wiki:http
Running NetPDL parser failed a:
0, PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/cli/conf.d/idn.ini on line 1 in Unknown on line 0 /usr/local/netpdl/parser.php

NetPDL dissector..........Validation Error
Error 1871: Element 'assign-variable': This element is not expected. Expected is one of ( update-lookuptable, if ).
  Line: 13

--------------------------------------------


Original XML source
  1. <protocol name="http" longname="HTTP (Hyper Text Transfer Protocol)" showsumtemplate="http">
  2.   <execute-code>
  3.     <verify>
  4.       <!-- <if expr="hasstring($packet[$currentoffset:0], 'http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9]|(post|get|head|propfind|mkcol|delete|put|copy|move|lock|unlock) [\x09-\x0d -~]* http/[01]\.[019]', 0)"> -->
  5.       <if expr="hasstring($packet[$currentoffset:0], 'http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9]|(connect|post|get|head|propfind|mkcol|delete|put|copy|move|lock|unlock) [\x09-\x0d -~]* http/[01]\.[019]', 0)">
  6.         <if-true>
  7.           <assign-variable name="$protoverify_result" value="%CANDIDATE"/>
  8.         </if-true>
  9.       </if>
  10.     </verify>
  11.  
  12.     <before when="$protoverify_result == %CANDIDATE or $protoverify_result == %FOUND">
  13.       <assign-variable name="$session_hit" value="1"/>
  14.       <update-lookuptable name="$tcpsessiontable" action="add" validity="updateonhit" keeptime="300" hittime="300">
  15.         <lookupkey value="$firstip"/>
  16.         <lookupkey value="$secondip"/>
  17.         <lookupkey value="$firstport"/>
  18.         <lookupkey value="$secondport"/>
  19.         <lookupdata value="#http"/>
  20.         <lookupdata value="0"/>
  21.       </update-lookuptable>
  22.  
  23.       <if expr="$enable_servertable">
  24.         <if-true>
  25.           <if expr="checklookuptable($CandidateServersTable, $ipsrc, $portsrc)">
  26.             <if-true>
  27.               <update-lookuptable name="$KnownServerTable" action="add" validity="updateonhit" keeptime="300" hittime="300">
  28.                 <lookupkey value="$ipsrc"/>
  29.                 <lookupkey value="$portsrc"/>
  30.                 <lookupdata value="#http"/>
  31.               </update-lookuptable>
  32.               <!-- delete entry from CandidateServersTable -->
  33.               <update-lookuptable name="$CandidateServersTable" action="purge">
  34.                 <lookupkey value="$ipsrc"/>
  35.                 <lookupkey value="$portsrc"/>                    
  36.               </update-lookuptable>
  37.             </if-true>
  38.             <if-false>
  39.               <if expr="checklookuptable($CandidateServersTable, $ipdst, $portdst)">
  40.                 <if-true>
  41.                   <update-lookuptable name="$KnownServerTable" action="add" validity="updateonhit" keeptime="300" hittime="300">
  42.                     <lookupkey value="$ipdst"/>
  43.                     <lookupkey value="$portdst"/>
  44.                     <lookupdata value="#http"/>
  45.                   </update-lookuptable>
  46.                   <update-lookuptable name="$CandidateServersTable" action="purge">
  47.                     <lookupkey value="$ipdst"/>
  48.                     <lookupkey value="$portdst"/>                    
  49.                   </update-lookuptable>
  50.                 </if-true>
  51.               </if>
  52.             </if-false>
  53.           </if>
  54.         </if-true>
  55.       </if>
  56.     </before>
  57.   </execute-code>
  58.  
  59.   <format>
  60.     <fields>
  61.  
  62.       <!-- Check if this packet contains an header -->
  63.       <if expr="($packet[$currentoffset : 3] == 'GET') or ($packet[$currentoffset : 4] == 'POST') or ($packet[$currentoffset : 4] == 'HTTP')">
  64.         <if-true>
  65.  
  66.           <block name="header" longname="HTTP Header">
  67.  
  68.             <!-- Requestline and statusline-->
  69.             <if expr="($packet[$currentoffset : 3] == 'GET') or ($packet[$currentoffset : 4] == 'POST')">
  70.               <if-true>
  71.                 <field type="line" name="cmdline" longname="Command Line" showtemplate="FieldAscii">
  72.                   <field type="tokenended" name="method" longname="Method" endtoken=" " showtemplate="FieldAscii"/>
  73.                   <field type="tokenended" name="url" longname="URL" endtoken=" " showtemplate="FieldAscii"/>
  74.                   <field type="line" name="reqVersion" longname="Version" showtemplate="FieldAscii"/>
  75.                 </field>
  76.               </if-true>
  77.              
  78.               <if-false>
  79.                 <field type="line" name="statusline" longname="Status Line" showtemplate="FieldAscii">
  80.                   <field type="tokenended" name="repVersion" longname="Version" endtoken=" " showtemplate="FieldAscii"/>
  81.                   <field type="tokenended" name="statuscode" longname="Status Code" endtoken=" " showtemplate="FieldAscii"/>
  82.                   <field type="line" name="reasonphrase" longname="Reason Phrase" showtemplate="FieldAscii"/>
  83.                 </field>
  84.               </if-false>
  85.             </if>
  86.  
  87.             <loop type="size" expr="$packetlength - $currentoffset">
  88.  
  89.               <switch expr="extractstring($packet[$currentoffset: 0], '[^:\n]*', 1, 0)"
  90.                     comment="Field names are case-insensitive in HTTP; however, field-values may be case sensitive.">
  91.  
  92.                 <case value="'User-Agent'">
  93.                   <field type="line" name="useragent" longname="User Agent" showtemplate="HttpField"/>
  94.                 </case>
  95.                 <case value="'Accept'">
  96.                   <field type="line" name="accept" longname="Accept MIME Types" showtemplate="HttpField"/>
  97.                 </case>
  98.                 <case value="'Accept-Language'">
  99.                   <field type="line" name="acceptlanguage" longname="Accept Language" showtemplate="HttpField"/>
  100.                 </case>
  101.                 <case value="'Server'">
  102.                   <field type="line" name="server" longname="Server" showtemplate="HttpField" />
  103.                 </case>
  104.                 <case value="'Content-Type'">
  105.                   <field type="line" name="contenttype" longname="Content Type" showtemplate="HttpField" />
  106.                 </case>
  107.                 <case value="'Host'">
  108.                   <field type="line" name="host" longname="Host" showtemplate="HttpField" />
  109.                 </case>
  110.                 <case value="'Content-Encoding'">
  111.                   <field type="line" name="contentencoding" longname="Content Encoding" showtemplate="HttpField" />
  112.                 </case>
  113.                 <case value="'Content-Length'">
  114.                   <field type="line" name="contentlength" longname="Content Length" showtemplate="HttpField" />
  115.                 </case>
  116.                 <case value="'Date'">
  117.                   <field type="line" name="date" longname="Date" showtemplate="HttpField" />
  118.                 </case>
  119.                 <case value="'Expires'">
  120.                   <field type="line" name="expires" longname="Expires" showtemplate="HttpField" />
  121.                 </case>
  122.                 <case value="'From'">
  123.                   <field type="line" name="from" longname="From" showtemplate="HttpField" />
  124.                 </case>
  125.                 <case value="'If-Modified-Since'">
  126.                   <field type="line" name="ifmodifiedsince" longname="If Modified Since" showtemplate="HttpField" />
  127.                 </case>
  128.                 <case value="'Last-Modified'">
  129.                   <field type="line" name="lastmodified" longname="Last Modified" showtemplate="HttpField" />
  130.                 </case>
  131.                 <case value="'Location'">
  132.                   <field type="line" name="location" longname="Location" showtemplate="HttpField" />
  133.                 </case>
  134.                 <case value="'Pragma'">
  135.                   <field type="line" name="pragma" longname="Pragma" showtemplate="HttpField" />
  136.                 </case>
  137.                 <case value="'Referer'">
  138.                   <field type="line" name="referer" longname="Referer" showtemplate="HttpField" />
  139.                 </case>
  140.                 <case value="'WWW-Authenticate'">
  141.                   <field type="line" name=" wwwauthenticate" longname="WWW Authenticate" showtemplate="HttpField" />
  142.                 </case>
  143.  
  144.                 <!-- other options will follow -->
  145.  
  146.                 <!-- This is an other way to say 'stop, the HTTP header is ended -->
  147.                 <case value="'\x0D'">
  148.                   <field type="line" name="endheader" longname="End Of Header" showtemplate="FieldAscii"/>
  149.                   <loopctrl type="break"/>
  150.                 </case>
  151.  
  152.                 <default>
  153.                   <field type="line" name="option" longname="Option" showtemplate="FieldAscii"/>
  154.                 </default>
  155.               </switch>
  156.  
  157.             </loop>
  158.           </block>
  159.         </if-true>
  160.         <missing-packetdata>
  161.           <field type="variable" name="truncdata" longname="Truncated Data" expr="$packetlength - $currentoffset" showtemplate="FieldAscii"/>
  162.         </missing-packetdata>
  163.       </if>
  164.  
  165.       <block name="header" longname="HTTP Object">
  166.         <loop type="size" expr="$packetlength - $currentoffset">
  167.           <field type="line" name="data" longname="HTTP data" showtemplate="FieldAscii"/>
  168.         </loop>
  169.       </block>
  170.  
  171.     </fields>
  172.   </format>
  173.  
  174.   <visualization>
  175.     <showsumtemplate name="http">
  176.       <section name="next"/>
  177.       <if expr="ispresent(method)">
  178.         <if-true>
  179.           <text value="HTTP request"/>
  180.         </if-true>
  181.        
  182.         <if-false>
  183.           <text value="HTTP response"/>
  184.         </if-false>
  185.       </if>
  186.     </showsumtemplate>
  187.  
  188.     <!-- This template aims at showing only the part of the field which is after the ": " delimiter, -->
  189.     <!-- which corresponds to the field value (hence the last '1' as parameter). -->
  190.     <showtemplate name="HttpField" showtype="ascii" showgrp="1">
  191.       <showdtl>
  192.         <text expr="extractstring(this, ': ([[:print:]]*)', 1, 1)"/>
  193.       </showdtl>
  194.     </showtemplate>
  195.  
  196.   </visualization>
  197. </protocol>
  198.  
  199.  
Processing time: 0.059