Hello All,
I was just poking around with the HTTP dissector, wishing that there was a way
to unzip the body of a gzipped HTTP response in TCP packets 2 through N, when I
stumbled across HTTP body reassembly. I figured I'd struck gold, but when I
enabled it and TCP subdissector reassembly, I found that the display of packet 1
of an HTTP response had not changed at all, and that subsequent packets didn't
even show HTTP dissection -- I couldn't even click on the body of the packet.
At this point, I decided to head to the source, and I ran across a very
interesting snippet (lines 512-518 of epan/dissectors/packet-http.c in version
0.10.12):
if (!req_resp_hdrs_do_reassembly(tvb, offset, pinfo,
http_desegment_headers, http_desegment_body)) {
/*
* More data needed for desegmentation.
*/
return -1;
}
This (as well as the fact that searching for "desgment" elsewhere in the file
yields nothing of interest) suggests to me that reassembly of HTTP response
bodies is not actually implemented yet, even though an option to do so is
present in the GUI (I'll reserve comment on the issues with that for now,
esepecially since I may be wrong). Thus, my questions for you all are:
1. Is HTTP response body reassembly actually functional, just buried away
somewhere that I'm missing it?
2. If not, are there any major known hurdles to implementing it?
3. If it can be implemented with relative ease, is anyone currently working on
it, or can I take a whack? :-)
Thanks in advance for whatever info you can provide.
Alex Kirk
