On Oct 27, 2014, at 6:47 AM, Matt <mattator@xxxxxxxxx> wrote:
> I am trying to improve the MPTCP support in the TCP dissector. To
> provide expert infos, I need to identify which host initiated the
> connection (ie sent the SYN). I wonder how to do that, I could use
> tcp_analysis::server_port if ports were guaranted to be different on
> both sides.
Well, you're not guaranteed to be able to do it by having the TCP dissector look for the initial SYN, as that's not guaranteed to be in the capture. That would work *if* the capture includes the initial SYN, but not all captures do so.
If, for a connection, you're willing to have it indicate either:
XXX.XXX.XXX.XXX initiated the connection;
YYY.YYY.YYY.YYY initiated the connection;
we don't know who initiated the connection;
and the expert analysis code can handle the third case (if, by nothing else, not doing some expert analysis), the TCP dissector could do that.
> Secondly, I am trying to setup an MPTCP *stream* identifier , similar
> to tcp stream. Indeed a single MPTCP connection can be composed of
> several TCP connections. Thing is to know to which MPTCP stream a TCP
> stream is bound to, I have to check a token (in a TCP option)
Is that option present in all TCP packets or just in the initial 3-way handshake? If the former, then you have the problem I described above, with the indicated workaround.
