Implemented generic capture input and output structures to manage
all packet sources and sinks directly from a capture manager.
Currently available capture inputs:
- PCAP (device)
- PCAP (file)
- HEP (server mode)
Currently availabe capture outptus:
- PCAP (file)
- HEP (client mode)
While not the best structure container, GSequence
has most of the methods that vector used and also allows
replacing vector_iterator_t with GSequenceIter.
From this point we can move to other containers like
GSList, GList or GPtrArray when required.
Although sngrep has Unicode support for ncurses, the SIP message payload
is printed character by character using mvwaddch
This commit adds a new configurable setting cr.nonascii that defaults to .
to replace not printable characters.
This is taken from the apache source code.
LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
changes from OpenSSL >= 1.1.
To work around this:
- check to see if LIBRESSL_VERSION_NUMBER is defined.
- If so, define MODSSL_USE_OPENSSL_PRE_1_1_API.
- Change all checks for OPENSSL_VERSION_NUMBER < 0x10100000L to
'#if MODSSL_USE_OPENSSL_PRE_1_1_API'
This keeps the code maintainable in the future as well.
Display filter content was being moved into a temporal
buffer with fixed length of 256. The filter field is
determined by the actual screen width, so we must ensure
the buffer has enough space to contain it.
ncurses always returns the same length output for the
filter value, filling the buffer with whitespaces until the
field lenght has been reached.
If DLT_NFLOG is available (libpcap >1.6.0) standard libpcap structs will be
used. Othewise, a fallback minimum implementation is provided in capture
headers.
Thanks as always to wireshak team for the sources to implement this :)
Added a new setting to only try to decrypt incomming TLS connections to
configured server in format IP:PORT
To enable this add following setting in sngreprc
set capture.tlsserver X.X.X.X:YYYY
When SYN-SYN+ACK-ACK sequence is captured, we handle the TCP
stream as TLS if keyfile is provided. This may not be the case,
so we must allow SIP parsing in TCP streams that doesn't come
with SSL record data.
While reading pcap files the packet loop ends and the capture handler
is closed, making it unusable for saving packets.
This commit avoids closing the handler until the application has
quit, using the running flag to determine if the capture thread is running
or not.
stdin was being reopened always even when input file was a pcap file.
Current tests enter keybinding from stdin so its data was being
ignored making them fail.