Merge remote-tracking branch 'origin/topic/vladg/sip'

* origin/topic/vladg/sip: Update NEWS. Update baselines. Spruce up SIP events.bif documentation a bit. Register SIP analyzer to well known port. Fix indenting issue in main.bro Add SIP btests. Small update for the SIP logs and DPD sig. SIP: Fix up DPD and the TCP analyzer a bit. SIP: Move to the new string BIFs SIP: Move to new analyzer format. Move the SIP analyzer to uint64 sequences, and a number of other small SIP fixes. Rely on content inspection and not just is_orig to determine client/server. Enable SIP in CMakeLists.txt Merge topic/seth/faf-updates. BIT-1370 #merged
2025-10-16 05:28:20 +00:00 · 2015-04-21 15:23:00 -07:00 · 2015-04-21 15:23:00 -07:00 · 5b32791edb
commit 5b32791edb
parent d1d53f4b08 7370829ff4
30 changed files with 1355 additions and 364 deletions
--- a/src/analyzer/protocol/sip/SIP_TCP.h
+++ b/src/analyzer/protocol/sip/SIP_TCP.h
@ -0,0 +1,37 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+//
+// TODO: This is preliminary code that's not yet functional and not
+// activated. We don't yet support SIP-over-TCP.
+
+#ifndef ANALYZER_PROTOCOL_SIP_SIP_TCP_H
+#define ANALYZER_PROTOCOL_SIP_SIP_TCP_H
+
+#include "analyzer/protocol/tcp/TCP.h"
+
+#include "sip_TCP_pac.h"
+
+namespace analyzer { namespace sip_tcp {
+
+class SIP_Analyzer : public tcp::TCP_ApplicationAnalyzer {
+public:
+	SIP_Analyzer(Connection* conn);
+	virtual ~SIP_Analyzer();
+
+	virtual void Done();
+	virtual void DeliverStream(int len, const u_char* data, bool orig);
+	virtual void Undelivered(uint64 seq, int len, bool orig);
+
+	// Overriden from tcp::TCP_ApplicationAnalyzer.
+	virtual void EndpointEOF(bool is_orig);
+
+	static analyzer::Analyzer* Instantiate(Connection* conn)
+		{ return new SIP_Analyzer(conn); }
+
+protected:
+	binpac::SIP_TCP::SIP_Conn* interp;
+	bool had_gap;
+};
+
+} } // namespace analyzer::*
+
+#endif