Search code examples
sipsniffer

using libtins and libosip

I'm trying to write a simple SIP sniffer using libtins which works nice. I then try to parse the packet received to libosip. Although it does parses the message properly, it dies silently.

I've no idea what could be wrong here, some help would be greatly appreciated!

this is my source:

#include <iostream>
#include "tins/tins.h"
#include <osip2/osip.h>
#include <osipparser2/osip_message.h>
#include <vector>

using namespace Tins;

bool invalidChar (char c);
void stripUnicode(std::string & str); 

bool callback(const PDU &pdu) 
{

    const IP &ip = pdu.rfind_pdu<IP>(); // Find the IP layer
    const UDP &udp = pdu.rfind_pdu<UDP>(); // Find the TCP layer

    osip_message *sip;
    osip_message_init(&sip);

    // First here we print Source and Destination Information
    std::cout << ip.src_addr() << ':' << udp.sport() << " -> " 
          << ip.dst_addr() << ':' << udp.dport() << std::endl;

    // Extract the RawPDU object.
    const RawPDU& raw = udp.rfind_pdu<RawPDU>();

    // Finally, take the payload (this is a vector<uint8_t>)
    const RawPDU::payload_type& payload = raw.payload();

    // We create a string message
    std::string message( payload.begin(), payload.end() );
    std::string sip_message;

    // Try to parse the message
    std::cout << "copying message with len " << message.size() << std::endl;
    const char *msg = message.c_str();

    std::cout << "parsing message with size " << strlen(msg) << std::endl;
    osip_message_parse( sip, msg, strlen( msg ) );

    std::cout << "freeing message" << std::endl;
    osip_message_free(sip);
    return true;
}

int main(int argc, char *argv[]) 
{
    if(argc != 2) {
        std::cout << "Usage: " << *argv << " <interface>" << std::endl;
        return 1;
    }
    // Sniff on the provided interface in promiscuos mode
    Sniffer sniffer(argv[1], Sniffer::PROMISC);

    // Only capture udp packets sent to port 53
    sniffer.set_filter("port 5060");

    // Start the capture
    sniffer.sniff_loop(callback);
}

The output is this:

1.2.3.4:5060 -> 4.3.2.1:5060
copying message with len 333
parsing message with size 333

And it dies silently.

If I remove the line:

osip_message_parse( sip, msg, strlen( msg ) );

It keeps going perfectly...

Thanks a lot for your help!

Solution

  • I finally found the problem. it is necessary to initialise the parser with 

    parser_init();

    It's not documented anywhere :(

    Now it's not dying on me anymore, but the parsing is not working properly. I need to investigate more.

    Thanks everyone!

    David