Provide ngcp-sip 1.0.3 package

From: Michael Prokop <mprokop@sipwise.com>

debian/changelog

@@ -0,0 +1,9 @@
+ngrep-sip (1.0.3) unstable; urgency=low
+
+  * Initial release with new Debian packaging work and maintained within
+    the sip:provider project, based on
+    http://dev.sipdoc.net/projects/sip-stuff/wiki/Ngrep-SIP /
+    http://deb.sipdoc.net/pool/main/n/ngrep-sip/ngrep-sip_1.0.2-3_all.deb
+
+ -- Michael Prokop <mprokop@sipwise.com>  Tue, 03 Apr 2012 16:24:30 +0200
+

debian/compat

@@ -0,0 +1 @@
+8

debian/control

@@ -0,0 +1,14 @@
+Source: ngrep-sip
+Section: net
+Priority: extra
+Maintainer: Sipwise Development Team <support@sipwise.com>
+Build-Depends: debhelper (>= 8)
+Standards-Version: 3.9.3
+Homepage: http://sipwise.com/
+
+Package: ngrep-sip
+Architecture: all
+Depends: ${misc:Depends}, ngrep
+Description: capture SIP flow based on ngrep command
+ Simple wrapper script for ngrep which allows matching rules
+ based on SIP methods or custom message fields and pcap filters.

debian/copyright

@@ -0,0 +1,52 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Ngrep-SIP
+Upstream-Contact: Iñaki Baz Castillo <ibc@aliax.net>
+Source: http://dev.sipdoc.net/projects/sip-stuff/wiki/Ngrep-SIP
+
+Files: *
+Copyright: 2008, Iñaki Baz Castillo <ibc@aliax.net>
+License: GPL-3+
+ This program is free software; you can redistribute it
+ and/or modify it under the terms of the GNU General Public
+ License as published by the Free Software Foundation; either
+ version 3 of the License, or (at your option) any later
+ version.
+ .
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE.  See the GNU General Public License for more
+ details.
+ .
+ You should have received a copy of the GNU General Public
+ License along with this package; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA  02110-1301 USA
+ .
+ On Debian systems, the full text of the GNU General Public
+ License version 3 can be found in the file
+ `/usr/share/common-licenses/GPL-3'.
+
+Files: debian/
+Copyright: 2012, Michael Prokop <mprokop@sipwise.com>
+License: GPL-3+
+ This program is free software; you can redistribute it
+ and/or modify it under the terms of the GNU General Public
+ License as published by the Free Software Foundation; either
+ version 3 of the License, or (at your option) any later
+ version.
+ .
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE.  See the GNU General Public License for more
+ details.
+ .
+ You should have received a copy of the GNU General Public
+ License along with this package; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA  02110-1301 USA
+ .
+ On Debian systems, the full text of the GNU General Public
+ License version 3 can be found in the file
+ `/usr/share/common-licenses/GPL-3'.

debian/ngrep-sip.install

@@ -0,0 +1,2 @@
+etc/ngrep-sip.conf etc/
+usr/bin/ngrep-sip  usr/bin/

debian/ngrep-sip.manpages

@@ -0,0 +1 @@
+usr/share/man/man8/ngrep-sip.8

debian/rules

@@ -0,0 +1,3 @@
+#!/usr/bin/make -f
+%:
+	dh $@

etc/ngrep-sip.conf

@@ -0,0 +1,16 @@
+## ngrep-sip configuration file
+
+# interface
+#
+# Interface in which ngrep must capture data. Possible values are 'eth0', 'eth1', 'lo', 'any'.
+#interface=eth0
+interface=any
+
+# filter
+#
+# Pcap filter with same syntax as Tcpdump command.
+# filter="port 5060 or port 5062 or port 5070 or port 6060"
+# filter="host 1.2.3.4 and proto \\udp and \( port 5060 or port 5070 \)"
+filter="port 5060"
+
+

usr/bin/ngrep-sip

@@ -0,0 +1,78 @@
+#!/bin/bash
+
+
+conf_file="/etc/ngrep-sip.conf"
+
+# Default values.
+interface=any
+filter="port 5060"
+
+
+### Read conf file.
+if [ -f $conf_file ] ; then
+	. $conf_file
+else
+	echo "Warning: Conf file $conf_file not found!"
+fi
+
+
+### Functions.
+function show_help {
+	echo -e "Read the manual:\n  man ngrep-sip"
+}
+
+
+### Set parameter 1 as match rule (or show help).
+case $1 in
+
+-h|--help )
+	show_help
+	exit 0
+	;;
+
+basic|b )
+	match="(^|CSeq:\s?\d* )(INVITE|ACK|CANCEL|BYE|MESSAGE|REFER|PRACK|INFO|UPDATE)"
+	;;
+
+br|rb )
+	match="(^|CSeq:\s?\d* )(INVITE|ACK|CANCEL|BYE|MESSAGE|REFER|PRACK|INFO|UPDATE|REGISTER)"
+	;;
+
+r )
+	match="(^|CSeq:\s?\d* )(REGISTER)"
+	;;
+
+p )
+	match="(^|CSeq:\s?\d* )(SUBSCRIBE|PUBLISH|NOTIFY)"
+	;;
+
+pr|rp )
+	match="(^|CSeq:\s?\d* )(SUBSCRIBE|PUBLISH|NOTIFY|REGISTER)"
+	;;
+
+-o )
+	match="(^|CSeq:\s?\d* )(INVITE|ACK|CANCEL|BYE|MESSAGE|REFER|PRACK|INFO|UPDATE|SUBSCRIBE|PUBLISH|NOTIFY|REGISTER)"
+	;;
+
+-or|-ro )
+	match="(^|CSeq:\s?\d* )(INVITE|ACK|CANCEL|BYE|MESSAGE|REFER|PRACK|INFO|UPDATE|SUBSCRIBE|PUBLISH|NOTIFY)"
+	;;
+
+* )
+	match=$1
+	;;
+	
+esac
+
+
+### Set the rest of parameters as filter.
+shift
+if [ $# -ge 1 ] ; then
+	filter="$*"
+fi
+
+
+### Run ngrep command.
+ngrep -d $interface -P "'" -W byline -T -i -t "$match" $filter
+
+

usr/share/man/man8/ngrep-sip.8

@@ -0,0 +1,129 @@
+.TH NGREP-SIP 8 2008-12-24 "Linux" "User Manuals"
+.SH NAME
+ngrep-sip \- capture SIP flow based on ngrep command
+.PP
+.SH SYNOPSIS
+.B ngrep-sip
+[ \fIMATCH\fR ] [ \fIFILTER\fR ]
+.PP
+.SH DESCRIPTION
+Based on
+.BR ngrep (7),
+\fIngrep-sip\fR allows matching based on SIP methods or custom message fields and also defining \fIpcap\fR filters.
+.PP
+.SS MATCH
+Optional \fBMATCH\fR parameter can contain a special keyword or some text which must be present in the data.
+.PP
+The special keywords are:
+.TP
+\fBb\fR, \fBbasic\fR
+Capture transactions with SIP method INVITE, ACK, CANCEL, BYE, REFER, PRACK, INFO and MESSAGE.
+.TP
+\fBbr\fR, \fBrb\fR
+Some as \fBb\fR, \fBbasic\fR plus REGISTER method.
+.TP
+\fBr\fR
+Capture REGISTER transactions.
+.TP
+\fBp\fR
+Capture SUBSCRIBE, PUBLISH and NOTIFY transactions.
+.TP
+\fBpr\fR, \fBrp\fR
+Some as \fBp\fR plus REGISTER method.
+.TP
+\fB-o\fR
+Capture transactions with any method but OPTIONS.
+.TP
+\fB-or\fR, \fB-ro\fR
+Capture transactions with any method but OPTIONS or REGISTER.
+.PP
+Any other text can be used to set \fBMATCH\fR parameter. In this case that text will be required in the data being captured. It allows regular expressions. Examples:
+.TP
+666555444
+Capture all messages containing "666555444" text in headers or body.
+.TP
+"(123|124)@"
+Capture all messages containing "123@" or "124@" text in headers or body.
+.TP
+"^SIP/2.0 5"
+Capture all 5XX responses.
+.TP
+"^INVITE sip:111@"
+Capture all INVITE requests with RURI starting with "sip:111@".
+.PP
+.SS FILTER
+\fIpcap\fR filter. See below in "CONFIGURATION" - "filter" section.
+.PP
+.SH CONFIGURATION
+The script gets some parameters from \fI/etc/ngrep-sip.conf\fR file:
+.PP
+.SS interface
+Interface in which \fIngrep\fR must capture data. Possible values are \fIeth0\fR, \fIeth1\fR, \fIlo\fR, \fIany\fR. Use \fIany\fR to capture data in all the interfaces. Examples:
+.RS
+.nf
+interface=any
+interface=eth0
+.PP
+.SS filter
+\fIpcap\fR default filter. This parameter is overwritten when using \fBFILTER\fR parameter in command line. Examples:
+.RS
+.nf
+filter="port 5060 or port 5062 or port 5070 or port 6060"
+filter="host 1.2.3.4 and proto \\\\udp and \\( port 5060 or port 5070 \\)"
+filter="port 5060"
+.PP
+.SH EXAMPLES
+Capture all INVITE and MESSAGE related messages using default filter set in configuration file:
+.RS
+.nf
+\fBngrep-sip b\fP
+.fi
+.RE
+Capture all traffic using port 5060:
+.RS
+.nf
+\fBngrep-sip port 5060\fP
+.fi
+.RE
+Capture all REGISTER transactions via TCP using port 5060 or 5070 and address 1.2.3.4:
+.RS
+.nf
+\fBngrep-sip r proto \\\\tcp and \\( port 5060 or port 5070 \\) and host 1.2.3.4\fP
+.fi
+.RE
+Capture all UDP datagrams using port 5060 containing "sip:alice@domain" in the headers or body:
+.RS
+.nf
+\fBngrep-sip "sip:alice@domain" port 5060 and proto \\\\udp\fP
+.fi
+.RE
+Capture all 6XX responses from IP 1.2.3.4:
+.RS
+.nf
+\fBngrep-sip "^SIP/2.0 6" src host 1.2.3.4\fP
+.fi
+.RE
+.PP
+.SH NOTES
+\fIngrep-sip\fR can be also used to capture other kind of flow as SMTP or HTTP:
+.RS
+.nf
+\fBngrep-sip proto \\\\tcp and port 25\fP
+.fi
+.RE
+.PP
+.SH ISSUES
+When capturing TCP data a single TCP packet can contain various SIP messages. This occurs, for example, when a proxy routes all requests from different clients to same TCP destination. In those cases, the \fBmatch\fR is performed against the whole TCP packet instead of matching each SIP message separately.
+.PP
+.SH "SEE ALSO"
+.BR ngrep (8)
+.PP
+.SH AUTHOR
+Written by Iñaki Baz Castillo <ibc@aliax.net>
+.PP
+.SH COPYRIGHT
+Copyright \(co 2008 Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+.br
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.