From 1b5be9bcba5986b5f4974fa0f3fcedf316a65afe Mon Sep 17 00:00:00 2001 From: atul358 Date: Thu, 10 Sep 2020 10:18:26 +0000 Subject: Issue 16683 - SIP - Dissection of Logme Marker in the Session ID header of the sip packet --- epan/dissectors/packet-sip.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/epan/dissectors/packet-sip.c b/epan/dissectors/packet-sip.c index d0adc4a7ec..04a0fd5031 100644 --- a/epan/dissectors/packet-sip.c +++ b/epan/dissectors/packet-sip.c @@ -10,6 +10,7 @@ * Copyright 2004, Anders Broman * Copyright 2011, Anders Broman , Johan Wahl * Copyright 2018, Anders Broman + * Copyright 2020, Atul Sharma * * Wireshark - Network traffic analyzer * By Gerald Combs @@ -228,6 +229,7 @@ static gint hf_sip_session_id_sess_id = -1; static gint hf_sip_session_id_param = -1; static gint hf_sip_session_id_local_uuid = -1; static gint hf_sip_session_id_remote_uuid = -1; +static gint hf_sip_session_id_logme = -1; static gint hf_sip_continuation = -1; static gint hf_sip_feature_cap = -1; @@ -2901,7 +2903,7 @@ static void dissect_sip_via_header(tvbuff_t *tvb, proto_tree *tree, gint start_o */ static void dissect_sip_session_id_header(tvbuff_t *tvb, proto_tree *tree, gint start_offset, gint line_end_offset, packet_info *pinfo) { - gint current_offset, semi_colon_offset, equals_offset, length; + gint current_offset, semi_colon_offset, equals_offset, length, logme_end_offset; GByteArray *bytes; proto_item *pi; @@ -2970,7 +2972,28 @@ static void dissect_sip_session_id_header(tvbuff_t *tvb, proto_tree *tree, gint memcpy(guid.data4, &uuid->data[8], 8); proto_tree_add_guid(tree, hf_sip_session_id_remote_uuid, tvb, equals_offset + 1, line_end_offset - equals_offset - 1, &guid); - } else { + /* Decode logme parameter as per https://tools.ietf.org/html/rfc8497 + * + * sess-id-param =/ logme-param + * logme-param = "logme" + */ + semi_colon_offset = tvb_find_guint8(tvb, current_offset, line_end_offset - current_offset, ';'); + while(semi_colon_offset != -1){ + current_offset = semi_colon_offset + 1; + if(current_offset != line_end_offset){ + logme_end_offset = current_offset + 5; + current_offset = tvb_skip_wsp_return(tvb,semi_colon_offset); + /* Extract logme parameter name */ + gchar *name = tvb_get_string_enc(wmem_packet_scope(), tvb, current_offset,logme_end_offset - current_offset, ENC_UTF_8|ENC_NA); + if(g_ascii_strcasecmp(name, "logme") == 0){ + proto_tree_add_boolean(tree, hf_sip_session_id_logme, tvb, current_offset, logme_end_offset - current_offset, 1); + } else if(current_offset != line_end_offset){ + proto_tree_add_item(tree, hf_sip_session_id_param, tvb, current_offset,line_end_offset - current_offset, ENC_UTF_8|ENC_NA); + } + } + semi_colon_offset = tvb_find_guint8(tvb, current_offset, line_end_offset - current_offset, ';'); + } + } else { /* Display generic parameter */ proto_tree_add_item(tree, hf_sip_session_id_param, tvb, current_offset, line_end_offset - current_offset, ENC_UTF_8|ENC_NA); @@ -7298,6 +7321,11 @@ void proto_register_sip(void) FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL} }, + { &hf_sip_session_id_logme, + { "logme", "sip.Session-ID.logme", + FT_BOOLEAN, BASE_NONE, TFS(&tfs_set_notset), 0x0, + NULL, HFILL} + }, { &hf_sip_continuation, { "Continuation data", "sip.continuation", FT_BYTES, BASE_NONE, NULL, 0x0, -- cgit v1.2.3