Ethereal-dev: [Ethereal-dev] [Patch] revised: tap-tcp_close
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Jason House <jhouse@xxxxxxxxx>
Date: Mon, 02 Dec 2002 09:23:56 -0500
Per Ronnie's suggestions, I have updated packet-tcp.c and tap-tcp_close to use the last parameter to the packet() call... Attached is two raw source files as well as a diff to touch makefiles and packet-tcp.c
Attachment:
tap-tcp_close.c
Description: application/unknown-content-type-cfile
Attachment:
tap-tcp_close.h
Description: application/unknown-content-type-hfile
Index: packet-tcp.c
===================================================================
RCS file: /cvsroot/ethereal/packet-tcp.c,v
retrieving revision 1.166
diff -u -r1.166 packet-tcp.c
--- packet-tcp.c 2002/11/07 09:10:06 1.166
+++ packet-tcp.c 2002/12/02 14:08:17
@@ -42,6 +42,12 @@
#include <epan/strutil.h>
#include "reassemble.h"
+#include "tap.h"
+#include "tap-tcp_close.h"
+static tcp_tap_data_t td;
+
+static int tcp_tap = -1;
+
/* Place TCP summary in proto tree */
static gboolean tcp_summary_in_tree = TRUE;
@@ -1778,11 +1784,11 @@
{
guint16 th_sport;
guint16 th_dport;
- guint32 th_seq;
- guint32 th_ack;
+ /*guint32 th_seq;*/
+ /*guint32 th_ack;*/
guint8 th_off_x2; /* combines th_off and th_x2 */
- guint8 th_flags;
- guint16 th_win;
+ /*guint8 th_flags;*/
+ /*guint16 th_win;*/
guint16 th_sum;
guint16 th_urp;
proto_tree *tcp_tree = NULL, *field_tree = NULL;
@@ -1792,9 +1798,9 @@
gchar *fstr[] = {"FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECN", "CWR" };
gint fpos = 0, i;
guint bpos;
- guint hlen;
+ /*guint hlen;*/
guint optlen;
- guint32 seglen;
+ /*guint32 seglen;*/
guint32 nxtseq;
guint len;
guint reported_len;
@@ -1845,43 +1851,43 @@
pinfo->srcport = th_sport;
pinfo->destport = th_dport;
- th_seq = tvb_get_ntohl(tvb, offset + 4);
- th_ack = tvb_get_ntohl(tvb, offset + 8);
+ td.seq = tvb_get_ntohl(tvb, offset + 4);
+ td.ack = tvb_get_ntohl(tvb, offset + 8);
th_off_x2 = tvb_get_guint8(tvb, offset + 12);
- th_flags = tvb_get_guint8(tvb, offset + 13);
- th_win = tvb_get_ntohs(tvb, offset + 14);
- hlen = hi_nibble(th_off_x2) * 4; /* TCP header length, in bytes */
+ td.flags = tvb_get_guint8(tvb, offset + 13);
+ td.win = tvb_get_ntohs(tvb, offset + 14);
+ td.hlen = hi_nibble(th_off_x2) * 4; /* TCP header length, in bytes */
reported_len = tvb_reported_length(tvb);
len = tvb_length(tvb);
/* Compute the length of data in this segment. */
- seglen = reported_len - hlen;
+ td.seglen = reported_len - td.hlen;
if (tree) { /* Add the seglen as an invisible field */
- proto_tree_add_uint_hidden(ti, hf_tcp_len, tvb, offset, 4, seglen);
+ proto_tree_add_uint_hidden(ti, hf_tcp_len, tvb, offset, 4, td.seglen);
}
/* handle TCP seq# analysis parse all new segments we see */
if(tcp_analyze_seq){
if(!(pinfo->fd->flags.visited)){
- tcp_analyze_sequence_number(pinfo, th_seq, th_ack, seglen, th_flags, th_win);
+ tcp_analyze_sequence_number(pinfo, td.seq, td.ack, td.seglen, td.flags, td.win);
}
if(tcp_relative_seq){
- tcp_get_relative_seq_ack(pinfo->fd->num, &th_seq, &th_ack);
+ tcp_get_relative_seq_ack(pinfo->fd->num, &td.seq, &td.ack);
}
}
/* Compute the sequence number of next octet after this segment. */
- nxtseq = th_seq + seglen;
+ nxtseq = td.seq + td.seglen;
if (check_col(pinfo->cinfo, COL_INFO) || tree) {
for (i = 0; i < 8; i++) {
bpos = 1 << i;
- if (th_flags & bpos) {
+ if (td.flags & bpos) {
if (fpos) {
strcpy(&flags[fpos], ", ");
fpos += 2;
@@ -1895,26 +1901,26 @@
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " [%s] Seq=%u Ack=%u Win=%u",
- flags, th_seq, th_ack, th_win);
+ flags, td.seq, td.ack, td.win);
}
if (tree) {
if (tcp_summary_in_tree)
- proto_item_append_text(ti, ", Seq: %u", th_seq);
- proto_tree_add_uint(tcp_tree, hf_tcp_seq, tvb, offset + 4, 4, th_seq);
+ proto_item_append_text(ti, ", Seq: %u", td.seq);
+ proto_tree_add_uint(tcp_tree, hf_tcp_seq, tvb, offset + 4, 4, td.seq);
}
- if (hlen < TCPH_MIN_LEN) {
+ if (td.hlen < TCPH_MIN_LEN) {
/* Give up at this point; we put the source and destination port in
the tree, before fetching the header length, so that they'll
show up if this is in the failing packet in an ICMP error packet,
but it's now time to give up if the header length is bogus. */
if (check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO, ", bogus TCP header length (%u, must be at least %u)",
- hlen, TCPH_MIN_LEN);
+ td.hlen, TCPH_MIN_LEN);
if (tree) {
- proto_tree_add_uint_format(tcp_tree, hf_tcp_hdr_len, tvb, offset + 12, 1, hlen,
- "Header length: %u bytes (bogus, must be at least %u)", hlen,
+ proto_tree_add_uint_format(tcp_tree, hf_tcp_hdr_len, tvb, offset + 12, 1, td.hlen,
+ "Header length: %u bytes (bogus, must be at least %u)", td.hlen,
TCPH_MIN_LEN);
}
return;
@@ -1922,30 +1928,30 @@
if (tree) {
if (tcp_summary_in_tree)
- proto_item_append_text(ti, ", Ack: %u, Len: %u", th_ack, seglen);
- proto_item_set_len(ti, hlen);
- if (nxtseq != th_seq)
+ proto_item_append_text(ti, ", Ack: %u, Len: %u", td.ack, td.seglen);
+ proto_item_set_len(ti, td.hlen);
+ if (nxtseq != td.seq)
proto_tree_add_uint(tcp_tree, hf_tcp_nxtseq, tvb, offset, 0, nxtseq);
- if (th_flags & TH_ACK)
- proto_tree_add_uint(tcp_tree, hf_tcp_ack, tvb, offset + 8, 4, th_ack);
- proto_tree_add_uint_format(tcp_tree, hf_tcp_hdr_len, tvb, offset + 12, 1, hlen,
- "Header length: %u bytes", hlen);
+ if (td.flags & td.ack)
+ proto_tree_add_uint(tcp_tree, hf_tcp_ack, tvb, offset + 8, 4, td.ack);
+ proto_tree_add_uint_format(tcp_tree, hf_tcp_hdr_len, tvb, offset + 12, 1, td.hlen,
+ "Header length: %u bytes", td.hlen);
tf = proto_tree_add_uint_format(tcp_tree, hf_tcp_flags, tvb, offset + 13, 1,
- th_flags, "Flags: 0x%04x (%s)", th_flags, flags);
+ td.flags, "Flags: 0x%04x (%s)", td.flags, flags);
field_tree = proto_item_add_subtree(tf, ett_tcp_flags);
- proto_tree_add_boolean(field_tree, hf_tcp_flags_cwr, tvb, offset + 13, 1, th_flags);
- proto_tree_add_boolean(field_tree, hf_tcp_flags_ecn, tvb, offset + 13, 1, th_flags);
- proto_tree_add_boolean(field_tree, hf_tcp_flags_urg, tvb, offset + 13, 1, th_flags);
- proto_tree_add_boolean(field_tree, hf_tcp_flags_ack, tvb, offset + 13, 1, th_flags);
- proto_tree_add_boolean(field_tree, hf_tcp_flags_push, tvb, offset + 13, 1, th_flags);
- proto_tree_add_boolean(field_tree, hf_tcp_flags_reset, tvb, offset + 13, 1, th_flags);
- proto_tree_add_boolean(field_tree, hf_tcp_flags_syn, tvb, offset + 13, 1, th_flags);
- proto_tree_add_boolean(field_tree, hf_tcp_flags_fin, tvb, offset + 13, 1, th_flags);
- proto_tree_add_uint(tcp_tree, hf_tcp_window_size, tvb, offset + 14, 2, th_win);
+ proto_tree_add_boolean(field_tree, hf_tcp_flags_cwr, tvb, offset + 13, 1, td.flags);
+ proto_tree_add_boolean(field_tree, hf_tcp_flags_ecn, tvb, offset + 13, 1, td.flags);
+ proto_tree_add_boolean(field_tree, hf_tcp_flags_urg, tvb, offset + 13, 1, td.flags);
+ proto_tree_add_boolean(field_tree, hf_tcp_flags_ack, tvb, offset + 13, 1, td.flags);
+ proto_tree_add_boolean(field_tree, hf_tcp_flags_push, tvb, offset + 13, 1, td.flags);
+ proto_tree_add_boolean(field_tree, hf_tcp_flags_reset, tvb, offset + 13, 1, td.flags);
+ proto_tree_add_boolean(field_tree, hf_tcp_flags_syn, tvb, offset + 13, 1, td.flags);
+ proto_tree_add_boolean(field_tree, hf_tcp_flags_fin, tvb, offset + 13, 1, td.flags);
+ proto_tree_add_uint(tcp_tree, hf_tcp_window_size, tvb, offset + 14, 2, td.win);
}
/* Supply the sequence number of the first byte. */
- tcpinfo.seq = th_seq;
+ tcpinfo.seq = td.seq;
/* Assume we'll pass un-reassembled data to subdissectors. */
tcpinfo.is_reassembled = FALSE;
@@ -2042,7 +2048,7 @@
}
}
- if (th_flags & TH_URG) {
+ if (td.flags & TH_URG) {
th_urp = tvb_get_ntohs(tvb, offset + 18);
/* Export the urgent pointer, for the benefit of protocols such as
rlogin. */
@@ -2056,13 +2062,13 @@
tcpinfo.urgent = FALSE;
if (check_col(pinfo->cinfo, COL_INFO))
- col_append_fstr(pinfo->cinfo, COL_INFO, " Len=%u", seglen);
+ col_append_fstr(pinfo->cinfo, COL_INFO, " Len=%u", td.seglen);
/* Decode TCP options, if any. */
- if (tree && hlen > TCPH_MIN_LEN) {
+ if (tree && td.hlen > TCPH_MIN_LEN) {
/* There's more than just the fixed-length header. Decode the
options. */
- optlen = hlen - TCPH_MIN_LEN; /* length of options, in bytes */
+ optlen = td.hlen - TCPH_MIN_LEN; /* length of options, in bytes */
tf = proto_tree_add_text(tcp_tree, tvb, offset + 20, optlen,
"Options: (%u bytes)", optlen);
field_tree = proto_item_add_subtree(tf, ett_tcp_options);
@@ -2071,18 +2077,18 @@
}
/* Skip over header + options */
- offset += hlen;
+ offset += td.hlen;
/* Check the packet length to see if there's more data
(it could be an ACK-only packet) */
length_remaining = tvb_length_remaining(tvb, offset);
if( data_out_file ) {
- reassemble_tcp( th_seq, /* sequence number */
- seglen, /* data length */
+ reassemble_tcp( td.seq, /* sequence number */
+ td.seglen, /* data length */
tvb_get_ptr(tvb, offset, length_remaining), /* data */
length_remaining, /* captured data length */
- ( th_flags & TH_SYN ), /* is syn set? */
+ ( td.flags & TH_SYN ), /* is syn set? */
&pinfo->net_src,
&pinfo->net_dst,
pinfo->srcport,
@@ -2090,7 +2096,7 @@
}
if (length_remaining != 0) {
- if (th_flags & TH_RST) {
+ if (td.flags & TH_RST) {
/*
* RFC1122 says:
*
@@ -2113,7 +2119,7 @@
/* Can we desegment this segment? */
if (pinfo->can_desegment) {
/* Yes. */
- desegment_tcp(tvb, pinfo, offset, th_seq, nxtseq, th_sport, th_dport, tree, tcp_tree);
+ desegment_tcp(tvb, pinfo, offset, td.seq, nxtseq, th_sport, th_dport, tree, tcp_tree);
} else {
/* No - just call the subdissector.
Mark this as fragmented, so if somebody throws an exception,
@@ -2130,6 +2136,7 @@
if(tcp_analyze_seq){
tcp_print_sequence_number_analysis(pinfo, tvb, tcp_tree);
}
+ tap_queue_packet(tcp_tap, pinfo, &td);
}
void
@@ -2322,4 +2329,5 @@
tcp_handle = create_dissector_handle(dissect_tcp, proto_tcp);
dissector_add("ip.proto", IP_PROTO_TCP, tcp_handle);
data_handle = find_dissector("data");
+ tcp_tap = register_tap("tcp");
}
Index: Makefile.nmake
===================================================================
RCS file: /cvsroot/ethereal/Makefile.nmake,v
retrieving revision 1.258
diff -u -r1.258 Makefile.nmake
--- Makefile.nmake 2002/11/15 22:45:52 1.258
+++ Makefile.nmake 2002/12/02 14:08:17
@@ -332,7 +332,8 @@
tap-protocolinfo.c \
tap-protohierstat.c \
tap-rpcstat.c \
- tap-rpcprogs.c
+ tap-rpcprogs.c \
+ tap-tcp_close.c
TETHEREAL_TAP_OBJECTS = $(TETHEREAL_TAP_SRC:.c=.obj)
Index: Makefile.am
===================================================================
RCS file: /cvsroot/ethereal/Makefile.am,v
retrieving revision 1.521
diff -u -r1.521 Makefile.am
--- Makefile.am 2002/11/15 22:45:52 1.521
+++ Makefile.am 2002/12/02 14:08:17
@@ -772,7 +772,8 @@
tap-protocolinfo.c \
tap-protohierstat.c \
tap-rpcstat.c \
- tap-rpcprogs.c
+ tap-rpcprogs.c \
+ tap-tcp_close.c
tethereal_SOURCES = \
$(DISSECTOR_SRC) \
- Follow-Ups:
- Re: [Ethereal-dev] [Patch] revised: tap-tcp_close
- From: Guy Harris
- Re: [Ethereal-dev] [Patch] revised: tap-tcp_close
- From: Ronnie Sahlberg
- Re: [Ethereal-dev] [Patch] revised: tap-tcp_close
- Prev by Date: Re: [Ethereal-dev] Problem building on win32
- Next by Date: [Ethereal-dev] Tap listeners and conversations
- Previous by thread: Re: [Ethereal-dev] Solution to windows building?
- Next by thread: Re: [Ethereal-dev] [Patch] revised: tap-tcp_close
- Index(es):
- Get Wireshark
- Download
- Code of Conduct