try
{
line = stream.PeekLineUTF8();
}
catch (EndOfStreamException)
{
return false;
}
string[] tokens = line.Split(new char[] { ' ' });
if (!tokens[tokens.Length - 1].StartsWith("HTTP/1."))
{
return false;
}
// At this point it should be safe enough to assume we're
// dealing with an HTTP session.
while (true)
{
try
{
TransactionNode transaction = new TransactionNode("HTTPTransaction");
TransactionNode request = ExtractHttpData(stream, HTTPTransactionType.REQUEST);
transaction.AddChild(request);
string desc = request.Description;
stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() != 0)
{
TransactionNode response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE);
transaction.AddChild(response);
if (response.Fields.ContainsKey("Result") &&
((string)response.Fields["Result"]).StartsWith("100 "))
{
response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE, "Response2");
transaction.AddChild(response);
}
desc += " => " + response.Description;
}
transaction.Description = desc;
session.AddNode(transaction);
stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() == 0)
break;
}
catch (EndOfStreamException)
{
logger.AddMessage("HTTP premature EOF");
break;
}
catch (ProtocolError)
{
logger.AddMessage("HTTP protocol error");
break;
}
}
return true;
}
private TransactionNode ExtractHttpData(PacketStream stream, HTTPTransactionType type, string nodeName)
{
if (nodeName == null)
{
nodeName = (type == HTTPTransactionType.REQUEST) ? "Request" : "Response";
}
TransactionNode node = new TransactionNode(nodeName);
List <PacketSlice> slices = new List <PacketSlice>();
string line = stream.PeekLineUTF8();
int fieldCount = (type == HTTPTransactionType.REQUEST) ? 3 : 2;
string[] tokens = line.Split(new char[] { ' ' }, fieldCount);
if (tokens.Length < fieldCount)
{
throw new ProtocolError();
}
if (type == HTTPTransactionType.REQUEST)
{
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[0]), slices);
node.AddField("Verb", tokens[0], "Request verb.", slices);
stream.ReadByte();
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[1]), slices);
node.AddField("Argument", tokens[1], "Request argument.", slices);
stream.ReadByte();
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[2]), slices);
node.AddField("Protocol", tokens[2], "Protocol identifier.", slices);
// Set a description
node.Description = String.Format("{0} {1}", tokens[0], tokens[1]);
if (node.Description.Length > MAX_DESCRIPTION_LENGTH)
{
node.Description = node.Description.Substring(0, MAX_DESCRIPTION_LENGTH - ellipsis.Length);
node.Description += ellipsis;
}
}
else
{
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[0]), slices);
node.AddField("Protocol", tokens[0], "Protocol identifier.", slices);
if (tokens.Length > 1)
{
stream.ReadByte();
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[1]), slices);
node.AddField("Result", tokens[1], "Result.", slices);
}
// Set a description
string result = tokens[1];
if (result.Length > MAX_DESCRIPTION_LENGTH)
{
result = result.Substring(0, MAX_DESCRIPTION_LENGTH - ellipsis.Length) + ellipsis;
}
node.Description = result;
}
stream.ReadBytes(2);
TransactionNode headersNode = new TransactionNode("Headers");
Dictionary <string, string> headerFields = new Dictionary <string, string>();
do
{
line = stream.PeekLineUTF8();
if (line.Length > 0)
{
tokens = line.Split(new char[] { ':' }, 2);
if (tokens.Length < 2)
{
throw new ProtocolError();
}
string key = tokens[0];
string value = tokens[1].TrimStart();
stream.ReadBytes(StaticUtils.GetUTF8ByteCount(line), slices);
headersNode.AddField(key, value, "Header field.", slices);
headerFields[key.ToLower()] = value;
}
stream.ReadBytes(2);
} while (line != "");
if (headersNode.Fields.Count > 0)
{
node.AddChild(headersNode);
}
int contentLen = -1;
if (headerFields.ContainsKey("content-length"))
{
contentLen = Convert.ToInt32(headerFields["content-length"]);
}
else if (headerFields.ContainsKey("contentlength"))
{
contentLen = Convert.ToInt32(headerFields["contentlength"]);
}
if (contentLen != -1)
{
string contentType = null, contentEncoding = null;
if (headerFields.ContainsKey("content-type"))
{
contentType = headerFields["content-type"];
}
else if (headerFields.ContainsKey("contenttype"))
{
contentType = headerFields["contenttype"];
}
if (contentType != null)
{
contentType = contentType.ToLower();
tokens = contentType.Split(new char[] { ';' });
contentType = tokens[0].Trim();
if (tokens.Length > 1)
{
string[] encTokens = tokens[1].Split(new char[] { '=' }, 2);
if (encTokens[0].Trim() == "charset" && encTokens.Length > 1)
{
contentEncoding = encTokens[1];
}
}
}
string str = stream.PeekStringASCII(5);
if (str == "<?xml")
{
contentType = "text/xml";
contentEncoding = "utf-8"; // FIXME
}
if (contentLen > 0)
{
AddBodyNode(stream, node, contentType, contentEncoding, contentLen);
}
}
return(node);
}
public override bool HandleSession(IPSession session)
{
PacketStream stream = session.GetNextStreamDirection();
string line;
try
{
line = stream.PeekLineUTF8();
}
catch (EndOfStreamException)
{
return(false);
}
string[] tokens = line.Split(new char[] { ' ' });
if (!tokens[tokens.Length - 1].StartsWith("HTTP/1."))
{
return(false);
}
// At this point it should be safe enough to assume we're
// dealing with an HTTP session.
while (true)
{
try
{
TransactionNode transaction = new TransactionNode("HTTPTransaction");
TransactionNode request = ExtractHttpData(stream, HTTPTransactionType.REQUEST);
transaction.AddChild(request);
string desc = request.Description;
stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() != 0)
{
TransactionNode response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE);
transaction.AddChild(response);
if (response.Fields.ContainsKey("Result") &&
((string)response.Fields["Result"]).StartsWith("100 "))
{
response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE, "Response2");
transaction.AddChild(response);
}
desc += " => " + response.Description;
}
transaction.Description = desc;
session.AddNode(transaction);
stream = session.GetNextStreamDirection();
if (stream.GetBytesAvailable() == 0)
{
break;
}
}
catch (EndOfStreamException)
{
logger.AddMessage("HTTP premature EOF");
break;
}
catch (ProtocolError)
{
logger.AddMessage("HTTP protocol error");
break;
}
}
return(true);
}
