forked from osmocom/wireshark
e810b7a424
- skip white space characters, including CR and LF on various places (not complete yet, but better than before) svn path=/trunk/; revision=17665
3030 lines
98 KiB
C
3030 lines
98 KiB
C
/* packet-sip.c
|
|
* Routines for the Session Initiation Protocol (SIP) dissection.
|
|
* RFCs 3261-3264
|
|
*
|
|
* TODO: Pay attention to Content-Type: It might not always be SDP.
|
|
* Content-Type is fixed, mixed/mode is not handled though.
|
|
* hf_ display filters for headers of SIP extension RFCs:
|
|
* Done for RFC 3265, RFC 3262
|
|
* Use hash table for list of headers
|
|
* Add sip msg body dissection based on Content-Type for:
|
|
* SDP, MIME, and other types
|
|
* Align SIP methods with recent Internet Drafts or RFC
|
|
* (SIP INFO, rfc2976 - done)
|
|
* (SIP SUBSCRIBE-NOTIFY - done)
|
|
* (SIP REFER - done)
|
|
* check for other
|
|
*
|
|
* Copyright 2000, Heikki Vatiainen <hessu@cs.tut.fi>
|
|
* Copyright 2001, Jean-Francois Mule <jfm@cablelabs.com>
|
|
* Copyright 2004, Anders Broman <anders.broman@ericsson.com>
|
|
*
|
|
* $Id$
|
|
*
|
|
* Ethereal - Network traffic analyzer
|
|
* By Gerald Combs <gerald@ethereal.com>
|
|
* Copyright 1998 Gerald Combs
|
|
*
|
|
* Copied from packet-cops.c
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
# include "config.h"
|
|
#endif
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <ctype.h>
|
|
|
|
#include <epan/prefs.h>
|
|
|
|
#include <glib.h>
|
|
#include <epan/packet.h>
|
|
#include <epan/req_resp_hdrs.h>
|
|
#include <epan/emem.h>
|
|
|
|
#include "packet-sip.h"
|
|
#include <epan/tap.h>
|
|
#include <epan/emem.h>
|
|
|
|
#include "packet-tcp.h"
|
|
|
|
#define TCP_PORT_SIP 5060
|
|
#define UDP_PORT_SIP 5060
|
|
|
|
static gint sip_tap = -1;
|
|
static dissector_handle_t sigcomp_handle;
|
|
|
|
/* Initialize the protocol and registered fields */
|
|
static gint proto_sip = -1;
|
|
static gint proto_raw_sip = -1;
|
|
static gint hf_msg_hdr = -1;
|
|
static gint hf_Method = -1;
|
|
static gint hf_Request_Line = -1;
|
|
static gint hf_Status_Code = -1;
|
|
static gint hf_Status_Line = -1;
|
|
static gint hf_sip_display = -1;
|
|
static gint hf_sip_to_addr = -1;
|
|
static gint hf_sip_from_addr = -1;
|
|
static gint hf_sip_tag = -1;
|
|
static gint hf_sip_uri = -1;
|
|
static gint hf_sip_contact_addr = -1;
|
|
static gint hf_sip_contact_item = -1;
|
|
static gint hf_sip_resend = -1;
|
|
static gint hf_sip_original_frame = -1;
|
|
|
|
static gint hf_sip_auth_scheme = -1;
|
|
static gint hf_sip_auth_digest_response = -1;
|
|
static gint hf_sip_auth_nc = -1;
|
|
static gint hf_sip_auth_username = -1;
|
|
static gint hf_sip_auth_realm = -1;
|
|
static gint hf_sip_auth_nonce = -1;
|
|
static gint hf_sip_auth_algorithm = -1;
|
|
static gint hf_sip_auth_opaque = -1;
|
|
static gint hf_sip_auth_qop = -1;
|
|
static gint hf_sip_auth_cnonce = -1;
|
|
static gint hf_sip_auth_uri = -1;
|
|
static gint hf_sip_auth_domain = -1;
|
|
static gint hf_sip_auth_stale = -1;
|
|
|
|
/* Initialize the subtree pointers */
|
|
static gint ett_sip = -1;
|
|
static gint ett_sip_reqresp = -1;
|
|
static gint ett_sip_hdr = -1;
|
|
static gint ett_raw_text = -1;
|
|
static gint ett_sip_element = -1;
|
|
static gint ett_sip_uri = -1;
|
|
static gint ett_sip_contact_item = -1;
|
|
static gint ett_sip_message_body = -1;
|
|
|
|
/* PUBLISH method added as per http://www.ietf.org/internet-drafts/draft-ietf-sip-publish-01.txt */
|
|
static const char *sip_methods[] = {
|
|
"<Invalid method>", /* Pad so that the real methods start at index 1 */
|
|
"ACK",
|
|
"BYE",
|
|
"CANCEL",
|
|
"DO",
|
|
"INFO",
|
|
"INVITE",
|
|
"MESSAGE",
|
|
"NOTIFY",
|
|
"OPTIONS",
|
|
"PRACK",
|
|
"QAUTH",
|
|
"REFER",
|
|
"REGISTER",
|
|
"SPRACK",
|
|
"SUBSCRIBE",
|
|
"UPDATE",
|
|
"PUBLISH"
|
|
};
|
|
|
|
/* from RFC 3261
|
|
* Updated with info from http://www.iana.org/assignments/sip-parameters
|
|
* (last updated 2004-10-17)
|
|
* Updated with: http://www.ietf.org/internet-drafts/draft-ietf-sip-resource-priority-05.txt
|
|
*/
|
|
typedef struct {
|
|
const char *name;
|
|
const char *compact_name;
|
|
} sip_header_t;
|
|
static const sip_header_t sip_headers[] = {
|
|
{ "Unknown-header", NULL }, /* 0 Pad so that the real headers start at index 1 */
|
|
{ "Accept", NULL }, /* 1 */
|
|
{ "Accept-Contact", "a" }, /* 2 RFC3841 */
|
|
{ "Accept-Encoding", NULL }, /* 3 */
|
|
{ "Accept-Language", NULL }, /* 4 */
|
|
{ "Accept-Resource-Priority", NULL }, /* 5 draft-ietf-sip-resource-priority-05.txt */
|
|
{ "Alert-Info", NULL },
|
|
{ "Allow", NULL },
|
|
{ "Allow-Events", "u" }, /* 8 RFC3265 */
|
|
{ "Authentication-Info", NULL },
|
|
{ "Authorization", NULL }, /* 10 */
|
|
{ "Call-ID", "i" },
|
|
{ "Call-Info", NULL },
|
|
{ "Contact", "m" },
|
|
{ "Content-Disposition", NULL },
|
|
{ "Content-Encoding", "e" }, /* 15 */
|
|
{ "Content-Language", NULL },
|
|
{ "Content-Length", "l" },
|
|
{ "Content-Type", "c" },
|
|
{ "CSeq", NULL },
|
|
{ "Date", NULL }, /* 20 */
|
|
{ "Error-Info", NULL },
|
|
{ "Event", "o" },
|
|
{ "Expires", NULL },
|
|
{ "From", "f" },
|
|
{ "In-Reply-To", NULL }, /* 25 RFC3261 */
|
|
{ "Join", NULL }, /* 26 RFC-ietf-sip-join-03.txt */
|
|
{ "Max-Forwards", NULL },
|
|
{ "MIME-Version", NULL },
|
|
{ "Min-Expires", NULL },
|
|
{ "Min-SE", NULL }, /* 30 RFC-ietf-sip-session-timer-15.txt */
|
|
{ "Organization", NULL },
|
|
{ "P-Access-Network-Info", NULL }, /* 32 RFC3455 */
|
|
{ "P-Asserted-Identity", NULL }, /* 33 RFC3325 */
|
|
{ "P-Associated-URI", NULL }, /* 34 RFC3455 */
|
|
{ "P-Called-Party-ID", NULL }, /* 35 RFC3455 */
|
|
{ "P-Charging-Function-Addresses",NULL },/* 36 RFC3455 */
|
|
{ "P-Charging-Vector", NULL }, /* 37 RFC3455 */
|
|
{ "P-DCS-Trace-Party-ID", NULL }, /* 38 RFC3603 */
|
|
{ "P-DCS-OSPS", NULL }, /* 39 RFC3603 */
|
|
{ "P-DCS-Billing-Info", NULL }, /* 40 RFC3603 */
|
|
{ "P-DCS-LAES", NULL }, /* 41 RFC3603 */
|
|
{ "P-DCS-Redirect", NULL }, /* 42 RFC3603 */
|
|
{ "P-Media-Authorization", NULL }, /* 43 RFC3313 */
|
|
{ "P-Preferred-Identity", NULL }, /* 44 RFC3325 */
|
|
{ "P-Visited-Network-ID", NULL }, /* 45 RFC3455 */
|
|
{ "Path", NULL }, /* 46 RFC3327 */
|
|
{ "Priority", NULL },
|
|
{ "Privacy", NULL }, /* 48 RFC3323 */
|
|
{ "Proxy-Authenticate", NULL },
|
|
{ "Proxy-Authorization", NULL }, /* 50 */
|
|
{ "Proxy-Require", NULL },
|
|
{ "RAck", NULL },
|
|
{ "Reason", NULL }, /* 53 RFC3326 */
|
|
{ "Record-Route", NULL },
|
|
{ "Referred-By", "b" }, /* 55 RFC3892 */
|
|
{ "Reject-Contact", "j" }, /* 56 RFC3841 */
|
|
{ "Replaces", NULL }, /* 57 RFC3891 */
|
|
{ "Reply-To", NULL }, /* 58 RFC3261 */
|
|
{ "Request-Disposition", "d" }, /* 59 RFC3841 */
|
|
{ "Require", NULL }, /* 60 RFC3261 */
|
|
{ "Resource-Priority", NULL }, /* 61 draft-ietf-sip-resource-priority-05.txt */
|
|
{ "Retry-After", NULL }, /* 62 RFC3261 */
|
|
{ "Route", NULL }, /* 63 RFC3261 */
|
|
{ "RSeq", NULL }, /* 64 RFC3841 */
|
|
{ "Security-Client", NULL }, /* 65 RFC3329 */
|
|
{ "Security-Server", NULL }, /* 66 RFC3329 */
|
|
{ "Security-Verify", NULL }, /* 67 RFC3329 */
|
|
{ "Server", NULL }, /* 68 RFC3261 */
|
|
{ "Service-Route", NULL }, /* 69 RFC3608 */
|
|
{ "Session-Expires", "x" }, /* 70 RFC-ietf-sip-session-timer-15.txt */
|
|
{ "SIP-ETag", NULL }, /* 71 draft-ietf-sip-publish-03 */
|
|
{ "SIP-If-Match", NULL }, /* 72 draft-ietf-sip-publish-03 */
|
|
{ "Subject", "s" }, /* 73 RFC3261 */
|
|
{ "Subscription-State", NULL }, /* 74 RFC3265 */
|
|
{ "Supported", "k" }, /* 75 RFC3261 */
|
|
{ "Timestamp", NULL }, /* 76 RFC3261 */
|
|
{ "To", "t" }, /* 77 RFC3261 */
|
|
{ "Unsupported", NULL }, /* 78 RFC3261 */
|
|
{ "User-Agent", NULL }, /* 79 RFC3261 */
|
|
{ "Via", "v" }, /* 80 RFC3261 */
|
|
{ "Warning", NULL }, /* 81 RFC3261 */
|
|
{ "WWW-Authenticate", NULL }, /* 82 RFC3261 */
|
|
{ "Refer-To", "r" }, /* 83 RFC3515 */
|
|
{ "History-Info", NULL }, /* 84 RFC4244 */
|
|
|
|
};
|
|
|
|
|
|
#define POS_ACCEPT 1
|
|
#define POS_ACCEPT_CONTACT 2
|
|
#define POS_ACCEPT_ENCODING 3
|
|
#define POS_ACCEPT_LANGUAGE 4
|
|
#define POS_ACCEPT_RESOURCE_PRIORITY 5
|
|
#define POS_ALERT_INFO 6
|
|
#define POS_ALLOW 7
|
|
#define POS_ALLOW_EVENTS 8
|
|
#define POS_AUTHENTICATION_INFO 9
|
|
#define POS_AUTHORIZATION 10
|
|
#define POS_CALL_ID 11
|
|
#define POS_CALL_INFO 12
|
|
#define POS_CONTACT 13
|
|
#define POS_CONTENT_DISPOSITION 14
|
|
#define POS_CONTENT_ENCODING 15
|
|
#define POS_CONTENT_LANGUAGE 16
|
|
#define POS_CONTENT_LENGTH 17
|
|
#define POS_CONTENT_TYPE 18
|
|
#define POS_CSEQ 19
|
|
#define POS_DATE 20
|
|
#define POS_ERROR_INFO 21
|
|
#define POS_EVENT 22
|
|
#define POS_EXPIRES 23
|
|
#define POS_FROM 24
|
|
#define POS_IN_REPLY_TO 25
|
|
#define POS_JOIN 26
|
|
#define POS_MAX_FORWARDS 27
|
|
#define POS_MIME_VERSION 28
|
|
#define POS_MIN_EXPIRES 29
|
|
#define POS_MIN_SE 30
|
|
#define POS_ORGANIZATION 31
|
|
#define POS_P_ACCESS_NETWORK_INFO 32
|
|
#define POS_P_ASSERTED_IDENTITY 33
|
|
#define POS_P_ASSOCIATED_URI 34
|
|
#define POS_P_CALLED_PARTY_ID 35
|
|
#define POS_P_CHARGING_FUNCTION_ADDRESSES 36
|
|
#define POS_P_CHARGING_VECTOR 37
|
|
#define POS_P_DCS_TRACE_PARTY_ID 38
|
|
#define POS_P_DCS_OSPS 39
|
|
#define POS_P_DCS_BILLING_INFO 40
|
|
#define POS_P_DCS_LAES 41
|
|
#define POS_P_DCS_REDIRECT 42
|
|
#define POS_P_MEDIA_AUTHORIZATION 43
|
|
#define POS_P_PREFERRED_IDENTITY 44
|
|
#define POS_P_VISITED_NETWORK_ID 45
|
|
#define POS_PATH 46
|
|
#define POS_PRIORITY 47
|
|
#define POS_PRIVACY 48
|
|
#define POS_PROXY_AUTHENTICATE 49
|
|
#define POS_PROXY_AUTHORIZATION 50
|
|
#define POS_PROXY_REQUIRE 51
|
|
#define POS_RACK 52
|
|
#define POS_REASON 53
|
|
#define POS_RECORD_ROUTE 54
|
|
#define POS_REFERED_BY 55
|
|
#define POS_REJECT_CONTACT 56
|
|
#define POS_REPLACES 57
|
|
#define POS_REPLY_TO 58
|
|
#define POS_REQUEST_DISPOSITION 59
|
|
#define POS_REQUIRE 60
|
|
#define POS_RESOURCE_PRIORITY 61
|
|
#define POS_RETRY_AFTER 62
|
|
#define POS_ROUTE 63
|
|
#define POS_RSEQ 64
|
|
#define POS_SECURITY_CLIENT 65
|
|
#define POS_SECURITY_SERVER 66
|
|
#define POS_SECURITY_VERIFY 67
|
|
#define POS_SERVER 68
|
|
#define POS_SERVICE_ROUTE 69
|
|
#define POS_SESSION_EXPIRES 70
|
|
#define POS_SIP_ETAG 71
|
|
#define POS_SIP_IF_MATCH 72
|
|
#define POS_SUBJECT 73
|
|
#define POS_SUBSCRIPTION_STATE 74
|
|
#define POS_SUPPORTED 75
|
|
#define POS_TIMESTAMP 76
|
|
#define POS_TO 77
|
|
#define POS_UNSUPPORTED 78
|
|
#define POS_USER_AGENT 79
|
|
#define POS_VIA 80
|
|
#define POS_WARNING 81
|
|
#define POS_WWW_AUTHENTICATE 82
|
|
#define POS_REFER_TO 83
|
|
#define POS_HISTORY_INFO 84
|
|
|
|
static gint hf_header_array[] = {
|
|
-1, /* 0"Unknown-header" - Pad so that the real headers start at index 1 */
|
|
-1, /* 1"Accept" */
|
|
-1, /* 2"Accept-Contact" RFC3841 */
|
|
-1, /* 3"Accept-Encoding" */
|
|
-1, /* 4"Accept-Language" */
|
|
-1, /* 5"Accept-Resource-Priority" draft-ietf-sip-resource-priority-05.txt */
|
|
-1, /* 6"Alert-Info", */
|
|
-1, /* 7"Allow", */
|
|
-1, /* 8"Allow-Events", RFC3265 */
|
|
-1, /* 9"Authentication-Info" */
|
|
-1, /* 10"Authorization", */
|
|
-1, /* 11"Call-ID", */
|
|
-1, /* 12"Call-Info" */
|
|
-1, /* 13"Contact", */
|
|
-1, /* 14"Content-Disposition", */
|
|
-1, /* 15"Content-Encoding", */
|
|
-1, /* 16"Content-Language", */
|
|
-1, /* 17"Content-Length", */
|
|
-1, /* 18"Content-Type", */
|
|
-1, /* 19"CSeq", */
|
|
-1, /* 20"Date", */
|
|
-1, /* 21"Error-Info", */
|
|
-1, /* 22"Event", */
|
|
-1, /* 23"Expires", */
|
|
-1, /* 24"From", */
|
|
-1, /* 25"In-Reply-To", RFC3261 */
|
|
-1, /* 26"Join", RFC-ietf-sip-join-03.txt */
|
|
-1, /* 27"Max-Forwards", */
|
|
-1, /* 28"MIME-Version", */
|
|
-1, /* 29"Min-Expires", */
|
|
-1, /* 30"Min-SE", RFC-ietf-sip-session-timer-15.txt */
|
|
-1, /* 31"Organization", */
|
|
-1, /* 32"P-Access-Network-Info", RFC3455 */
|
|
-1, /* 33"P-Asserted-Identity", RFC3325 */
|
|
-1, /* 34"P-Associated-URI", RFC3455 */
|
|
-1, /* 35"P-Called-Party-ID", RFC3455 */
|
|
-1, /* 36"P-Charging-Function-Addresses", RFC3455 */
|
|
-1, /* 37"P-Charging-Vector", RFC3455 */
|
|
-1, /* 38"P-DCS-Trace-Party-ID", RFC3603 */
|
|
-1, /* 39"P-DCS-OSPS", RFC3603 */
|
|
-1, /* 40"P-DCS-Billing-Info", RFC3603 */
|
|
-1, /* 41"P-DCS-LAES", RFC3603 */
|
|
-1, /* 42"P-DCS-Redirect", RFC3603 */
|
|
-1, /* 43"P-Media-Authorization", RFC3313 */
|
|
-1, /* 44"P-Preferred-Identity", RFC3325 */
|
|
-1, /* 45"P-Visited-Network-ID", RFC3455 */
|
|
-1, /* 46"Path", RFC3327 */
|
|
-1, /* 47"Priority" */
|
|
-1, /* 48"Privacy", RFC3323 */
|
|
-1, /* 49"Proxy-Authenticate", */
|
|
-1, /* 50"Proxy-Authorization", */
|
|
-1, /* 51"Proxy-Require", */
|
|
-1, /* 52"RAck", */
|
|
-1, /* 53"Reason", RFC3326 */
|
|
-1, /* 54"Record-Route", */
|
|
-1, /* 55"Referred-By", */
|
|
-1, /* 56"Reject-Contact", RFC3841 */
|
|
-1, /* 57"Replaces", RFC3891 */
|
|
-1, /* 58"Reply-To", RFC3261 */
|
|
-1, /* 59"Request-Disposition", RFC3841 */
|
|
-1, /* 60"Require", RFC3261 */
|
|
-1, /* 61"Resource-Priority",draft-ietf-sip-resource-priority-05.txt */
|
|
-1, /* 62"Retry-After", RFC3261 */
|
|
-1, /* 63"Route", RFC3261 */
|
|
-1, /* 64"RSeq", RFC3841 */
|
|
-1, /* 65"Security-Client", RFC3329 */
|
|
-1, /* 66"Security-Server", RFC3329 */
|
|
-1, /* 67"Security-Verify", RFC3329 */
|
|
-1, /* 68"Server", RFC3261 */
|
|
-1, /* 69"Service-Route", RFC3608 */
|
|
-1, /* 70"Session-Expires", RFC-ietf-sip-session-timer-15.txt */
|
|
-1, /* 71"SIP-ETag", draft-ietf-sip-publish-04 */
|
|
-1, /* 72"SIP-If-Match", draft-ietf-sip-publish-04 */
|
|
-1, /* 73"Subject", RFC3261 */
|
|
-1, /* 74"Subscription-State", RFC3265 */
|
|
-1, /* 75"Supported", RFC3261 */
|
|
-1, /* 76"Timestamp", RFC3261 */
|
|
-1, /* 77"To", RFC3261 */
|
|
-1, /* 78"Unsupported", RFC3261 */
|
|
-1, /* 79"User-Agent", RFC3261 */
|
|
-1, /* 80"Via", RFC3261 */
|
|
-1, /* 81"Warning", RFC3261 */
|
|
-1, /* 82"WWW-Authenticate", RFC3261 */
|
|
-1, /* 83"Refer-To", RFC3515 */
|
|
-1, /* 84"History-Info", RFC4244 */
|
|
|
|
};
|
|
|
|
/* Track associations between parameter name and hf item */
|
|
typedef struct {
|
|
const char *param_name;
|
|
const gint *hf_item;
|
|
} auth_parameter_t;
|
|
|
|
static auth_parameter_t auth_parameters_hf_array[] =
|
|
{
|
|
{"response", &hf_sip_auth_digest_response},
|
|
{"nc", &hf_sip_auth_nc},
|
|
{"username", &hf_sip_auth_username},
|
|
{"realm", &hf_sip_auth_realm},
|
|
{"nonce", &hf_sip_auth_nonce},
|
|
{"algorithm", &hf_sip_auth_algorithm},
|
|
{"opaque", &hf_sip_auth_opaque},
|
|
{"qop", &hf_sip_auth_qop},
|
|
{"cnonce", &hf_sip_auth_cnonce},
|
|
{"uri", &hf_sip_auth_uri},
|
|
{"domain", &hf_sip_auth_domain},
|
|
{"stale", &hf_sip_auth_stale},
|
|
};
|
|
|
|
/*
|
|
* Type of line. It's either a SIP Request-Line, a SIP Status-Line, or
|
|
* another type of line.
|
|
*/
|
|
typedef enum {
|
|
REQUEST_LINE,
|
|
STATUS_LINE,
|
|
OTHER_LINE
|
|
} line_type_t;
|
|
|
|
/* global_sip_raw_text determines whether we are going to display */
|
|
/* the raw text of the SIP message, much like the MEGACO dissector does. */
|
|
static gboolean global_sip_raw_text = FALSE;
|
|
/* strict_sip_version determines whether the SIP dissector enforces
|
|
* the SIP version to be "SIP/2.0". */
|
|
static gboolean strict_sip_version = TRUE;
|
|
|
|
/*
|
|
* desegmentation of SIP headers
|
|
* (when we are over TCP or another protocol providing the desegmentation API)
|
|
*/
|
|
static gboolean sip_desegment_headers = TRUE;
|
|
|
|
/*
|
|
* desegmentation of SIP bodies
|
|
* (when we are over TCP or another protocol providing the desegmentation API)
|
|
*/
|
|
static gboolean sip_desegment_body = TRUE;
|
|
|
|
static gboolean dissect_sip_common(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
proto_tree *tree, gboolean is_heur, gboolean use_reassembly);
|
|
static line_type_t sip_parse_line(tvbuff_t *tvb, int offset, gint linelen,
|
|
guint *token_1_len);
|
|
static gboolean sip_is_known_request(tvbuff_t *tvb, int meth_offset,
|
|
guint meth_len, guint *meth_idx);
|
|
static gint sip_is_known_sip_header(tvbuff_t *tvb, int offset,
|
|
guint header_len);
|
|
static void dfilter_sip_request_line(tvbuff_t *tvb, proto_tree *tree,
|
|
guint meth_len);
|
|
static void dfilter_sip_status_line(tvbuff_t *tvb, proto_tree *tree);
|
|
static void tvb_raw_text_add(tvbuff_t *tvb, int offset, int length, proto_tree *tree);
|
|
static guint sip_is_packet_resend(packet_info *pinfo,
|
|
gchar* cseq_method,
|
|
gchar* call_id,
|
|
guchar cseq_number_set, guint32 cseq_number,
|
|
line_type_t line_type);
|
|
|
|
|
|
/* SIP content type and internet media type used by other dissectors
|
|
* are the same. List of media types from IANA at:
|
|
* http://www.iana.org/assignments/media-types/index.html */
|
|
static dissector_table_t media_type_dissector_table;
|
|
|
|
static heur_dissector_list_t heur_subdissector_list;
|
|
|
|
#define SIP2_HDR "SIP/2.0"
|
|
#define SIP2_HDR_LEN (strlen (SIP2_HDR))
|
|
|
|
/* Store the info needed by the SIP tap for one packet */
|
|
static sip_info_value_t *stat_info;
|
|
|
|
/* The buffer size for the cseq_method name */
|
|
#define MAX_CSEQ_METHOD_SIZE 16
|
|
|
|
/****************************************************************************
|
|
* Conversation-type definitions
|
|
*
|
|
* For each call, keep track of the current cseq number and state of
|
|
* transaction, in order to be able to detect retransmissions.
|
|
*
|
|
* Don't use the conservation mechanism, but instead:
|
|
* - store with each dissected packet original frame (if any)
|
|
* - maintain a global hash table of
|
|
* (call_id, source_addr, dest_addr) -> (cseq, transaction_state, frame)
|
|
****************************************************************************/
|
|
|
|
static GHashTable *sip_hash = NULL; /* Hash table */
|
|
|
|
/* Types for hash table keys and values */
|
|
#define MAX_CALL_ID_SIZE 128
|
|
typedef struct
|
|
{
|
|
char call_id[MAX_CALL_ID_SIZE];
|
|
address source_address;
|
|
guint32 source_port;
|
|
address dest_address;
|
|
guint32 dest_port;
|
|
} sip_hash_key;
|
|
|
|
|
|
typedef enum
|
|
{
|
|
nothing_seen,
|
|
request_seen,
|
|
provisional_response_seen,
|
|
final_response_seen
|
|
} transaction_state_t;
|
|
|
|
typedef struct
|
|
{
|
|
guint32 cseq;
|
|
transaction_state_t transaction_state;
|
|
gchar method[MAX_CSEQ_METHOD_SIZE];
|
|
guint32 response_code;
|
|
gint frame_number;
|
|
} sip_hash_value;
|
|
|
|
|
|
/************************/
|
|
/* Hash table functions */
|
|
|
|
/* Equal keys */
|
|
static gint sip_equal(gconstpointer v, gconstpointer v2)
|
|
{
|
|
const sip_hash_key* val1 = v;
|
|
const sip_hash_key* val2 = v2;
|
|
|
|
/* Call id must match */
|
|
if (strcmp(val1->call_id, val2->call_id) != 0)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
/* Addresses must match */
|
|
return (ADDRESSES_EQUAL(&(val1->source_address), &(val2->source_address))) &&
|
|
(val1->source_port == val2->source_port) &&
|
|
(ADDRESSES_EQUAL(&(val1->dest_address), &(val2->dest_address))) &&
|
|
(val1->dest_port == val2->dest_port);
|
|
}
|
|
|
|
/* Compute a hash value for a given key. */
|
|
/* Don't try to use addresses here, call-id should be almost unique. */
|
|
static guint sip_hash_func(gconstpointer v)
|
|
{
|
|
gint n;
|
|
const sip_hash_key *key = v;
|
|
guint value = strlen(key->call_id);
|
|
gint chars_to_use = value / 4;
|
|
|
|
/* First few characters from the call-id should be enough... */
|
|
for (n=0; n < chars_to_use; n++)
|
|
{
|
|
value += key->call_id[n];
|
|
}
|
|
|
|
return value;
|
|
}
|
|
|
|
|
|
/* Initializes the hash table and the mem_chunk area each time a new
|
|
* file is loaded or re-loaded in ethereal */
|
|
static void
|
|
sip_init_protocol(void)
|
|
{
|
|
/* Destroy any existing hashes. */
|
|
if (sip_hash)
|
|
g_hash_table_destroy(sip_hash);
|
|
|
|
/* Now create them over */
|
|
sip_hash = g_hash_table_new(sip_hash_func, sip_equal);
|
|
}
|
|
|
|
/*
|
|
* Copied from the mgcp dissector. (This function should be moved to /epan )
|
|
* tvb_skip_wsp - Returns the position in tvb of the first non-whitespace
|
|
* character following offset or offset + maxlength -1 whichever
|
|
* is smaller.
|
|
*
|
|
* Parameters:
|
|
* tvb - The tvbuff in which we are skipping whitespace.
|
|
* offset - The offset in tvb from which we begin trying to skip whitespace.
|
|
* maxlength - The maximum distance from offset that we may try to skip
|
|
* whitespace.
|
|
*
|
|
* Returns: The position in tvb of the first non-whitespace
|
|
* character following offset or offset + maxlength -1 whichever
|
|
* is smaller.
|
|
*/
|
|
static gint tvb_skip_wsp(tvbuff_t* tvb, gint offset, gint maxlength)
|
|
{
|
|
gint counter = offset;
|
|
gint end = offset + maxlength,tvb_len;
|
|
guint8 tempchar;
|
|
|
|
/* Get the length remaining */
|
|
tvb_len = tvb_length(tvb);
|
|
end = offset + maxlength;
|
|
if (end >= tvb_len)
|
|
{
|
|
end = tvb_len;
|
|
}
|
|
|
|
/* Skip past spaces, tabs, CRs and LFs until run out or meet something else */
|
|
for (counter = offset;
|
|
counter < end &&
|
|
((tempchar = tvb_get_guint8(tvb,counter)) == ' ' ||
|
|
tempchar == '\t' || tempchar == '\r' || tempchar == '\n');
|
|
counter++);
|
|
|
|
return (counter);
|
|
}
|
|
|
|
/* Structure to collect info about a sip uri */
|
|
typedef struct _uri_offset_info
|
|
{
|
|
gint display_name_start;
|
|
gint display_name_end;
|
|
gint uri_start;
|
|
gint uri_end;
|
|
gint uri_parameters_start;
|
|
gint uri_parameters_end;
|
|
gint name_addr_start;
|
|
gint name_addr_end;
|
|
} uri_offset_info;
|
|
|
|
/* Code to parse a sip uri.
|
|
* Returns Offset end off parsing or -1 for unsuccessful parsing
|
|
*/
|
|
static gint
|
|
dissect_sip_uri(tvbuff_t *tvb, packet_info *pinfo _U_, gint start_offset,
|
|
gint line_end_offset, uri_offset_info *uri_offsets)
|
|
{
|
|
gchar c;
|
|
gint i;
|
|
gint current_offset;
|
|
gint queried_offset;
|
|
gint colon_offset;
|
|
gint comma_offset;
|
|
gint semicolon_offset;
|
|
gint question_mark_offset;
|
|
gboolean uri_without_angle_quotes = FALSE;
|
|
|
|
/* skip Spaces and Tabs */
|
|
current_offset = tvb_skip_wsp(tvb, start_offset, line_end_offset - start_offset);
|
|
|
|
if(current_offset >= line_end_offset) {
|
|
/* Nothing to parse */
|
|
return -1;
|
|
}
|
|
|
|
uri_offsets->name_addr_start = current_offset;
|
|
|
|
/* First look, if we have a display name */
|
|
c=tvb_get_guint8(tvb, current_offset);
|
|
switch(c)
|
|
{
|
|
case '"':
|
|
/* We have a display name, look for the next unescaped '"' */
|
|
uri_offsets->display_name_start = current_offset;
|
|
do
|
|
{
|
|
queried_offset = tvb_find_guint8(tvb, current_offset + 1, line_end_offset - (current_offset + 1), '"');
|
|
if(queried_offset == -1)
|
|
{
|
|
/* malformed URI */
|
|
return -1;
|
|
}
|
|
current_offset = queried_offset;
|
|
|
|
/* Is it escaped? */
|
|
/* count back slashes before '"' */
|
|
for(i=1;tvb_get_guint8(tvb, queried_offset - i) == '\\';i++);
|
|
i--;
|
|
|
|
if(i % 2 == 0)
|
|
{
|
|
/* not escaped */
|
|
break;
|
|
}
|
|
} while (current_offset < line_end_offset);
|
|
if(current_offset >= line_end_offset)
|
|
{
|
|
/* malformed URI */
|
|
return -1;
|
|
}
|
|
|
|
uri_offsets->display_name_end = current_offset;
|
|
|
|
/* find start of the URI */
|
|
queried_offset = tvb_find_guint8(tvb, current_offset, line_end_offset - current_offset, '<');
|
|
if(queried_offset == -1)
|
|
{
|
|
/* malformed Uri */
|
|
return -1;
|
|
}
|
|
current_offset = queried_offset + 1;
|
|
break;
|
|
|
|
case '<':
|
|
/* We don't have a display name */
|
|
current_offset++;
|
|
break;
|
|
|
|
default:
|
|
/* We have either an URI without angles or a display name with a limited character set */
|
|
/* Look for the right angle quote or colon */
|
|
queried_offset = tvb_find_guint8(tvb, current_offset, line_end_offset - current_offset, '<');
|
|
colon_offset = tvb_find_guint8(tvb, current_offset, line_end_offset - current_offset, ':');
|
|
if(queried_offset != -1 && colon_offset != -1)
|
|
{
|
|
if(queried_offset < colon_offset)
|
|
{
|
|
/* we have an URI with angle quotes */
|
|
uri_offsets->display_name_start = current_offset;
|
|
uri_offsets->display_name_end = queried_offset - 1;
|
|
current_offset = queried_offset + 1;
|
|
}
|
|
else
|
|
{
|
|
/* we have an URI without angle quotes */
|
|
uri_without_angle_quotes = TRUE;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if(queried_offset != -1)
|
|
{
|
|
/* we have an URI with angle quotes */
|
|
uri_offsets->display_name_start = current_offset;
|
|
uri_offsets->display_name_end = queried_offset - 1;
|
|
current_offset = queried_offset + 1;
|
|
break;
|
|
}
|
|
if(colon_offset != -1)
|
|
{
|
|
/* we have an URI without angle quotes */
|
|
uri_without_angle_quotes = TRUE;
|
|
break;
|
|
}
|
|
/* If this point is reached, we can't parse the URI */
|
|
return -1;
|
|
}
|
|
break;
|
|
}
|
|
|
|
/* Start parsing of URI */
|
|
uri_offsets->uri_start = current_offset;
|
|
if(uri_without_angle_quotes == TRUE)
|
|
{
|
|
/* look for the first ',' or ';' which will mark the end of this URI
|
|
* In this case a semicolon indicates a header field parameter, and not an uri parameter.
|
|
*/
|
|
comma_offset = tvb_find_guint8(tvb, current_offset, line_end_offset - current_offset, ',');
|
|
semicolon_offset = tvb_find_guint8(tvb, current_offset, line_end_offset - current_offset, ';');
|
|
|
|
if (semicolon_offset != -1 && comma_offset != -1)
|
|
{
|
|
if(semicolon_offset < comma_offset)
|
|
{
|
|
uri_offsets->uri_end = semicolon_offset - 1;
|
|
}
|
|
else
|
|
{
|
|
uri_offsets->uri_end = comma_offset - 1;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (semicolon_offset != -1)
|
|
{
|
|
uri_offsets->uri_end = semicolon_offset - 1;
|
|
}
|
|
if (comma_offset != -1)
|
|
{
|
|
uri_offsets->uri_end = comma_offset - 1;
|
|
}
|
|
/* If both offsets are equal to -1, we don't have a semicolon or a comma.
|
|
* In that case, we assume that the end of the URI is at the line end
|
|
*/
|
|
uri_offsets->uri_end = line_end_offset - 2;
|
|
}
|
|
uri_offsets->name_addr_end = uri_offsets->uri_end;
|
|
current_offset = uri_offsets->uri_end + 1; /* Now save current_offset, as it is the value to be returned now */
|
|
}
|
|
else
|
|
{
|
|
/* look for closing angle quote */
|
|
queried_offset = tvb_find_guint8(tvb, current_offset, line_end_offset - current_offset, '>');
|
|
if(queried_offset == -1)
|
|
{
|
|
/* malformed Uri */
|
|
return -1;
|
|
}
|
|
uri_offsets->name_addr_end = queried_offset;
|
|
uri_offsets->uri_end = queried_offset - 1;
|
|
current_offset = queried_offset; /* Now save current_offset. It contains the value we have to return */
|
|
|
|
/* Look for '@' within URI */
|
|
queried_offset = tvb_find_guint8(tvb, uri_offsets->uri_start, uri_offsets->uri_end - uri_offsets->uri_start, '@');
|
|
if(queried_offset == -1)
|
|
{
|
|
/* no '@': look for the first ';' or '?' in the URI */
|
|
question_mark_offset = tvb_find_guint8(tvb, uri_offsets->uri_start, uri_offsets->uri_end - uri_offsets->uri_start, '?');
|
|
semicolon_offset = tvb_find_guint8(tvb, uri_offsets->uri_start, uri_offsets->uri_end - uri_offsets->uri_start, ';');
|
|
}
|
|
else
|
|
{
|
|
/* with '@': look for the first ';' or '?' behind the '@' */
|
|
question_mark_offset = tvb_find_guint8(tvb, queried_offset, uri_offsets->uri_end - queried_offset, '?');
|
|
semicolon_offset = tvb_find_guint8(tvb, queried_offset, uri_offsets->uri_end - queried_offset, ';');
|
|
}
|
|
|
|
/* Set Parameter*/
|
|
if (semicolon_offset != -1 && question_mark_offset != -1)
|
|
{
|
|
if(semicolon_offset < question_mark_offset)
|
|
{
|
|
uri_offsets->uri_parameters_start = semicolon_offset;
|
|
}
|
|
else
|
|
{
|
|
uri_offsets->uri_parameters_start = question_mark_offset;
|
|
}
|
|
uri_offsets->uri_parameters_end = uri_offsets->uri_end;
|
|
uri_offsets->uri_end = uri_offsets->uri_parameters_start - 1;
|
|
}
|
|
else
|
|
{
|
|
if (semicolon_offset != -1)
|
|
{
|
|
uri_offsets->uri_parameters_start = semicolon_offset;
|
|
uri_offsets->uri_parameters_end = uri_offsets->uri_end;
|
|
uri_offsets->uri_end = uri_offsets->uri_parameters_start - 1;
|
|
}
|
|
if (question_mark_offset != -1)
|
|
{
|
|
uri_offsets->uri_parameters_start = question_mark_offset;
|
|
uri_offsets->uri_parameters_end = uri_offsets->uri_end;
|
|
uri_offsets->uri_end = uri_offsets->uri_parameters_start - 1;
|
|
}
|
|
/* If both offsets are equal to -1, we don't have a semicolon or a question mark.
|
|
* In that case, we don't have to save any offsets.
|
|
*/
|
|
}
|
|
|
|
}
|
|
|
|
return current_offset;
|
|
}
|
|
|
|
|
|
/* Code to parse a contact header item
|
|
* Returns Offset end off parsing or -1 for unsuccessful parsing
|
|
*/
|
|
static gint
|
|
dissect_sip_contact_item(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint start_offset, gint line_end_offset)
|
|
{
|
|
gchar c;
|
|
gint i;
|
|
proto_item *ti = NULL;
|
|
proto_tree *contact_item_tree = NULL, *uri_tree = NULL;
|
|
|
|
gint current_offset;
|
|
gint queried_offset;
|
|
gint contact_params_start_offset = -1;
|
|
gint contact_item_end_offset = -1;
|
|
uri_offset_info uri_offsets;
|
|
|
|
uri_offsets.display_name_start = -1;
|
|
uri_offsets.display_name_end = -1;
|
|
uri_offsets.uri_start = -1;
|
|
uri_offsets.uri_end = -1;
|
|
uri_offsets.uri_parameters_start = -1;
|
|
uri_offsets.uri_parameters_end = -1;
|
|
uri_offsets.name_addr_start = -1;
|
|
uri_offsets.name_addr_end = -1;
|
|
|
|
/* skip Spaces and Tabs */
|
|
start_offset = tvb_skip_wsp(tvb, start_offset, line_end_offset - start_offset);
|
|
|
|
if(start_offset >= line_end_offset) {
|
|
/* Nothing to parse */
|
|
return -1;
|
|
}
|
|
|
|
current_offset = dissect_sip_uri(tvb, pinfo, start_offset, line_end_offset, &uri_offsets);
|
|
if(current_offset == -1)
|
|
{
|
|
/* Parsing failed */
|
|
return -1;
|
|
}
|
|
|
|
/* Now look for the end of the contact item */
|
|
while (current_offset < line_end_offset)
|
|
{
|
|
c=tvb_get_guint8(tvb, current_offset);
|
|
|
|
if(c == ';' && contact_params_start_offset == -1)
|
|
{
|
|
/* here we start with contact parameters */
|
|
contact_params_start_offset = current_offset;
|
|
}
|
|
|
|
if(c == '"')
|
|
{
|
|
/* look for the next unescaped '"' */
|
|
do
|
|
{
|
|
queried_offset = tvb_find_guint8(tvb, current_offset + 1, line_end_offset - (current_offset + 1), '"');
|
|
if(queried_offset == -1)
|
|
{
|
|
/* malformed Contact header */
|
|
return -1;
|
|
}
|
|
current_offset = queried_offset;
|
|
|
|
/* Is it escaped?
|
|
* Look for uneven number of backslashes before '"' */
|
|
for(i=0;tvb_get_guint8(tvb, queried_offset - (i+1) ) == '\\';i++);
|
|
i=i%2;
|
|
} while (i == 1);
|
|
}
|
|
|
|
if(c == ',')
|
|
{
|
|
/* end of contact item found. */
|
|
contact_item_end_offset = current_offset - 1; /* remove ',' */
|
|
break;
|
|
}
|
|
|
|
current_offset++;
|
|
}
|
|
|
|
if(contact_item_end_offset == -1)
|
|
contact_item_end_offset = line_end_offset - 3; /* remove '\r\n' */
|
|
|
|
/* Build the tree, now */
|
|
if(tree)
|
|
{
|
|
ti = proto_tree_add_string(tree, hf_sip_contact_item, tvb, start_offset, contact_item_end_offset - start_offset + 1,
|
|
tvb_format_text(tvb, start_offset, contact_item_end_offset - start_offset + 1));
|
|
contact_item_tree = proto_item_add_subtree(ti, ett_sip_contact_item);
|
|
|
|
ti = proto_tree_add_string(contact_item_tree, hf_sip_uri, tvb, uri_offsets.name_addr_start, uri_offsets.name_addr_end - uri_offsets.name_addr_start + 1,
|
|
tvb_format_text(tvb, uri_offsets.name_addr_start, uri_offsets.name_addr_end - uri_offsets.name_addr_start + 1));
|
|
uri_tree = proto_item_add_subtree(ti, ett_sip_uri);
|
|
|
|
if(uri_offsets.display_name_start != -1 && uri_offsets.display_name_end != -1)
|
|
{
|
|
proto_tree_add_string(uri_tree, hf_sip_display, tvb, uri_offsets.display_name_start,
|
|
uri_offsets.display_name_end - uri_offsets.display_name_start + 1,
|
|
tvb_format_text(tvb, uri_offsets.display_name_start,
|
|
uri_offsets.display_name_end - uri_offsets.display_name_start + 1));
|
|
}
|
|
|
|
if(uri_offsets.uri_start != -1 && uri_offsets.uri_end != -1)
|
|
{
|
|
proto_tree_add_string(uri_tree, hf_sip_contact_addr, tvb, uri_offsets.uri_start,
|
|
uri_offsets.uri_end - uri_offsets.uri_start + 1,
|
|
tvb_format_text(tvb, uri_offsets.uri_start,
|
|
uri_offsets.uri_end - uri_offsets.uri_start + 1));
|
|
}
|
|
|
|
/* Parse URI and Contact header Parameters now */
|
|
/* TODO */
|
|
}
|
|
|
|
return current_offset;
|
|
}
|
|
|
|
/* Code to parse an authorization header item
|
|
* Returns offset at end of parsing, or -1 for unsuccessful parsing
|
|
*/
|
|
static gint
|
|
dissect_sip_authorization_item(tvbuff_t *tvb, proto_tree *tree, gint start_offset, gint line_end_offset)
|
|
{
|
|
gchar c;
|
|
gint current_offset;
|
|
gint equals_offset = 0;
|
|
gchar *name;
|
|
auth_parameter_t *auth_parameter;
|
|
guint i = 0;
|
|
gboolean in_quoted_string = FALSE;
|
|
|
|
/* skip Spaces and Tabs */
|
|
start_offset = tvb_skip_wsp(tvb, start_offset, line_end_offset - start_offset);
|
|
|
|
if (start_offset >= line_end_offset)
|
|
{
|
|
/* Nothing to parse */
|
|
return -1;
|
|
}
|
|
|
|
current_offset = start_offset;
|
|
|
|
/* Now look for the end of the parameter */
|
|
while (current_offset < line_end_offset)
|
|
{
|
|
c = tvb_get_guint8(tvb, current_offset);
|
|
|
|
if (c == '=')
|
|
{
|
|
equals_offset = current_offset;
|
|
}
|
|
|
|
if(c == '"')
|
|
{
|
|
/* look for the next unescaped '"' */
|
|
do
|
|
{
|
|
current_offset = tvb_find_guint8(tvb, current_offset + 1, line_end_offset - (current_offset + 1), '"');
|
|
if(current_offset == -1)
|
|
{
|
|
/* malformed parameter */
|
|
return -1;
|
|
}
|
|
|
|
/* Is it escaped?
|
|
* Look for uneven number of backslashes before '"' */
|
|
for(i=0;tvb_get_guint8(tvb, current_offset - (i+1) ) == '\\';i++);
|
|
i=i%2;
|
|
} while (i == 1);
|
|
current_offset++;
|
|
current_offset = tvb_skip_wsp(tvb, current_offset, line_end_offset - current_offset);
|
|
continue;
|
|
}
|
|
|
|
if (c == ',')
|
|
{
|
|
break;
|
|
}
|
|
current_offset++;
|
|
}
|
|
|
|
if (equals_offset == 0)
|
|
{
|
|
/* Give up if equals not found */
|
|
return -1;
|
|
}
|
|
|
|
/* Extract the parameter name */
|
|
name = tvb_get_ephemeral_string(tvb, start_offset, equals_offset-start_offset);
|
|
|
|
/* Try to add parameter as a filterable item */
|
|
for (auth_parameter = &auth_parameters_hf_array[i];
|
|
i < array_length(auth_parameters_hf_array);
|
|
i++, auth_parameter++)
|
|
{
|
|
if (strcasecmp(name, auth_parameter->param_name) == 0)
|
|
{
|
|
proto_tree_add_item(tree, *(auth_parameter->hf_item), tvb,
|
|
equals_offset+1, current_offset-equals_offset-1,
|
|
FALSE);
|
|
break;
|
|
}
|
|
}
|
|
|
|
/* If not matched, just add as text... */
|
|
if (i == array_length(auth_parameters_hf_array))
|
|
{
|
|
proto_tree_add_text(tree, tvb, start_offset, current_offset-start_offset,
|
|
tvb_get_ephemeral_string(tvb, start_offset,
|
|
current_offset-start_offset));
|
|
}
|
|
|
|
return current_offset;
|
|
}
|
|
|
|
|
|
/* Code to actually dissect the packets */
|
|
static int
|
|
dissect_sip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
{
|
|
guint8 octet;
|
|
int len;
|
|
|
|
octet = tvb_get_guint8(tvb,0);
|
|
if ((octet & 0xf8) == 0xf8){
|
|
call_dissector(sigcomp_handle, tvb, pinfo, tree);
|
|
return tvb_length(tvb);
|
|
}
|
|
|
|
len = dissect_sip_common(tvb, 0, pinfo, tree, FALSE, FALSE);
|
|
if (len < 0)
|
|
return 0; /* not SIP */
|
|
else
|
|
return len;
|
|
}
|
|
|
|
static void
|
|
dissect_sip_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
{
|
|
guint8 octet;
|
|
int offset = 0;
|
|
int len;
|
|
|
|
octet = tvb_get_guint8(tvb,0);
|
|
if ((octet & 0xf8) == 0xf8){
|
|
call_dissector(sigcomp_handle, tvb, pinfo, tree);
|
|
return;
|
|
}
|
|
|
|
while (tvb_reported_length_remaining(tvb, offset) != 0) {
|
|
len = dissect_sip_common(tvb, offset, pinfo, tree, TRUE, TRUE);
|
|
if (len <= 0)
|
|
break;
|
|
offset += len;
|
|
}
|
|
}
|
|
|
|
static gboolean
|
|
dissect_sip_tcp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
{
|
|
int offset = 0;
|
|
int len;
|
|
gboolean first = TRUE;
|
|
|
|
while (tvb_reported_length_remaining(tvb, offset) != 0) {
|
|
len = dissect_sip_common(tvb, offset, pinfo, tree, !first, TRUE);
|
|
if (len == -2) {
|
|
if (first) {
|
|
/*
|
|
* If the first packet doesn't start with
|
|
* a valid SIP request or response, don't
|
|
* treat this as SIP.
|
|
*/
|
|
return FALSE;
|
|
}
|
|
break;
|
|
}
|
|
if (len == -1)
|
|
break; /* need more data */
|
|
offset += len;
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
static gboolean
|
|
dissect_sip_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
{
|
|
return dissect_sip_common(tvb, 0, pinfo, tree, FALSE, FALSE) > 0;
|
|
}
|
|
|
|
static int
|
|
dissect_sip_common(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree,
|
|
gboolean dissect_other_as_continuation, gboolean use_reassembly)
|
|
{
|
|
int orig_offset;
|
|
gint next_offset, linelen;
|
|
int content_length, datalen, reported_datalen;
|
|
line_type_t line_type;
|
|
tvbuff_t *next_tvb;
|
|
gboolean is_known_request;
|
|
gboolean found_match = FALSE;
|
|
const char *descr;
|
|
guint token_1_len = 0;
|
|
guint current_method_idx = 0;
|
|
proto_item *ts = NULL, *ti = NULL, *th = NULL, *sip_element_item = NULL;
|
|
proto_tree *sip_tree = NULL, *reqresp_tree = NULL , *hdr_tree = NULL, *sip_element_tree = NULL, *message_body_tree = NULL;
|
|
guchar contacts = 0, contact_is_star = 0, expires_is_0 = 0;
|
|
guint32 cseq_number = 0;
|
|
guchar cseq_number_set = 0;
|
|
char cseq_method[MAX_CSEQ_METHOD_SIZE] = "";
|
|
char call_id[MAX_CALL_ID_SIZE] = "";
|
|
char *media_type_str = NULL;
|
|
char *media_type_str_lower_case = NULL;
|
|
char *content_type_parameter_str = NULL;
|
|
guint resend_for_packet = 0;
|
|
int strlen_to_copy;
|
|
|
|
/* Initialise stat info for passing to tap */
|
|
stat_info = ep_alloc(sizeof(sip_info_value_t));
|
|
stat_info->response_code = 0;
|
|
stat_info->request_method = NULL;
|
|
stat_info->reason_phrase = NULL;
|
|
stat_info->resend = 0;
|
|
stat_info->tap_call_id = NULL;
|
|
stat_info->tap_from_addr = NULL;
|
|
stat_info->tap_to_addr = NULL;
|
|
|
|
/*
|
|
* Note that "tvb_find_line_end()" will return a value that
|
|
* is not longer than what's in the buffer, so the
|
|
* "tvb_get_ptr()" calls below won't throw exceptions.
|
|
*
|
|
* Note that "tvb_strneql()" doesn't throw exceptions, so
|
|
* "sip_parse_line()" won't throw an exception.
|
|
*/
|
|
orig_offset = offset;
|
|
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
|
|
line_type = sip_parse_line(tvb, offset, linelen, &token_1_len);
|
|
if (line_type == OTHER_LINE) {
|
|
/*
|
|
* This is neither a SIP request nor response.
|
|
*/
|
|
if (!dissect_other_as_continuation) {
|
|
/*
|
|
* We were asked to reject this.
|
|
*/
|
|
return -2;
|
|
}
|
|
|
|
/*
|
|
* Just dissect it as a continuation.
|
|
*/
|
|
} else if (use_reassembly) {
|
|
|
|
/*
|
|
* Yes, it's a request or response.
|
|
* Do header desegmentation if we've been told to,
|
|
* and do body desegmentation if we've been told to and
|
|
* we find a Content-Length header.
|
|
*/
|
|
if (!req_resp_hdrs_do_reassembly(tvb, offset, pinfo,
|
|
sip_desegment_headers, sip_desegment_body)) {
|
|
/*
|
|
* More data needed for desegmentation.
|
|
*/
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SIP");
|
|
|
|
switch (line_type) {
|
|
|
|
case REQUEST_LINE:
|
|
is_known_request = sip_is_known_request(tvb, offset, token_1_len, ¤t_method_idx);
|
|
descr = is_known_request ? "Request" : "Unknown request";
|
|
if (check_col(pinfo->cinfo, COL_INFO)) {
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "%s: %s",
|
|
descr,
|
|
tvb_format_text(tvb, offset, linelen - SIP2_HDR_LEN - 1));
|
|
}
|
|
break;
|
|
|
|
case STATUS_LINE:
|
|
descr = "Status";
|
|
if (check_col(pinfo->cinfo, COL_INFO)) {
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "Status: %s",
|
|
tvb_format_text(tvb, offset + SIP2_HDR_LEN + 1, linelen - SIP2_HDR_LEN - 1));
|
|
}
|
|
stat_info->reason_phrase = tvb_get_ephemeral_string(tvb, offset + SIP2_HDR_LEN + 5, linelen - (SIP2_HDR_LEN + 5));
|
|
break;
|
|
|
|
case OTHER_LINE:
|
|
default: /* Squelch compiler complaints */
|
|
descr = "Continuation";
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
|
|
break;
|
|
}
|
|
|
|
if (tree) {
|
|
ts = proto_tree_add_item(tree, proto_sip, tvb, offset, -1, FALSE);
|
|
sip_tree = proto_item_add_subtree(ts, ett_sip);
|
|
}
|
|
|
|
switch (line_type) {
|
|
|
|
case REQUEST_LINE:
|
|
if (sip_tree) {
|
|
ti = proto_tree_add_string(sip_tree, hf_Request_Line, tvb, offset, linelen,
|
|
tvb_format_text(tvb, offset, linelen));
|
|
reqresp_tree = proto_item_add_subtree(ti, ett_sip_reqresp);
|
|
}
|
|
dfilter_sip_request_line(tvb, reqresp_tree, token_1_len);
|
|
break;
|
|
|
|
case STATUS_LINE:
|
|
if (sip_tree) {
|
|
ti = proto_tree_add_string(sip_tree, hf_Status_Line, tvb, offset, linelen,
|
|
tvb_format_text(tvb, offset, linelen));
|
|
reqresp_tree = proto_item_add_subtree(ti, ett_sip_reqresp);
|
|
}
|
|
dfilter_sip_status_line(tvb, reqresp_tree);
|
|
break;
|
|
|
|
case OTHER_LINE:
|
|
if (sip_tree) {
|
|
ti = proto_tree_add_text(sip_tree, tvb, offset, next_offset,
|
|
"%s line: %s", descr,
|
|
tvb_format_text(tvb, offset, linelen));
|
|
reqresp_tree = proto_item_add_subtree(ti, ett_sip_reqresp);
|
|
proto_tree_add_text(sip_tree, tvb, offset, -1,
|
|
"Continuation data");
|
|
}
|
|
return tvb_length_remaining(tvb, offset);
|
|
}
|
|
|
|
offset = next_offset;
|
|
if (sip_tree) {
|
|
th = proto_tree_add_item(sip_tree, hf_msg_hdr, tvb, offset, -1, FALSE);
|
|
hdr_tree = proto_item_add_subtree(th, ett_sip_hdr);
|
|
}
|
|
|
|
/*
|
|
* Process the headers - if we're not building a protocol tree,
|
|
* we just do this to find the blank line separating the
|
|
* headers from the message body.
|
|
*/
|
|
next_offset = offset;
|
|
content_length = -1;
|
|
while (tvb_reported_length_remaining(tvb, offset) > 0) {
|
|
gint line_end_offset;
|
|
gint colon_offset;
|
|
gint semi_colon_offset;
|
|
gint len;
|
|
gint parameter_offset;
|
|
gint parameter_end_offset;
|
|
gint parameter_len;
|
|
gint content_type_len, content_type_parameter_str_len;
|
|
gint header_len;
|
|
gint hf_index;
|
|
gint value_offset;
|
|
gint comma_offset;
|
|
guchar c;
|
|
size_t value_len;
|
|
char *value;
|
|
|
|
linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
|
|
if (linelen == 0) {
|
|
/*
|
|
* This is a blank line separating the
|
|
* message header from the message body.
|
|
*/
|
|
offset = next_offset;
|
|
break;
|
|
}
|
|
|
|
line_end_offset = offset + linelen;
|
|
while ((c = tvb_get_guint8(tvb, next_offset)) == ' ' || c == '\t')
|
|
{
|
|
/*
|
|
* This line end is not a header seperator.
|
|
* It just extends the header with another line.
|
|
* Look for next line end:
|
|
*/
|
|
linelen += (next_offset - line_end_offset);
|
|
linelen += tvb_find_line_end(tvb, next_offset, -1, &next_offset, FALSE);
|
|
line_end_offset = offset + linelen;
|
|
}
|
|
|
|
colon_offset = tvb_find_guint8(tvb, offset, linelen, ':');
|
|
if (colon_offset == -1) {
|
|
/*
|
|
* Malformed header - no colon after the name.
|
|
*/
|
|
if(hdr_tree) {
|
|
proto_tree_add_text(hdr_tree, tvb, offset,
|
|
next_offset - offset, "%s",
|
|
tvb_format_text(tvb, offset, linelen));
|
|
}
|
|
} else {
|
|
header_len = colon_offset - offset;
|
|
hf_index = sip_is_known_sip_header(tvb, offset, header_len);
|
|
|
|
if (hf_index == -1) {
|
|
if(hdr_tree) {
|
|
proto_tree_add_text(hdr_tree, tvb,
|
|
offset, next_offset - offset, "%s",
|
|
tvb_format_text(tvb, offset, linelen));
|
|
}
|
|
} else {
|
|
/*
|
|
* Skip whitespace after the colon.
|
|
*/
|
|
value_offset = tvb_skip_wsp(tvb, colon_offset + 1, line_end_offset - (colon_offset + 1));
|
|
|
|
/*
|
|
* Fetch the value.
|
|
*/
|
|
value_len = line_end_offset - value_offset;
|
|
value = tvb_get_ephemeral_string(tvb, value_offset,
|
|
value_len);
|
|
|
|
/*
|
|
* Add it to the protocol tree,
|
|
* but display the line as is.
|
|
*/
|
|
switch ( hf_index ) {
|
|
|
|
case POS_TO :
|
|
if(hdr_tree) {
|
|
sip_element_item = proto_tree_add_string_format(hdr_tree,
|
|
hf_header_array[hf_index], tvb,
|
|
offset, next_offset - offset,
|
|
value, "%s",
|
|
tvb_format_text(tvb, offset, linelen));
|
|
sip_element_tree = proto_item_add_subtree( sip_element_item,
|
|
ett_sip_element);
|
|
}
|
|
/* See if we have a SIP/SIPS uri enclosed in <>, if so anything in front is
|
|
* display info.
|
|
*/
|
|
parameter_offset = tvb_find_guint8(tvb, value_offset,value_len, '<');
|
|
if ( parameter_offset != -1){
|
|
len = parameter_offset - value_offset;
|
|
if ( len > 1){
|
|
/* Something in front, must be display info
|
|
* TODO: Get rid of trailing space(s)
|
|
*/
|
|
proto_tree_add_item(sip_element_tree, hf_sip_display, tvb, value_offset,
|
|
len, FALSE);
|
|
}
|
|
parameter_offset ++;
|
|
parameter_end_offset = parameter_offset;
|
|
/* RFC3261 paragraph 20
|
|
* The Contact, From, and To header fields contain a URI. If the URI
|
|
* contains a comma, question mark or semicolon, the URI MUST be
|
|
* enclosed in angle brackets (< and >). Any URI parameters are
|
|
* contained within these brackets. If the URI is not enclosed in angle
|
|
* brackets, any semicolon-delimited parameters are header-parameters,
|
|
* not URI parameters.
|
|
*/
|
|
while (parameter_end_offset < line_end_offset){
|
|
parameter_end_offset++;
|
|
c = tvb_get_guint8(tvb, parameter_end_offset);
|
|
switch (c) {
|
|
case '>':
|
|
case ',':
|
|
case ';':
|
|
case '?':
|
|
goto separator_found;
|
|
default :
|
|
break;
|
|
}
|
|
}
|
|
separator_found:
|
|
parameter_len = parameter_end_offset - parameter_offset;
|
|
proto_tree_add_item(sip_element_tree, hf_sip_to_addr, tvb, parameter_offset,
|
|
parameter_len, FALSE);
|
|
/*info for the tap for voip_calls.c*/
|
|
stat_info->tap_to_addr=tvb_get_ephemeral_string(tvb, parameter_offset, parameter_len);
|
|
|
|
parameter_offset = parameter_end_offset + 1;
|
|
/*
|
|
* URI parameters ?
|
|
*/
|
|
parameter_end_offset = tvb_find_guint8(tvb, parameter_offset,( line_end_offset - parameter_offset), ';');
|
|
if ( parameter_end_offset == -1)
|
|
parameter_end_offset = line_end_offset;
|
|
|
|
offset = parameter_end_offset;
|
|
}
|
|
else
|
|
{
|
|
/* Extract SIP/SIPS URI */
|
|
parameter_offset = value_offset;
|
|
while (parameter_offset < line_end_offset
|
|
&& (tvb_strneql(tvb, parameter_offset, "sip", 3) != 0))
|
|
parameter_offset++;
|
|
len = parameter_offset - value_offset;
|
|
if ( len > 1){
|
|
/* Something in front, must be display info
|
|
* TODO: Get rid of trailing space(s)
|
|
*/
|
|
proto_tree_add_item(sip_element_tree, hf_sip_display, tvb, value_offset,
|
|
len, FALSE);
|
|
}
|
|
parameter_end_offset = tvb_find_guint8(tvb, parameter_offset,
|
|
(line_end_offset - parameter_offset), ';');
|
|
if ( parameter_end_offset == -1)
|
|
parameter_end_offset = line_end_offset;
|
|
parameter_len = parameter_end_offset - parameter_offset;
|
|
proto_tree_add_item(sip_element_tree, hf_sip_to_addr, tvb, parameter_offset,
|
|
parameter_len, FALSE);
|
|
/*info for the tap for voip_calls.c*/
|
|
stat_info->tap_to_addr=tvb_get_ephemeral_string(tvb, parameter_offset, parameter_len);
|
|
offset = parameter_end_offset;
|
|
}
|
|
/* Find parameter tag if present.
|
|
* TODO make this generic to find any interesting parameter
|
|
* use the same method as for SIP headers ?
|
|
*/
|
|
|
|
parameter_offset = offset;
|
|
while (parameter_offset < line_end_offset
|
|
&& (tvb_strneql(tvb, parameter_offset, "tag=", 4) != 0))
|
|
parameter_offset++;
|
|
if ( parameter_offset < line_end_offset ){ /* Tag found */
|
|
parameter_offset = parameter_offset + 4;
|
|
parameter_end_offset = tvb_find_guint8(tvb, parameter_offset,
|
|
(line_end_offset - parameter_offset), ';');
|
|
if ( parameter_end_offset == -1)
|
|
parameter_end_offset = line_end_offset;
|
|
parameter_len = parameter_end_offset - parameter_offset;
|
|
proto_tree_add_item(sip_element_tree, hf_sip_tag, tvb, parameter_offset,
|
|
parameter_len, FALSE);
|
|
|
|
}
|
|
break;
|
|
|
|
case POS_FROM :
|
|
if(hdr_tree) {
|
|
sip_element_item = proto_tree_add_string_format(hdr_tree,
|
|
hf_header_array[hf_index], tvb,
|
|
offset, next_offset - offset,
|
|
value, "%s",
|
|
tvb_format_text(tvb, offset, linelen));
|
|
sip_element_tree = proto_item_add_subtree( sip_element_item, ett_sip_element);
|
|
}
|
|
/* See if we have a SIP/SIPS uri enclosed in <>, if so anything in front is
|
|
* display info.
|
|
*/
|
|
parameter_offset = tvb_find_guint8(tvb, value_offset,value_len, '<');
|
|
if ( parameter_offset != -1){
|
|
len = parameter_offset - value_offset;
|
|
if ( len > 1){
|
|
/* Something in front, must be display info
|
|
* TODO: Get rid of trailing space(s)
|
|
*/
|
|
proto_tree_add_item(sip_element_tree, hf_sip_display, tvb, value_offset,
|
|
len, FALSE);
|
|
}
|
|
parameter_offset ++;
|
|
parameter_end_offset = parameter_offset;
|
|
/* RFC3261 paragraph 20
|
|
* The Contact, From, and To header fields contain a URI. If the URI
|
|
* contains a comma, question mark or semicolon, the URI MUST be
|
|
* enclosed in angle brackets (< and >). Any URI parameters are
|
|
* contained within these brackets. If the URI is not enclosed in angle
|
|
* brackets, any semicolon-delimited parameters are header-parameters,
|
|
* not URI parameters.
|
|
*/
|
|
while (parameter_end_offset < line_end_offset){
|
|
parameter_end_offset++;
|
|
c = tvb_get_guint8(tvb, parameter_end_offset);
|
|
switch (c) {
|
|
case '>':
|
|
case ',':
|
|
case ';':
|
|
case '?':
|
|
goto separator_found2;
|
|
default :
|
|
break;
|
|
}
|
|
}
|
|
separator_found2:
|
|
parameter_len = parameter_end_offset - parameter_offset;
|
|
dfilter_store_sip_from_addr(tvb, sip_element_tree,
|
|
parameter_offset, parameter_len);
|
|
/*info for the tap for voip_calls.c*/
|
|
stat_info->tap_from_addr=tvb_get_ephemeral_string(tvb, parameter_offset, parameter_len);
|
|
parameter_offset = parameter_end_offset + 1;
|
|
/*
|
|
* URI parameters ?
|
|
*/
|
|
parameter_end_offset = tvb_find_guint8(tvb, parameter_offset,( line_end_offset - parameter_offset), ';');
|
|
if ( parameter_end_offset == -1)
|
|
parameter_end_offset = line_end_offset;
|
|
|
|
offset = parameter_end_offset;
|
|
}
|
|
else
|
|
{
|
|
/* Extract SIP/SIPS URI */
|
|
parameter_offset = value_offset;
|
|
while (parameter_offset < line_end_offset
|
|
&& (tvb_strneql(tvb, parameter_offset, "sip", 3) != 0))
|
|
parameter_offset++;
|
|
len = parameter_offset - value_offset;
|
|
if ( len > 1){
|
|
/* Something in front, must be display info
|
|
* TODO: Get rid of trailing space(s)
|
|
*/
|
|
proto_tree_add_item(sip_element_tree, hf_sip_display, tvb, value_offset,
|
|
len, FALSE);
|
|
}
|
|
parameter_end_offset = tvb_find_guint8(tvb, parameter_offset,
|
|
(line_end_offset - parameter_offset), ';');
|
|
if ( parameter_end_offset == -1)
|
|
parameter_end_offset = line_end_offset;
|
|
parameter_len = parameter_end_offset - parameter_offset;
|
|
proto_tree_add_item(sip_element_tree, hf_sip_from_addr, tvb, parameter_offset,
|
|
parameter_len, FALSE);
|
|
/*info for the tap for voip_calls.c*/
|
|
stat_info->tap_from_addr=tvb_get_ephemeral_string(tvb, parameter_offset, parameter_len);
|
|
offset = parameter_end_offset;
|
|
}
|
|
/* Find parameter tag if present.
|
|
* TODO make this generic to find any interesting parameter
|
|
* use the same method as for SIP headers ?
|
|
*/
|
|
|
|
parameter_offset = offset;
|
|
while (parameter_offset < line_end_offset
|
|
&& (tvb_strneql(tvb, parameter_offset, "tag=", 4) != 0))
|
|
parameter_offset++;
|
|
if ( parameter_offset < line_end_offset ){ /* Tag found */
|
|
parameter_offset = parameter_offset + 4;
|
|
parameter_end_offset = tvb_find_guint8(tvb, parameter_offset,
|
|
(line_end_offset - parameter_offset), ';');
|
|
if ( parameter_end_offset == -1)
|
|
parameter_end_offset = line_end_offset;
|
|
parameter_len = parameter_end_offset - parameter_offset;
|
|
proto_tree_add_item(sip_element_tree, hf_sip_tag, tvb, parameter_offset,
|
|
parameter_len, FALSE);
|
|
|
|
}
|
|
break;
|
|
|
|
case POS_CSEQ :
|
|
/* Store the sequence number */
|
|
cseq_number = atoi(value);
|
|
cseq_number_set = 1;
|
|
stat_info->tap_cseq_number=cseq_number;
|
|
|
|
/* Walk past number and spaces characters to get to start
|
|
of method name */
|
|
for (value_offset=0; value_offset < (gint)strlen(value); value_offset++)
|
|
{
|
|
if (isalpha((guchar)value[value_offset]))
|
|
{
|
|
break;
|
|
}
|
|
}
|
|
if (value_offset == (gint)strlen(value))
|
|
{
|
|
THROW(ReportedBoundsError);
|
|
return offset - orig_offset;
|
|
}
|
|
|
|
/* Extract method name from value */
|
|
strlen_to_copy = strlen(value)-value_offset+1;
|
|
if (strlen_to_copy > MAX_CSEQ_METHOD_SIZE) {
|
|
/* Note the error in the protocol tree */
|
|
if(hdr_tree) {
|
|
proto_tree_add_string_format(hdr_tree,
|
|
hf_header_array[hf_index], tvb,
|
|
offset, next_offset - offset,
|
|
value+value_offset, "%s String too big: %d bytes",
|
|
sip_headers[POS_CSEQ].name,
|
|
strlen_to_copy);
|
|
}
|
|
THROW(ReportedBoundsError);
|
|
return offset - orig_offset;
|
|
}
|
|
else {
|
|
strncpy(cseq_method, value+value_offset, MIN(strlen_to_copy, MAX_CSEQ_METHOD_SIZE));
|
|
|
|
/* Add 'CSeq' string item to tree */
|
|
if(hdr_tree) {
|
|
proto_tree_add_string_format(hdr_tree,
|
|
hf_header_array[hf_index], tvb,
|
|
offset, next_offset - offset,
|
|
value, "%s",
|
|
tvb_format_text(tvb, offset, linelen));
|
|
}
|
|
}
|
|
break;
|
|
|
|
case POS_CALL_ID :
|
|
/* Store the Call-id */
|
|
strncpy(call_id, value,
|
|
strlen(value)+1 < MAX_CALL_ID_SIZE ?
|
|
strlen(value)+1 :
|
|
MAX_CALL_ID_SIZE);
|
|
stat_info->tap_call_id = ep_strdup(call_id);
|
|
|
|
/* Add 'Call-id' string item to tree */
|
|
if(hdr_tree) {
|
|
proto_tree_add_string_format(hdr_tree,
|
|
hf_header_array[hf_index], tvb,
|
|
offset, next_offset - offset,
|
|
value, "%s",
|
|
tvb_format_text(tvb, offset, linelen));
|
|
}
|
|
break;
|
|
|
|
case POS_EXPIRES :
|
|
if (strcmp(value, "0") == 0)
|
|
{
|
|
expires_is_0 = 1;
|
|
}
|
|
/* Add 'Expires' string item to tree */
|
|
if(hdr_tree) {
|
|
proto_tree_add_string_format(hdr_tree,
|
|
hf_header_array[hf_index], tvb,
|
|
offset, next_offset - offset,
|
|
value, "%s",
|
|
tvb_format_text(tvb, offset, linelen));
|
|
}
|
|
break;
|
|
|
|
/*
|
|
* Content-Type is the same as Internet
|
|
* media type used by other dissectors,
|
|
* appropriate dissector found by
|
|
* lookup in "media_type" dissector table.
|
|
*/
|
|
case POS_CONTENT_TYPE :
|
|
if(hdr_tree) {
|
|
proto_tree_add_string_format(hdr_tree,
|
|
hf_header_array[hf_index], tvb,
|
|
offset, next_offset - offset,
|
|
value, "%s",
|
|
tvb_format_text(tvb, offset, linelen));
|
|
}
|
|
content_type_len = value_len;
|
|
semi_colon_offset = tvb_find_guint8(tvb, value_offset, value_len, ';');
|
|
if ( semi_colon_offset != -1) {
|
|
/*
|
|
* Skip whitespace after the semicolon.
|
|
*/
|
|
parameter_offset = tvb_skip_wsp(tvb, semi_colon_offset +1, value_offset + value_len - (semi_colon_offset +1));
|
|
|
|
content_type_len = semi_colon_offset - value_offset;
|
|
content_type_parameter_str_len = value_offset + value_len - parameter_offset;
|
|
content_type_parameter_str = tvb_get_ephemeral_string(tvb, parameter_offset,
|
|
content_type_parameter_str_len);
|
|
}
|
|
media_type_str = tvb_get_ephemeral_string(tvb, value_offset, content_type_len);
|
|
#if GLIB_MAJOR_VERSION < 2
|
|
media_type_str_lower_case = ep_strdup(media_type_str);
|
|
g_strdown(media_type_str_lower_case);
|
|
#else
|
|
media_type_str_lower_case = g_ascii_strdown(media_type_str, -1);
|
|
#endif
|
|
break;
|
|
|
|
case POS_CONTENT_LENGTH :
|
|
if(hdr_tree) {
|
|
proto_tree_add_string_format(hdr_tree,
|
|
hf_header_array[hf_index], tvb,
|
|
offset, next_offset - offset,
|
|
value, "%s",
|
|
tvb_format_text(tvb, offset, linelen));
|
|
}
|
|
content_length = atoi(value);
|
|
break;
|
|
|
|
case POS_CONTACT :
|
|
if(hdr_tree) {
|
|
sip_element_item = proto_tree_add_string_format(hdr_tree,
|
|
hf_header_array[hf_index], tvb,
|
|
offset, next_offset - offset,
|
|
value, "%s",
|
|
tvb_format_text(tvb, offset, linelen));
|
|
sip_element_tree = proto_item_add_subtree( sip_element_item,
|
|
ett_sip_element);
|
|
}
|
|
if (strcmp(value, "*") == 0)
|
|
{
|
|
contact_is_star = 1;
|
|
break;
|
|
}
|
|
|
|
comma_offset = value_offset;
|
|
while((comma_offset = dissect_sip_contact_item(tvb, pinfo, sip_element_tree, comma_offset, next_offset)) != -1)
|
|
{
|
|
contacts++;
|
|
if(comma_offset == next_offset)
|
|
{
|
|
/* Line End reached: Stop Parsing */
|
|
break;
|
|
}
|
|
|
|
if(tvb_get_guint8(tvb, comma_offset) != ',')
|
|
{
|
|
/* Undefined value reached: Stop Parsing */
|
|
break;
|
|
}
|
|
comma_offset++; /* skip comma */
|
|
}
|
|
break;
|
|
|
|
case POS_AUTHORIZATION:
|
|
case POS_WWW_AUTHENTICATE:
|
|
case POS_PROXY_AUTHENTICATE:
|
|
case POS_PROXY_AUTHORIZATION:
|
|
/* Add tree using whole text of line */
|
|
if (hdr_tree) {
|
|
sip_element_item = proto_tree_add_string_format(hdr_tree,
|
|
hf_header_array[hf_index], tvb,
|
|
offset, next_offset - offset,
|
|
value, "%s",
|
|
tvb_format_text(tvb, offset, linelen));
|
|
sip_element_tree = proto_item_add_subtree( sip_element_item,
|
|
ett_sip_element);
|
|
}
|
|
|
|
/* Parse each individual parameter in the line */
|
|
comma_offset = tvb_pbrk_guint8(tvb, value_offset, line_end_offset - value_offset, " \t\r\n");
|
|
|
|
proto_tree_add_item(sip_element_tree, hf_sip_auth_scheme,
|
|
tvb, value_offset, comma_offset - value_offset,
|
|
FALSE);
|
|
while ((comma_offset = dissect_sip_authorization_item(tvb, sip_element_tree, comma_offset, line_end_offset)) != -1)
|
|
{
|
|
if(comma_offset == line_end_offset)
|
|
{
|
|
/* Line End reached: Stop Parsing */
|
|
break;
|
|
}
|
|
|
|
if(tvb_get_guint8(tvb, comma_offset) != ',')
|
|
{
|
|
/* Undefined value reached: Stop Parsing */
|
|
break;
|
|
}
|
|
comma_offset++; /* skip comma */
|
|
}
|
|
break;
|
|
|
|
default :
|
|
if(hdr_tree) {
|
|
proto_tree_add_string_format(hdr_tree,
|
|
hf_header_array[hf_index], tvb,
|
|
offset, next_offset - offset,
|
|
value, "%s",
|
|
tvb_format_text(tvb, offset, linelen));
|
|
}
|
|
break;
|
|
}/* end switch */
|
|
}/*if HF_index */
|
|
}/* if colon_offset */
|
|
offset = next_offset;
|
|
}/* End while */
|
|
|
|
datalen = tvb_length_remaining(tvb, offset);
|
|
reported_datalen = tvb_reported_length_remaining(tvb, offset);
|
|
if (content_length != -1) {
|
|
if (datalen > content_length)
|
|
datalen = content_length;
|
|
if (reported_datalen > content_length)
|
|
reported_datalen = content_length;
|
|
}
|
|
|
|
if (datalen > 0) {
|
|
/*
|
|
* There's a message body starting at "offset".
|
|
* Set the length of the header item.
|
|
*/
|
|
proto_item_set_end(th, tvb, offset);
|
|
next_tvb = tvb_new_subset(tvb, offset, datalen, reported_datalen);
|
|
if(sip_tree) {
|
|
ti = proto_tree_add_text(sip_tree, next_tvb, 0, -1,
|
|
"Message body");
|
|
message_body_tree = proto_item_add_subtree(ti, ett_sip_message_body);
|
|
}
|
|
|
|
/* give the content type parameters to sub dissectors */
|
|
|
|
if ( media_type_str_lower_case != NULL ) {
|
|
void *save_private_data = pinfo->private_data;
|
|
pinfo->private_data = content_type_parameter_str;
|
|
found_match = dissector_try_string(media_type_dissector_table,
|
|
media_type_str_lower_case,
|
|
next_tvb, pinfo,
|
|
message_body_tree);
|
|
pinfo->private_data = save_private_data;
|
|
/* If no match dump as text */
|
|
}
|
|
if ( found_match != TRUE )
|
|
{
|
|
if (!(dissector_try_heuristic(heur_subdissector_list,
|
|
next_tvb, pinfo, message_body_tree))) {
|
|
int tmp_offset = 0;
|
|
while (tvb_offset_exists(next_tvb, tmp_offset)) {
|
|
tvb_find_line_end(next_tvb, tmp_offset, -1, &next_offset, FALSE);
|
|
linelen = next_offset - tmp_offset;
|
|
if(message_body_tree) {
|
|
proto_tree_add_text(message_body_tree, next_tvb,
|
|
tmp_offset, linelen, "%s",
|
|
tvb_format_text(next_tvb, tmp_offset, linelen));
|
|
}
|
|
tmp_offset = next_offset;
|
|
}/* end while */
|
|
}
|
|
}
|
|
offset += datalen;
|
|
}
|
|
|
|
|
|
/* Add to info column interesting things learned from header fields. */
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
{
|
|
/* Registration requests */
|
|
if (strcmp(sip_methods[current_method_idx], "REGISTER") == 0)
|
|
{
|
|
if (contact_is_star && expires_is_0)
|
|
{
|
|
col_append_str(pinfo->cinfo, COL_INFO, " (remove all bindings)");
|
|
}
|
|
else
|
|
if (!contacts)
|
|
{
|
|
col_append_str(pinfo->cinfo, COL_INFO, " (fetch bindings)");
|
|
}
|
|
}
|
|
|
|
/* Registration responses */
|
|
if (line_type == STATUS_LINE && (strcmp(cseq_method, "REGISTER") == 0))
|
|
{
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " (%d bindings)", contacts);
|
|
}
|
|
}
|
|
|
|
/* Check if this packet is a resend. */
|
|
resend_for_packet = sip_is_packet_resend(pinfo, cseq_method, call_id,
|
|
cseq_number_set, cseq_number,
|
|
line_type);
|
|
/* Mark whether this is a resend for the tap */
|
|
stat_info->resend = (resend_for_packet > 0);
|
|
|
|
/* And add the filterable field to the request/response line */
|
|
if (reqresp_tree)
|
|
{
|
|
proto_item *item;
|
|
item = proto_tree_add_boolean(reqresp_tree, hf_sip_resend, tvb, orig_offset, 0,
|
|
resend_for_packet > 0);
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
if (resend_for_packet > 0)
|
|
{
|
|
item = proto_tree_add_uint(reqresp_tree, hf_sip_original_frame,
|
|
tvb, orig_offset, 0, resend_for_packet);
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
}
|
|
}
|
|
|
|
|
|
if (ts != NULL)
|
|
proto_item_set_len(ts, offset - orig_offset);
|
|
|
|
if (global_sip_raw_text)
|
|
tvb_raw_text_add(tvb, orig_offset, offset - orig_offset, tree);
|
|
|
|
/* Report this packet to the tap */
|
|
if (!pinfo->in_error_pkt)
|
|
{
|
|
tap_queue_packet(sip_tap, pinfo, stat_info);
|
|
}
|
|
|
|
return offset - orig_offset;
|
|
}
|
|
|
|
/* Display filter for SIP Request-Line */
|
|
static void
|
|
dfilter_sip_request_line(tvbuff_t *tvb, proto_tree *tree, guint meth_len)
|
|
{
|
|
char *string;
|
|
|
|
/*
|
|
* We know we have the entire method; otherwise, "sip_parse_line()"
|
|
* would have returned OTHER_LINE.
|
|
*/
|
|
string = tvb_get_ephemeral_string(tvb, 0, meth_len);
|
|
if (tree) {
|
|
proto_tree_add_string(tree, hf_Method, tvb, 0, meth_len, string);
|
|
}
|
|
/* Copy request method for telling tap */
|
|
stat_info->request_method = string;
|
|
}
|
|
|
|
/* Display filter for SIP Status-Line */
|
|
static void
|
|
dfilter_sip_status_line(tvbuff_t *tvb, proto_tree *tree)
|
|
{
|
|
char string[3+1];
|
|
gint response_code = 0;
|
|
|
|
/*
|
|
* We know we have the entire status code; otherwise,
|
|
* "sip_parse_line()" would have returned OTHER_LINE.
|
|
* We also know that we have a version string followed by a
|
|
* space at the beginning of the line, for the same reason.
|
|
*/
|
|
tvb_memcpy(tvb, (guint8 *)string, SIP2_HDR_LEN + 1, 3);
|
|
string[3] = '\0';
|
|
response_code = atoi(string);
|
|
|
|
/* Add numerical response code to tree */
|
|
if (tree) {
|
|
proto_tree_add_uint(tree, hf_Status_Code, tvb, SIP2_HDR_LEN + 1,
|
|
3, response_code);
|
|
}
|
|
|
|
/* Add response code for sending to tap */
|
|
stat_info->response_code = response_code;
|
|
}
|
|
|
|
void dfilter_store_sip_from_addr(tvbuff_t *tvb,proto_tree *tree,guint parameter_offset,
|
|
guint parameter_len)
|
|
{
|
|
proto_tree_add_item(tree, hf_sip_from_addr, tvb, parameter_offset,
|
|
parameter_len, FALSE);
|
|
|
|
}
|
|
/* From section 4.1 of RFC 2543:
|
|
*
|
|
* Request-Line = Method SP Request-URI SP SIP-Version CRLF
|
|
*
|
|
* From section 5.1 of RFC 2543:
|
|
*
|
|
* Status-Line = SIP-version SP Status-Code SP Reason-Phrase CRLF
|
|
*
|
|
* From section 7.1 of RFC 3261:
|
|
*
|
|
* Unlike HTTP, SIP treats the version number as a literal string.
|
|
* In practice, this should make no difference.
|
|
*/
|
|
static line_type_t
|
|
sip_parse_line(tvbuff_t *tvb, int offset, gint linelen, guint *token_1_lenp)
|
|
{
|
|
gint space_offset;
|
|
gint token_1_start;
|
|
guint token_1_len;
|
|
gint token_2_start;
|
|
guint token_2_len;
|
|
gint token_3_start;
|
|
guint token_3_len;
|
|
gint colon_pos;
|
|
|
|
token_1_start = offset;
|
|
space_offset = tvb_find_guint8(tvb, token_1_start, -1, ' ');
|
|
if ((space_offset == -1) || (space_offset == token_1_start)) {
|
|
/*
|
|
* Either there's no space in the line (which means
|
|
* the line is empty or doesn't have a token followed
|
|
* by a space; neither is valid for a request or status), or
|
|
* the first character in the line is a space (meaning
|
|
* the method is empty, which isn't valid for a request,
|
|
* or the SIP version is empty, which isn't valid for a
|
|
* status).
|
|
*/
|
|
return OTHER_LINE;
|
|
}
|
|
token_1_len = space_offset - token_1_start;
|
|
token_2_start = space_offset + 1;
|
|
space_offset = tvb_find_guint8(tvb, token_2_start, -1, ' ');
|
|
if (space_offset == -1) {
|
|
/*
|
|
* There's no space after the second token, so we don't
|
|
* have a third token.
|
|
*/
|
|
return OTHER_LINE;
|
|
}
|
|
token_2_len = space_offset - token_2_start;
|
|
token_3_start = space_offset + 1;
|
|
token_3_len = token_1_start + linelen - token_3_start;
|
|
|
|
*token_1_lenp = token_1_len;
|
|
|
|
/*
|
|
* Is the first token a version string?
|
|
*/
|
|
if ( (strict_sip_version && (
|
|
token_1_len == SIP2_HDR_LEN
|
|
&& tvb_strneql(tvb, token_1_start, SIP2_HDR, SIP2_HDR_LEN) == 0)
|
|
) || (! strict_sip_version && (
|
|
tvb_strncaseeql(tvb, token_1_start, "SIP/", 4) == 0)
|
|
)) {
|
|
/*
|
|
* Yes, so this is either a Status-Line or something
|
|
* else other than a Request-Line. To be a Status-Line,
|
|
* the second token must be a 3-digit number.
|
|
*/
|
|
if (token_2_len != 3) {
|
|
/*
|
|
* We don't have 3-character status code.
|
|
*/
|
|
return OTHER_LINE;
|
|
}
|
|
if (!isdigit(tvb_get_guint8(tvb, token_2_start)) ||
|
|
!isdigit(tvb_get_guint8(tvb, token_2_start + 1)) ||
|
|
!isdigit(tvb_get_guint8(tvb, token_2_start + 2))) {
|
|
/*
|
|
* 3 characters yes, 3 digits no.
|
|
*/
|
|
return OTHER_LINE;
|
|
}
|
|
return STATUS_LINE;
|
|
} else {
|
|
/*
|
|
* No, so this is either a Request-Line or something
|
|
* other than a Status-Line. To be a Request-Line, the
|
|
* second token must be a URI and the third token must
|
|
* be a version string.
|
|
*/
|
|
if (token_2_len < 3) {
|
|
/*
|
|
* We don't have a URI consisting of at least 3
|
|
* characters.
|
|
*/
|
|
return OTHER_LINE;
|
|
}
|
|
colon_pos = tvb_find_guint8(tvb, token_2_start + 1, -1, ':');
|
|
if (colon_pos == -1) {
|
|
/*
|
|
* There is no colon after the method, so the URI
|
|
* doesn't have a colon in it, so it's not valid.
|
|
*/
|
|
return OTHER_LINE;
|
|
}
|
|
if (colon_pos >= token_3_start) {
|
|
/*
|
|
* The colon is in the version string, not the URI.
|
|
*/
|
|
return OTHER_LINE;
|
|
}
|
|
/* XXX - Check for a proper URI prefix? */
|
|
if ( (strict_sip_version && (
|
|
token_3_len != SIP2_HDR_LEN
|
|
|| tvb_strneql(tvb, token_3_start, SIP2_HDR, SIP2_HDR_LEN) == -1)
|
|
) || (! strict_sip_version && (
|
|
tvb_strncaseeql(tvb, token_3_start, "SIP/", 4) == -1)
|
|
)) {
|
|
/*
|
|
* The version string isn't an SIP version 2.0 version
|
|
* string.
|
|
*/
|
|
return OTHER_LINE;
|
|
}
|
|
return REQUEST_LINE;
|
|
}
|
|
}
|
|
|
|
static gboolean sip_is_known_request(tvbuff_t *tvb, int meth_offset,
|
|
guint meth_len, guint *meth_idx)
|
|
{
|
|
guint i;
|
|
|
|
for (i = 1; i < array_length(sip_methods); i++) {
|
|
if (meth_len == strlen(sip_methods[i]) &&
|
|
tvb_strneql(tvb, meth_offset, sip_methods[i], meth_len) == 0)
|
|
{
|
|
*meth_idx = i;
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
/* Returns index of method in sip_headers */
|
|
static gint sip_is_known_sip_header(tvbuff_t *tvb, int offset, guint header_len)
|
|
{
|
|
guint i;
|
|
|
|
for (i = 1; i < array_length(sip_headers); i++) {
|
|
if (header_len == strlen(sip_headers[i].name) &&
|
|
tvb_strncaseeql(tvb, offset, sip_headers[i].name, header_len) == 0)
|
|
return i;
|
|
if (sip_headers[i].compact_name != NULL &&
|
|
header_len == strlen(sip_headers[i].compact_name) &&
|
|
tvb_strncaseeql(tvb, offset, sip_headers[i].compact_name, header_len) == 0)
|
|
return i;
|
|
}
|
|
|
|
return -1;
|
|
}
|
|
|
|
/*
|
|
* Display the entire message as raw text.
|
|
*/
|
|
static void
|
|
tvb_raw_text_add(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
|
|
{
|
|
proto_tree *raw_tree = NULL;
|
|
proto_item *ti = NULL;
|
|
int next_offset, linelen, end_offset;
|
|
|
|
if(tree) {
|
|
ti = proto_tree_add_item(tree, proto_raw_sip, tvb, offset, length, FALSE);
|
|
raw_tree = proto_item_add_subtree(ti, ett_raw_text);
|
|
}
|
|
|
|
end_offset = offset + length;
|
|
|
|
while (offset < end_offset) {
|
|
tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
|
|
linelen = next_offset - offset;
|
|
if(raw_tree) {
|
|
proto_tree_add_text(raw_tree, tvb, offset, linelen,
|
|
"%s", tvb_format_text(tvb, offset, linelen));
|
|
}
|
|
offset = next_offset;
|
|
}
|
|
}
|
|
|
|
/* Check to see if this packet is a resent request. Return value is number
|
|
of the original frame this packet seems to be resending (0 = no resend). */
|
|
guint sip_is_packet_resend(packet_info *pinfo,
|
|
gchar *cseq_method,
|
|
gchar *call_id,
|
|
guchar cseq_number_set,
|
|
guint32 cseq_number, line_type_t line_type)
|
|
{
|
|
guint32 cseq_to_compare = 0;
|
|
sip_hash_key key;
|
|
sip_hash_key *p_key = 0;
|
|
sip_hash_value *p_val = 0;
|
|
guint result = 0;
|
|
|
|
/* Only consider retransmission of UDP packets */
|
|
if (pinfo->ptype != PT_UDP)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
/* Don't consider packets that appear to be resent only because
|
|
they are e.g. returned in ICMP unreachable messages. */
|
|
if (pinfo->in_error_pkt)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
/* A broken packet may have no cseq number set. Don't consider it as
|
|
a resend */
|
|
if (!cseq_number_set)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
/* Return any answer stored from previous dissection */
|
|
if (pinfo->fd->flags.visited)
|
|
{
|
|
return GPOINTER_TO_UINT(p_get_proto_data(pinfo->fd, proto_sip));
|
|
}
|
|
|
|
/* No packet entry found, consult global hash table */
|
|
|
|
/* Prepare the key */
|
|
strncpy(key.call_id, call_id,
|
|
(strlen(call_id)+1 <= MAX_CALL_ID_SIZE) ?
|
|
strlen(call_id)+1 :
|
|
MAX_CALL_ID_SIZE);
|
|
COPY_ADDRESS(&key.dest_address, &pinfo->net_dst);
|
|
COPY_ADDRESS(&key.source_address, &pinfo->net_src);
|
|
key.dest_port = pinfo->destport;
|
|
key.source_port = pinfo->srcport;
|
|
|
|
/* Do the lookup */
|
|
p_val = (sip_hash_value*)g_hash_table_lookup(sip_hash, &key);
|
|
|
|
if (p_val)
|
|
{
|
|
/* Table entry found, we'll use its value for comparison */
|
|
cseq_to_compare = p_val->cseq;
|
|
}
|
|
else
|
|
{
|
|
/* Need to create a new table entry */
|
|
|
|
/* Allocate a new key and value */
|
|
p_key = se_alloc(sizeof(sip_hash_key));
|
|
p_val = se_alloc(sizeof(sip_hash_value));
|
|
|
|
/* Just give up if allocations failed */
|
|
if (!p_key || !p_val)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
/* Fill in key and value details */
|
|
g_snprintf(p_key->call_id, MAX_CALL_ID_SIZE, "%s", call_id);
|
|
COPY_ADDRESS(&(p_key->dest_address), &pinfo->net_dst);
|
|
COPY_ADDRESS(&(p_key->source_address), &pinfo->net_src);
|
|
p_key->dest_port = pinfo->destport;
|
|
p_key->source_port = pinfo->srcport;
|
|
|
|
p_val->cseq = cseq_number;
|
|
strncpy(p_val->method, cseq_method, MAX_CSEQ_METHOD_SIZE-1);
|
|
p_val->method[MAX_CSEQ_METHOD_SIZE-1] = '\0';
|
|
p_val->transaction_state = nothing_seen;
|
|
p_val->frame_number = 0;
|
|
|
|
/* Add entry */
|
|
g_hash_table_insert(sip_hash, p_key, p_val);
|
|
|
|
/* Assume have seen no cseq yet */
|
|
cseq_to_compare = 0;
|
|
}
|
|
|
|
|
|
/******************************************/
|
|
/* Is it a resend??? */
|
|
|
|
/* Does this look like a resent request (discount ACK, CANCEL, or a
|
|
different method from the original one) ? */
|
|
|
|
if ((line_type == REQUEST_LINE) && (cseq_number == cseq_to_compare) &&
|
|
(p_val->transaction_state == request_seen) &&
|
|
(strcmp(cseq_method, p_val->method) == 0) &&
|
|
(strcmp(cseq_method, "ACK") != 0) &&
|
|
(strcmp(cseq_method, "CANCEL") != 0))
|
|
{
|
|
result = p_val->frame_number;
|
|
}
|
|
|
|
/* Does this look like a resent final response ? */
|
|
if ((line_type == STATUS_LINE) && (cseq_number == cseq_to_compare) &&
|
|
(p_val->transaction_state == final_response_seen) &&
|
|
(strcmp(cseq_method, p_val->method) == 0) &&
|
|
(stat_info->response_code >= 200) &&
|
|
(stat_info->response_code == p_val->response_code))
|
|
{
|
|
result = p_val->frame_number;
|
|
}
|
|
|
|
/* Update state for this entry */
|
|
p_val->cseq = cseq_number;
|
|
|
|
switch (line_type)
|
|
{
|
|
case REQUEST_LINE:
|
|
p_val->transaction_state = request_seen;
|
|
if (!result)
|
|
{
|
|
p_val->frame_number = pinfo->fd->num;
|
|
}
|
|
break;
|
|
case STATUS_LINE:
|
|
if (stat_info->response_code >= 200)
|
|
{
|
|
p_val->response_code = stat_info->response_code;
|
|
p_val->transaction_state = final_response_seen;
|
|
if (!result)
|
|
{
|
|
p_val->frame_number = pinfo->fd->num;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
p_val->transaction_state = provisional_response_seen;
|
|
}
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
/* Store return value with this packet */
|
|
p_add_proto_data(pinfo->fd, proto_sip, GUINT_TO_POINTER(result));
|
|
|
|
return result;
|
|
}
|
|
|
|
|
|
/* Register the protocol with Ethereal */
|
|
void proto_register_sip(void)
|
|
{
|
|
|
|
/* Setup list of header fields */
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_msg_hdr,
|
|
{ "Message Header", "sip.msg_hdr",
|
|
FT_NONE, 0, NULL, 0,
|
|
"Message Header in SIP message", HFILL }
|
|
},
|
|
{ &hf_Method,
|
|
{ "Method", "sip.Method",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"SIP Method", HFILL }
|
|
},
|
|
{ &hf_Request_Line,
|
|
{ "Request-Line", "sip.Request-Line",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"SIP Request-Line", HFILL }
|
|
},
|
|
{ &hf_Status_Code,
|
|
{ "Status-Code", "sip.Status-Code",
|
|
FT_UINT32, BASE_DEC,NULL,0x0,
|
|
"SIP Status Code", HFILL }
|
|
},
|
|
{ &hf_Status_Line,
|
|
{ "Status-Line", "sip.Status-Line",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"SIP Status-Line", HFILL }
|
|
},
|
|
{ &hf_sip_display,
|
|
{ "SIP Display info", "sip.display.info",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Display info", HFILL }
|
|
},
|
|
{ &hf_sip_to_addr,
|
|
{ "SIP to address", "sip.to.addr",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: to addr", HFILL }
|
|
},
|
|
{ &hf_sip_from_addr,
|
|
{ "SIP from address", "sip.from.addr",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: from addr", HFILL }
|
|
},
|
|
{ &hf_sip_contact_addr,
|
|
{ "SIP contact address", "sip.contact.addr",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: contact addr", HFILL }
|
|
},
|
|
{ &hf_sip_uri,
|
|
{ "URI", "sip.uri",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: SIP Uri", HFILL }
|
|
},
|
|
{ &hf_sip_contact_item,
|
|
{ "Contact Binding", "sip.contact.binding",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: one contact binding", HFILL }
|
|
},
|
|
{ &hf_sip_tag,
|
|
{ "SIP tag", "sip.tag",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: tag", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_ACCEPT],
|
|
{ "Accept", "sip.Accept",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Accept Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_ACCEPT_CONTACT],
|
|
{ "Accept-Contact", "sip.Accept-Contact",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3841: Accept-Contact Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_ACCEPT_ENCODING],
|
|
{ "Accept-Encoding", "sip.Accept-Encoding",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3841: Accept-Encoding Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_ACCEPT_LANGUAGE],
|
|
{ "Accept-Language", "sip.Accept-Language",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Accept-Language Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_ACCEPT_RESOURCE_PRIORITY],
|
|
{ "Accept-Resource-Priority", "sip.Accept-Resource-Priority",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"Draft: Accept-Resource-Priority Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_ALERT_INFO],
|
|
{ "Alert-Info", "sip.Alert-Info",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Alert-Info Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_ALLOW],
|
|
{ "Allow", "sip.Allow",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Allow Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_ALLOW_EVENTS],
|
|
{ "Allow-Events", "sip.Allow-Events",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3265: Allow-Events Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_AUTHENTICATION_INFO],
|
|
{ "Authentication-Info", "sip.Authentication-Info",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Authentication-Info Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_AUTHORIZATION],
|
|
{ "Authorization", "sip.Authorization",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Authorization Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_CALL_ID],
|
|
{ "Call-ID", "sip.Call-ID",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Call-ID Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_CALL_INFO],
|
|
{ "Call-Info", "sip.Call-Info",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Call-Info Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_CONTACT],
|
|
{ "Contact", "sip.Contact",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Contact Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_CONTENT_DISPOSITION],
|
|
{ "Content-Disposition", "sip.Content-Disposition",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Content-Disposition Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_CONTENT_ENCODING],
|
|
{ "Content-Encoding", "sip.Content-Encoding",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Content-Encoding Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_CONTENT_LANGUAGE],
|
|
{ "Content-Language", "sip.Content-Language",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Content-Language Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_CONTENT_LENGTH],
|
|
{ "Content-Length", "sip.Content-Length",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Content-Length Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_CONTENT_TYPE],
|
|
{ "Content-Type", "sip.Content-Type",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Content-Type Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_CSEQ],
|
|
{ "CSeq", "sip.CSeq",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: CSeq Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_DATE],
|
|
{ "Date", "sip.Date",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Date Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_ERROR_INFO],
|
|
{ "Error-Info", "sip.Error-Info",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Error-Info Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_EVENT],
|
|
{ "Event", "sip.Event",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3265: Event Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_EXPIRES],
|
|
{ "Expires", "sip.Expires",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Expires Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_FROM],
|
|
{ "From", "sip.From",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: From Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_IN_REPLY_TO],
|
|
{ "In-Reply-To", "sip.In-Reply-To",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: In-Reply-To Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_JOIN],
|
|
{ "Join", "sip.Join",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"Draft: Join Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_MAX_FORWARDS],
|
|
{ "Max-Forwards", "sip.Max-Forwards",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Max-Forwards Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_MIME_VERSION],
|
|
{ "MIME-Version", "sip.MIME-Version",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: MIME-Version Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_MIN_EXPIRES],
|
|
{ "Min-Expires", "sip.Min-Expires",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Min-Expires Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_MIN_SE],
|
|
{ "Min-SE", "sip.Min-SE",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"Draft: Min-SE Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_ORGANIZATION],
|
|
{ "Organization", "sip.Organization",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Organization Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_P_ACCESS_NETWORK_INFO],
|
|
{ "P-Access-Network-Info", "sip.P-Access-Network-Info",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-Access-Network-Info Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_ASSERTED_IDENTITY],
|
|
{ "P-Asserted-Identity", "sip.P-Asserted-Identity",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-Asserted-Identity Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_ASSOCIATED_URI],
|
|
{ "P-Associated-URI", "sip.P-Associated-URI",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-Associated-URI Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_CALLED_PARTY_ID],
|
|
{ "P-Called-Party-ID", "sip.P-Called-Party-ID",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-Called-Party-ID Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_CHARGING_FUNCTION_ADDRESSES],
|
|
{ "P-Charging-Function-Addresses","sip.P-Charging-Function-Addresses",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-Charging-Function-Addresses", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_CHARGING_VECTOR],
|
|
{ "P-Charging-Vector", "sip.P-Charging-Vector",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-Charging-Vector Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_DCS_TRACE_PARTY_ID],
|
|
{ "P-DCS-Trace-Party-ID", "sip.P-DCS-Trace-Party-ID",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-DCS-Trace-Party-ID Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_DCS_OSPS],
|
|
{ "P-DCS-OSPS", "sip.P-DCS-OSPS",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-DCS-OSPS Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_DCS_BILLING_INFO],
|
|
{ "P-DCS-Billing-Info", "sip.P-DCS-Billing-Info",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-DCS-Billing-Info Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_DCS_LAES],
|
|
{ "P-DCS-LAES", "sip.P-DCS-LAES",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-DCS-LAES Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_DCS_REDIRECT],
|
|
{ "P-DCS-Redirect", "sip.P-DCS-Redirect",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-DCS-Redirect Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_MEDIA_AUTHORIZATION],
|
|
{ "P-Media-Authorization", "sip.P-Media-Authorization",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-Media-Authorization Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_PREFERRED_IDENTITY],
|
|
{ "P-Preferred-Identity", "sip.P-Preferred-Identity",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-Preferred-Identity Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_P_VISITED_NETWORK_ID],
|
|
{ "P-Visited-Network-ID", "sip.P-Visited-Network-ID",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"P-Visited-Network-ID Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_PATH],
|
|
{ "Path", "sip.Path",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"Path Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_PRIORITY],
|
|
{ "Priority", "sip.Priority",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Priority Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_PRIVACY],
|
|
{ "Privacy", "sip.Privacy",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"Privacy Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_PROXY_AUTHENTICATE],
|
|
{ "Proxy-Authenticate", "sip.Proxy-Authenticate",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Proxy-Authenticate Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_PROXY_AUTHORIZATION],
|
|
{ "Proxy-Authorization", "sip.Proxy-Authorization",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Proxy-Authorization Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_PROXY_REQUIRE],
|
|
{ "Proxy-Require", "sip.Proxy-Require",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Proxy-Require Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_RACK],
|
|
{ "RAck", "sip.RAck",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3262: RAck Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_REASON],
|
|
{ "Reason", "sip.Reason",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3326 Reason Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_RECORD_ROUTE],
|
|
{ "Record-Route", "sip.Record-Route",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Record-Route Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_REFERED_BY],
|
|
{ "Refered By", "sip.Refered-by",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3892: Refered-by Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_REJECT_CONTACT],
|
|
{ "Reject-Contact", "sip.Reject-Contact",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3841: Reject-Contact Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_REPLACES],
|
|
{ "Replaces", "sip.Replaces",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3891: Replaces Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_REPLY_TO],
|
|
{ "Reply-To", "sip.Reply-To",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Reply-To Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_REQUEST_DISPOSITION],
|
|
{ "Request-Disposition", "sip.Request-Disposition",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3841: Request-Disposition Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_REQUIRE],
|
|
{ "Require", "sip.Require",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Require Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_RESOURCE_PRIORITY],
|
|
{ "Resource-Priority", "sip.Resource-Priority",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"Draft: Resource-Priority Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_RETRY_AFTER],
|
|
{ "Retry-After", "sip.Retry-After",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Retry-After Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_ROUTE],
|
|
{ "Route", "sip.Route",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Route Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_RSEQ],
|
|
{ "RSeq", "sip.RSeq",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3262: RSeq Header", HFILL }
|
|
},
|
|
{ &hf_header_array[ POS_SECURITY_CLIENT],
|
|
{ "Security-Client", "sip.Security-Client",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3329 Security-Client Header", HFILL }
|
|
},
|
|
{ &hf_header_array[ POS_SECURITY_SERVER],
|
|
{ "Security-Server", "sip.Security-Server",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3329 Security-Server Header", HFILL }
|
|
},
|
|
{ &hf_header_array[ POS_SECURITY_VERIFY],
|
|
{ "Security-Verify", "sip.Security-Verify",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3329 Security-Verify Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_SERVER],
|
|
{ "Server", "sip.Server",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Server Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_SERVICE_ROUTE],
|
|
{ "Service-Route", "sip.Service-Route",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"Service-Route Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_SESSION_EXPIRES],
|
|
{ "Session-Expires", "sip.Session-Expires",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"Session-Expires Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_SIP_ETAG],
|
|
{ "ETag", "sip.ETag",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"SIP-ETag Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_SIP_IF_MATCH],
|
|
{ "If_Match", "sip.If_Match",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"SIP-If-Match Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_SUBJECT],
|
|
{ "Subject", "sip.Subject",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Subject Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_SUBSCRIPTION_STATE],
|
|
{ "Subscription-State", "sip.Subscription-State",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3265: Subscription-State Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_SUPPORTED],
|
|
{ "Supported", "sip.Supported",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Supported Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_TIMESTAMP],
|
|
{ "Timestamp", "sip.Timestamp",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Timestamp Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_TO],
|
|
{ "To", "sip.To",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: To Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_UNSUPPORTED],
|
|
{ "Unsupported", "sip.Unsupported",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Unsupported Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_USER_AGENT],
|
|
{ "User-Agent", "sip.User-Agent",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: User-Agent Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_VIA],
|
|
{ "Via", "sip.Via",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Via Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_WARNING],
|
|
{ "Warning", "sip.Warning",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: Warning Header", HFILL }
|
|
},
|
|
|
|
{ &hf_header_array[POS_WWW_AUTHENTICATE],
|
|
{ "WWW-Authenticate", "sip.WWW-Authenticate",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 3261: WWW-Authenticate Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_REFER_TO],
|
|
{ "Refer-To", "sip.Refer-To",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"Refer-To Header", HFILL }
|
|
},
|
|
{ &hf_header_array[POS_HISTORY_INFO],
|
|
{ "History-Info", "sip.History-Info",
|
|
FT_STRING, BASE_NONE,NULL,0x0,
|
|
"RFC 4244: Request History Information", HFILL }
|
|
},
|
|
{ &hf_sip_resend,
|
|
{ "Resent Packet", "sip.resend",
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
"", HFILL }
|
|
},
|
|
{ &hf_sip_original_frame,
|
|
{ "Suspected resend of frame", "sip.resend-original",
|
|
FT_FRAMENUM, BASE_NONE, NULL, 0x0,
|
|
"Original transmission of frame", HFILL}
|
|
},
|
|
{ &hf_sip_auth_scheme,
|
|
{ "Authentication Scheme", "sip.auth.scheme",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"SIP Authentication Scheme", HFILL}
|
|
},
|
|
{ &hf_sip_auth_digest_response,
|
|
{ "Digest Authentication Response", "sip.auth.digest.response",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"SIP Digest Authentication Response Value ", HFILL}
|
|
},
|
|
{ &hf_sip_auth_nc,
|
|
{ "Nonce Count", "sip.auth.nc",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"SIP Authentication nonce count", HFILL}
|
|
},
|
|
{ &hf_sip_auth_username,
|
|
{ "Username", "sip.auth.username",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"Sip authentication username", HFILL}
|
|
},
|
|
{ &hf_sip_auth_realm,
|
|
{ "Realm", "sip.auth.realm",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"Sip Authentication realm", HFILL}
|
|
},
|
|
{ &hf_sip_auth_nonce,
|
|
{ "Nonce Value", "sip.auth.nonce",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"SIP Authentication nonce value", HFILL}
|
|
},
|
|
{ &hf_sip_auth_algorithm,
|
|
{ "Algorithm", "sip.auth.algorithm",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"SIP Authentication Algorithm", HFILL}
|
|
},
|
|
{ &hf_sip_auth_opaque,
|
|
{ "Opaque Value", "sip.auth.opaque",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"SIP Authentication opaque value", HFILL}
|
|
},
|
|
{ &hf_sip_auth_qop,
|
|
{ "QOP", "sip.auth.qop",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"SIP Authentication QOP", HFILL}
|
|
},
|
|
{ &hf_sip_auth_cnonce,
|
|
{ "CNonce Value", "sip.auth.cnonce",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"SIP Authentication Client Nonce value ", HFILL}
|
|
},
|
|
{ &hf_sip_auth_uri,
|
|
{ "Authentication URI", "sip.auth.uri",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"SIP Authentication URI", HFILL}
|
|
},
|
|
{ &hf_sip_auth_domain,
|
|
{ "Authentication Domain", "sip.auth.domain",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"SIP Authentication Domain", HFILL}
|
|
},
|
|
{ &hf_sip_auth_stale,
|
|
{ "Stale Flag", "sip.auth.stale",
|
|
FT_STRING, BASE_NONE, NULL, 0x0,
|
|
"SIP Authentication Stale Flag", HFILL}
|
|
}};
|
|
|
|
|
|
/* Setup protocol subtree array */
|
|
static gint *ett[] = {
|
|
&ett_sip,
|
|
&ett_sip_reqresp,
|
|
&ett_sip_hdr,
|
|
&ett_sip_element,
|
|
&ett_sip_uri,
|
|
&ett_sip_contact_item,
|
|
&ett_sip_message_body,
|
|
};
|
|
static gint *ett_raw[] = {
|
|
&ett_raw_text,
|
|
};
|
|
|
|
module_t *sip_module;
|
|
|
|
/* Register the protocol name and description */
|
|
proto_sip = proto_register_protocol("Session Initiation Protocol",
|
|
"SIP", "sip");
|
|
proto_raw_sip = proto_register_protocol("Session Initiation Protocol (SIP as raw text)",
|
|
"Raw_SIP", "raw_sip");
|
|
new_register_dissector("sip", dissect_sip, proto_sip);
|
|
|
|
/* Required function calls to register the header fields and subtrees used */
|
|
proto_register_field_array(proto_sip, hf, array_length(hf));
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
proto_register_subtree_array(ett_raw, array_length(ett_raw));
|
|
|
|
/* SIP content type and internet media type used by other dissectors are the same */
|
|
media_type_dissector_table = find_dissector_table("media_type");
|
|
|
|
sip_module = prefs_register_protocol(proto_sip, NULL);
|
|
|
|
prefs_register_bool_preference(sip_module, "display_raw_text",
|
|
"Display raw text for SIP message",
|
|
"Specifies that the raw text of the "
|
|
"SIP message should be displayed "
|
|
"in addition to the dissection tree",
|
|
&global_sip_raw_text);
|
|
prefs_register_bool_preference(sip_module, "strict_sip_version",
|
|
"Enforce strict SIP version check (" SIP2_HDR ")",
|
|
"If enabled, only " SIP2_HDR " traffic will be dissected as SIP. "
|
|
"Disable it to allow SIP traffic with a different version "
|
|
"to be dissected as SIP.",
|
|
&strict_sip_version);
|
|
prefs_register_bool_preference(sip_module, "desegment_headers",
|
|
"Reassemble SIP headers spanning multiple TCP segments",
|
|
"Whether the SIP dissector should reassemble headers "
|
|
"of a request spanning multiple TCP segments. "
|
|
"To use this option, you must also enable "
|
|
"\"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
|
|
&sip_desegment_headers);
|
|
prefs_register_bool_preference(sip_module, "desegment_body",
|
|
"Reassemble SIP bodies spanning multiple TCP segments",
|
|
"Whether the SIP dissector should use the "
|
|
"\"Content-length:\" value, if present, to reassemble "
|
|
"the body of a request spanning multiple TCP segments, "
|
|
"and reassemble chunked data spanning multiple TCP segments. "
|
|
"To use this option, you must also enable "
|
|
"\"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
|
|
&sip_desegment_body);
|
|
|
|
register_init_routine(&sip_init_protocol);
|
|
register_heur_dissector_list("sip", &heur_subdissector_list);
|
|
/* Register for tapping */
|
|
sip_tap = register_tap("sip");
|
|
}
|
|
|
|
void
|
|
proto_reg_handoff_sip(void)
|
|
{
|
|
dissector_handle_t sip_handle, sip_tcp_handle;
|
|
|
|
sip_handle = new_create_dissector_handle(dissect_sip, proto_sip);
|
|
dissector_add("udp.port", UDP_PORT_SIP, sip_handle);
|
|
dissector_add_string("media_type", "message/sip", sip_handle);
|
|
sigcomp_handle = find_dissector("sigcomp");
|
|
|
|
sip_tcp_handle = create_dissector_handle(dissect_sip_tcp, proto_sip);
|
|
dissector_add("tcp.port", TCP_PORT_SIP, sip_tcp_handle);
|
|
|
|
heur_dissector_add("udp", dissect_sip_heur, proto_sip);
|
|
heur_dissector_add("tcp", dissect_sip_tcp_heur, proto_sip);
|
|
heur_dissector_add("sctp", dissect_sip_heur, proto_sip);
|
|
}
|