Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Best algorithmic way to implement MPTCP sequence number space analysis ?

From: Evan Huus <eapache () gmail com>
Date: Thu, 8 Oct 2015 16:32:50 -0400
You should just be able to call `epan_get_frame_ts` and pass it
`pinfo->epan` plus your frame number.

On Thu, Oct 8, 2015 at 4:26 PM, Matt <mattator () gmail com> wrote:

I managed to get the interval tree working with only a few
modifications to the core R/B tree.

I now would like to compute the sequence number inter arrival times
(multipath may provoke more out of order hence it is a metric of
interest). To do that I need to get access to the time arrival of a
specific frame (i.e., I know the frame number) from packet-tcp.c.
For instance I have a packet with Sequence Number (=SN) 100 in packet
5 and I know that SN 99 is in packet 2 or in packet 8 (out of order)
and I would like to compute the delta time of arrival between the 2
packets.

I found the frame_data_sequence_find() function but it expects a list
of frames as first parameter. Any idea how to retrieve that list from
packet-tcp.c ?

Regards


2015-10-02 18:11 GMT+02:00 Matt <mattator () gmail com>:

Hi,

(Question is at the end, I start with an Multipath TCP introduction (MPTCP) ).
I would be interested in adding MPTCP sequence number analysis to
wireshark, similar to what is done with TCP but taking into account
MPTCP specifics:
- MPTCP sequence number is 64 bits.
- MPTCP uses a global sequence number (SN) space and maps this global
SN to a TCP SN. For instance, an MPTCP socket wants to send the bytes
1 to 10. It may send 6 bytes on TCP subflow 1 and the 4 other bytes on
another subflow 2. On each subflow (=TCP connection), it will send a
mapping (via a TCP option called DSS=Data Sequence Signaling) saying
for instance
on subflow 1 I map MPTCP global SN 1-6 to local subflow SN 21-26,
on subflow 2 I map MPTCP global SN 7-10 to local TCP SN 60-63.

Keeping track of those DSS options/mappings would help analyzing the
behavior of an MPTCP connection:
- does it duplicate some packets over different paths (<=> do some DSS
overlap on different subflows?)
- it would allow to generate an MPTCP RTT/application latency since
striping packets over several paths is likely to increase the
application latency
- also allow to deduce if we've captured all subflows or if there are
holes in the MPTCP sequence number (maybe one subflow was emitting on
the wifi interface and we didn't capture it)
etc...

Now here is my problem: what datastructure should I use to achieve
what I previously describe in a way that could be accepted upstream ?
or to put it differently how to retrieve a list of ranges (MPTCP start
SN and end SN) from another SN range ? The interval tree sounds like a
good solution (http://www.geeksforgeeks.org/interval-tree/) but I
wonder if there is any advice on an alternate solution ? or ways to
build the tree efficiently (like disabling rotations and balancing the
tree only at the end or stuff like that, I am not an algorithmic
expert).

In any case, I plan to add an option to turn this DSS analysis on/off.

Regards

Matt

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: