PERFORCE change 144157 for review

Rui Paulo rpaulo at FreeBSD.org
Thu Jun 26 17:37:31 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=144157

Change 144157 by rpaulo at rpaulo_epsilon on 2008/06/26 17:36:41

	Implement SEQ/ACK analysis for RST.
	Autocreate dump files.
	Kill print_packet() function. tcpdump does a much better job.

Affected files ...

.. //depot/projects/soc2008/rpaulo-tcpad/Makefile#9 edit
.. //depot/projects/soc2008/rpaulo-tcpad/dumper.c#7 edit
.. //depot/projects/soc2008/rpaulo-tcpad/dumper.h#5 edit
.. //depot/projects/soc2008/rpaulo-tcpad/handler.c#13 edit
.. //depot/projects/soc2008/rpaulo-tcpad/helper.c#2 edit
.. //depot/projects/soc2008/rpaulo-tcpad/tcpad.h#9 edit
.. //depot/projects/soc2008/rpaulo-tcpad/timer.c#3 edit

Differences ...

==== //depot/projects/soc2008/rpaulo-tcpad/Makefile#9 (text+ko) ====

@@ -1,8 +1,9 @@
-# $P4: //depot/projects/soc2008/rpaulo-tcpad/Makefile#8 $
+# $P4: //depot/projects/soc2008/rpaulo-tcpad/Makefile#9 $
 
 PROG=tcpad
 SRCS=main.c device.c linkhdr.c handler.c helper.c dumper.c timer.c
 CFLAGS+=-DDEBUG -ggdb
+CFLAGS+=-DDUMPER_PATH=\"dumpfiles/\"
 WARNS=5
 LDADD=-lpcap
 

==== //depot/projects/soc2008/rpaulo-tcpad/dumper.c#7 (text+ko) ====

@@ -23,13 +23,14 @@
  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/soc2008/rpaulo-tcpad/dumper.c#6 $
+ * $P4: //depot/projects/soc2008/rpaulo-tcpad/dumper.c#7 $
  */
 
 #include <assert.h>
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include <unistd.h>
 #include <sys/queue.h>
 #include <pcap.h>
 
@@ -60,10 +61,24 @@
  * An error occured. Dump the packet list to a file.
  */
 void
-dumper_error(pcap_t *p, const char *path, struct dumppkth *head)
+dumper_error(pcap_t *p, struct dumppkth *head)
 {
+	int i;
 	pcap_dumper_t *pd;
 	struct dumppkt *dp;
+	char path[128];
+
+	for (i = 0; i < 3000; i++) {
+
+		snprintf(path, sizeof(path), "%s/dump%d.cap", DUMPER_PATH,
+		    i);
+		if (access(path, W_OK) != 0)
+			break;
+	}
+	if (i == 3000) {
+		fprintf(stderr, "%s, %s is full!\n", __func__, DUMPER_PATH);
+		return;
+	}
 
 	pd = pcap_dump_open(p, path);
 	if (pd == NULL) {

==== //depot/projects/soc2008/rpaulo-tcpad/dumper.h#5 (text+ko) ====

@@ -23,7 +23,7 @@
  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/soc2008/rpaulo-tcpad/dumper.h#4 $
+ * $P4: //depot/projects/soc2008/rpaulo-tcpad/dumper.h#5 $
  */
 
 #ifndef _DUMPER_H_
@@ -41,7 +41,7 @@
 
 void	dumper_addpkt(struct dumppkth *head, const struct pcap_pkthdr *ph,
     const unsigned char *headers);
-void	dumper_error(pcap_t *, const char *path, struct dumppkth *head);
+void	dumper_error(pcap_t *, struct dumppkth *head);
 void	dumper_free(struct dumppkth *head);
 
 

==== //depot/projects/soc2008/rpaulo-tcpad/handler.c#13 (text+ko) ====

@@ -23,7 +23,7 @@
  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/soc2008/rpaulo-tcpad/handler.c#12 $
+ * $P4: //depot/projects/soc2008/rpaulo-tcpad/handler.c#13 $
  */
 
 #include <stdio.h>
@@ -37,6 +37,7 @@
 #include <netinet/ip.h>
 #include <netinet/tcp.h>
 #include <netinet/tcp_fsm.h>
+#include <netinet/tcp_seq.h>
 #include <arpa/inet.h>
 #include <pcap.h>
 
@@ -48,8 +49,6 @@
 #include "debug.h"
 
 
-static void		print_packet(const unsigned char *bytes, const int linkhlen);
-
 void
 tcpad_pcaphandler(unsigned char *user, const struct pcap_pkthdr *ph,
     const unsigned char *bytes)
@@ -74,7 +73,6 @@
 	if ((tcp->th_flags & TH_FLAGS) == TH_SYN) {
 		if (cp) {
 			DPRINTF("connection already being tracked!\n");
-			print_packet(bytes, linkhlen);
 			LIST_REMOVE(cp, entries);
 			free(cp);
 		}
@@ -83,13 +81,13 @@
 		cp->dport = tcp->th_dport;
 		cp->sport = tcp->th_sport;
 		cp->isv6  = 0;
+		cp->iss   = tcp->th_seq;
 		memcpy(&cp->sv4addr, &ip->ip_src, sizeof(struct in_addr));
 		memcpy(&cp->dv4addr, &ip->ip_dst, sizeof(struct in_addr));
 		DPRINTF("tracking (syn) connection between %s and ",
 		    inet_ntoa(cp->sv4addr));
 		DPRINTF("%s\n",inet_ntoa(cp->dv4addr));
 		LIST_INSERT_HEAD(&tcpchead, cp, entries);
-		print_packet(bytes, linkhlen);
 
 		/*
 		 * Packet list. Only one per connection.
@@ -106,7 +104,6 @@
 		}
 		if (cp) {
 			DPRINTF("connection already being tracked!\n");
-			print_packet(bytes, linkhlen);
 			LIST_REMOVE(cp, entries);
 			free(cp);
 		}
@@ -115,13 +112,13 @@
 		cp->dport = tcp->th_dport;
 		cp->sport = tcp->th_sport;
 		cp->isv6  = 0;
+		cp->irs   = tcp->th_seq;
 		memcpy(&cp->sv4addr, &ip->ip_src, sizeof(struct in_addr));
 		memcpy(&cp->dv4addr, &ip->ip_dst, sizeof(struct in_addr));
 		DPRINTF("tracking (syn/ack) connection between %s and ",
 		    inet_ntoa(cp->sv4addr));
 		DPRINTF("%s\n",inet_ntoa(cp->dv4addr));
 		LIST_INSERT_HEAD(&tcpchead, cp, entries);
-		print_packet(bytes, linkhlen);
 
 		/* rcp->pktshead should have been already malloc'ed and
 		   initted */
@@ -137,7 +134,6 @@
 			cp->t_state = TCPS_ESTABLISHED;
 			rcp->t_state = TCPS_ESTABLISHED;
 			DPRINTF("established\n");
-			print_packet(bytes, linkhlen);
 		}
 		if (cp->t_state == TCPS_ESTABLISHED &&
 		    rcp->t_state == TCPS_FIN_WAIT_1) {
@@ -160,7 +156,6 @@
 		if (cp->t_state == TCPS_ESTABLISHED) {
 			cp->t_state = TCPS_FIN_WAIT_1;
 			DPRINTF("fin_wait_1\n");
-			print_packet(bytes, linkhlen);
 		}
 		if (cp->t_state == TCPS_CLOSE_WAIT &&
 		    rcp->t_state == TCPS_FIN_WAIT_2) {
@@ -174,46 +169,19 @@
 		}
 	} else if ((tcp->th_flags & TH_FLAGS) == (TH_RST|TH_ACK)) {
 		if (rcp && rcp->t_state == TCPS_SYN_SENT) {
-			DPRINTF("stopped tracking connection (rst) between"
-			    " %s and ", inet_ntoa(rcp->sv4addr));
-			DPRINTF("%s\n",inet_ntoa(rcp->dv4addr));
-			print_packet(bytes, linkhlen);
-			LIST_REMOVE(rcp, entries);
-			free(rcp);
-		}
-	}
-}
 
-static void
-print_packet(const unsigned char *bytes, const int linkhlen)
-{
-	const struct ip *ip;
-	const struct tcphdr *tcp;
+			dumper_addpkt(rcp->pktshead, ph, bytes);
 
-	return;
-	
-	ip = (const struct ip *)linkhdr_remove(bytes, linkhlen);
-	tcp = (const struct tcphdr *)linkhdr_remove(bytes,
-	    linkhlen + sizeof(struct ip));
+			if (SEQ_GEQ(tcp->th_seq, rcp->irs) &&
+			    SEQ_LEQ(tcp->th_seq, rcp->irs + rcp->rcv_wnd)) {
 
-	printf("IP %s.%d > ", inet_ntoa(ip->ip_src),
-		ntohs(tcp->th_sport));
-	printf("%s.%d: ", inet_ntoa(ip->ip_dst),
-	    ntohs(tcp->th_dport));
-	
-	if (tcp->th_flags & TH_FIN)
-		printf("F");
-	if (tcp->th_flags & TH_SYN)
-		printf("S");
-	if (tcp->th_flags & TH_RST)
-		printf("R");
-	if (tcp->th_flags & TH_ACK)
-		printf(".");
-	if (tcp->th_flags & TH_URG)
-		printf("U");
-	if (tcp->th_flags & TH_PUSH)
-		printf("P");
-	if (tcp->th_flags & TH_ECE)
-		printf("E");
-	printf("\n");
+				DPRINTF("stopped tracking connection (rst) between"
+				    " %s and ", inet_ntoa(rcp->sv4addr));
+				DPRINTF("%s\n",inet_ntoa(rcp->dv4addr));
+				LIST_REMOVE(rcp, entries);
+				free(rcp);
+			} else 
+				dumper_error(p, rcp->pktshead);
+		}
+	}
 }

==== //depot/projects/soc2008/rpaulo-tcpad/helper.c#2 (text+ko) ====

@@ -23,13 +23,14 @@
  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/soc2008/rpaulo-tcpad/helper.c#1 $
+ * $P4: //depot/projects/soc2008/rpaulo-tcpad/helper.c#2 $
  */
 
 #include <stdio.h>
 #include <string.h>
 #include <sys/queue.h>
 #include <netinet/in.h>
+#include <netinet/tcp.h>
 #include <pcap.h>
 
 #include "helper.h"

==== //depot/projects/soc2008/rpaulo-tcpad/tcpad.h#9 (text+ko) ====

@@ -23,13 +23,15 @@
  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/soc2008/rpaulo-tcpad/tcpad.h#8 $
+ * $P4: //depot/projects/soc2008/rpaulo-tcpad/tcpad.h#9 $
  */
 
 #ifndef _TCPAD_H_
 #define _TCPAD_H_
 
 #include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <netinet/tcp_seq.h>
 
 pcap_t *p;
 
@@ -39,12 +41,23 @@
 	struct in_addr dv4addr;
 	unsigned short dport;
 	unsigned short sport;
+
+	/* TCP internal variables, from tcpcb */
 	int t_state;		/* TCP FSM state */
+	tcp_seq snd_una;
+	tcp_seq snd_max;
+	tcp_seq snd_nxt;
+	tcp_seq snd_up;
+	tcp_seq iss;
+	tcp_seq irs;
+	tcp_seq snd_wnd;
+	tcp_seq rcv_wnd;
+
 	int isv6;
 	struct dumppkth *pktshead;
 	struct tcpc *rcp;
+
 };
 
 LIST_HEAD(tcpchead, tcpc) tcpchead;
-
 #endif /* _TCPAD_H_ */

==== //depot/projects/soc2008/rpaulo-tcpad/timer.c#3 (text+ko) ====

@@ -23,7 +23,7 @@
  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/soc2008/rpaulo-tcpad/timer.c#2 $
+ * $P4: //depot/projects/soc2008/rpaulo-tcpad/timer.c#3 $
  */
 
 #include <stdio.h>
@@ -33,6 +33,7 @@
 #include <sys/queue.h>
 #include <sys/time.h>
 #include <netinet/tcp_fsm.h>
+#include <netinet/tcp.h>
 
 #include "debug.h"
 #include "tcpad.h"

More information about the p4-projects mailing list