lmangani
commented
11 months ago @mkpaz thanks for raising this can you provide a pcap to reproduce this end-to-end?
Open mkpaz opened 11 months ago
lmangani
commented
11 months ago @mkpaz thanks for raising this can you provide a pcap to reproduce this end-to-end?
mkpaz
commented
11 months ago @lmangani Thanks for the response. Yes, I've attached all info including pcap for both SIP and HEP side.
mkpaz
commented
9 months ago @lmangani Any suggestions would be greatly appreciated. I've tried to compile a look at it myself, but I'm not a Go coder.
lmangani
commented
9 months ago Thanks for your patience @mkpaz! Busy times. @adubovikov will review and patch if needed, once time allows
mkpaz
commented
3 months ago No longer interested. Feel free to reopen if the project is still maintained.
lmangani
commented
3 months ago The project is absolutely maintained, but sadly the resources are scarce. Apologies for letting this fall behind!
adubovikov
commented
3 months ago the problem is here in postgress, the data in ISUP part is full binary and the field type "varchar" doesn't support and rejects some "binary" elements. The best way to do it, change "raw - varchar" to "raw - bytea", but this will require to change also select/insert query. We will test it in the lab and let you know
adubovikov
commented
3 months ago so here is the way
postgres=# CREATE TABLE IF NOT EXISTS hep_proto_101_default (
id BIGSERIAL NOT NULL,
sid varchar NOT NULL,
create_date timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL,
protocol_header jsonb NOT NULL,
data_header jsonb NOT NULL,
raw bytea NOT NULL
);
CREATE TABLE
postgres=# \d
List of relations
Schema | Name | Type | Owner
--------+------------------------------+-------------------+----------
public | hep_proto_101_default | table | postgres
public | hep_proto_101_default_id_seq | sequence | postgres
(2 rows)
postgres=# INSERT INTO hep_proto_101_default (id, sid, create_date, protocol_header, data_header, raw) VALUES (1, 'aaa', '2014-06-12 20:36:50', '{}', '{}', 'aassdsdsddsfsdf');
INSERT 0 1
postgres=# INSERT INTO hep_proto_101_default (id, sid, create_date, protocol_header, data_header, raw) VALUES (1, 'aaa', '2014-06-12 20:36:50', '{}', '{}', 'bbbbbbasd2323'::bytea);
INSERT 0 1
postgres=# select * from hep_proto_101_default;
id | sid | create_date | protocol_header | data_header | raw
----+-----+------------------------+-----------------+-------------+----------------------------------
1 | aaa | 2014-06-12 20:36:50+02 | {} | {} | \x616173736473647364647366736466
1 | aaa | 2014-06-12 20:36:50+02 | {} | {} | \x62626262626261736432333233
(2 rows)
postgres=# select * from hep_proto_101_default where raw LIKE '%bbbb%';
id | sid | create_date | protocol_header | data_header | raw
----+-----+------------------------+-----------------+-------------+------------------------------
1 | aaa | 2014-06-12 20:36:50+02 | {} | {} | \x62626262626261736432333233
(1 row)
postgres=# select * from hep_proto_101_default where raw LIKE '%aa%';
id | sid | create_date | protocol_header | data_header | raw
----+-----+------------------------+-----------------+-------------+----------------------------------
1 | aaa | 2014-06-12 20:36:50+02 | {} | {} | \x616173736473647364647366736466
(1 row)
postgres=# select encode(raw,'escape') from hep_proto_101_default where raw LIKE '%aa%';
encode
-----------------
aassdsdsddsfsdf
(1 row)
postgres=# select encode(raw,'escape') from hep_proto_101_default where raw LIKE '%bb%';
encode
---------------
bbbbbbasd2323
(1 row)
so, we should change it to bytea and in the select, we have to convert the raw into "hex" or to "escape" string.
@mkpaz sounds good for you ?
I send HEP packets that contains a SIP message with ISUP attachment like this:
I compared it with the actual SIP message and they're identical and can be decoded by Wireshark dissector.
But after inserting into PgSQL database it looks like this:
Some bytes just lost in the process:
So, tshark decoder fails with some JSON error.
I suppose it's some encoding problem. Here is a similar issue, except Heplify removes more than just
\x00.