From 4b1cab161308bcc1b15bba3f473c2d5543c65c02 Mon Sep 17 00:00:00 2001 From: Babak Farrokhi Date: Sat, 2 Aug 2014 18:12:18 +0430 Subject: [PATCH] - Add payload parsing to TCP packets - Add pcre library - add TODO file - resolved a few issues detected by static analysis --- sipcap/Makefile | 4 ++-- sipcap/TODO | 3 +++ sipcap/sipcap.c | 29 ++++++++++++++++------------- sipcap/testrun.sh | 4 ++-- 4 files changed, 23 insertions(+), 17 deletions(-) create mode 100644 sipcap/TODO diff --git a/sipcap/Makefile b/sipcap/Makefile index 21bab9e..e79b551 100644 --- a/sipcap/Makefile +++ b/sipcap/Makefile @@ -1,5 +1,5 @@ -INC=-I../netmap-libpcap -LIB=-lpcap +INC=-I../netmap-libpcap -I/opt/local/include +LIB=-lpcap -lpcre FLAGS=-m32 -march=corei7 -mfpmath=sse -O3 #-g sipcap: sipcap.c Makefile diff --git a/sipcap/TODO b/sipcap/TODO new file mode 100644 index 0000000..5c42092 --- /dev/null +++ b/sipcap/TODO @@ -0,0 +1,3 @@ +* PCRE pattern matching +* VLAN Support +* 802.11 Support \ No newline at end of file diff --git a/sipcap/sipcap.c b/sipcap/sipcap.c index 41416a2..90d54ad 100644 --- a/sipcap/sipcap.c +++ b/sipcap/sipcap.c @@ -2,6 +2,7 @@ #include #include #include +#include #include #include #include @@ -71,7 +72,7 @@ void help(int quit) printf("Usage: sipcap [-i |-f ] [-e expression] [-o outfile] \n"); printf(" [-s snaplen] [-h]\n"); printf("\n"); - if (quit) exit(quit); + exit(quit); } void error(char *msg) { @@ -84,7 +85,8 @@ void SIP_parser(char *payload, u_int len) { // fprintf(stdout, "\tsizeof: %4lu len: %4u\n", sizeof(SIP_INVITE), len); if (len >= sizeof(SIP_INVITE)) { - if (strncmp(SIP_INVITE, payload, sizeof(SIP_INVITE) - 1) == 0) { + if (strncmp(SIP_INVITE, payload, sizeof(SIP_INVITE) - 1) == 0) { + // We have a SIP invite - should dig deeper now printf(" (SIP INVITE)"); } } @@ -131,9 +133,7 @@ void parse_options(int argc, char *argv[]) { if (!live_pcap && !offline_pcap) help(1); } -u_char* handle_UDP - (u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* - packet) +u_char* handle_UDP (u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) { const struct udphdr* udp; @@ -158,16 +158,14 @@ u_char* handle_UDP /* Now I have UDP payload as an string here and need to parse it */ - SIP_parser(payload_str, payload_len); + // SIP_parser(payload_str, payload_len); // printf("\n\n%s\n\n", payload_str); fprintf(stdout, "\n"); return NULL; } -u_char* handle_TCP - (u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* - packet, u_int tcplen) +u_char* handle_TCP (u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet, u_int tcplen) { const struct tcphdr* tcp; @@ -177,12 +175,15 @@ u_char* handle_TCP char payload_str[MAX_PAYLOAD_LEN]; tcp = (struct tcphdr*) packet; - fprintf(stdout, "\tsport: %5hu dport: %5hu\n", ntohs(tcp->th_sport), ntohs(tcp-> th_dport)); + fprintf(stdout, "\tsport: %5hu dport: %5hu", ntohs(tcp->th_sport), ntohs(tcp-> th_dport)); hlen = (tcp->th_off * 4); payload_len = tcplen - hlen; - if (payload_len <= 0) return NULL; + if (payload_len <= 0) { + fprintf(stdout, "\n"); + return NULL; + } payload_data = packet + hlen; @@ -191,7 +192,9 @@ u_char* handle_TCP /* Damn! I have TCP payload here too! Now need to write a parser. */ + SIP_parser(payload_str, payload_len); // printf("\n\n%s\n\n", payload_str); + fprintf(stdout, "\n"); return NULL; } @@ -297,7 +300,7 @@ u_int16_t handle_ethernet packet) { u_int caplen = pkthdr->caplen; - u_int length = pkthdr->len; + // u_int length = pkthdr->len; struct ether_header *eptr; /* net/ethernet.h */ u_short ether_type; @@ -343,7 +346,7 @@ int main(int argc, char *argv[]) const u_char *packet; struct pcap_pkthdr header; struct bpf_program fp; - bpf_u_int32 devnet, devmask; + bpf_u_int32 devnet=0, devmask; signal(SIGINT, intHandler); diff --git a/sipcap/testrun.sh b/sipcap/testrun.sh index 3c3062f..e0d330f 100755 --- a/sipcap/testrun.sh +++ b/sipcap/testrun.sh @@ -2,5 +2,5 @@ for i in `find ~/pcapfarm/*.pcap`; do echo "Processing ${i}" - ./sipcap -f ${i} | grep UNK -done \ No newline at end of file + ./sipcap -f ${i} | grep INVITE +done