Merge pull request #11 from mrrrgn/master

Support for Sequence and Acknowledgement numbers added.
RIPE-NCC · Jan 28, 2013 · 5c5623e · 5c5623e
2 parents 5a255f4 + 34bec66
commit 5c5623e
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,6 @@ License
 This library is distributed under the LGPL.  
 See: https://raw.github.com/RIPE-NCC/hadoop-pcap/master/LICENSE
 
-
 Download
 --------
 

diff --git a/hadoop-pcap-lib/src/main/java/net/ripe/hadoop/pcap/PcapReader.java b/hadoop-pcap-lib/src/main/java/net/ripe/hadoop/pcap/PcapReader.java
@@ -34,6 +34,8 @@ public class PcapReader implements Iterable<Packet> {
 	public static final int UDP_HEADER_SIZE = 8;
 	public static final int PROTOCOL_HEADER_SRC_PORT_OFFSET = 0;
 	public static final int PROTOCOL_HEADER_DST_PORT_OFFSET = 2;
+        public static final int PROTOCOL_HEADER_TCP_SEQ_OFFSET = 4;
+        public static final int PROTOCOL_HEADER_TCP_ACK_OFFSET = 8;
 	public static final int TCP_HEADER_DATA_OFFSET = 12;
 	public static final String PROTOCOL_ICMP = "ICMP";
 	public static final String PROTOCOL_TCP = "TCP";
@@ -274,6 +276,12 @@ private byte[] buildTcpAndUdpPacket(Packet packet, byte[] packetData, int ipStar
 			payloadLength = udpLen - UDP_HEADER_SIZE; // UDP header size is 8
 		} else if (PROTOCOL_TCP.equals(protocol)) {
 			tcpOrUdpHeaderSize = getTcpHeaderLength(packetData, ipStart + ipHeaderLen);
+
+			//Store the sequence and acknowledgement numbers --M
+
+                        packet.put(Packet.TCP_SEQ,PcapReaderUtil.convertUnsignedInt(packetData,ipStart+ ipHeaderLen + PROTOCOL_HEADER_TCP_SEQ_OFFSET));
+                        packet.put(Packet.TCP_ACK,PcapReaderUtil.convertUnsignedInt(packetData,ipStart + ipHeaderLen + PROTOCOL_HEADER_TCP_ACK_OFFSET));
+
 
 			// Flags stretch two bytes starting at the TCP header offset
 			int flags = PcapReaderUtil.convertShort(new byte[] { packetData[ipStart + ipHeaderLen + TCP_HEADER_DATA_OFFSET],

diff --git a/hadoop-pcap-lib/src/main/java/net/ripe/hadoop/pcap/PcapReaderUtil.java b/hadoop-pcap-lib/src/main/java/net/ripe/hadoop/pcap/PcapReaderUtil.java
@@ -4,6 +4,7 @@
 import java.net.UnknownHostException;
 import java.util.HashMap;
 import java.util.Map;
+import java.math.BigInteger;
 
 public class PcapReaderUtil {
 	private static Map<Integer, String> protocols;
@@ -61,6 +62,15 @@ public static int convertShort(byte[] data, int offset) {
 		return convertShort(target);
 	}
 
+	//A java workaround for header fields like seq/ack which are ulongs --M
+	public static long convertUnsignedInt(byte[] data,int offset) {
+		byte[] target = new byte[4];
+		System.arraycopy(data, offset, target, 0, target.length);
+
+		BigInteger placeholder = new BigInteger(1,target);
+		return placeholder.longValue();
+	}
+
 	public static String convertProtocolIdentifier(int identifier) {
 		return protocols.get(identifier);
 	}
@@ -75,4 +85,4 @@ public static String convertAddress(byte[] data, int offset) {
 			return null;
 		}
 	}
-}
+}
diff --git a/hadoop-pcap-lib/src/main/java/net/ripe/hadoop/pcap/packet/Packet.java b/hadoop-pcap-lib/src/main/java/net/ripe/hadoop/pcap/packet/Packet.java
@@ -14,6 +14,8 @@ public class Packet extends HashMap<String, Object> {
 	public static final String DST = "dst";
 	public static final String SRC_PORT = "src_port";
 	public static final String DST_PORT = "dst_port";
+        public static final String TCP_SEQ = "tcp_seq";
+        public static final String TCP_ACK = "tcp_ack";
 	public static final String LEN = "len";
 	public static final String UDPSUM = "udpsum";
 	public static final String UDP_LENGTH = "udp_length";