sngrep icon indicating copy to clipboard operation
sngrep copied to clipboard

Published 20 hours ago verified publisher icon irontec

Add support for not fully RFC compliant SIP messages

Open yezongming opened this issue 8 years ago • 3 comments

2016-11-01 11 39 49 large sip mesage.pcap.zip

yezongming avatar Nov 01 '16 15:11 yezongming

Hi @yezongming

I have been debugging the attached captured. Thanks for the testing data. It seems your SIP messages are a bit strange, not sure what tool you've been used for creating the pcap, but as far as I know, each header should end with CRLF (0x0D0A) but yours end just with 0x0A.

That avoids matching the parser regexps and detects the payload as not SIP. You can check that with wireshark or even ngrep: ngrep -pqtx -n1 -I large\ sip\ mesage.pcap

Regards!

Kaian avatar Nov 02 '16 10:11 Kaian

Hi @Kaian,

What would you think about having a less-strict parsing mode where messages not fully SIP compliant are still shown in the display (using maybe another color).

Thanks for such a great tool!

luismartingil avatar Nov 18 '16 12:11 luismartingil

Umm, sorry for the lack of feedback on this one.

I could change the regexp to be less strict yes, but I think I will leave that for a future release. Right now we don't understand SIP, we only parse SIP but we don't know if it's correct or incorrect. We could add a bit more logic that checks if headers are malformed or URIs are well formatted, but I consider that extra info so I'll leave it for now.

Thanks for the feedback and suggestions!!

Kaian avatar Dec 19 '16 12:12 Kaian