Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ISUP multipart encoding issue #540

Open
mkpaz opened this issue Dec 13, 2023 · 8 comments
Open

ISUP multipart encoding issue #540

mkpaz opened this issue Dec 13, 2023 · 8 comments
Assignees
@adubovikov
Labels
bug Something isn't working

Comments

@mkpaz
Copy link

mkpaz commented Dec 13, 2023
edited
Loading

I send HEP packets that contains a SIP message with ISUP attachment like this:

436f6e74656e742d446973706f736974696f6e3a207369676e616c3b68616e646c696e673d72657175697265640d0a0d0a << boundary
011048000a03020a0804108764125250f53904c0d03dc00a0884138764020090093d011bc00906841387640200900900 << ISUP binary
0d0a2d2d7369702d626f756e646172792d4d7a316753574e5756542d2d << boundary

I compared it with the actual SIP message and they're identical and can be decoded by Wireshark dissector.

But after inserting into PgSQL database it looks like this:

436f6e74656e742d446973706f736974696f6e3a207369676e616c3b68616e646c696e673d72657175697265640d0a0d0a << boundary
0110480a03020a0804106412525039043d0a08136402093d011b090613640209 << ISUP binary
0d0a2d2d7369702d626f756e646172792d4d7a316753574e5756542d2d << boundary

Some bytes just lost in the process:

011048000a03020a0804108764125250f53904c0d03dc00a0884138764020090093d011bc00906841387640200900900 << hep
0110480  a03020a080410  64125250  3904    3d  0a08  13  64020    93d011b 090 6  13  64020 9 << database

So, tshark decoder fails with some JSON error.

I suppose it's some encoding problem. Here is a similar issue, except Heplify removes more than just \x00.
@lmangani
Copy link
Member

@mkpaz thanks for raising this can you provide a pcap to reproduce this end-to-end?

@lmangani lmangani added the bug Something isn't working label Dec 13, 2023
@mkpaz
Copy link
Author

mkpaz commented Dec 14, 2023

@lmangani Thanks for the response. Yes, I've attached all info including pcap for both SIP and HEP side.

isup_encoding_issue.zip

@mkpaz
Copy link
Author

mkpaz commented Feb 8, 2024

@lmangani Any suggestions would be greatly appreciated. I've tried to compile a look at it myself, but I'm not a Go coder.

@lmangani
Copy link
Member

lmangani commented Feb 8, 2024

Thanks for your patience @mkpaz! Busy times. @adubovikov will review and patch if needed, once time allows

@lmangani lmangani self-assigned this Feb 8, 2024
@mkpaz
Copy link
Author

mkpaz commented Aug 13, 2024

No longer interested. Feel free to reopen if the project is still maintained.

@mkpaz mkpaz closed this as completed Aug 13, 2024
@lmangani lmangani reopened this Aug 13, 2024
@lmangani
Copy link
Member

The project is absolutely maintained, but sadly the resources are scarce. Apologies for letting this fall behind!

@lmangani lmangani assigned adubovikov and unassigned lmangani Aug 13, 2024
@adubovikov
Copy link
Member

the problem is here in postgress, the data in ISUP part is full binary and the field type "varchar" doesn't support and rejects some "binary" elements. The best way to do it, change "raw - varchar" to "raw - bytea", but this will require to change also select/insert query. We will test it in the lab and let you know

@adubovikov
Copy link
Member

so here is the way

postgres=# CREATE TABLE IF NOT EXISTS hep_proto_101_default (
                id BIGSERIAL NOT NULL,
                sid varchar NOT NULL,
                create_date timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL,
                protocol_header jsonb NOT NULL,
                data_header jsonb NOT NULL,
                raw bytea NOT NULL
        );
CREATE TABLE
postgres=# \d
                          List of relations
 Schema |             Name             |       Type        |  Owner   
--------+------------------------------+-------------------+----------
 public | hep_proto_101_default        | table             | postgres
 public | hep_proto_101_default_id_seq | sequence          | postgres
(2 rows)

postgres=# INSERT INTO hep_proto_101_default (id, sid, create_date, protocol_header, data_header, raw) VALUES (1, 'aaa', '2014-06-12 20:36:50', '{}', '{}', 'aassdsdsddsfsdf');
INSERT 0 1
postgres=# INSERT INTO hep_proto_101_default (id, sid, create_date, protocol_header, data_header, raw) VALUES (1, 'aaa', '2014-06-12 20:36:50', '{}', '{}', 'bbbbbbasd2323'::bytea);
INSERT 0 1

postgres=# select * from hep_proto_101_default;
 id | sid |      create_date       | protocol_header | data_header |               raw                
----+-----+------------------------+-----------------+-------------+----------------------------------
  1 | aaa | 2014-06-12 20:36:50+02 | {}              | {}          | \x616173736473647364647366736466
  1 | aaa | 2014-06-12 20:36:50+02 | {}              | {}          | \x62626262626261736432333233
(2 rows)

postgres=# select * from hep_proto_101_default where raw LIKE '%bbbb%';
 id | sid |      create_date       | protocol_header | data_header |             raw              
----+-----+------------------------+-----------------+-------------+------------------------------
  1 | aaa | 2014-06-12 20:36:50+02 | {}              | {}          | \x62626262626261736432333233
(1 row)

postgres=# select * from hep_proto_101_default where raw LIKE '%aa%';
 id | sid |      create_date       | protocol_header | data_header |               raw                
----+-----+------------------------+-----------------+-------------+----------------------------------
  1 | aaa | 2014-06-12 20:36:50+02 | {}              | {}          | \x616173736473647364647366736466
(1 row)

postgres=# select encode(raw,'escape') from hep_proto_101_default where raw LIKE '%aa%';
     encode      
-----------------
 aassdsdsddsfsdf
(1 row)

postgres=# select encode(raw,'escape') from hep_proto_101_default where raw LIKE '%bb%';
    encode     
---------------
 bbbbbbasd2323
(1 row)

so, we should change it to bytea and in the select, we have to convert the raw into "hex" or to "escape" string.

@mkpaz sounds good for you ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adubovikov adubovikov

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lmangani @adubovikov @mkpaz