tcpdump mailing list archives
Re: important query on tcpdump header files and source codes
From: Guy Harris <guy () alum mit edu>
Date: Wed, 16 Jul 2008 01:16:02 -0700
On Jul 16, 2008, at 1:08 AM, Ignacio, Domingo Jr Ostria - igndo001 wrote:
I inspected and studied the linux kernel source codes, tcp_input.c,tcp_ouput.c, tcp_ipv4.c and tcp.c and it is only on the tcp_input sourcecode where there is a provision on TCP options to be added.
No, the TCP *input* code can't add options, in the sense of RFC 793:
Options: variable
Options may occupy space at the end of the TCP header and are a
multiple of 8 bits in length. All options are included in the
checksum. An option may begin on any octet boundary. There are
two
cases for the format of an option:
Case 1: A single octet of option-kind.
Case 2: An octet of option-kind, an octet of option-length, and
the actual option-data octets.
The option-length counts the two octets of option-kind and
option-length as well as the option-data octets.
Note that the list of options may be shorter than the data offset
field might imply. The content of the header beyond the
End-of-Option option must be header padding (i.e., zero).
A TCP must implement all options.
Options are added to a TCP segment packet when the packet is
*transmitted*, so they're added by the *output* code; in the Linux TCP
code, for example, see the routine tcp_build_and_update_options().
The TCP *input* code parses the options that the sender of the packet added when it prepared the TCP segment to be transmitted, if any options were added. In the Linux TCP code, for example, see the routines tcp_parse_options() and tcp_fast_parse_options(); they don't add options, they read the options that were added to the packet and set internal variables. Those internal variables are *NOT* part of any packet, so tcpdump (and Wireshark and any other routine that uses libpcap - or anything else that uses PF_PACKET sockets) won't see those internal variables in the packets they see. Adding a new variable to the tcp_sock structure won't make that variable available to tcpdump.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Double incoming packets [libpcap] Jacek Jablonski (Jul 08)
- Re: Double incoming packets [libpcap] Guy Harris (Jul 09)
- important query on tcpdump header files and source codes Ignacio, Domingo Jr Ostria - igndo001 (Jul 15)
- Re: important query on tcpdump header files and source codes Guy Harris (Jul 15)
- Re: important query on tcpdump header files and source codes Ignacio, Domingo Jr Ostria - igndo001 (Jul 16)
- Re: important query on tcpdump header files and source codes Guy Harris (Jul 16)
- Re: important query on tcpdump header files and source codes Ignacio, Domingo Jr Ostria - igndo001 (Jul 16)
- Re: important query on tcpdump header files and source codes Guy Harris (Jul 16)
- Re: important query on tcpdump header files and source codes Ignacio, Domingo Jr Ostria - igndo001 (Jul 16)
- important query on tcpdump header files and source codes Ignacio, Domingo Jr Ostria - igndo001 (Jul 15)
- Bulk data transfer Ignacio, Domingo Jr Ostria - igndo001 (Aug 11)
- Re: Double incoming packets [libpcap] Guy Harris (Jul 09)
- Re: important query on tcpdump header files and source codes Max Laier (Jul 16)
- Re: question on sequence number filter Guy Harris (Jul 15)