tcpdump mailing list archives
Re: Printing of TCP flags seems incorrect
From: grarpamp <grarpamp () gmail com>
Date: Thu, 3 Jul 2008 01:35:32 -0400
Hi. Patch inline. I conformed the naming to the RFC's and maintained the bitfield order in the man pages. No doubt I missed some parts. The "Nonce Sum" bit was left out as it is still experimental, not standards track. Compiles clean and seems to work. Enjoy. FYI, tcpreplay has problems installing its man page because the directory for it is not created by the makefile. ======================================== --- libpcap/pcap-filter.4.orig Thu May 29 21:35:33 2008 +++ libpcap/pcap-filter.4 Thu Jul 3 00:46:37 2008 @@ -768,9 +768,15 @@ \fBicmp-tstampreply\fP, \fBicmp-ireq\fP, \fBicmp-ireqreply\fP, \fBicmp-maskreq\fP, \fBicmp-maskreply\fP. -The following TCP flags field values are available: \fBtcp-fin\fP, -\fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-push\fP, -\fBtcp-ack\fP, \fBtcp-urg\fP. +The following TCP flags field values are available: +\fBtcp-cwr\fP, +\fBtcp-ece\fP, +\fBtcp-urg\fP, +\fBtcp-ack\fP, +\fBtcp-psh\fP, +\fBtcp-rst\fP, +\fBtcp-syn\fP, +\fBtcp-fin\fP. .LP Primitives may be combined using: .IP --- libpcap/scanner.l.orig Wed Feb 6 05:21:30 2008 +++ libpcap/scanner.l Thu Jul 3 00:43:59 2008 @@ -362,9 +362,11 @@ tcp-fin { yylval.i = 0x01; return NUM; } tcp-syn { yylval.i = 0x02; return NUM; } tcp-rst { yylval.i = 0x04; return NUM; } -tcp-push { yylval.i = 0x08; return NUM; } +tcp-psh { yylval.i = 0x08; return NUM; } tcp-ack { yylval.i = 0x10; return NUM; } tcp-urg { yylval.i = 0x20; return NUM; } +tcp-ece { yylval.i = 0x40; return NUM; } +tcp-cwr { yylval.i = 0x80; return NUM; } [A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? { yylval.s = sdup((char *)yytext); return ID; } "\\"[^ !()\n\t]+ { yylval.s = sdup((char *)yytext + 1); return ID; } --- tcpdump/print-cnfp.c.orig Wed Apr 20 16:53:18 2005 +++ tcpdump/print-cnfp.c Thu Jul 3 00:49:37 2008 @@ -169,9 +169,11 @@ if (flags & TH_FIN) putchar('F'); if (flags & TH_SYN) putchar('S'); if (flags & TH_RST) putchar('R'); - if (flags & TH_PUSH) putchar('P'); + if (flags & TH_PSH) putchar('P'); if (flags & TH_ACK) putchar('A'); if (flags & TH_URG) putchar('U'); + if (flags & TH_ECE) putchar('E'); + if (flags & TH_CWR) putchar('C'); if (flags) putchar(' '); } --- tcpdump/print-tcp.c.orig Fri Dec 21 22:08:04 2007 +++ tcpdump/print-tcp.c Thu Jul 3 00:49:37 2008 @@ -101,11 +101,11 @@ { TH_FIN, "F" }, { TH_SYN, "S" }, { TH_RST, "R" }, - { TH_PUSH, "P" }, - { TH_ACK, "." }, + { TH_PSH, "P" }, + { TH_ACK, "A" }, { TH_URG, "U" }, - { TH_ECNECHO, "E" }, - { TH_CWR, "W" }, + { TH_ECE, "E" }, + { TH_CWR, "C" }, { 0, NULL } }; @@ -312,7 +312,7 @@ } flags = tp->th_flags; - printf("Flags [%s]", bittok2str_nosep(tcp_flag_values, "none", flags)); + printf("Flags [%s]", bittok2str_nosep(tcp_flag_values, "undef", flags)); if (!Sflag && (flags & TH_ACK)) { register struct tcp_seq_hash *th; --- tcpdump/tcp.h.orig Sat Dec 8 19:30:47 2007 +++ tcpdump/tcp.h Thu Jul 3 00:49:37 2008 @@ -54,14 +54,14 @@ #define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4) /* TCP flags */ -#define TH_FIN 0x01 -#define TH_SYN 0x02 -#define TH_RST 0x04 -#define TH_PUSH 0x08 -#define TH_ACK 0x10 -#define TH_URG 0x20 -#define TH_ECNECHO 0x40 /* ECN Echo */ -#define TH_CWR 0x80 /* ECN Cwnd Reduced */ +#define TH_FIN 0x01 /* RFC 793 0x01 through 0x20 */ +#define TH_SYN 0x02 +#define TH_RST 0x04 +#define TH_PSH 0x08 +#define TH_ACK 0x10 +#define TH_URG 0x20 +#define TH_ECE 0x40 /* RFC 3168 ECN-Echo */ +#define TH_CWR 0x80 /* RFC 3168 Congestion Window Reduced */ #define TCPOPT_EOL 0 --- tcpdump/tcpdump.1.orig Thu May 29 21:37:41 2008 +++ tcpdump/tcpdump.1 Thu Jul 3 00:49:37 2008 @@ -846,9 +846,17 @@ .RE \fISrc\fP and \fIdst\fP are the source and destination IP addresses and ports. -\fIFlags\fP are some combination of S (SYN), -F (FIN), P (PUSH), R (RST), W (ECN CWR) or E (ECN-Echo), or a single -`.' (no flags). +\fIFlags\fP are some combination of +C (CWR), +E (ECE), +U (URG), +A (ACK), +P (PSH), +R (RST), +S (SYN), +F (FIN), +or nothing within the brackets if none of the flags in the applicable +RFC were set. \fIData-seqno\fP describes the portion of sequence space covered by the data in this packet (see example below). \fIAck\fP is sequence number of the next data expected the other @@ -870,9 +878,9 @@ .sp .5 \s-2\f(CWrtsg.1023 > csam.login: S 768512:768512(0) win 4096 <mss 1024> csam.login > rtsg.1023: S 947648:947648(0) ack 768513 win 4096 <mss 1024> -rtsg.1023 > csam.login: . ack 1 win 4096 +rtsg.1023 > csam.login: A ack 1 win 4096 rtsg.1023 > csam.login: P 1:2(1) ack 1 win 4096 -csam.login > rtsg.1023: . ack 2 win 4096 +csam.login > rtsg.1023: A ack 2 win 4096 rtsg.1023 > csam.login: P 2:21(19) ack 1 win 4096 csam.login > rtsg.1023: P 1:2(1) ack 21 win 4077 csam.login > rtsg.1023: P 2:3(1) ack 21 win 4077 urg 1 @@ -895,8 +903,6 @@ Csam replies with a similar packet except it includes a piggy-backed ack for rtsg's SYN. Rtsg then acks csam's SYN. -The `.' means no -flags were set. The packet contained no data so there is no data sequence number. Note that the ack sequence number is a small integer (1). @@ -914,7 +920,7 @@ .LP On the 6th line, rtsg sends csam 19 bytes of data (bytes 2 through 20 in the rtsg \(-> csam side of the conversation). -The PUSH flag is set in the packet. +The PSH flag is set in the packet. On the 7th line, csam says it's received data sent by rtsg up to but not including byte 21. Most of this data is apparently sitting in the @@ -1572,9 +1578,9 @@ .RS .nf .sp .5 -\s-2\f(CWarizona.ftp-data > rtsg.1170: . 1024:1332(308) ack 1 win 4096 (frag 595a:328@0+) +\s-2\f(CWarizona.ftp-data > rtsg.1170: A 1024:1332(308) ack 1 win 4096 (frag 595a:328@0+) arizona > rtsg: (frag 595a:204@328) -rtsg.1170 > arizona.ftp-data: . ack 1536 win 2560\fP\s+2 +rtsg.1170 > arizona.ftp-data: A ack 1536 win 2560\fP\s+2 .sp .5 .fi .RE --- tcpreplay/Libnet/include/libnet/libnet-headers.h.orig Mon Nov 11 04:43:49 2002 +++ tcpreplay/Libnet/include/libnet/libnet-headers.h Thu Jul 3 01:08:46 2008 @@ -1151,14 +1151,20 @@ #ifndef TH_RST #define TH_RST 0x04 /* reset the connection */ #endif -#ifndef TH_PUSH -#define TH_PUSH 0x08 /* push data to the app layer */ +#ifndef TH_PSH +#define TH_PSH 0x08 /* push data to the app layer */ #endif #ifndef TH_ACK #define TH_ACK 0x10 /* acknowledge */ #endif #ifndef TH_URG #define TH_URG 0x20 /* urgent! */ +#endif +#ifndef TH_ECE +#define TH_ECE 0x40 /* ECN Echo */ +#endif +#ifndef TH_CWR +#define TH_CWR 0x80 /* Congestion Window Reduced */ #endif u_short th_win; /* window */ u_short th_sum; /* checksum */ ======================================== - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Printing of TCP flags seems incorrect grarpamp (Jul 01)
- Re: Printing of TCP flags seems incorrect Guy Harris (Jul 01)
- Re: Printing of TCP flags seems incorrect grarpamp (Jul 02)
- Re: Printing of TCP flags seems incorrect grarpamp (Jul 02)
- Re: Printing of TCP flags seems incorrect Guy Harris (Jul 03)
- Re: Printing of TCP flags seems incorrect Guy Harris (Jul 03)
- Re: Printing of TCP flags seems incorrect grarpamp (Jul 03)
- Re: Printing of TCP flags seems incorrect grarpamp (Jul 02)
- Re: Printing of TCP flags seems incorrect Guy Harris (Jul 01)