Commit da713581 authored by Victor Seva's avatar Victor Seva

Imported Upstream version 0.3.1

parent 3742b9db
2015-04-14 Ivan Alonso <kaian@irontec.com>
* sngrep 0.3.1 released
* Added command line option -N to not display ncurses interface
* Added command line option -q to dont print any stdout output
* Added optional IPv6 support
* Added SIP compact headers support
* Fixed autotools templates for OpenBSD 5
* Set dark background by default
* Repladed SIP payload function with regexp
* Implemented configurable keybindings via sngreprc
* Added more default keybindings
* Implement basic RTP detection
* Improved parsing payload performance
2015-03-02 Ivan Alonso <kaian@irontec.com>
* sngrep 0.3.0 released
......
......@@ -9,7 +9,19 @@ as PCAP viewer.
## Installing
# Building from sources
### Binaries
#### Debian / Ubuntu
[Install sngrep Debian/Ubuntu package](https://github.com/irontec/sngrep/wiki/Installing-Binaries#debian--ubuntu)
#### CentOS / RedHat / Fedora
[Install sngrep CentOS/RedHat/Fedora package](https://github.com/irontec/sngrep/wiki/Installing-Binaries#centos--fedora--rhel)
#### OSX
OSX users can install sngrep using [homebrew](https://github.com/Homebrew/homebrew)
brew install sngrep
### Building from sources
Prerequisites
- libncurse5 - for UI, windows, panels.
......@@ -27,17 +39,15 @@ On most systems the commands to build will be the standard autotools procedure:
You can pass following flags to ./configure to enable some features
- --with-openssl : Adds OpenSSL support, allows sngrep to parse TLS captured messages (requires libssl)
- --with-pcre: Adds Perl Compatible regular expressions support in regexp fields
- --enable-unicode : Adds Ncurses wide-character support, for UTF-8 terminals (requires libncursesw5)
| configure flag | Feature |
| ------------- | ------------- |
| `--with-openssl` | Adds OpenSSL support to parse TLS captured messages (req. libssl) |
| `--with-pcre`| Adds Perl Compatible regular expressions support in regexp fields |
| `--enable-unicode` | Adds Ncurses UTF-8/Unicode support (req. libncursesw5) |
| `--enable-ipv6` | Enables IPv6 packet capture support. |
You can find [detailed instructions for some distributions] (https://github.com/irontec/sngrep/wiki/Building) on wiki.
# Binaries
OSX users can install sngrep using [homebrew](https://github.com/Homebrew/homebrew)
brew install sngrep
## Usage
See `--help` for a list of available flags and their syntax
......@@ -51,8 +61,9 @@ or live capturing, saving packets to a new file
sngrep -d eth0 -O save.pcap port 5060 and udp
## Configuration
You can configure some options using `sngreprc` file
You can configure some options using [sngreprc] (https://github.com/irontec/sngrep/wiki/Configuration) file
## Frequent Asked Questions
See FAQ on [Github Wiki](https://github.com/irontec/sngrep/wiki#frequent-asked-questions)
......
ToDo List
=========
capture:
* Handle Packet fragmentation
Right now capture process only handle packets with SIP payload,
so if a packet is marked as fragmented, part of its payload
will not be displayed.
sip:
* Change parsing functions for something more efficient (osip2?)
Parsing with sscanf is not the best way, but the simplest. If
we require to parse more headers in the future, it will start
to be worse and worse
* Improve the way payload is stored
Payload is included two times. One in the msg->payload pointer
and also in msg->pcap_packet content. This doubles the required
......@@ -16,14 +18,23 @@ ui:
Right now, all panels are initializated at the same, because
each panel can only be invoked once (it is not possible to have
two call details panel right now)
* Show call duration
It would be great to show this two columns on main screean.
First one can be calculated from the difference between first
and last messages timestamps.
* Change List columns in runtime
Sometimes its useful to filter the list for some column that is
not being displayed (like time, transport, ...), so it would be
nice to allow choosing the columns during runtime
* Add horizontal scrolling
It should be nice to be able to scroll horizontaly (with unused
right and left keys) in Call List and Call flow.
* Interface resize
When the terminal size changes, the ui is not properly redraw.
It would be nice to handle KEY_RESIZE event and change all displayed
panels.
* Improve colors for white background terminals
The best approach for colors should be use terminal defaults.
Right now, white background terminals must set background dark option
in order to see colors properly.
* Improve compatibility with IPv6
IPv6 packets are captured but IPv6 addresses can be 45 chars
long, so current UI is not ready to display that kind of
addresses
......@@ -6,9 +6,9 @@
##-----------------------------------------------------------------------------
## Enable color on or off
# set color on
## Use white/black as foreground/background instead of terminal defaults
# set background dark
set color off
## Use default foreground and background colors of your terminal
# set background default
## Disable syntax highlighting
# set syntax off
## Or enable branch/tag highlighting
......@@ -36,8 +36,9 @@
# set sngrep.savepath /tmp/sngrep-captures
##-----------------------------------------------------------------------------
## Change default scrolling in call list
## Change default scrolling in call list and call flow
# set cl.scrollstep 20
# set cf.scrollstep 4
## Disable exit prompt
# set cl.noexitprompt off
## Or set its default button
......
AC_PREREQ([2.59])
AC_INIT([sngrep], [0.3.0], [kaian@irontec.com], [sngrep], [http://www.irontec.com/])
AC_INIT([sngrep], [0.3.1], [kaian@irontec.com], [sngrep], [http://www.irontec.com/])
AM_INIT_AUTOMAKE([1.9])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
AC_CONFIG_HEADERS([src/config.h])
......@@ -29,10 +29,6 @@ AC_LANG(C)
#######################################################################
# Check for other REQUIRED libraries
AC_CHECK_HEADER([ncurses.h], [], [
AC_MSG_ERROR([ You need to have ncurses development files installed to compile sngrep.])
])
AC_CHECK_LIB([pthread], [pthread_create], [], [
AC_MSG_ERROR([ You need to have libpthread installed to compile sngrep.])
])
......@@ -57,6 +53,10 @@ AS_IF([test "x$enable_unicode" == "xyes"], [
# Ncurses with wide-character support
AC_DEFINE([WITH_UNICODE], [], [Compile With Unicode compatibility])
AC_CHECK_HEADER([ncursesw/ncurses.h], [], [
AC_MSG_ERROR([ You need to have ncurses development files installed to compile sngrep.])
])
AC_CHECK_LIB([ncursesw], [initscr], [], [
AC_MSG_ERROR([ You need to have libncursesw installed to compile sngrep.])
])
......@@ -75,6 +75,10 @@ AS_IF([test "x$enable_unicode" == "xyes"], [
], [
# Ncurses without wide-character support
AC_CHECK_HEADER([ncurses.h], [], [
AC_MSG_ERROR([ You need to have ncurses development files installed to compile sngrep.])
])
AC_CHECK_LIB([ncurses], [initscr], [], [
AC_MSG_ERROR([ You need to have libncurses installed to compile sngrep.])
])
......@@ -140,34 +144,44 @@ AS_IF([test "x$WITH_PCRE" == "xyes"], [
AC_DEFINE([WITH_PCRE],[],[Compile With Perl Compatible regular expressions support])
], [])
####
#### IPv6 Support
####
AC_ARG_ENABLE([ipv6],
AS_HELP_STRING([--enable-ipv6], [Enable IPv6 Support]),
[AC_SUBST(WITH_IPV6, $enableval)],
[AC_SUBST(WITH_IPV6, no)]
)
AS_IF([test "x$WITH_IPV6" == "xyes"], [
AC_CHECK_HEADER([netinet/ip6.h], [], [
AC_MSG_ERROR([ You dont seem to have ipv6 support (no ip6.h found).])
])
AC_DEFINE([WITH_IPV6],[],[Compile With IPv6 support])
], [])
# Conditional Source inclusion
AM_CONDITIONAL([WITH_OPENSSL], [test "x$WITH_OPENSSL" == "xyes"])
######################################################################
if test "x${silent}" != "xyes" ; then
echo
echo ' OZZZO '
echo ' OZZZO '
echo ' .: OZZZO :. '
echo ' :DDD. OZZZO DDD~ '
echo ' :DDDDD. OZZZO DDDDD: '
echo ' DDDDDDD. OZZZO DDDDDDD. '
echo ' .DDDDDD OZZZO .DDDDDD. '
echo ' ODDDD?. OZZZO .~DDDDZ. '
echo ' DDDDD. OZZZO 8DDDD '
echo ' ,DDDD. ..... DDDD, '
echo ' ~DDDD DDDD+ '
echo ' :DDDD. DDDD, '
echo ' DDDDD 8DDDD. '
echo ' ODDDD? ~DDDDZ '
echo ' .DDDDDD. .DDDDDD. '
echo ' .DDDDDD8. .8DDDDDD '
echo ' .:DDDDDDDDDDDDDDDDDDD:. '
echo ' .~DDDDDDDDDDDDDDD~. '
echo ' .:DDDDDDDDD,. '
echo
fi
# Print Logo
AC_ARG_ENABLE(logo,
AC_HELP_STRING(--disable-logo, [Disable Irontec Logo from Summary menu]),
[ enable_logo=$enableval],
[ enable_logo=yes])
AS_IF([test "x$enable_logo" == "xyes"], [
echo ''
echo ' ██╗██████╗ ██████╗ ███╗ ██╗████████╗███████╗ ██████╗'
echo ' ██║██╔══██╗██╔═══██╗████╗ ██║╚══██╔══╝██╔════╝██╔════╝'
echo ' ██║██████╔╝██║ ██║██╔██╗ ██║ ██║ █████╗ ██║ '
echo ' ██║██╔══██╗██║ ██║██║╚██╗██║ ██║ ██╔══╝ ██║ '
echo ' ██║██║ ██║╚██████╔╝██║ ╚████║ ██║ ███████╗╚██████╗'
echo ' ╚═╝╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═══╝ ╚═╝ ╚══════╝ ╚═════╝'
echo ''
])
AC_MSG_NOTICE
AC_MSG_NOTICE( sngrep configure finished )
......@@ -175,6 +189,7 @@ AC_MSG_NOTICE( ====================================================== )
AC_MSG_NOTICE( OpenSSL Support : ${WITH_OPENSSL} )
AC_MSG_NOTICE( Unicode Support : ${UNICODE} )
AC_MSG_NOTICE( Perl Expressions Support : ${WITH_PCRE} )
AC_MSG_NOTICE( IPv6 Support : ${WITH_IPV6} )
AC_MSG_NOTICE( ====================================================== )
AC_MSG_NOTICE
......
......@@ -3,7 +3,7 @@
.\" Copyright (c) 2013-2015 Ivan Alonso <kaian@irontec.com>
.\" Copyright (c) 2013-2015 Irontec S.L.
.TH SNGREP 8 "March 2015" "sngrep 0.3.0"
.TH SNGREP 8 "March 2015" "sngrep 0.3.1"
.SH NAME
......
bin_PROGRAMS=sngrep
sngrep_SOURCES=capture.c sip.c sip_attr.c main.c option.c group.c filter.c
sngrep_SOURCES=capture.c sip.c sip_attr.c main.c option.c group.c filter.c keybinding.c
sngrep_SOURCES+=ui_manager.c ui_call_list.c ui_call_flow.c ui_call_raw.c
sngrep_SOURCES+=ui_filter.c ui_save_pcap.c ui_save_raw.c ui_msg_diff.c ui_column_select.c
......
......@@ -39,6 +39,9 @@
#include "sip.h"
#include "option.h"
#include "ui_manager.h"
#ifdef WITH_IPV6
#include <netinet/ip6.h>
#endif
// Capture information
capture_info_t capinfo = { 0 };
......@@ -84,11 +87,14 @@ capture_online(const char *dev, const char *outfile)
return 3;
}
// Get Local devices addresses
pcap_findalldevs(&capinfo.devices, errbuf);
return 0;
}
int
capture_offline(const char *infile)
capture_offline(const char *infile, const char *outfile)
{
// Error text (in case of file open error)
char errbuf[PCAP_ERRBUF_SIZE];
......@@ -104,6 +110,15 @@ capture_offline(const char *infile)
return 1;
}
// If requested store packets in a dump file
if (outfile) {
if ((capinfo.pd = dump_open(outfile)) == NULL) {
fprintf(stderr, "Couldn't open output dump file %s: %s\n", outfile,
pcap_geterr(capinfo.handle));
return 2;
}
}
// Get datalink to parse packets correctly
capinfo.link = pcap_datalink(capinfo.handle);
......@@ -122,9 +137,21 @@ parse_packet(u_char *mode, const struct pcap_pkthdr *header, const u_char *packe
// Datalink Header size
int size_link;
// IP header data
struct nread_ip *ip;
struct ip *ip4;
#ifdef WITH_IPV6
// IPv6 header data
struct ip6_hdr *ip6;
#endif
// IP protocol
uint8_t ip_proto;
// IP segment length
uint32_t ip_len;
// IP header size
int size_ip;
uint32_t size_ip;
//! Source Address
char ip_src[INET6_ADDRSTRLEN + 1];
//! Destination Address
char ip_dst[INET6_ADDRSTRLEN + 1];
// UDP header data
struct nread_udp *udp;
// TCP header data
......@@ -132,11 +159,11 @@ parse_packet(u_char *mode, const struct pcap_pkthdr *header, const u_char *packe
// Packet payload data
u_char *msg_payload = NULL;
// Packet payload size
int size_payload;
uint32_t size_payload;
// Parsed message data
sip_msg_t *msg;
// Total packet size
int size_packet;
uint32_t size_packet;
// SIP message transport
int transport; /* 0 UDP, 1 TCP, 2 TLS */
// Source and Destination Ports
......@@ -150,18 +177,38 @@ parse_packet(u_char *mode, const struct pcap_pkthdr *header, const u_char *packe
if (capinfo.limit && sip_calls_count() >= capinfo.limit)
return;
// Store this packets in output file
dump_packet(capinfo.pd, header, packet);
// Get link header size from datalink type
size_link = datalink_size(capinfo.link);
// Get IP header
ip = (struct nread_ip*) (packet + size_link);
size_ip = IP_HL(ip) * 4;
ip4 = (struct ip*) (packet + size_link);
#ifdef WITH_IPV6
// Get IPv6 header
ip6 = (struct ip6_hdr*)(packet + size_link);
#endif
switch(ip4->ip_v) {
case 4:
size_ip = ip4->ip_hl * 4;
ip_proto = ip4->ip_p;
ip_len = ntohs(ip4->ip_len);
inet_ntop(AF_INET, &ip4->ip_src, ip_src, sizeof(ip_src));
inet_ntop(AF_INET, &ip4->ip_dst, ip_dst, sizeof(ip_dst));
break;
#ifdef WITH_IPV6
case 6:
size_ip = sizeof(struct ip6_hdr);
ip_proto = ip6->ip6_nxt;
ip_len = ntohs(ip6->ip6_plen);
inet_ntop(AF_INET6, &ip6->ip6_src, ip_src, INET6_ADDRSTRLEN);
inet_ntop(AF_INET6, &ip6->ip6_dst, ip_dst, INET6_ADDRSTRLEN);
break;
#endif
}
// Only interested in UDP packets
if (ip->ip_p == IPPROTO_UDP) {
if (ip_proto == IPPROTO_UDP) {
// Set transport UDP
transport = 0;
......@@ -171,20 +218,18 @@ parse_packet(u_char *mode, const struct pcap_pkthdr *header, const u_char *packe
sport = udp->udp_sport;
dport = udp->udp_dport;
// We're only interested in packets with payload
size_payload = htons(udp->udp_hlen) - SIZE_UDP;
if (size_payload <= 0)
return;
// Get packet payload
msg_payload = malloc(size_payload + 1);
memset(msg_payload, 0, size_payload + 1);
memcpy(msg_payload, (u_char *) (packet + size_link + size_ip + SIZE_UDP), size_payload);
if (size_payload > 0 ) {
// Get packet payload
msg_payload = malloc(size_payload + 1);
memset(msg_payload, 0, size_payload + 1);
memcpy(msg_payload, (u_char *) (packet + size_link + size_ip + SIZE_UDP), size_payload);
}
// Total packet size
size_packet = size_link + size_ip + SIZE_UDP + size_payload;
} else if (ip->ip_p == IPPROTO_TCP) {
} else if (ip_proto == IPPROTO_TCP) {
// Set transport TCP
transport = 1;
......@@ -194,7 +239,7 @@ parse_packet(u_char *mode, const struct pcap_pkthdr *header, const u_char *packe
dport = tcp->th_dport;
// We're only interested in packets with payload
size_payload = ntohs(ip->ip_len) - (size_ip + SIZE_TCP);
size_payload = ip_len - (size_ip + SIZE_TCP);
if (size_payload > 0) {
// Get packet payload
msg_payload = malloc(size_payload + 1);
......@@ -212,7 +257,7 @@ parse_packet(u_char *mode, const struct pcap_pkthdr *header, const u_char *packe
memset(msg_payload, 0, size_payload + 1);
// Try to decrypt the packet
tls_process_segment(ip, &msg_payload, &size_payload);
tls_process_segment(ip4, &msg_payload, &size_payload);
// Check if we have decoded payload
if (size_payload <= 0)
......@@ -228,12 +273,23 @@ parse_packet(u_char *mode, const struct pcap_pkthdr *header, const u_char *packe
return;
}
// Increase capture stats
if (ip4->ip_v == 4 && capinfo.devices) {
if(is_local_address(ip4->ip_src.s_addr)) {
capinfo.local_ports[htons(sport)]++;
capinfo.remote_ports[htons(dport)]++;
} else {
capinfo.remote_ports[htons(sport)]++;
capinfo.local_ports[htons(dport)]++;
}
}
// We're only interested in packets with payload
if (size_payload <= 0)
return;
// Parse this header and payload
msg = sip_load_message(header->ts, ip->ip_src, sport, ip->ip_dst, dport, msg_payload);
msg = sip_load_message(header, ip_src, sport, ip_dst, dport, msg_payload);
free(msg_payload);
// This is not a sip message, Bye!
......@@ -250,11 +306,12 @@ parse_packet(u_char *mode, const struct pcap_pkthdr *header, const u_char *packe
}
// Set message PCAP data
msg->pcap_header = malloc(sizeof(struct pcap_pkthdr));
memcpy(msg->pcap_header, header, sizeof(struct pcap_pkthdr));
msg->pcap_packet = malloc(size_packet);
memcpy(msg->pcap_packet, packet, size_packet);
// Store this packets in output file
dump_packet(capinfo.pd, header, packet);
}
void
......@@ -340,8 +397,14 @@ capture_is_paused()
return capinfo.status == CAPTURE_ONLINE_PAUSED;
}
int
capture_get_status()
{
return capinfo.status;
}
const char *
capture_status()
capture_get_status_desc()
{
switch(capinfo.status) {
case CAPTURE_ONLINE:
......@@ -406,8 +469,10 @@ datalink_size(int datalink)
return 21;
case DLT_ENC:
return 12;
#ifdef DLT_LINUX_SLL
case DLT_LINUX_SLL:
return 16;
#endif
#ifdef DLT_IPNET
case DLT_IPNET:
return 24;
......@@ -443,16 +508,12 @@ dump_close(pcap_dumper_t *pd)
}
const char *
lookup_hostname(struct in_addr *addr)
lookup_hostname(const char *address)
{
int i;
int hostlen;
struct hostent *host;
char *hostname;
char *address;
// Initialize values
address = (char *) inet_ntoa(*addr);
const char *hostname;
// Check if we have already tryied resolve this address
for (i = 0; i < capinfo.dnscache.count; i++) {
......@@ -462,7 +523,7 @@ lookup_hostname(struct in_addr *addr)
}
// Lookup this addres
host = gethostbyaddr(addr, 4, AF_INET);
host = gethostbyaddr(address, 4, AF_INET);
if (!host) {
hostname = address;
} else {
......@@ -480,3 +541,32 @@ lookup_hostname(struct in_addr *addr)
// Return the stored value
return capinfo.dnscache.hostname[capinfo.dnscache.count - 1];
}
int
is_local_address_str(const char *address)
{
return is_local_address(inet_addr(address));
}
int
is_local_address(in_addr_t address)
{
pcap_if_t *device;
pcap_addr_t *dev_addr;
for (device = capinfo.devices; device; device = device->next) {
for (dev_addr = device->addresses; dev_addr; dev_addr = dev_addr->next)
if (((struct sockaddr_in*)dev_addr)->sin_addr.s_addr == address)
return 1;
}
return 0;
}
int
capture_packet_count_port(int type, int port)
{
if (type == 0)
return capinfo.remote_ports[port];
else
return capinfo.local_ports[port];
}
......@@ -33,12 +33,30 @@
#define __SNGREP_CAPTURE_H
#include "config.h"
#include <pthread.h>
#include <pcap.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>
#if defined(__linux__)
#include <arpa/inet.h>
#include <netinet/if_ether.h>
#include <time.h>
#include <netinet/ip.h>
#include <arpa/inet.h>
#endif
#if defined(BSD) || defined (__OpenBSD__)
#define bpf_timeval timeval
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <net/if.h>
#include <arpa/inet.h>
#include <netinet/if_ether.h>
#endif
//! Capture modes
enum capture_status {
......@@ -94,6 +112,12 @@ struct capture_info {
int link;
//! Cache for DNS lookups
dns_cache_t dnscache;
//! Local devices pointer
pcap_if_t *devices;
//! Incoming Packets per port
int local_ports[65535];
//! Outgoint Packets per port
int remote_ports[65535];
//! Capture thread for online capturing
pthread_t capture_t;
};
......@@ -103,41 +127,6 @@ struct capture_info {
//! TCP headers size
#define SIZE_TCP TH_OFF(tcp)*4
/**
* @brief IP data structure
*/
struct nread_ip {
//! header length, version
u_int8_t ip_vhl;
//! type of service
u_int8_t ip_tos;
//! total length
u_int16_t ip_len;
//! identification
u_int16_t ip_id;
//! fragment offset field
u_int16_t ip_off;
//! reserved fragment flag
#define IP_RF 0x8000
//! dont fragment flag
#define IP_DF 0x4000
//! more fragments flag
#define IP_MF 0x2000
//! mask for fragmenting bits
#define IP_OFFMASK 0x1fff
//! time to live
u_int8_t ip_ttl;
//! protocol
u_int8_t ip_p;
//! checksum
u_int16_t ip_sum;
//! source and dest addresses
struct in_addr ip_src, ip_dst;
};
#define IP_HL(ip) (((ip)->ip_vhl) & 0x0f)
#define IP_V(ip) (((ip)->ip_vhl) >> 4)
/**
* @brief UDP data structure
*/
......@@ -199,7 +188,7 @@ capture_online(const char *dev, const char *outfile);
* @return 0 if load has been successfull, 1 otherwise
*/
int
capture_offline(const char *infile);
capture_offline(const char *infile, const char *outfile);
/**
* @brief Read the next package and parse SIP messages
......@@ -272,11 +261,17 @@ capture_set_paused(int pause);
int
capture_is_paused();
/**
* @brief Get capture status value
*/
int
capture_get_status();
/**
* @brief Return a string representing current capture status
*/
const char *
capture_status();
capture_get_status_desc();
/**
* @brief Get Input file from Offline mode
......@@ -350,6 +345,33 @@ dump_close(pcap_dumper_t *pd);
* original address to avoid lookup again the same address.
*/
const char *
lookup_hostname(struct in_addr *addr);
lookup_hostname(const char *address);
/**
* @brief Check if a given address belongs to a local device
*
* @param address IPv4 string format for address
* @return 1 if address is local, 0 otherwise
*/
int
is_local_address_str(const char *address);
/**
* @brief Check if a given address belongs to a local device
*
* @param address IPv4 format for address
* @return 1 if address is local, 0 otherwise
*/
int
is_local_address(in_addr_t address);
/**
* @brief Return the packet count on a given port
*
* @param type 1 for local ports, 0 for remote
* @return the packet count on requested port
*/
int
capture_packet_count_port(int type, int port);
#endif
......@@ -209,7 +209,7 @@ tls_connection_find(struct in_addr addr, u_short port)
}
int
tls_process_segment(const struct nread_ip *ip, uint8 **out, int *outl)
tls_process_segment(const struct ip *ip, uint8 **out, int *outl)
{
struct SSLConnection *conn;
struct nread_tcp *tcp;
......@@ -217,7 +217,7 @@ tls_process_segment(const struct nread_ip *ip, uint8 **out, int *outl)
int len;
// Get TCP header
tcp = (struct nread_tcp *) ((uint8 *) ip + (IP_HL(ip) * 4));
tcp = (struct nread_tcp *) ((uint8 *) ip + (ip->ip_hl * 4));
// Try to find a session for this ip
if ((conn = tls_connection_find(ip->ip_src, tcp->th_sport))) {
......@@ -240,7 +240,7 @@ tls_process_segment(const struct nread_ip *ip, uint8 **out, int *outl)
case TCP_STATE_ESTABLISHED:
// Process data segment!
payload = (uint8 *) tcp + SIZE_TCP;
len = ntohs(ip->ip_len) - (IP_HL(ip) * 4) - SIZE_TCP;
len = ntohs(ip->ip_len) - (ip->ip_hl * 4) - SIZE_TCP;
tls_process_record(conn, payload, len, out, outl);
break;
case TCP_STATE_FIN:
......
......@@ -352,7 +352,7 @@ tls_connection_find(struct in_addr addr, u_short port);
* @return 0 in all cases
*/
int
tls_process_segment(const struct nread_ip *ip, uint8 **out, int *outl);
tls_process_segment(const struct ip *ip, uint8 **out, int *outl);
/**
* @brief Process TLS record data
......
......@@ -199,10 +199,10 @@ sip_msg_is_older(sip_msg_t *one, sip_msg_t *two)
if (!two)
return 1;
// Compare seconds
if (one->ts.tv_sec > two->ts.tv_sec)
if (one->pcap_header->ts.tv_sec > two->pcap_header->ts.tv_sec)
return 1;
// Compare useconds if seconds are equal
if (one->ts.tv_sec == two->ts.tv_sec && one->ts.tv_usec > two->ts.tv_usec)
if (one->pcap_header->ts.tv_sec == two->pcap_header->ts.tv_sec && one->pcap_header->ts.tv_usec >