While figuring out how to access http bodies fom http responses, I
noticed something about the reported lengths of pdu's in Lua. Using the
following code:
____________________________________________________________
http_extractor_f = Field.new("http")
function tap.packet(pinfo, tvb, userdata)
local http_pdu = http_extractor_f()
print("pdu.len: " .. tostring(http_pdu.len))
end
____________________________________________________________
with a tap filtering on http packets I see this:
- whenever a (reassembled) http packet contains a content_type of
'audio/mpeg' the pdu length seems to be equal to: length(http header) +
length(http_body).
- for other mime-types (or at least text/html, image/gif and
image/jpeg) this does not seem to occur. The http_pdu.len then seems to
be equal to the actual length.
Is this expected behaviour, or is my code incorrect / wrong?
Example output (of a somewhat extended script):
____________________________________________________________
pkt.number : 43
pdu.len : 630
content_length : 184
content_type : text/html; charset=utf-8
body : yes
media : no
pkt.number : 3557
pdu.len : 3186271
content_length : 3185898
content_type : audio/mpeg
body : no
media : yes
pkt.number : 12717
pdu.len : 314
content_length : 35
content_type : image/gif
body : no
media : no
____________________________________________________________
regards
