tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: important query on tcpdump header files and source codes

From: "Ignacio, Domingo Jr Ostria - igndo001" <DomingoJr.Ignacio () postgrads unisa edu au>
Date: Wed, 16 Jul 2008 18:07:25 +0930
Hi Guy and the rest,

Thank you very much for the help. I understand things now. I am starting
to add my options in the tcp_output.c which is the correct source code.
Thanks for helping me in anyway with my research. One more thing: Do I
retain the  th_srtt variable I added into the tcp_parse_options() or it
is not necessary anymore for my purpose?.

Thank again and I'll still be asking some more questions in the future:)

Cheers,
dom

-----Original Message-----
From: tcpdump-workers-owner () lists tcpdump org
[mailto:tcpdump-workers-owner () lists tcpdump org] On Behalf Of Guy Harris
Sent: Wednesday, 16 July 2008 5:46 PM
To: tcpdump-workers () lists tcpdump org
Subject: Re: [tcpdump-workers] important query on tcpdump header files
and source codes


On Jul 16, 2008, at 1:08 AM, Ignacio, Domingo Jr Ostria - igndo001  
wrote:


I inspected and studied  the linux kernel source codes, tcp_input.c,
tcp_ouput.c, tcp_ipv4.c and tcp.c and it is only on the tcp_input  
source
code where there is a provision on TCP options to be added.


No, the TCP *input* code can't add options, in the sense of RFC 793:

Options:  variable

     Options may occupy space at the end of the TCP header and are a
     multiple of 8 bits in length.  All options are included in the
     checksum.  An option may begin on any octet boundary.  There are  
two
     cases for the format of an option:

       Case 1:  A single octet of option-kind.

       Case 2:  An octet of option-kind, an octet of option-length, and
                the actual option-data octets.

     The option-length counts the two octets of option-kind and
     option-length as well as the option-data octets.

     Note that the list of options may be shorter than the data offset
     field might imply.  The content of the header beyond the
     End-of-Option option must be header padding (i.e., zero).

     A TCP must implement all options.

Options are added to a TCP segment packet when the packet is  
*transmitted*, so they're added by the *output* code; in the Linux TCP  
code, for example, see the routine tcp_build_and_update_options().

The TCP *input* code parses the options that the sender of the packet  
added when it prepared the TCP segment to be transmitted, if any  
options were added.  In the Linux TCP code, for example, see the  
routines tcp_parse_options() and tcp_fast_parse_options(); they don't  
add options, they read the options that were added to the packet and  
set internal variables.  Those internal variables are *NOT* part of  
any packet, so tcpdump (and Wireshark and any other routine that uses  
libpcap - or anything else that uses PF_PACKET sockets) won't see  
those internal variables in the packets they see.  Adding a new  
variable to the tcp_sock structure won't make that variable available  
to tcpdump.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: