Commit 196780fc authored by Victor Seva's avatar Victor Seva

Imported Upstream version 1.3.0

parent 0d50885f
......@@ -5,9 +5,8 @@ compiler:
notifications:
recipients:
- kaian@irontec.com
before_script:
- sudo apt-get update
install:
- sudo apt-get -qq update || true
- sudo apt-get install -y libncurses5-dev libpcap-dev libssl-dev
script:
- ./bootstrap.sh
......@@ -16,3 +15,4 @@ script:
branches:
only:
- master
- travis
This diff is collapsed.
README.md
\ No newline at end of file
# sngrep [![Build Status](https://travis-ci.org/irontec/sngrep.svg)](https://travis-ci.org/irontec/sngrep)
sngrep is a tool for displaying SIP calls message flows from terminal.
It supports live capture to display realtime SIP packets and can also be used
as PCAP viewer.
[Some screenshots of sngrep](https://github.com/irontec/sngrep/wiki/Screenshots)
## Installing
### Binaries
* [Debian / Ubuntu] (https://github.com/irontec/sngrep/wiki/Installing-Binaries#debian--ubuntu)
* [CentOS / RedHat / Fedora](https://github.com/irontec/sngrep/wiki/Installing-Binaries#centos--fedora--rhel)
* [Alpine Linux](https://github.com/irontec/sngrep/wiki/Installing-Binaries#alpine-linux)
* [Gentoo](https://github.com/irontec/sngrep/wiki/Installing-Binaries#gentoo)
* [Arch](https://github.com/irontec/sngrep/wiki/Installing-Binaries#arch)
* [OSX] (https://github.com/irontec/sngrep/wiki/Installing-Binaries#osx)
### Building from sources
Prerequisites
- libncurses5 - for UI, windows, panels.
- libpcap - for capturing packets.
- libssl - (optional) for TLS transport decrypt using OpenSSL and libcrypt
- gnutls - (optional) for TLS transport decrypt using GnuTLS and libgcrypt
- libncursesw5 - (optional) for UI, windows, panels (wide-character support)
- libpcre - (optional) for Perl Compatible regular expressions
On most systems the commands to build will be the standard autotools procedure:
./bootstrap.sh
./configure
make
make install (as root)
You can pass following flags to ./configure to enable some features
| configure flag | Feature |
| ------------- | ------------- |
| `--with-openssl` | Adds OpenSSL support to parse TLS captured messages (req. libssl) |
| `--with-gnutls` | Adds GnuTLS support to parse TLS captured messages (req. gnutls) |
| `--with-pcre`| Adds Perl Compatible regular expressions support in regexp fields |
| `--enable-unicode` | Adds Ncurses UTF-8/Unicode support (req. libncursesw5) |
| `--enable-ipv6` | Enable IPv6 packet capture support. |
| `--enable-eep` | Enable EEP packet send/receive support. |
You can find [detailed instructions for some distributions] (https://github.com/irontec/sngrep/wiki/Building) on wiki.
## Usage
See `--help` for a list of available flags and their syntax
For example, sngrep can be used to view SIP packets from a pcap file, also applying filters
sngrep -I file.pcap host 192.168.1.1 and port 5060
or live capturing, saving packets to a new file
sngrep -d eth0 -O save.pcap port 5060 and udp
## Configuration
You can configure some options using [sngreprc] (https://github.com/irontec/sngrep/wiki/Configuration) file
## Frequent Asked Questions
Any feedback, request or question are welcomed at [#sngrep](https://webchat.freenode.net/?channels=sngrep) channel at irc.freenode.net
See FAQ on [Github Wiki](https://github.com/irontec/sngrep/wiki#frequent-asked-questions)
## License
sngrep - SIP Messages flow viewer
Copyright (C) 2013-2016 Irontec S.L.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
In addition, as a special exception, the copyright holders give
permission to link the code of portions of this program with the
OpenSSL library under certain conditions as described in each
individual source file, and distribute linked combinations
including the two.
You must obey the GNU General Public License in all respects
for all of the code used other than OpenSSL. If you modify
file(s) with this exception, you may extend this exception to your
version of the file(s), but you are not obligated to do so. If you
do not wish to do so, delete this exception statement from your
version. If you delete this exception statement from all source
files in the program, then also delete it here.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
# sngrep [![Build Status](https://travis-ci.org/irontec/sngrep.svg)](https://travis-ci.org/irontec/sngrep)
sngrep is a tool for displaying SIP calls message flows from terminal.
It supports live capture to display realtime SIP packets and can also be used
as PCAP viewer.
[Some screenshots of sngrep](https://github.com/irontec/sngrep/wiki/Screenshots)
## Installing
### Binaries
* [Debian / Ubuntu] (https://github.com/irontec/sngrep/wiki/Installing-Binaries#debian--ubuntu)
* [CentOS / RedHat / Fedora](https://github.com/irontec/sngrep/wiki/Installing-Binaries#centos--fedora--rhel)
* [Alpine Linux](https://github.com/irontec/sngrep/wiki/Installing-Binaries#alpine-linux)
* [Gentoo](https://github.com/irontec/sngrep/wiki/Installing-Binaries#gentoo)
* [Arch](https://github.com/irontec/sngrep/wiki/Installing-Binaries#arch)
* [OSX] (https://github.com/irontec/sngrep/wiki/Installing-Binaries#osx)
### Building from sources
Prerequisites
- libncurse5 - for UI, windows, panels.
- libpcap - for capturing packets.
- libssl - (optional) for TLS transport decrypt using OpenSSL and libcrypt
- gnutls - (optional) for TLS transport decrypt using GnuTLS and libgcrypt
- libncursesw5 - (optional) for UI, windows, panels (wide-character support)
- libpcre - (optional) for Perl Compatible regular expressions
On most systems the commands to build will be the standard autotools procedure:
./bootstrap.sh
./configure
make
make install (as root)
You can pass following flags to ./configure to enable some features
| configure flag | Feature |
| ------------- | ------------- |
| `--with-openssl` | Adds OpenSSL support to parse TLS captured messages (req. libssl) |
| `--with-gnutls` | Adds GnuTLS support to parse TLS captured messages (req. gnutls) |
| `--with-pcre`| Adds Perl Compatible regular expressions support in regexp fields |
| `--enable-unicode` | Adds Ncurses UTF-8/Unicode support (req. libncursesw5) |
| `--enable-ipv6` | Enable IPv6 packet capture support. |
| `--enable-eep` | Enable EEP packet send/receive support. |
You can find [detailed instructions for some distributions] (https://github.com/irontec/sngrep/wiki/Building) on wiki.
## Usage
See `--help` for a list of available flags and their syntax
For example, sngrep can be used to view SIP packets from a pcap file, also applying filters
sngrep -I file.pcap host 192.168.1.1 and port 5060
or live capturing, saving packets to a new file
sngrep -d eth0 -O save.pcap port 5060 and udp
## Configuration
You can configure some options using [sngreprc] (https://github.com/irontec/sngrep/wiki/Configuration) file
## Frequent Asked Questions
Any feedback, request or question are welcomed at [#sngrep](https://webchat.freenode.net/?channels=sngrep) channel at irc.freenode.net
See FAQ on [Github Wiki](https://github.com/irontec/sngrep/wiki#frequent-asked-questions)
## License
sngrep - SIP Messages flow viewer
Copyright (C) 2013,2014 Irontec S.L.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
In addition, as a special exception, the copyright holders give
permission to link the code of portions of this program with the
OpenSSL library under certain conditions as described in each
individual source file, and distribute linked combinations
including the two.
You must obey the GNU General Public License in all respects
for all of the code used other than OpenSSL. If you modify
file(s) with this exception, you may extend this exception to your
version of the file(s), but you are not obligated to do so. If you
do not wish to do so, delete this exception statement from your
version. If you delete this exception statement from all source
files in the program, then also delete it here.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
README
\ No newline at end of file
......@@ -8,28 +8,81 @@ capture:
reassembled are stored in memory until fully assembled (which may
never occur).
ui:
* Change panels initialization
Right now, all panels are initializated at the same, because
each panel can only be invoked once (it is not possible to have
two call details panel right now)
* Improve TCP assembly
We assume a packet is complete when PSH flag is set. In some cases
this is not true and we have multiples SIP messages into what we
consider an assembled packet. It's require to evaluate if a packet
contains a SIP message every time we assemble a new segment.
* Add horizontal scrolling
It should be nice to be able to scroll horizontaly (with unused
right and left keys) in Call List and Call flow.
rtp:
* Improve RTP stream creation
We create new streams from SDP information every time we parse a
SIP message with SDP content and the information doesn't match the
last call stream. This should be improved to also consider the stream
direction, so we compare with the last call stream with the same
direction. This way, we would avoid drawing RTP arrows that have
the same information
* Interface resize
When the terminal size changes, the ui is not properly redraw.
It would be nice to handle KEY_RESIZE event and change all displayed
panels.
* Improve RTCP parsing
Right now only RTCP extended report is parsed and the information
provided in flow panel doesn't seem to be useful. Determine what
information will be interesting to display and parse it properly.
* Remove RTCP stream arrows
RTCP arrows in Call flow doesn't provide useful information. The
RTCP information displayed in the preview panel could be displayed
in the matching RTP arrow.
pcap:
* Sorting saved pakets
Before creating a pcap, we sort packets by timestamp. When a lot of packets
are handled (especially when RTP is captured) this can take A LOT of time.
We should improve the sorting, allowing the save process to be canceled or
allowing not to sort at all.
* Allow saving HEP/EEP captured packets
To create a full packet from HEP received packets its required to create
the required Ethernet/TCP/UDP headers before dumping to pcap.
Most of the information are part of HEP headers, other (like ethernet mac
addresses) must be filled with dummy information.
interface:
* Change panels initialization
Right now, all panels are initializated at the same, because
each panel can only be invoked once (it is not possible to have
two call details panel right now)
* Add horizontal scrolling
It should be nice to be able to scroll horizontaly (with unused
right and left keys) in Call List and Call flow.
* Interface resize
When the terminal size changes, the ui is not properly redraw.
It would be nice to handle KEY_RESIZE event and change all displayed
panels.
* Improve colors for white background terminals
The best approach for colors should be use terminal defaults.
Right now, white background terminals must set background dark option
in order to see colors properly.
in order to see colors properly. This could be fixed implementing
color themes.
* Improve compatibility with IPv6
* Improve compatibility with IPv6
IPv6 packets are captured but IPv6 addresses can be 45 chars
long, so current UI is not ready to display that kind of
addresses
* Improve Unicode support
Even when compiling with libncruses wide-character support, we don't
use the special fuctions that provide to write payload into the panels,
making some characters to be displayed incorrectly.
* Update keybinding display in help screen
Most of the panels have a help window that display keybindings, but they
are updated with the last keybiding mapping changes.
* Create a loading dialog or include a Loading percentage in Call List
Add the readed % of bytes from the pcap file next to the (Loading) label in
Call List, or create a new Dialog when opening big pcaps that can be hidden
to continue loading in background.
AC_PREREQ([2.59])
AC_INIT([sngrep], [1.2.0], [kaian@irontec.com], [sngrep], [http://www.irontec.com/])
AC_INIT([sngrep], [1.3.0], [kaian@irontec.com], [sngrep], [http://www.irontec.com/])
AM_INIT_AUTOMAKE([1.9])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
AC_CONFIG_HEADERS([src/config.h])
......
.\" Man page for the sngrep
.\"
.\" Copyright (c) 2013-2015 Ivan Alonso <kaian@irontec.com>
.\" Copyright (c) 2013-2015 Irontec S.L.
.\" Copyright (c) 2013-2016 Ivan Alonso <kaian@irontec.com>
.\" Copyright (c) 2013-2016 Irontec S.L.
.TH SNGREP 8 "June 2015" "sngrep 1.2.0"
.TH SNGREP 8 "January 2016" "sngrep 1.3.0"
.SH NAME
......
bin_PROGRAMS=sngrep
VPATH=curses
sngrep_SOURCES=capture.c
if USE_EEP
sngrep_SOURCES+=capture_eep.c
......@@ -9,8 +10,10 @@ endif
if WITH_OPENSSL
sngrep_SOURCES+=capture_openssl.c
endif
sngrep_SOURCES+=sip.c sip_call.c sip_msg.c sip_attr.c main.c option.c
sngrep_SOURCES+=group.c filter.c keybinding.c media.c setting.c rtp.c util.c vector.c
sngrep_SOURCES+=ui_manager.c ui_call_list.c ui_call_flow.c ui_call_raw.c ui_stats.c
sngrep_SOURCES+=ui_filter.c ui_save.c ui_msg_diff.c ui_column_select.c ui_settings.c
sngrep_SOURCES+=address.c packet.c sip.c sip_call.c sip_msg.c sip_attr.c main.c
sngrep_SOURCES+=option.c group.c filter.c keybinding.c media.c setting.c rtp.c
sngrep_SOURCES+=util.c vector.c ui_panel.c scrollbar.c
sngrep_SOURCES+=ui_manager.c ui_call_list.c ui_call_flow.c ui_call_raw.c
sngrep_SOURCES+=ui_stats.c ui_filter.c ui_save.c ui_msg_diff.c
sngrep_SOURCES+=ui_column_select.c ui_settings.c
/**************************************************************************
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2016 Ivan Alonso (Kaian)
** Copyright (C) 2013-2016 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation, either version 3 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program. If not, see <http://www.gnu.org/licenses/>.
**
****************************************************************************/
/**
* @file address.c
* @author Ivan Alonso [aka Kaian] <kaian@irontec.com>
*
* @brief Source of functions defined in address.h
*
*/
#include "config.h"
#include "address.h"
#include <string.h>
#include <pcap.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
bool
addressport_equals(address_t addr1, address_t addr2)
{
return addr1.port == addr2.port && !strcmp(addr1.ip, addr2.ip);
}
bool
address_equals(address_t addr1, address_t addr2)
{
return !strcmp(addr1.ip, addr2.ip);
}
bool
address_is_local(address_t addr)
{
//! Local devices pointer
static pcap_if_t *devices = 0;
pcap_if_t *dev;
pcap_addr_t *da;
char errbuf[PCAP_ERRBUF_SIZE];
struct sockaddr_in *ipaddr;
#ifdef USE_IPV6
struct sockaddr_in6 *ip6addr;
#endif
char ip[ADDRESSLEN];
// Get all network devices
if (!devices) {
// Get Local devices addresses
pcap_findalldevs(&devices, errbuf);
}
for (dev = devices; dev; dev = dev->next) {
for (da = dev->addresses; da ; da = da->next) {
// Ingore empty addresses
if (!da->addr)
continue;
// Initialize variables
memset(ip, 0, sizeof(ip));
// Get address representation
switch (da->addr->sa_family) {
case AF_INET:
ipaddr = (struct sockaddr_in *) da->addr;
inet_ntop(AF_INET, &ipaddr->sin_addr, ip, sizeof(ip));
break;
#ifdef USE_IPV6
case AF_INET6:
ip6addr = (struct sockaddr_in6 *) da->addr;
inet_ntop(AF_INET, &ip6addr->sin6_addr, ip, sizeof(ip));
break;
#endif
}
// Check if this address matches
if (!strcmp(addr.ip, ip)) {
return true;
}
}
}
return false;
}
/**************************************************************************
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2016 Ivan Alonso (Kaian)
** Copyright (C) 2013-2016 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation, either version 3 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program. If not, see <http://www.gnu.org/licenses/>.
**
****************************************************************************/
/**
* @file address.h
* @author Ivan Alonso [aka Kaian] <kaian@irontec.com>
*
* @brief Functions to manage network addresses
*
* Multiple structures contain source and destination address.
* This file contains the unification of all sngrep address containers.
*
*/
#ifndef __SNGREP_ADDRESS_H
#define __SNGREP_ADDRESS_H
#include <netinet/in.h>
#include <stdint.h>
#include <stdbool.h>
//! Address string Length
#ifdef USE_IPV6
#ifdef INET6_ADDRSTRLEN
#define ADDRESSLEN INET6_ADDRSTRLEN
#else
#define ADDRESSLEN 46
#endif
#else
#define ADDRESSLEN INET_ADDRSTRLEN
#endif
//! Shorter declaration of address structure
typedef struct address address_t;
/**
* @brief Network address
*/
struct address {
//! IP address
char ip[ADDRESSLEN];
//! Port
uint16_t port;
};
/**
* @brief Check if two address are equal (including port)
*
* @param addr1 Address structure
* @param addr2 Address structure
* @return true if addresses contain the IP address, false otherwise
*/
bool
addressport_equals(address_t addr1, address_t addr2);
/**
* @brief Check if two address are equal (ignoring port)
*
* @param addr1 Address structure
* @param addr2 Address structure
* @return true if addresses contain the same data, false otherwise
*/
bool
address_equals(address_t addr1, address_t addr2);
/**
* @brief Check if a given IP address belongs to a local device
*
* @param address Address structure
* @return true if address is local, false otherwise
*/
bool
address_is_local(address_t addr);
#endif /* __SNGREP_ADDRESS_H */
This diff is collapsed.
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013,2014 Ivan Alonso (Kaian)
** Copyright (C) 2013,2014 Irontec SL. All rights reserved.
** Copyright (C) 2013-2016 Ivan Alonso (Kaian)
** Copyright (C) 2013-2016 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
......@@ -68,14 +68,10 @@
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <stdbool.h>
#include "packet.h"
#include "vector.h"
#ifdef INET6_ADDRSTRLEN
#define ADDRESSLEN INET6_ADDRSTRLEN + 1
#else
#define ADDRESSLEN 47
#endif
//! Max allowed packet assembled size
#define MAX_CAPTURE_LEN 20480
......@@ -105,35 +101,6 @@ enum capture_storage {
typedef struct capture_config capture_config_t;
//; Shorter declaration of capture_info structure
typedef struct capture_info capture_info_t;
//! Shorter declaration of dns_cache structure
typedef struct dns_cache dns_cache_t;
//! Shorter declaration of capture_packet structure
typedef struct capture_packet capture_packet_t;
//! Shorter declaration of capture_frame structure
typedef struct capture_frame capture_frame_t;
//! Stored packet types
enum capture_packet_type {
CAPTURE_PACKET_SIP_UDP = 0,
CAPTURE_PACKET_SIP_TCP,
CAPTURE_PACKET_SIP_TLS,
CAPTURE_PACKET_SIP_WS,
CAPTURE_PACKET_SIP_WSS,
CAPTURE_PACKET_RTP,
CAPTURE_PACKET_RTCP,
};
/**
* @brief Storage for DNS resolved ips
*
* Structure to store resolved addresses when capture.lookup
* configuration option is enabled.
*/
struct dns_cache {
int count;
char addr[ADDRESSLEN][256];
char hostname[16][256];
};
/**
* @brief Capture common configuration
......@@ -142,23 +109,19 @@ struct dns_cache {
*/
struct capture_config {
//! Capture status
int status;
enum capture_status status;
//! Calls capture limit. 0 for disabling
int limit;
size_t limit;
//! Also capture RTP packets
int rtp_capture;
bool rtp_capture;
//! Where should we store captured packets
int storage;
enum capture_storage storage;
//! Key file for TLS decrypt
const char *keyfile;
//! The compiled filter expression
struct bpf_program fp;
//! libpcap dump file handler
pcap_dumper_t *pd;
//! Cache for DNS lookups
dns_cache_t dnscache;
//! Local devices pointer
pcap_if_t *devices;
//! Capture sources
vector_t *sources;
//! Packets pending IP reassembly
......@@ -192,47 +155,6 @@ struct capture_info
pthread_t capture_t;
};
/**
* Packet capture data.
*
* One packet can contain more than one frame after
* assembly. We assume than one SIP message has one packet
* (maybe in multiple frames) and that one packet can only contain
* one SIP message.
*
*/
struct capture_packet {
// IP protocol
uint8_t ip_version;
// Transport protocol
uint8_t proto;
// Packet type as defined in capture_packet_type
int type;
// Packet source and destination address
char ip_src[ADDRESSLEN], ip_dst[ADDRESSLEN];
// Packet source and destination port
u_short sport, dport;
//! Packet IP id
uint16_t ip_id;
//! PCAP Packet payload when it can not be get from data
u_char *payload;
//! Payload length
uint32_t payload_len;
//! Packet frame list (capture_frame_t)
vector_t *frames;
};
/**
* Capture frame.
* One packet can contain multiple frames.
*/
struct capture_frame {
//! PCAP Frame Header data
struct pcap_pkthdr *header;
//! PCAP Frame content
u_char *data;
};
/**
* @brief Initialize capture data
*
......@@ -240,7 +162,7 @@ struct capture_frame {
* @param rtp_catpure Enable rtp capture
*/
void
capture_init(int limit, int rtp_capture);
capture_init(size_t limit, bool rtp_capture);
/**
* @brief Deinitialize capture data
......@@ -308,7 +230,7 @@ parse_packet(u_char *capinfo, const struct pcap_pkthdr *header, const u_char *pa
* @return a Packet structure when packet is not fragmented or fully reassembled
* @return NULL when packet has not been completely assembled
*/
capture_packet_t *
packet_t *
capture_packet_reasm_ip(capture_info_t *capinfo, const struct pcap_pkthdr *header,
u_char *packet, uint32_t *size, uint32_t *caplen);
......@@ -328,8 +250,8 @@ capture_packet_reasm_ip(capture_info_t *capinfo, const struct pcap_pkthdr *heade
* @return a Packet structure when packet is not segmented or fully reassembled
* @return NULL when packet has not been completely assembled
*/
capture_packet_t *
capture_packet_reasm_tcp(capture_packet_t *packet, struct tcphdr *tcp,
packet_t *
capture_packet_reasm_tcp(packet_t *packet, struct tcphdr *tcp,
u_char *payload, int size_payload);
/**
......@@ -342,7 +264,7 @@ capture_packet_reasm_tcp(capture_packet_t *packet, struct tcphdr *tcp,
* @return 0 if packet is websocket, 1 otherwise
*/
int
capture_ws_check_packet(capture_packet_t *packet);
capture_ws_check_packet(packet_t *packet);
/**
* @brief Check if the given packet structure is SIP/RTP/..
......@@ -353,7 +275,7 @@ capture_ws_check_packet(capture_packet_t *packet);
* @return 1 otherwise
*/
int
capture_packet_parse(capture_packet_t *pkt);
capture_packet_parse(packet_t *pkt);
/**
* @brief Create a capture thread for online mode
......@@ -402,20 +324,20 @@ capture_set_paused(int pause);
*
* @return 1 if capture is paused, 0 otherwise
*/
int
capture_is_paused();
bool
capture_paused();
/**