Improve SIP Packet Detection Using Heuristic Parsing (Fixes #2022)

[sorooshm78]

This PR improves SIP packet detection in PcapPlusPlus by introducing heuristic parsing based on Wireshark’s SIP dissector. SIP messages are now detected from the UDP payload itself, not only when using port 5060.

• Add static bool dissectSipHeuristic(const uint8_t* data, size_t dataLen) to detect SIP requests/responses from payload content (Wireshark-style logic)
• Use the new heuristic in UdpLayer so SIP packets on non-standard ports are correctly classified
• Preserve existing behavior for non-SIP payloads

Related issue: #2022

Note: I’m not yet fully familiar with PcapPlusPlus’ internal structure, so if there are better places, names, or patterns for this logic, I’m happy to adjust the PR based on your feedback

[seladb]

Can we move the implementation to SipLayer.cpp?

[seladb]

We already have SipRequestFirstLine and SipResponseFirstLine that parse the first line, maybe we could use this instead of adding more logic to parse the first line?

[codecov]

Codecov Report

❌ Patch coverage is 83.65385% with 17 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.88%. Comparing base (24cc309) to head (6c6acda).
⚠️ Report is 2 commits behind head on dev.

Files with missing lines	Patch %	Lines
Packet++/header/SipLayer.h	83.16%	16 Missing and 1 partial ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##              dev    #2024   +/-   ##
=======================================
  Coverage   83.87%   83.88%           
=======================================
  Files         307      307           
  Lines       53952    54046   +94     
  Branches    11352    11335   -17     
=======================================
+ Hits        45254    45334   +80     
- Misses       7483     7494   +11     
- Partials     1215     1218    +3     

Flag	Coverage Δ
alpine320	75.91% <87.03%> (+0.01%)	⬆️
fedora42	75.47% <86.04%> (+0.01%)	⬆️
macos-14	81.56% <74.41%> (-0.02%)	⬇️
macos-15	81.56% <74.41%> (-0.02%)	⬇️
mingw32	69.97% <64.86%> (-0.03%)	⬇️
mingw64	69.99% <72.09%> (+0.12%)	⬆️
npcap	?
rhel94	75.49% <85.45%> (+0.01%)	⬆️
ubuntu2004	59.50% <75.47%> (+0.02%)	⬆️
ubuntu2004-zstd	59.61% <75.47%> (+0.04%)	⬆️
ubuntu2204	75.40% <85.45%> (+0.01%)	⬆️
ubuntu2204-icpx	57.91% <72.09%> (+0.06%)	⬆️
ubuntu2404	75.53% <87.03%> (+0.04%)	⬆️
ubuntu2404-arm64	75.56% <87.03%> (+0.02%)	⬆️
unittest	83.88% <83.65%> (+<0.01%)	⬆️
windows-2022	85.40% <81.11%> (+0.15%)	⬆️
windows-2025	85.42% <81.11%> (+0.09%)	⬆️
winpcap	85.42% <81.11%> (-0.10%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.