tcp: Ignore TCP option check for now as it seems unreliable in dumps

For example MSS can be to small in local dumps
wader · Jan 28, 2023 · 1eb5e50 · 1eb5e50
1 parent a2cdb3d
commit 1eb5e50
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 13 deletions.
diff --git a/format/inet/flowsdecoder/flowsdecoder.go b/format/inet/flowsdecoder/flowsdecoder.go
@@ -30,7 +30,7 @@ type TCPConnection struct {
 	Client     TCPDirection
 	Server     TCPDirection
 	tcpState   *reassembly.TCPSimpleFSM
-	optChecker reassembly.TCPOptionCheck
+	optChecker *reassembly.TCPOptionCheck
 	net        gopacket.Flow
 	transport  gopacket.Flow
 }
@@ -41,10 +41,12 @@ func (t *TCPConnection) Accept(tcp *layers.TCP, ci gopacket.CaptureInfo, dir rea
 		// TODO: handle err?
 		return false
 	}
-	// has ok options?
-	if err := t.optChecker.Accept(tcp, ci, dir, nextSeq, start); err != nil {
-		// TODO: handle err?
-		return false
+	if t.optChecker != nil {
+		// has ok options?
+		if err := t.optChecker.Accept(tcp, ci, dir, nextSeq, start); err != nil {
+			// TODO: handle err?
+			return false
+		}
 	}
 	// TODO: checksum?
 
@@ -127,10 +129,14 @@ func (fd *Decoder) New(net, transport gopacket.Flow, tcp *layers.TCP, ac reassem
 			Buffer: &bytes.Buffer{},
 		},
 
-		net:        net,
-		transport:  transport,
-		tcpState:   reassembly.NewTCPSimpleFSM(fsmOptions),
-		optChecker: reassembly.NewTCPOptionCheck(),
+		net:       net,
+		transport: transport,
+		tcpState:  reassembly.NewTCPSimpleFSM(fsmOptions),
+	}
+
+	if fd.Options.CheckTCPOptions {
+		c := reassembly.NewTCPOptionCheck()
+		stream.optChecker = &c
 	}
 
 	fd.TCPConnections = append(fd.TCPConnections, stream)
@@ -139,15 +145,23 @@ func (fd *Decoder) New(net, transport gopacket.Flow, tcp *layers.TCP, ac reassem
 }
 
 type Decoder struct {
+	Options DecoderOptions
+
 	TCPConnections  []*TCPConnection
 	IPV4Reassembled []IPV4Reassembled
 
 	ipv4Defrag   *ip4defrag.IPv4Defragmenter
 	tcpAssembler *reassembly.Assembler
 }
 
-func New() *Decoder {
-	flowDecoder := &Decoder{}
+type DecoderOptions struct {
+	CheckTCPOptions bool
+}
+
+func New(options DecoderOptions) *Decoder {
+	flowDecoder := &Decoder{
+		Options: options,
+	}
 	streamPool := reassembly.NewStreamPool(flowDecoder)
 	tcpAssembler := reassembly.NewAssembler(streamPool)
 	flowDecoder.tcpAssembler = tcpAssembler

diff --git a/format/pcap/pcap.go b/format/pcap/pcap.go
@@ -90,7 +90,7 @@ func decodePcap(d *decode.D, _ any) any {
 	})
 
 	d.Endian = endian
-	fd := flowsdecoder.New()
+	fd := flowsdecoder.New(flowsdecoder.DecoderOptions{CheckTCPOptions: false})
 
 	d.FieldArray("packets", func(d *decode.D) {
 		for !d.End() {

diff --git a/format/pcap/pcapng.go b/format/pcap/pcapng.go
@@ -364,7 +364,7 @@ type decodeContext struct {
 func decodePcapng(d *decode.D, _ any) any {
 	sectionHeaders := 0
 	for !d.End() {
-		fd := flowsdecoder.New()
+		fd := flowsdecoder.New(flowsdecoder.DecoderOptions{CheckTCPOptions: false})
 		dc := decodeContext{
 			interfaceTypes: map[int]int{},
 			flowDecoder:    fd,

diff --git a/format/pcap/testdata/sll2_tcp_mss_wrong.fqtest b/format/pcap/testdata/sll2_tcp_mss_wrong.fqtest
@@ -0,0 +1,19 @@
+# test that fq ignores tcp mss option that is too small as it seems to be unreliable when dumping packets
+$ fq -d pcap '.tcp_connections | dv' sll2_tcp_mss_wrong.pcap
+     |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.tcp_connections[0:1]: 0x1e5-NA (0)
+     |                                               |                |  [0]{}: tcp_connection 0x1e5-NA (0)
+     |                                               |                |    client{}: 0x1e5-NA (0)
+     |                                               |                |      ip: "127.0.0.1" 0x1e5-NA (0)
+     |                                               |                |      port: 47174 0x1e5-NA (0)
+     |                                               |                |      has_start: true 0x1e5-NA (0)
+     |                                               |                |      has_end: false 0x1e5-NA (0)
+     |                                               |                |      skipped_bytes: 0 0x1e5-NA (0)
+     |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|
+  0x0|74 65 73 74 0a|                                |test.|          |      stream: raw bits 0x0-0x4.7 (5)
+     |                                               |                |    server{}: 0x1e5-NA (0)
+     |                                               |                |      ip: "127.0.0.1" 0x1e5-NA (0)
+     |                                               |                |      port: 1234 0x1e5-NA (0)
+     |                                               |                |      has_start: true 0x1e5-NA (0)
+     |                                               |                |      has_end: false 0x1e5-NA (0)
+     |                                               |                |      skipped_bytes: 0 0x1e5-NA (0)
+     |00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|      stream: raw bits 0x0-NA (0)
diff --git a/format/pcap/testdata/sll2_tcp_mss_wrong.pcap b/format/pcap/testdata/sll2_tcp_mss_wrong.pcap