[fpc-pascal] Help Reading SIP Messages.
lloyd thomas
lloydie.t at googlemail.com
Wed Jan 6 15:00:07 CET 2010
I have managed to get the zniffer wrapper to compile, but I am worried that
using {$MODE delphi} may not be the best way to produce optimized code.
Also I have seen other libpcap where they use ansichar instead of char. Is
there a reason for this?
function Pcap_getAdapternames(Delimiter:char;var ErrStr:string):string;
function Pcap_getAdapternames(Delimiter:AnsiChar;var ErrStr:string):string;
2010/1/6 lloyd thomas <lloydie.t at googlemail.com>
> No Joy, I get exactly the same error. But putting the following at the
> start of the unit got me to the next error (which I managed to fix ptr =
> pointer)
> {$ifdef FPC}
> {$MODE delphi}
> {$endif}
>
>
> 2010/1/6 ik <idokan at gmail.com>
>
>> Try the following (see inline for the answer):
>>
>>
>> On Wed, Jan 6, 2010 at 13:30, lloyd thomas <lloydie.t at googlemail.com>wrote:
>>
>>> Well I have made a start using smeone elese libpcap inplementation, but
>>> have bump into my first issue and because of my lack of skill I am not sure
>>> how to code round it. Any Ideas?
>>>
>>> I get the following errors
>>>
>>> PlibCap\Pcap.pas(207,13) Error: Illegal qualifier
>>> PlibCap\Pcap.pas(207,13) Hint: may be pointer dereference is missing
>>> PlibCap\Pcap.pas(207,13) Fatal: Syntax error, "THEN" expected but
>>> "identifier ADAPTER" found
>>>
>>> In this section (so far)
>>> procedure CleanUp;
>>> begin
>>> if P.Adapter <> nil then PacketCloseAdapter(P.adapter); //error
>>> here
>>>
>>
>> if Assigned(P.Adapter) then PacketCloseAdapter(P.adapter);
>>
>> if P.buffer<>nil then FreeMem(P.buffer,PcapBufSize); //but suspect
>>> I would get one here as well
>>>
>> if Assigned(P.buffer) then FreeMem(P.buffer,PcapBufSize);
>>
>>
>> The reason is that afaik assigned checks if the field is both nil and
>> allocated, and if it's not nil but not allocated i will return false as
>> well.
>> Another thing is that I think you needed () around the comparing code.
>>
>>
>> Freemem(P,SizeOf(Tpcap));
>>> end,
>>>
>>> (which I think has something to do with this)
>>> type
>>> TWinVersion = (wv_WinS,
>>> wv_Win9x, //Added by Lars Peter
>>> Christiansen.
>>> wv_WinNT, //Eases the process of determing
>>> the
>>> wv_Win2000, //platform and do proper
>>> instructions
>>> wv_WinXP, //I.e : Char vs. WideChar issue
>>> wv_Unknown );
>>>
>>>
>>>
>>> PPcap_Stat = ^TPcap_stat;
>>> Tpcap_stat = record
>>> ps_recv, //* number of packets received */
>>> ps_drop, //* number of packets dropped */
>>> ps_ifdrop : LongWord; //* drops by interface not
>>> supported */
>>> end;
>>>
>>> TPcap_sf = record // Save file for offline
>>> reading.
>>> rfile : HFILE;
>>> swapped:integer;
>>> version_major : integer;
>>> Version_Minor : integer;
>>> base : Pointer;
>>> end;
>>>
>>> TPcap_md = record
>>> Stat : TPcap_stat;
>>> use_bpf : integer;
>>> TotPkts : LongWord; // Can owerflow after 79hours on
>>> ethernet
>>> TotAccepted:LongWord; // accepted by filter/sniffer
>>> TotDrops : LongWord; // dropped packets
>>> TotMissed: Longword; // missed by i/f during this run
>>> OrigMissed:LongWord; // missed by i/f before this run
>>> end;
>>>
>>> PPcap_PktHdr = ^Tpcap_pkthdr; // Wrapped Drivers packetHeader
>>> TPcap_pkthdr = record
>>> ts : TUnixTimeVal; // Time of capture
>>> CapLen, // captured length
>>> Len : Integer; // actual length of packet
>>> end;
>>>
>>> PPcap = ^TPcap; // THE MAIN INTERFACE HANDLE
>>> TPcap = record // used with allmost all Pcap
>>> calls.
>>> Adapter:Padapter;
>>> Packet :PPacket; // Global Driver packet. kind of a
>>> buffer
>>> snapshot:integer;
>>> linktype:integer; // Type and speed of net
>>> tzoff :integer; // timezone offset
>>> offset :integer;
>>> sf :Tpcap_sf; // Save file
>>> md :Tpcap_md; // Diagnostics
>>> //READ BUFFER
>>> bufsize :integer;
>>> buffer :Pointer; //*u_char
>>> bp :Pointer; //*u_char
>>> cc :integer;
>>> //Place holder for pcap_next().
>>> pkt :Pointer; //*U_char
>>> //Placeholder for filter code if bpf not in kernel.
>>> fcode :Tbpf_program;
>>> errbuf : array [0..PCAP_ERRBUF_SIZE-1] of char; //Last error
>>> message
>>> end;
>>>
>>>
>>> 2010/1/5 ik <idokan at gmail.com>
>>>
>>>> use libpcap (and bind it to FPC and share with us all :)) and then you
>>>> can sniff packets (that's the easiest way I know).
>>>>
>>>>
>>>> Ido
>>>> http://ik.homelinux.org/
>>>>
>>>>
>>>> On Tue, Jan 5, 2010 at 16:48, lloyd thomas <lloydie.t at googlemail.com>wrote:
>>>>
>>>>> Also came across this which uses pcap, but seems to be delphi only
>>>>> http://www.magsys.co.uk/delphi/magmonsock.asp
>>>>>
>>>>> is there something similar for fpc?
>>>>>
>>>>> 2010/1/5 lloyd thomas <lloydie.t at googlemail.com>
>>>>>
>>>>> OK. I wish to monitor and record calls between a SIP endpoint and SIP
>>>>>> Gateway. At the moment I am doing that by connecting the SIP endpoint and my
>>>>>> machine to an ethernet hub so that I can see all the traffic.
>>>>>> In the first instance I just need to correctly capture, read and
>>>>>> interprete the SIP messages so that I can make an informed decision which
>>>>>> RDP packets to capture.
>>>>>>
>>>>>> Then I suppose I will have an even harder task capturing the RDP
>>>>>> packets and joining both legs together (my coding skills is not great)!
>>>>>>
>>>>>> Lloydie T
>>>>>>
>>>>>> 2010/1/5 ik <idokan at gmail.com>
>>>>>>
>>>>>> Hello,
>>>>>>>
>>>>>>> SIP first of all uses UDP most of the times (and rarely TCP) .
>>>>>>> It only create a tunnel that other protocols such as RDP and SDP are
>>>>>>> going inside.
>>>>>>>
>>>>>>> Can you explain a bit more what exactly do you wish to implement (i'm
>>>>>>> not sure that I understand) ?
>>>>>>>
>>>>>>> Ido
>>>>>>>
>>>>>>> http://ik.homelinux.org/
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jan 5, 2010 at 15:08, lloyd thomas <lloydie.t at googlemail.com
>>>>>>> > wrote:
>>>>>>>
>>>>>>>> Please forgive my ignorance regarding the project I am about to
>>>>>>>> embark on.
>>>>>>>> Need some advice on Lnet and capturing SIP RTP data to file. In the
>>>>>>>> first instance I just need to work with the sip messages. I believe the SIP
>>>>>>>> messages are similar to HTTP. I am using wireshark to understand how the SIP
>>>>>>>> messages are processed, but I am not sure how to capture and read each frame
>>>>>>>> (wireshark speak) using Lnet.
>>>>>>>>
>>>>>>>> (FYI:
>>>>>>>> http://en.wikipedia.org/wiki/Session_Initiation_Protocol#SIP_network_elements
>>>>>>>> )
>>>>>>>>
>>>>>>>> For instance the following is from frame 12 (935 bytes)
>>>>>>>>
>>>>>>>> ----------------------------------------------------------------------------------------------
>>>>>>>> INVITE sip:1002 at 192.168.91.200 <sip%3A1002 at 192.168.91.200> SIP/2.0
>>>>>>>> Via:SIP/2.0/UDP 192.168.91.190:5060;rport;branch=z9hG4bK83570061
>>>>>>>> From:"Lloyd" <sip:1000 at 192.168.91.200 <sip%3A1000 at 192.168.91.200>
>>>>>>>> >;tag=4b428357-2fa-1ec5d4e
>>>>>>>> To:<sip:1002 at 192.168.91.200 <sip%3A1002 at 192.168.91.200>>
>>>>>>>> Contact:"Lloyd" <sip:1000 at 192.168.91.190:5060;transport=UDP>
>>>>>>>> Call-ID:83570000-4ce59f27 at 192.168.91.200<Call-ID%3A83570000-4ce59f27 at 192.168.91.200>
>>>>>>>> Subject:sip phone call
>>>>>>>> CSeq:2112045024 INVITE
>>>>>>>> User-Agent:Mitel-5212-SIP-Phone 07.02.00.04 08000F24BEE5
>>>>>>>> Allow:INVITE,ACK,CANCEL,BYE,OPTIONS,REFER,NOTIFY,PRACK,UPDATE
>>>>>>>> Allow-Events:talk,hold,conference
>>>>>>>> Supported:timer,100rel,replaces
>>>>>>>> Session-Expires: 1800
>>>>>>>> Min-SE: 90
>>>>>>>> Max-Forwards:70
>>>>>>>> Content-Type:application/sdp
>>>>>>>> Content-Length:247
>>>>>>>>
>>>>>>>> v=0
>>>>>>>> o=1000 1262650963 1262650962 IN IP4 192.168.91.190
>>>>>>>> s=SIP Call
>>>>>>>> c=IN IP4 192.168.91.190
>>>>>>>> t=0 0
>>>>>>>> a=sendrecv
>>>>>>>> m=audio 20036 RTP/AVP 0 8 18 96
>>>>>>>> a=rtpmap:0 PCMU/8000
>>>>>>>> a=rtpmap:8 PCMA/8000
>>>>>>>> a=rtpmap:18 G729/8000
>>>>>>>> a=rtpmap:96 telephone-event/8000
>>>>>>>>
>>>>>>>> -----------------------------------------------------------------------------------------------
>>>>>>>>
>>>>>>>> I get a response from the sip server on frame 13 (371 bytes)
>>>>>>>>
>>>>>>>> ----------------------------------------------------------------------------------------------
>>>>>>>> SIP/2.0 100 Trying
>>>>>>>> Via: SIP/2.0/UDP 192.168.91.190:5060
>>>>>>>> ;rport=5060;branch=z9hG4bK83570061
>>>>>>>> From: "Lloyd" <sip:1000 at 192.168.91.200 <sip%3A1000 at 192.168.91.200>
>>>>>>>> >;tag=4b428357-2fa-1ec5d4e
>>>>>>>> To: <sip:1002 at 192.168.91.200 <sip%3A1002 at 192.168.91.200>>
>>>>>>>> Call-ID: 83570000-4ce59f27 at 192.168.91.200
>>>>>>>> CSeq: 2112045024 INVITE
>>>>>>>> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-15355M
>>>>>>>> Content-Length: 0
>>>>>>>>
>>>>>>>> -----------------------------------------------------------------------------------------------
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> fpc-pascal maillist - fpc-pascal at lists.freepascal.org
>>>>>>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> fpc-pascal maillist - fpc-pascal at lists.freepascal.org
>>>>>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> fpc-pascal maillist - fpc-pascal at lists.freepascal.org
>>>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> fpc-pascal maillist - fpc-pascal at lists.freepascal.org
>>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>>
>>>
>>>
>>> _______________________________________________
>>> fpc-pascal maillist - fpc-pascal at lists.freepascal.org
>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>
>>
>>
>> _______________________________________________
>> fpc-pascal maillist - fpc-pascal at lists.freepascal.org
>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20100106/38242525/attachment.html>
More information about the fpc-pascal
mailing list