From 2787c2390cdd7129c2dcf50b0d4990d3f7d1bccc Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Sat, 14 Oct 2017 14:38:48 +0300 Subject: Refactoring the debugging output. levels of debug output: 0 - ERROR: Only for errors. 1 - TRACE: Start of each packets and if found protocol. 2 - DEBUG: Start of searching each protocol and excluding protocols. 3 - DEBUG_EXTRA: For all other messages. Added field ndpi_struct->debug_logging for enable debug output of each protocols. Simple macros for debugging output are added: NDPI_LOG_ERR(), NDPI_LOG_INFO(), NDPI_LOG_DBG(), NDPI_LOG_DBG2(), NDPI_EXCLUDE_PROTO() --- src/lib/protocols/sip.c | 48 +++++++++++++++++++++--------------------------- 1 file changed, 21 insertions(+), 27 deletions(-) (limited to 'src/lib/protocols/sip.c') diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 94386d61e..44d2a12fe 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_SIP + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SIP #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_SIP static void ndpi_int_sip_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t due_to_correlation) { @@ -41,18 +45,14 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - if (payload_len > 4) { /* search for STUN Turn ChannelData Prefix */ u_int16_t message_len = ntohs(get_u_int16_t(packet->payload, 2)); if (payload_len - 4 == message_len) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found STUN TURN ChannelData prefix.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found STUN TURN ChannelData prefix\n"); payload_len -= 4; packet_payload += 4; } @@ -68,7 +68,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct if ((memcmp(packet_payload, "NOTIFY ", 7) == 0 || memcmp(packet_payload, "notify ", 7) == 0) && (memcmp(&packet_payload[7], "SIP:", 4) == 0 || memcmp(&packet_payload[7], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip NOTIFY.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip NOTIFY\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } @@ -76,14 +76,14 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct if ((memcmp(packet_payload, "REGISTER ", 9) == 0 || memcmp(packet_payload, "register ", 9) == 0) && (memcmp(&packet_payload[9], "SIP:", 4) == 0 || memcmp(&packet_payload[9], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip REGISTER.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip REGISTER\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } if ((memcmp(packet_payload, "INVITE ", 7) == 0 || memcmp(packet_payload, "invite ", 7) == 0) && (memcmp(&packet_payload[7], "SIP:", 4) == 0 || memcmp(&packet_payload[7], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip INVITE.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip INVITE\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } @@ -95,34 +95,34 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct /* if (memcmp(packet_payload, "SIP/2.0 200 OK", 14) == 0 || memcmp(packet_payload, "sip/2.0 200 OK", 14) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip SIP/2.0 0K.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip SIP/2.0 0K\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } */ if (memcmp(packet_payload, "SIP/2.0 ", 8) == 0 || memcmp(packet_payload, "sip/2.0 ", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip SIP/2.0 *.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip SIP/2.0 *\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } if ((memcmp(packet_payload, "BYE ", 4) == 0 || memcmp(packet_payload, "bye ", 4) == 0) && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip BYE.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip BYE\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } if ((memcmp(packet_payload, "ACK ", 4) == 0 || memcmp(packet_payload, "ack ", 4) == 0) && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip ACK.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip ACK\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } if ((memcmp(packet_payload, "CANCEL ", 7) == 0 || memcmp(packet_payload, "cancel ", 7) == 0) && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip CANCEL.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip CANCEL\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } @@ -132,7 +132,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct || memcmp(packet_payload, "options ", 8) == 0) && (memcmp(&packet_payload[8], "SIP:", 4) == 0 || memcmp(&packet_payload[8], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip OPTIONS.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip OPTIONS\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } @@ -141,19 +141,19 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct /* add bitmask for tcp only, some stupid udp programs * send a very few (< 10 ) packets before invite (mostly a 0x0a0x0d, but just search the first 3 payload_packets here */ if (packet->udp != NULL && flow->packet_counter < 20) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet\n"); return; } #ifdef NDPI_PROTOCOL_STUN /* for STUN flows we need some more packets */ if (packet->udp != NULL && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN && flow->packet_counter < 40) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "need next STUN packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next STUN packet\n"); return; } #endif if (payload_len == 4 && get_u_int32_t(packet_payload, 0) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "maybe sip. need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe sip. need next packet\n"); return; } #ifdef NDPI_PROTOCOL_YAHOO @@ -161,27 +161,21 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct && packet_payload[3] == payload_len - 20 && get_u_int32_t(packet_payload, 4) == 0 && get_u_int32_t(packet_payload, 8) == 0) { flow->sip_yahoo_voice = 1; - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "maybe sip yahoo. need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe sip yahoo. need next packet\n"); } if (flow->sip_yahoo_voice && flow->packet_counter < 10) { return; } #endif - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "exclude sip.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SIP); - return; - + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_sip(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_flow_struct *flow = ndpi_struct->flow; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "sip detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search sip\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SIP) { -- cgit v1.2.3 From a0980228efa9cb4c2546dbbaaa9475db04f59cce Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Tue, 31 Oct 2017 22:04:14 +0300 Subject: Bug fix. Protocol SIP: command 'CANCEL sip:' is not recognized. Add sip.pcap for tests ( Source: https://wiki.wireshark.org/SIP ). --- src/lib/protocols/sip.c | 2 +- tests/pcap/sip.pcap | Bin 0 -> 50975 bytes tests/result/sip.pcap.out | 8 ++++++++ 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 tests/pcap/sip.pcap create mode 100644 tests/result/sip.pcap.out (limited to 'src/lib/protocols/sip.c') diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 94386d61e..67459f562 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -121,7 +121,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct } if ((memcmp(packet_payload, "CANCEL ", 7) == 0 || memcmp(packet_payload, "cancel ", 7) == 0) - && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) { + && (memcmp(&packet_payload[7], "SIP:", 4) == 0 || memcmp(&packet_payload[7], "sip:", 4) == 0)) { NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip CANCEL.\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; diff --git a/tests/pcap/sip.pcap b/tests/pcap/sip.pcap new file mode 100644 index 000000000..8cd7f4761 Binary files /dev/null and b/tests/pcap/sip.pcap differ diff --git a/tests/result/sip.pcap.out b/tests/result/sip.pcap.out new file mode 100644 index 000000000..8f1dfb3d2 --- /dev/null +++ b/tests/result/sip.pcap.out @@ -0,0 +1,8 @@ +RTP 9 1926 1 +SIP 102 47087 2 +RTCP 1 146 1 + + 1 UDP 192.168.1.2:5060 <-> 212.242.33.35:5060 [proto: 100/SIP][53 pkts/21940 bytes <-> 31 pkts/15635 bytes] + 2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][15 pkts/7568 bytes <-> 3 pkts/1944 bytes] + 3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][9 pkts/1926 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.1.2:30001 -> 212.242.33.36:40393 [proto: 165/RTCP][1 pkts/146 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3 From 950f5db3dd2fda8159f2ba280d66d44103810aef Mon Sep 17 00:00:00 2001 From: Jacob Masen-Smith Date: Thu, 23 Nov 2017 20:40:43 -0800 Subject: Changed MinGW __forceinline strategy to something with less side effects --- src/include/ndpi_win32.h | 7 ++----- src/lib/protocols/attic/ftp.c | 7 +++++++ src/lib/protocols/irc.c | 3 +++ src/lib/protocols/qq.c | 6 ++++++ src/lib/protocols/rtp.c | 4 ++++ src/lib/protocols/sip.c | 2 ++ src/lib/protocols/sopcast.c | 2 ++ src/lib/protocols/telnet.c | 2 ++ src/lib/protocols/thunder.c | 6 ++++++ src/lib/protocols/world_of_warcraft.c | 2 ++ src/lib/protocols/yahoo.c | 4 +++- src/lib/protocols/zattoo.c | 4 +++- 12 files changed, 42 insertions(+), 7 deletions(-) (limited to 'src/lib/protocols/sip.c') diff --git a/src/include/ndpi_win32.h b/src/include/ndpi_win32.h index d4109dcb2..db309faff 100644 --- a/src/include/ndpi_win32.h +++ b/src/include/ndpi_win32.h @@ -27,11 +27,8 @@ // fix a MinGW build issue "error: multiple storage classes in declaration specifiers" due to MinGW // defining extern for __forceinline types #if (defined(__MINGW32__) || defined(__MINGW64__)) && defined(__GNUC__) -// MinGW winnt.h uses FORCEINLINE which is originally defined as __forceinline, but requires extern -#undef FORCEINLINE -#define FORCEINLINE extern __inline__ __attribute__((__always_inline__,__gnu_inline__)) -#undef __forceinline -#define __forceinline __inline__ __attribute__((__always_inline__,__gnu_inline__)) +#define MINGW_GCC +#define __mingw_forceinline __inline__ __attribute__((__always_inline__,__gnu_inline__)) #endif #include diff --git a/src/lib/protocols/attic/ftp.c b/src/lib/protocols/attic/ftp.c index 29cf55d15..2e06aec9a 100644 --- a/src/lib/protocols/attic/ftp.c +++ b/src/lib/protocols/attic/ftp.c @@ -43,6 +43,8 @@ static void ndpi_int_ftp_add_connection(struct ndpi_detection_module_struct *ndp */ #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -78,8 +80,11 @@ u_int8_t ndpi_int_check_possible_ftp_command(const struct ndpi_packet_struct *pa /** * ftp replies are are 3-digit number followed by space or hyphen */ + #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -108,6 +113,8 @@ u_int8_t ndpi_int_check_possible_ftp_reply(const struct ndpi_packet_struct *pack */ #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index b2b73ac5f..a609062b3 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -39,8 +39,11 @@ static void ndpi_int_irc_add_connection(struct ndpi_detection_module_struct *ndp } + #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/qq.c b/src/lib/protocols/qq.c index 0507efa36..5df6503e0 100644 --- a/src/lib/protocols/qq.c +++ b/src/lib/protocols/qq.c @@ -81,6 +81,8 @@ static const u_int16_t ndpi_valid_qq_versions[] = { #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -172,6 +174,8 @@ u_int8_t ndpi_is_valid_qq_packet(const struct ndpi_packet_struct *packet) #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -428,6 +432,8 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 80848f5ba..b9035e44a 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -148,6 +148,8 @@ static void ndpi_int_rtp_add_connection(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -162,6 +164,8 @@ void init_seq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 67459f562..45c39c64e 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -34,6 +34,8 @@ static void ndpi_int_sip_add_connection(struct ndpi_detection_module_struct *ndp #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index 63590fec7..037e4df2c 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -43,6 +43,8 @@ static void ndpi_int_sopcast_add_connection(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index 0be921d44..162fee30d 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -37,6 +37,8 @@ static void ndpi_int_telnet_add_connection(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index f0198cdda..0a99282fc 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -47,6 +47,8 @@ static void ndpi_int_thunder_add_connection(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -81,6 +83,8 @@ void ndpi_int_search_thunder_udp(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -139,6 +143,8 @@ void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/world_of_warcraft.c b/src/lib/protocols/world_of_warcraft.c index de3f720ba..9c1e41cc1 100644 --- a/src/lib/protocols/world_of_warcraft.c +++ b/src/lib/protocols/world_of_warcraft.c @@ -38,6 +38,8 @@ static void ndpi_int_worldofwarcraft_add_connection(struct ndpi_detection_module #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/yahoo.c b/src/lib/protocols/yahoo.c index 569fca940..a87195431 100644 --- a/src/lib/protocols/yahoo.c +++ b/src/lib/protocols/yahoo.c @@ -52,8 +52,10 @@ static u_int8_t ndpi_check_for_YmsgCommand(u_int16_t len, const u_int8_t * ptr) } -#ifndef WIN32 +#if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 3b6adcec8..dc58f1b00 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -24,8 +24,10 @@ #ifdef NDPI_PROTOCOL_ZATTOO -#ifndef WIN32 +#if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif -- cgit v1.2.3