Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Small update for the SIP logs and DPD sig.

Browse source 
The logs were incomplete for intermediate 1xx responses.
This commit is contained in:
Seth Hall 2015-04-17 21:46:56 -04:00
parent 4a2d7f1d39
commit 94afcd89c0
2 changed files with 29 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/protocols/sip/dpd.sig
View file

@ -1,5 +1,5 @@
signature dpd_sip { signature dpd_sip {
ip-proto == udp ip-proto == udp
payload /^( SIP\/[0-9]\.[0-9]\x0d\x0a|SIP\/[0-9]\.[0-9] [0-9][0-9][0-9] )/ payload /^ ?SIP\/[0-9]\.[0-9](\x0d\x0a| [0-9][0-9][0-9] )/
enable "sip" enable "sip"
} }

37
scripts/base/protocols/sip/main.bro
View file

@ -129,6 +129,20 @@ function set_state(c: connection, is_request: bool)
c$sip = c$sip_state$pending[c$sip_state$current_response]; c$sip = c$sip_state$pending[c$sip_state$current_response];
} }
function flush_pending(c: connection)
{
# Flush all pending but incomplete request/response pairs.
if ( c?$sip_state )
{
for ( r in c$sip_state$pending )
{
# We don't use pending elements at index 0.
if ( r == 0 ) next;
Log::write(SIP::LOG, c$sip_state$pending[r]);
}
}
}
event sip_request(c: connection, method: string, original_URI: string, version: string) &priority=5 event sip_request(c: connection, method: string, original_URI: string, version: string) &priority=5
{ {
set_state(c, T); set_state(c, T);
@ -142,7 +156,8 @@ event sip_request(c: connection, method: string, original_URI: string, version:
event sip_reply(c: connection, version: string, code: count, reason: string) &priority=5 event sip_reply(c: connection, version: string, code: count, reason: string) &priority=5
{ {
if ( c$sip_state$current_response !in c$sip_state$pending ) if ( c$sip_state$current_response !in c$sip_state$pending &&
(code < 100 && 200 <= code) )
++c$sip_state$current_response; ++c$sip_state$current_response;
set_state(c, F); set_state(c, F);
@ -198,21 +213,25 @@ event sip_end_entity(c: connection, is_request: bool) &priority = -5
if ( ! is_request ) if ( ! is_request )
{ {
Log::write(SIP::LOG, c$sip); Log::write(SIP::LOG, c$sip);
delete c$sip_state$pending[c$sip_state$current_response];
if ( c$sip$status_code < 100 || 200 <= c$sip$status_code )
delete c$sip_state$pending[c$sip_state$current_response];
if ( c$sip$method == "BYE" &&
c$sip$status_code >= 200 && c$sip$status_code < 300 )
{
flush_pending(c);
delete c$sip;
delete c$sip_state;
}
} }
} }
event connection_state_remove(c: connection) &priority=-5 event connection_state_remove(c: connection) &priority=-5
{ {
# Flush all pending but incomplete request/response pairs.
if ( c?$sip_state ) if ( c?$sip_state )
{ {
for ( r in c$sip_state$pending ) flush_pending(c);
{
# We don't use pending elements at index 0.
if ( r == 0 ) next;
Log::write(SIP::LOG, c$sip_state$pending[r]);
}
} }
} }