[fpc-pascal] Help Reading SIP Messages.

ik idokan at gmail.com
Wed Jan 6 13:36:23 CET 2010


Try the following (see inline for the answer):


On Wed, Jan 6, 2010 at 13:30, lloyd thomas <lloydie.t at googlemail.com> wrote:

> Well I have made a start using someone elese libpcap inplementation, but
> have bump into my first issue and because of my lack of skill I am not sure
> how to code round it. Any Ideas?
> I get the following errors
>
> PlibCap\Pcap.pas(207,13) Error: Illegal qualifier
> PlibCap\Pcap.pas(207,13) Hint: may be pointer dereference is missing
> PlibCap\Pcap.pas(207,13) Fatal: Syntax error, "THEN" expected but
> "identifier ADAPTER" found
>
> In this section (so far)
>      procedure CleanUp;
>      begin
>        if P.Adapter <> nil then PacketCloseAdapter(P.adapter); //error here
>

if Assigned(P.Adapter) then PacketCloseAdapter(P.adapter);

        if P.buffer<>nil then FreeMem(P.buffer,PcapBufSize); //but suspect I
> would get one here as well
>
if Assigned(P.buffer) then FreeMem(P.buffer,PcapBufSize);


The reason is that afaik assigned checks if the field is both nil and
allocated, and if it's not nil but not allocated i will return false as
well.
Another thing is that I think you needed () around the comparing code.


       Freemem(P,SizeOf(Tpcap));
>      end,
>
> (which I think has something to do with this)
> type
>   TWinVersion = (wv_WinS,
>                  wv_Win9x,              //Added by Lars Peter Christiansen.
>                  wv_WinNT,              //Eases the process of determing
> the
>                  wv_Win2000,             //platform and do proper
> instructions
>                  wv_WinXP,               //I.e : Char vs. WideChar issue
>                  wv_Unknown );
>
>
>
>   PPcap_Stat = ^TPcap_stat;
>   Tpcap_stat = record
>     ps_recv,                          //* number of packets received */
>     ps_drop,                         //* number of packets dropped */
>     ps_ifdrop : LongWord;                //* drops by interface not
> supported */
>   end;
>
>   TPcap_sf = record                      // Save file for offline reading.
>     rfile : HFILE;
>     swapped:integer;
>     version_major : integer;
>     Version_Minor : integer;
>     base : Pointer;
>   end;
>
>   TPcap_md = record
>     Stat : TPcap_stat;
>     use_bpf : integer;
>     TotPkts  : LongWord;               // Can owerflow after 79hours on
> ethernet
>     TotAccepted:LongWord;              // accepted by filter/sniffer
>     TotDrops : LongWord;               // dropped packets
>     TotMissed: Longword;               // missed by i/f during this run
>     OrigMissed:LongWord;               // missed by i/f before this run
>   end;
>
>   PPcap_PktHdr = ^Tpcap_pkthdr;        // Wrapped Drivers packetHeader
>   TPcap_pkthdr = record
>     ts     : TUnixTimeVal;             // Time of capture
>     CapLen,                            // captured length
>     Len    : Integer;                  // actual length of packet
>   end;
>
>   PPcap = ^TPcap;                      // THE MAIN INTERFACE HANDLE
>   TPcap = record                       // used with allmost all Pcap calls.
>     Adapter:Padapter;
>     Packet :PPacket;                   // Global Driver packet. kind of a
> buffer
>     snapshot:integer;
>     linktype:integer;                  // Type and speed of net
>     tzoff   :integer;                   // timezone offset
>     offset  :integer;
>     sf      :Tpcap_sf;                 // Save file
>     md      :Tpcap_md;                 // Diagnostics
>     //READ BUFFER
>     bufsize :integer;
>     buffer  :Pointer; //*u_char
>     bp      :Pointer; //*u_char
>     cc      :integer;
>     //Place holder for pcap_next().
>     pkt     :Pointer; //*U_char
>     //Placeholder for filter code if bpf not in kernel.
>     fcode   :Tbpf_program;
>     errbuf  : array [0..PCAP_ERRBUF_SIZE-1] of char;  //Last error message
>   end;
>
>
> 2010/1/5 ik <idokan at gmail.com>
>
>> use libpcap (and bind it to FPC and share with us all :)) and then you can
>> sniff packets (that's the easiest way I know).
>>
>>
>> Ido
>> http://ik.homelinux.org/
>>
>>
>> On Tue, Jan 5, 2010 at 16:48, lloyd thomas <lloydie.t at googlemail.com>wrote:
>>
>>> Also came across this which uses pcap, but seems to be delphi only
>>> http://www.magsys.co.uk/delphi/magmonsock.asp
>>>
>>> is there something similar for fpc?
>>>
>>> 2010/1/5 lloyd thomas <lloydie.t at googlemail.com>
>>>
>>> OK. I wish to monitor and record calls between a SIP endpoint and SIP
>>>> Gateway. At the moment I am doing that by connecting the SIP endpoint and my
>>>> machine to an ethernet hub so that I can see all the traffic.
>>>> In the first instance I just need to correctly capture, read and
>>>> interprete the SIP messages so that I can make an informed decision which
>>>> RDP packets to capture.
>>>>
>>>> Then I suppose I will have an even harder task capturing the RDP packets
>>>> and joining both legs together (my coding skills is not great)!
>>>>
>>>> Lloydie T
>>>>
>>>> 2010/1/5 ik <idokan at gmail.com>
>>>>
>>>> Hello,
>>>>>
>>>>> SIP first of all uses UDP most of the times (and rarely TCP) .
>>>>> It only create a tunnel that other protocols such as RDP and SDP are
>>>>> going inside.
>>>>>
>>>>> Can you explain a bit more what exactly do you wish to implement (i'm
>>>>> not sure that I understand) ?
>>>>>
>>>>> Ido
>>>>>
>>>>> http://ik.homelinux.org/
>>>>>
>>>>>
>>>>> On Tue, Jan 5, 2010 at 15:08, lloyd thomas <lloydie.t at googlemail.com>wrote:
>>>>>
>>>>>> Please forgive my ignorance regarding the project I am about to embark
>>>>>> on.
>>>>>> Need some advice on Lnet and capturing SIP RTP data to file. In the
>>>>>> first instance I just need to work with the sip messages. I believe the SIP
>>>>>> messages are similar to HTTP. I am using wireshark to understand how the SIP
>>>>>> messages are processed, but I am not sure how to capture and read each frame
>>>>>> (wireshark speak) using Lnet.
>>>>>>
>>>>>> (FYI:
>>>>>> http://en.wikipedia.org/wiki/Session_Initiation_Protocol#SIP_network_elements
>>>>>> )
>>>>>>
>>>>>> For instance the following is from frame 12 (935 bytes)
>>>>>>
>>>>>> ----------------------------------------------------------------------------------------------
>>>>>> INVITE sip:1002 at 192.168.91.200 <sip%3A1002 at 192.168.91.200> SIP/2.0
>>>>>> Via:SIP/2.0/UDP 192.168.91.190:5060;rport;branch=z9hG4bK83570061
>>>>>> From:"Lloyd" <sip:1000 at 192.168.91.200 <sip%3A1000 at 192.168.91.200>
>>>>>> >;tag=4b428357-2fa-1ec5d4e
>>>>>> To:<sip:1002 at 192.168.91.200 <sip%3A1002 at 192.168.91.200>>
>>>>>> Contact:"Lloyd" <sip:1000 at 192.168.91.190:5060;transport=UDP>
>>>>>> Call-ID:83570000-4ce59f27 at 192.168.91.200<Call-ID%3A83570000-4ce59f27 at 192.168.91.200>
>>>>>> Subject:sip phone call
>>>>>> CSeq:2112045024 INVITE
>>>>>> User-Agent:Mitel-5212-SIP-Phone 07.02.00.04 08000F24BEE5
>>>>>> Allow:INVITE,ACK,CANCEL,BYE,OPTIONS,REFER,NOTIFY,PRACK,UPDATE
>>>>>> Allow-Events:talk,hold,conference
>>>>>> Supported:timer,100rel,replaces
>>>>>> Session-Expires: 1800
>>>>>> Min-SE: 90
>>>>>> Max-Forwards:70
>>>>>> Content-Type:application/sdp
>>>>>> Content-Length:247
>>>>>>
>>>>>> v=0
>>>>>> o=1000 1262650963 1262650962 IN IP4 192.168.91.190
>>>>>> s=SIP Call
>>>>>> c=IN IP4 192.168.91.190
>>>>>> t=0 0
>>>>>> a=sendrecv
>>>>>> m=audio 20036 RTP/AVP 0 8 18 96
>>>>>> a=rtpmap:0 PCMU/8000
>>>>>> a=rtpmap:8 PCMA/8000
>>>>>> a=rtpmap:18 G729/8000
>>>>>> a=rtpmap:96 telephone-event/8000
>>>>>>
>>>>>> -----------------------------------------------------------------------------------------------
>>>>>>
>>>>>> I get a response from the sip server on frame 13 (371 bytes)
>>>>>>
>>>>>> ----------------------------------------------------------------------------------------------
>>>>>> SIP/2.0 100 Trying
>>>>>> Via: SIP/2.0/UDP 192.168.91.190:5060
>>>>>> ;rport=5060;branch=z9hG4bK83570061
>>>>>> From: "Lloyd" <sip:1000 at 192.168.91.200 <sip%3A1000 at 192.168.91.200>
>>>>>> >;tag=4b428357-2fa-1ec5d4e
>>>>>> To: <sip:1002 at 192.168.91.200 <sip%3A1002 at 192.168.91.200>>
>>>>>> Call-ID: 83570000-4ce59f27 at 192.168.91.200
>>>>>> CSeq: 2112045024 INVITE
>>>>>> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-15355M
>>>>>> Content-Length: 0
>>>>>>
>>>>>> -----------------------------------------------------------------------------------------------
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
>>>>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
>>>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>
>>
>>
>> _______________________________________________
>> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>
>
>
> _______________________________________________
> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20100106/d8fd74fb/attachment.html>


More information about the fpc-pascal mailing list