[fpc-pascal] Help Reading SIP Messages.

lloyd thomas lloydie.t at googlemail.com
Wed Jan 6 15:00:07 CET 2010


I have managed to get the zniffer wrapper to compile, but I am worried that
using {$MODE delphi} may not be the best way to produce optimized code.
Also I have seen other libpcap where they use ansichar instead of char. Is
there a reason for this?

function Pcap_getAdapternames(Delimiter:char;var ErrStr:string):string;
function Pcap_getAdapternames(Delimiter:AnsiChar;var ErrStr:string):string;


2010/1/6 lloyd thomas <lloydie.t at googlemail.com>

> No Joy, I get exactly the same error. But putting the following at the
> start of the unit got me to the next error (which I managed to fix ptr =
> pointer)
> {$ifdef FPC}
> {$MODE delphi}
> {$endif}
>
>
> 2010/1/6 ik <idokan at gmail.com>
>
>> Try the following (see inline for the answer):
>>
>>
>> On Wed, Jan 6, 2010 at 13:30, lloyd thomas <lloydie.t at googlemail.com>wrote:
>>
>>> Well I have made a start using smeone elese libpcap inplementation, but
>>> have bump into my first issue and because of my lack of skill I am not sure
>>> how to code round it. Any Ideas?
>>>
>>> I get the following errors
>>>
>>> PlibCap\Pcap.pas(207,13) Error: Illegal qualifier
>>> PlibCap\Pcap.pas(207,13) Hint: may be pointer dereference is missing
>>> PlibCap\Pcap.pas(207,13) Fatal: Syntax error, "THEN" expected but
>>> "identifier ADAPTER" found
>>>
>>> In this section (so far)
>>>      procedure CleanUp;
>>>      begin
>>>        if P.Adapter <> nil then PacketCloseAdapter(P.adapter); //error
>>> here
>>>
>>
>> if Assigned(P.Adapter) then PacketCloseAdapter(P.adapter);
>>
>>         if P.buffer<>nil then FreeMem(P.buffer,PcapBufSize); //but suspect
>>> I would get one here as well
>>>
>> if Assigned(P.buffer) then FreeMem(P.buffer,PcapBufSize);
>>
>>
>> The reason is that afaik assigned checks if the field is both nil and
>> allocated, and if it's not nil but not allocated i will return false as
>> well.
>> Another thing is that I think you needed () around the comparing code.
>>
>>
>>         Freemem(P,SizeOf(Tpcap));
>>>      end,
>>>
>>> (which I think has something to do with this)
>>> type
>>>   TWinVersion = (wv_WinS,
>>>                  wv_Win9x,              //Added by Lars Peter
>>> Christiansen.
>>>                  wv_WinNT,              //Eases the process of determing
>>> the
>>>                  wv_Win2000,             //platform and do proper
>>> instructions
>>>                  wv_WinXP,               //I.e : Char vs. WideChar issue
>>>                  wv_Unknown );
>>>
>>>
>>>
>>>   PPcap_Stat = ^TPcap_stat;
>>>   Tpcap_stat = record
>>>     ps_recv,                          //* number of packets received */
>>>     ps_drop,                         //* number of packets dropped */
>>>     ps_ifdrop : LongWord;                //* drops by interface not
>>> supported */
>>>   end;
>>>
>>>   TPcap_sf = record                      // Save file for offline
>>> reading.
>>>     rfile : HFILE;
>>>     swapped:integer;
>>>     version_major : integer;
>>>     Version_Minor : integer;
>>>     base : Pointer;
>>>   end;
>>>
>>>   TPcap_md = record
>>>     Stat : TPcap_stat;
>>>     use_bpf : integer;
>>>     TotPkts  : LongWord;               // Can owerflow after 79hours on
>>> ethernet
>>>     TotAccepted:LongWord;              // accepted by filter/sniffer
>>>     TotDrops : LongWord;               // dropped packets
>>>     TotMissed: Longword;               // missed by i/f during this run
>>>     OrigMissed:LongWord;               // missed by i/f before this run
>>>   end;
>>>
>>>   PPcap_PktHdr = ^Tpcap_pkthdr;        // Wrapped Drivers packetHeader
>>>   TPcap_pkthdr = record
>>>     ts     : TUnixTimeVal;             // Time of capture
>>>     CapLen,                            // captured length
>>>     Len    : Integer;                  // actual length of packet
>>>   end;
>>>
>>>   PPcap = ^TPcap;                      // THE MAIN INTERFACE HANDLE
>>>   TPcap = record                       // used with allmost all Pcap
>>> calls.
>>>     Adapter:Padapter;
>>>     Packet :PPacket;                   // Global Driver packet. kind of a
>>> buffer
>>>     snapshot:integer;
>>>     linktype:integer;                  // Type and speed of net
>>>     tzoff   :integer;                   // timezone offset
>>>     offset  :integer;
>>>     sf      :Tpcap_sf;                 // Save file
>>>     md      :Tpcap_md;                 // Diagnostics
>>>     //READ BUFFER
>>>     bufsize :integer;
>>>     buffer  :Pointer; //*u_char
>>>     bp      :Pointer; //*u_char
>>>     cc      :integer;
>>>     //Place holder for pcap_next().
>>>     pkt     :Pointer; //*U_char
>>>     //Placeholder for filter code if bpf not in kernel.
>>>     fcode   :Tbpf_program;
>>>     errbuf  : array [0..PCAP_ERRBUF_SIZE-1] of char;  //Last error
>>> message
>>>   end;
>>>
>>>
>>> 2010/1/5 ik <idokan at gmail.com>
>>>
>>>> use libpcap (and bind it to FPC and share with us all :)) and then you
>>>> can sniff packets (that's the easiest way I know).
>>>>
>>>>
>>>> Ido
>>>> http://ik.homelinux.org/
>>>>
>>>>
>>>> On Tue, Jan 5, 2010 at 16:48, lloyd thomas <lloydie.t at googlemail.com>wrote:
>>>>
>>>>> Also came across this which uses pcap, but seems to be delphi only
>>>>> http://www.magsys.co.uk/delphi/magmonsock.asp
>>>>>
>>>>> is there something similar for fpc?
>>>>>
>>>>> 2010/1/5 lloyd thomas <lloydie.t at googlemail.com>
>>>>>
>>>>> OK. I wish to monitor and record calls between a SIP endpoint and SIP
>>>>>> Gateway. At the moment I am doing that by connecting the SIP endpoint and my
>>>>>> machine to an ethernet hub so that I can see all the traffic.
>>>>>> In the first instance I just need to correctly capture, read and
>>>>>> interprete the SIP messages so that I can make an informed decision which
>>>>>> RDP packets to capture.
>>>>>>
>>>>>> Then I suppose I will have an even harder task capturing the RDP
>>>>>> packets and joining both legs together (my coding skills is not great)!
>>>>>>
>>>>>> Lloydie T
>>>>>>
>>>>>> 2010/1/5 ik <idokan at gmail.com>
>>>>>>
>>>>>> Hello,
>>>>>>>
>>>>>>> SIP first of all uses UDP most of the times (and rarely TCP) .
>>>>>>> It only create a tunnel that other protocols such as RDP and SDP are
>>>>>>> going inside.
>>>>>>>
>>>>>>> Can you explain a bit more what exactly do you wish to implement (i'm
>>>>>>> not sure that I understand) ?
>>>>>>>
>>>>>>> Ido
>>>>>>>
>>>>>>> http://ik.homelinux.org/
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jan 5, 2010 at 15:08, lloyd thomas <lloydie.t at googlemail.com
>>>>>>> > wrote:
>>>>>>>
>>>>>>>> Please forgive my ignorance regarding the project I am about to
>>>>>>>> embark on.
>>>>>>>> Need some advice on Lnet and capturing SIP RTP data to file. In the
>>>>>>>> first instance I just need to work with the sip messages. I believe the SIP
>>>>>>>> messages are similar to HTTP. I am using wireshark to understand how the SIP
>>>>>>>> messages are processed, but I am not sure how to capture and read each frame
>>>>>>>> (wireshark speak) using Lnet.
>>>>>>>>
>>>>>>>> (FYI:
>>>>>>>> http://en.wikipedia.org/wiki/Session_Initiation_Protocol#SIP_network_elements
>>>>>>>> )
>>>>>>>>
>>>>>>>> For instance the following is from frame 12 (935 bytes)
>>>>>>>>
>>>>>>>> ----------------------------------------------------------------------------------------------
>>>>>>>> INVITE sip:1002 at 192.168.91.200 <sip%3A1002 at 192.168.91.200> SIP/2.0
>>>>>>>> Via:SIP/2.0/UDP 192.168.91.190:5060;rport;branch=z9hG4bK83570061
>>>>>>>> From:"Lloyd" <sip:1000 at 192.168.91.200 <sip%3A1000 at 192.168.91.200>
>>>>>>>> >;tag=4b428357-2fa-1ec5d4e
>>>>>>>> To:<sip:1002 at 192.168.91.200 <sip%3A1002 at 192.168.91.200>>
>>>>>>>> Contact:"Lloyd" <sip:1000 at 192.168.91.190:5060;transport=UDP>
>>>>>>>> Call-ID:83570000-4ce59f27 at 192.168.91.200<Call-ID%3A83570000-4ce59f27 at 192.168.91.200>
>>>>>>>> Subject:sip phone call
>>>>>>>> CSeq:2112045024 INVITE
>>>>>>>> User-Agent:Mitel-5212-SIP-Phone 07.02.00.04 08000F24BEE5
>>>>>>>> Allow:INVITE,ACK,CANCEL,BYE,OPTIONS,REFER,NOTIFY,PRACK,UPDATE
>>>>>>>> Allow-Events:talk,hold,conference
>>>>>>>> Supported:timer,100rel,replaces
>>>>>>>> Session-Expires: 1800
>>>>>>>> Min-SE: 90
>>>>>>>> Max-Forwards:70
>>>>>>>> Content-Type:application/sdp
>>>>>>>> Content-Length:247
>>>>>>>>
>>>>>>>> v=0
>>>>>>>> o=1000 1262650963 1262650962 IN IP4 192.168.91.190
>>>>>>>> s=SIP Call
>>>>>>>> c=IN IP4 192.168.91.190
>>>>>>>> t=0 0
>>>>>>>> a=sendrecv
>>>>>>>> m=audio 20036 RTP/AVP 0 8 18 96
>>>>>>>> a=rtpmap:0 PCMU/8000
>>>>>>>> a=rtpmap:8 PCMA/8000
>>>>>>>> a=rtpmap:18 G729/8000
>>>>>>>> a=rtpmap:96 telephone-event/8000
>>>>>>>>
>>>>>>>> -----------------------------------------------------------------------------------------------
>>>>>>>>
>>>>>>>> I get a response from the sip server on frame 13 (371 bytes)
>>>>>>>>
>>>>>>>> ----------------------------------------------------------------------------------------------
>>>>>>>> SIP/2.0 100 Trying
>>>>>>>> Via: SIP/2.0/UDP 192.168.91.190:5060
>>>>>>>> ;rport=5060;branch=z9hG4bK83570061
>>>>>>>> From: "Lloyd" <sip:1000 at 192.168.91.200 <sip%3A1000 at 192.168.91.200>
>>>>>>>> >;tag=4b428357-2fa-1ec5d4e
>>>>>>>> To: <sip:1002 at 192.168.91.200 <sip%3A1002 at 192.168.91.200>>
>>>>>>>> Call-ID: 83570000-4ce59f27 at 192.168.91.200
>>>>>>>> CSeq: 2112045024 INVITE
>>>>>>>> User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-15355M
>>>>>>>> Content-Length: 0
>>>>>>>>
>>>>>>>> -----------------------------------------------------------------------------------------------
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
>>>>>>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
>>>>>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
>>>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
>>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>>
>>>
>>>
>>> _______________________________________________
>>> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
>>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>>
>>
>>
>> _______________________________________________
>> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
>> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20100106/38242525/attachment.html>


More information about the fpc-pascal mailing list