Skip to content

Commit

Permalink
tcp_segment: Decode standard options and rename maxseg to mss
Browse files Browse the repository at this point in the history
  • Loading branch information
@wader
wader committed Jan 31, 2023
1 parent 20464eb commit 62e2cef
Show file tree
Hide file tree
Showing 8 changed files with 222 additions and 115 deletions.
49 changes: 39 additions & 10 deletions format/inet/tcp_segment.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,18 +19,23 @@ func init() {
}

const (
tcpOptionEnd = 0
tcpOptionNop = 1
tcpOptionEnd = 0
tcpOptionNop = 1
tcpOptionMSS = 2
tcpOptionWinscale = 3
tcpOptionSackPermitted = 4
tcpOptionSack = 5
tcpOptionTimestamp = 8
)

var tcpOptionsMap = scalar.UintMap{
tcpOptionEnd: {Sym: "end", Description: "End of options list"},
tcpOptionNop: {Sym: "nop", Description: "No operation"},
2: {Sym: "maxseg", Description: "Maximum segment size"},
3: {Sym: "winscale", Description: "Window scale"},
4: {Sym: "sack_permitted", Description: "Selective Acknowledgement permitted"},
5: {Sym: "sack", Description: "Selective ACKnowledgement"},
8: {Sym: "timestamp", Description: "Timestamp and echo of previous timestamp"},
tcpOptionEnd: {Sym: "end", Description: "End of options list"},
tcpOptionNop: {Sym: "nop", Description: "No operation"},
tcpOptionMSS: {Sym: "mss", Description: "Maximum segment size"},
tcpOptionWinscale: {Sym: "winscale", Description: "Window scale"},
tcpOptionSackPermitted: {Sym: "sack_permitted", Description: "Selective Acknowledgement permitted"},
tcpOptionSack: {Sym: "sack", Description: "Selective Acknowledgement"},
tcpOptionTimestamp: {Sym: "timestamp", Description: "Timestamp and echo of previous timestamp"},
}

func decodeTCP(d *decode.D, in any) any {
Expand Down Expand Up @@ -67,9 +72,33 @@ func decodeTCP(d *decode.D, in any) any {
kind := d.FieldU8("kind", tcpOptionsMap)
switch kind {
case tcpOptionEnd, tcpOptionNop:
// has no length or data
default:
l := d.FieldU8("length")
d.FieldRawLen("data", (int64(l-2))*8)
switch kind {
case tcpOptionMSS:
d.FieldU16("size")
case tcpOptionWinscale:
d.FieldU8("shift")
case tcpOptionSackPermitted:
// none
case tcpOptionSack:
d.FramedFn((int64(l-2))*8, func(d *decode.D) {
d.FieldArray("blocks", func(d *decode.D) {
for !d.End() {
d.FieldStruct("block", func(d *decode.D) {
d.FieldU32("left_edge")
d.FieldU32("right_edge")
})
}
})
})
case tcpOptionTimestamp:
d.FieldU32("value")
d.FieldU32("echo_reply")
default:
d.FieldRawLen("data", (int64(l-2))*8)
}
}
})
}
Expand Down
10 changes: 5 additions & 5 deletions format/inet/testdata/tcp_segment.fqtest
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,27 +21,27 @@ $ fq -d tcp_segment dv tcp_segment
0x10| 00 00 | .. | urgent_pointer: 0 0x12-0x13.7 (2)
| | | options[0:9]: 0x14-0x2b.7 (24)
| | | [0]{}: option 0x14-0x17.7 (4)
0x10| 02 | . | kind: "maxseg" (2) (Maximum segment size) 0x14-0x14.7 (1)
0x10| 02 | . | kind: "mss" (2) (Maximum segment size) 0x14-0x14.7 (1)
0x10| 04 | . | length: 4 0x15-0x15.7 (1)
0x10| 05 b4 | .. | data: raw bits 0x16-0x17.7 (2)
0x10| 05 b4 | .. | size: 1460 0x16-0x17.7 (2)
| | | [1]{}: option 0x18-0x18.7 (1)
0x10| 01 | . | kind: "nop" (1) (No operation) 0x18-0x18.7 (1)
| | | [2]{}: option 0x19-0x1b.7 (3)
0x10| 03 | . | kind: "winscale" (3) (Window scale) 0x19-0x19.7 (1)
0x10| 03 | . | length: 3 0x1a-0x1a.7 (1)
0x10| 05 | . | data: raw bits 0x1b-0x1b.7 (1)
0x10| 05 | . | shift: 5 0x1b-0x1b.7 (1)
| | | [3]{}: option 0x1c-0x1c.7 (1)
0x10| 01 | . | kind: "nop" (1) (No operation) 0x1c-0x1c.7 (1)
| | | [4]{}: option 0x1d-0x1d.7 (1)
0x10| 01 | . | kind: "nop" (1) (No operation) 0x1d-0x1d.7 (1)
| | | [5]{}: option 0x1e-0x27.7 (10)
0x10| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x1e-0x1e.7 (1)
0x10| 0a| .| length: 10 0x1f-0x1f.7 (1)
0x20|4b 2a 91 21 00 00 00 00 |K*.!.... | data: raw bits 0x20-0x27.7 (8)
0x20|4b 2a 91 21 |K*.! | value: 1261080865 0x20-0x23.7 (4)
0x20| 00 00 00 00 | .... | echo_reply: 0 0x24-0x27.7 (4)
| | | [6]{}: option 0x28-0x29.7 (2)
0x20| 04 | . | kind: "sack_permitted" (4) (Selective Acknowledgement permitted) 0x28-0x28.7 (1)
0x20| 02 | . | length: 2 0x29-0x29.7 (1)
| | | data: raw bits 0x2a-NA (0)
| | | [7]{}: option 0x2a-0x2a.7 (1)
0x20| 00 | . | kind: "end" (0) (End of options list) 0x2a-0x2a.7 (1)
| | | [8]{}: option 0x2b-0x2b.7 (1)
Expand Down
Binary file added format/inet/testdata/tcp_segment_sack
View file
Binary file not shown.
42 changes: 42 additions & 0 deletions format/inet/testdata/tcp_segment_sack.fqtest
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
$ fq -d tcp_segment dv tcp_segment_sack
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.{}: tcp_segment_sack (tcp_segment) 0x0-0x2b.7 (44)
0x00|e5 c0 |.. | source_port: 58816 0x0-0x1.7 (2)
0x00| 00 50 | .P | destination_port: "http" (80) (World Wide Web HTTP) 0x2-0x3.7 (2)
0x00| e5 94 3f 77 | ..?w | sequence_number: 3851698039 0x4-0x7.7 (4)
0x00| a3 c4 c4 80 | .... | acknowledgment_number: 2747581568 0x8-0xb.7 (4)
0x00| b0 | . | data_offset: 11 0xc-0xc.3 (0.4)
0x00| b0 | . | reserved: 0 0xc.4-0xc.6 (0.3)
0x00| b0 | . | ns: false 0xc.7-0xc.7 (0.1)
0x00| 10 | . | cwr: false 0xd-0xd (0.1)
0x00| 10 | . | ece: false 0xd.1-0xd.1 (0.1)
0x00| 10 | . | urg: false 0xd.2-0xd.2 (0.1)
0x00| 10 | . | ack: true 0xd.3-0xd.3 (0.1)
0x00| 10 | . | psh: false 0xd.4-0xd.4 (0.1)
0x00| 10 | . | rst: false 0xd.5-0xd.5 (0.1)
0x00| 10 | . | syn: false 0xd.6-0xd.6 (0.1)
0x00| 10 | . | fin: false 0xd.7-0xd.7 (0.1)
0x00| 01 3e| .>| window_size: 318 0xe-0xf.7 (2)
0x10|34 b6 |4. | checksum: 0x34b6 0x10-0x11.7 (2)
0x10| 00 00 | .. | urgent_pointer: 0 0x12-0x13.7 (2)
| | | options[0:6]: 0x14-0x2b.7 (24)
| | | [0]{}: option 0x14-0x14.7 (1)
0x10| 01 | . | kind: "nop" (1) (No operation) 0x14-0x14.7 (1)
| | | [1]{}: option 0x15-0x15.7 (1)
0x10| 01 | . | kind: "nop" (1) (No operation) 0x15-0x15.7 (1)
| | | [2]{}: option 0x16-0x1f.7 (10)
0x10| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x16-0x16.7 (1)
0x10| 0a | . | length: 10 0x17-0x17.7 (1)
0x10| 00 17 95 6f | ...o | value: 1545583 0x18-0x1b.7 (4)
0x10| 8d 9d 9e 27| ...'| echo_reply: 2375917095 0x1c-0x1f.7 (4)
| | | [3]{}: option 0x20-0x20.7 (1)
0x20|01 |. | kind: "nop" (1) (No operation) 0x20-0x20.7 (1)
| | | [4]{}: option 0x21-0x21.7 (1)
0x20| 01 | . | kind: "nop" (1) (No operation) 0x21-0x21.7 (1)
| | | [5]{}: option 0x22-0x2b.7 (10)
0x20| 05 | . | kind: "sack" (5) (Selective Acknowledgement) 0x22-0x22.7 (1)
0x20| 0a | . | length: 10 0x23-0x23.7 (1)
| | | blocks[0:1]: 0x24-0x2b.7 (8)
| | | [0]{}: block 0x24-0x2b.7 (8)
0x20| a3 c4 ca 28 | ...( | left_edge: 2747583016 0x24-0x27.7 (4)
0x20| a3 c4 cf d0| | ....| | right_edge: 2747584464 0x28-0x2b.7 (4)
| | | payload: raw bits 0x2c-NA (0)

0 comments on commit 62e2cef

Please sign in to comment.