Hi Francesco, This is an awesome initiative! This will definitely help more people help you improve PM. Thanks, and keep sharing!
On Jun 14, 2011, at 6:32 AM, Francesco Piccinno wrote: > Just another mail to share the knowledge a little bit more about the > architecture of PM. > > On Tue, Jun 14, 2011 at 5:01 AM, Guilherme Rezende > <[email protected]> wrote: >> In sip_register2.pcap i have 2 registers, one with correct password and >> other wrong. >> when i run the run-tester, all packets are duplicated. > > I got the point. That's because of the way PacketManipulator invokes > the dissectors. Your code gets called by the following lines in the > function __run_dissectors(self, mpkt) of > umit/pm/manager/auditmanager.py. If you look in detail lines 308-311 > are responsible for this duplication. > > 308 if ret is not None: > 309 self.run_decoder(ret, mpkt.l4_src, mpkt) > 310 self.run_decoder(ret, mpkt.l4_dst, mpkt) > > This is because in your code you specified SIP_PORTS = (5060, 5061) > and your pcap file is a conversation between two endpoints with > ip1:5060 <-> ip2:5060. With this assumption PacketManipulator will > execute your function sip() for line 309 and then for line 310. There > are several ways to solve this issue. One is through the use of > sessions and check whether the packet is coming from a server or a > client. In UDP actually are both peers btw you have to distinct server > and client from the information they provide. The other one is to set > up a local-cfield in the packet and checks if the packet is already > been parsed. The last and probably the preferable is a mix between > SessionManager usage and information extraction. Just identify whether > the packet is a response or a request according to the standard and do > proper handling of request/response accordingly. So at the end you > should have something: > > sess = lookup session but do not create > if is_response: > parse_response > else: > parse_request > > def parse_response(mpkt, sess): > if sess is None: > register it > sess.data = (mpkt.l3_src, mpkt.l3_dst) > ... > def parse_request(mpkt, sess): > if sess is None; > register it > sess.data = (mpkt.l3_dst, mpkt.l3_src) > > In this way you should have a tuple of two elements in the session > data attribute. The first corresponding to the server and the second > to the client. Than it should be easy :) > > -- > Best regards, > Francesco Piccinno > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > Umit-gsoc mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/umit-gsoc --- Adriano Monteiro Marques http://www.thoughtspad.com http://www.umitproject.org http://blog.umitproject.org "Don't stay in bed, unless you can make money in bed." - George Burns ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
