advance the packet data pointer
OSPF: Print more truncation indications
OSPF: Add more length checks
+ TCP: Add support for the AE (AccECN) flag.
User interface:
Add optional unit suffix on -C file size.
Add --print-sampling to print every Nth packet instead of all.
{ TH_URG, "U" },
{ TH_ECNECHO, "E" },
{ TH_CWR, "W" },
+ { TH_AE, "e" },
{ 0, NULL }
};
{
const struct tcphdr *tp;
const struct ip *ip;
- u_char flags;
+ uint16_t flags;
u_int hlen;
char ch;
uint16_t sport, dport, win, urp;
return;
}
- flags = GET_U_1(tp->th_flags);
+ flags = tcp_get_flags(tp);
ND_PRINT("Flags [%s]", bittok2str_nosep(tcp_flag_values, "none", flags));
if (!ndo->ndo_Sflag && (flags & TH_ACK)) {
};
#define TH_OFF(th) ((GET_U_1((th)->th_offx2) & 0xf0) >> 4)
+#define tcp_get_flags(th) ((GET_U_1((th)->th_flags)) | \
+ ((GET_U_1((th)->th_offx2) & 0x0f) << 8))
/* TCP flags */
#define TH_FIN 0x01
#define TH_URG 0x20
#define TH_ECNECHO 0x40 /* ECN Echo */
#define TH_CWR 0x80 /* ECN Cwnd Reduced */
+#define TH_AE 0x100 /* AccECN (draft-ietf-tcpm-accurate-ecn;rfc7560) part of L4S (rfc9330) */
extern const struct tok tcp_flag_values[];
.RE
\fISrc\fP and \fIdst\fP are the source and destination IP
addresses and ports.
-\fITcpflags\fP are some combination of S (SYN),
-F (FIN), P (PSH), R (RST), U (URG), W (CWR), E (ECE) or
+\fITcpflags\fP are some combination of S (SYN), F (FIN),
+P (PSH), R (RST), U (URG), W (CWR), E (ECE), e (AE) or
`.' (ACK), or `none' if no flags are set.
\fIData-seqno\fP describes the portion of sequence space covered
by the data in this packet (see example below).
it as ``[\fIbad hdr length\fP]''.
.SS Particular TCP Flag Combinations (SYN-ACK, URG-ACK, etc.)
.PP
-There are 8 bits in the control bits section of the TCP header:
-.IP
-.I CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
-.PP
+There are 9 bits in the control bits section of the TCP header:
+.LP
+\fIAE(e) CWR(W) ECE(E) URG(U) ACK(.) PSH(P) RST(R) SYN(S) FIN(F)\fP
+.LP
Let's assume that we want to watch packets used in establishing
a TCP connection.
Recall that TCP uses a 3-way handshake protocol
-----------------------------------------------------------------
| acknowledgment number |
-----------------------------------------------------------------
-| HL | rsvd |C|E|U|A|P|R|S|F| window size |
+|header |re |A|C|E|U|A|P|R|S|F| |
+|length |serv |E|W|C|R|C|S|S|Y|I| window size |
+| | ed | |R|E|G|K|H|T|N|N| |
-----------------------------------------------------------------
| TCP checksum | urgent pointer |
-----------------------------------------------------------------
second line shows octets 4 - 7 etc.
.PP
Starting to count with 0, the relevant TCP control bits are contained
-in octet 13:
+in octets 12 and 13:
.PP
.nf
0 7| 15| 23| 31
----------------|---------------|---------------|----------------
-| HL | rsvd |C|E|U|A|P|R|S|F| window size |
+|header |re |A|C|E|U|A|P|R|S|F| |
+|length |serv |E|W|C|R|C|S|S|Y|I| window size |
+| | ed | |R|E|G|K|H|T|N|N| |
----------------|---------------|---------------|----------------
| | 13th octet | | |
.fi
| |
|---------------|
|C|E|U|A|P|R|S|F|
+ |W|C|R|C|S|S|Y|I|
+ |R|E|G|K|H|T|N|N|
|---------------|
|7 5 3 0|
.fi
.PP
.nf
|C|E|U|A|P|R|S|F|
+ |W|C|R|C|S|S|Y|I|
+ |R|E|G|K|H|T|N|N|
|---------------|
|0 0 0 0 0 0 1 0|
|---------------|
.PP
.nf
|C|E|U|A|P|R|S|F|
+ |W|C|R|C|S|S|Y|I|
+ |R|E|G|K|H|T|N|N|
|---------------|
|0 0 0 1 0 0 1 0|
|---------------|
lwres-pointer-arithmetic-ub lwres-pointer-arithmetic-ub.pcap lwres-pointer-arithmetic-ub.out
ospf-signed-integer-ubsan ospf-signed-integer-ubsan.pcap ospf-signed-integer-ubsan.out -vv
bgp-ub bgp-ub.pcap bgp-ub.out -v
+
+# AccECN tests
+accecn_handshake accecn_handshake.pcap accecn_handshake.out -v
--- /dev/null
+ 1 2022-07-26 06:26:07.794026 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
+ 31.133.146.248.16433 > 66.228.43.12.80: Flags [SEWe], cksum 0x209c (incorrect -> 0xe443), seq 1948076589, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 112147477 ecr 0], length 0
+ 2 2022-07-26 06:26:08.016156 IP (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto TCP (6), length 72)
+ 66.228.43.12.80 > 31.133.146.248.16433: Flags [S.W], cksum 0x22a8 (correct), seq 2972234643, ack 1948076590, win 65160, options [mss 1460,sackOK,TS val 2783239876 ecr 112147477,exp-acc0,wscale 7], length 0
+ 3 2022-07-26 06:26:08.016573 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 68)
+ 31.133.146.248.16433 > 66.228.43.12.80: Flags [.W], cksum 0x20a4 (incorrect -> 0x3b19), ack 1, win 1027, options [nop,nop,TS val 112147698 ecr 2783239876,exp-acc0,eol], length 0
+ 4 2022-07-26 06:26:08.017141 IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 130)
+ 31.133.146.248.16433 > 66.228.43.12.80: Flags [P.Ee], cksum 0x20e2 (incorrect -> 0x9373), seq 1:79, ack 1, win 1027, options [nop,nop,TS val 112147698 ecr 2783239876], length 78: HTTP, length: 78
+ GET /1M HTTP/1.1
+ Host: 66.228.43.12
+ User-Agent: curl/7.69.1
+ Accept: */*
+
+ 5 2022-07-26 06:26:08.056144 IP (tos 0x1,ECT(1), ttl 54, id 45724, offset 0, flags [DF], proto TCP (6), length 52)
+ 66.228.43.12.80 > 31.133.146.248.16433: Flags [.Ee], cksum 0x26c6 (correct), ack 79, win 509, options [nop,nop,TS val 2783239918 ecr 112147698], length 0
+ 6 2022-07-26 06:26:08.075386 IP (tos 0x1,ECT(1), ttl 54, id 45725, offset 0, flags [DF], proto TCP (6), length 1500)
+ 66.228.43.12.80 > 31.133.146.248.16433: Flags [.Ee], cksum 0xcfbd (correct), seq 1:1449, ack 79, win 509, options [nop,nop,TS val 2783239922 ecr 112147698], length 1448: HTTP, length: 1448
+ HTTP/1.1 200 OK
+ Date: Mon, 25 Jul 2022 15:45:42 GMT
+ Server: Apache/2.4.41 (Ubuntu)
+ Last-Modified: Sun, 24 Jul 2022 18:49:15 GMT
+ ETag: "f4240-5e491862a86d8"
+ Accept-Ranges: bytes
+ Content-Length: 1000000
+
0x0010: b1b1 b1b1 b158 5e0a 02f4 0ab1 0402 0f0f .....X^.........
0x0020: ff80 0f0f 0f0f 0f00 80a1 00b2 b2b2 b20d ................
0x0030: 0d3a 3400 0001 00 .:4....
- 5 1970-03-17 20:26:40.2097152 IP 6.3.218.255.6379 > 0.1.31.99.52759: Flags [S.UW], seq 2751463404:2751463426, ack 1006637056, win 45746, urg 25778, length 22: RESP [|resp]
- 6 1970-03-17 20:27:12.000000 IP 6.3.208.255.6379 > 0.1.31.99.52759: Flags [S.UW], seq 2751463404:2751463426, ack 1006640128, win 45746, urg 25778, length 22: RESP "M-2M-2M-2M-2M-2M-7dM-2M-2M-2M-2M-2" [|resp]
+ 5 1970-03-17 20:26:40.2097152 IP 6.3.218.255.6379 > 0.1.31.99.52759: Flags [S.UWe], seq 2751463404:2751463426, ack 1006637056, win 45746, urg 25778, length 22: RESP [|resp]
+ 6 1970-03-17 20:27:12.000000 IP 6.3.208.255.6379 > 0.1.31.99.52759: Flags [S.UWe], seq 2751463404:2751463426, ack 1006640128, win 45746, urg 25778, length 22: RESP "M-2M-2M-2M-2M-2M-7dM-2M-2M-2M-2M-2" [|resp]
7 1970-03-17 20:27:12.000000 IP 208.21.10.1.654 > 31.99.100.232.80: aodv rrep 34 prefix 4 hops 11
dst 237.34.38.84 dseq 32203525 src 232.11.2.0 67108864 ms
ext 0 0
1 1995-08-15 05:27:12.808464432 unknown ip 3
- 2 1995-08-15 05:27:12.808464432 IP6 3030:3030:3030:3030:3030:3030:3030:3030.10288 > 3030:3030:3030:3030:3030:3030:3030:3030.12336: Flags [.U], seq 808464432:808476740, ack 808464432, win 12336, urg 12336, options [eol], length 12308 [remaining caplen(24) < header length(28)] [|tcp]
+ 2 1995-08-15 05:27:12.808464432 IP6 3030:3030:3030:3030:3030:3030:3030:3030.10288 > 3030:3030:3030:3030:3030:3030:3030:3030.12336: Flags [.Ue], seq 808464432:808476740, ack 808464432, win 12336, urg 12336, options [eol], length 12308 [remaining caplen(24) < header length(28)] [|tcp]
1 1970-03-16 01:04:13.49220352 IP (tos 0x1f,CE, ttl 254, id 38671, offset 0, flags [+, DF, rsvd], proto TCP (6), length 4135, bad cksum 200 (->1fdd)!)
- 226.219.0.0.179 > 16.233.34.0.100: Flags [SPUE], seq 347537408:347541483, win 511, urg 65535, options [eol], length 4075: BGP [|bgp]
+ 226.219.0.0.179 > 16.233.34.0.100: Flags [SPUEe], seq 347537408:347541483, win 511, urg 65535, options [eol], length 4075: BGP [|bgp]
Open Message (1), length: 59
Version 255, my AS 65528, Holdtime 4324s, ID 144.8.32.4
Optional parameters, length: 29
1 1970-03-16 01:04:13.49220352 IP (tos 0x1f,CE, ttl 254, id 38671, offset 0, flags [+, DF, rsvd], proto TCP (6), length 4135, bad cksum 200 (->1fdd)!)
- 226.219.0.0.179 > 16.233.34.0.100: Flags [SPUE], seq 347537408:347541483, win 511, urg 65535, options [eol], length 4075: BGP [|bgp]
+ 226.219.0.0.179 > 16.233.34.0.100: Flags [SPUEe], seq 347537408:347541483, win 511, urg 65535, options [eol], length 4075: BGP [|bgp]
Open Message (1), length: 59
Version 255, my AS 65528, Holdtime 4324s, ID 144.8.32.4
Optional parameters, length: 29
1 1975-04-27 04:29:01.371655446 IP (tos 0xff,CE, ttl 254, id 32783, offset 0, flags [rsvd], proto TCP (6), length 65535, bad cksum 8e15 (->5bbf)!)
- 241.0.128.39.179 > 239.0.0.1.0: Flags [none], seq 4144029695:4144095150, win 65535, options [eol], length 65455: BGP [|bgp]
+ 241.0.128.39.179 > 239.0.0.1.0: Flags [e], seq 4144029695:4144095150, win 65535, options [eol], length 65455: BGP [|bgp]
Update Message (2), length: 45
Withdrawn routes:
(illegal prefix length) [|bgp] [|bgp]
1 1995-08-15 05:27:12.808464432 IP (tos 0x30, ttl 48, id 12336, offset 0, flags [DF], proto TCP (6), length 12336, bad cksum 3030 (->29a8)!)
- 48.48.48.48.12336 > 48.48.48.48.12336: Flags [.U], seq 808464432:808476688, ack 808464432, win 12336, urg 12336, options [unknown-48 0x3030303030303030 [|tcp]
+ 48.48.48.48.12336 > 48.48.48.48.12336: Flags [.Ue], seq 808464432:808476688, ack 808464432, win 12336, urg 12336, options [unknown-48 0x3030303030303030 [|tcp]
1 1975-04-27 03:20:48.134349590 IP [total length 62 > length 50] (invalid) (tos 0x0, ttl 254, id 13327, offset 0, flags [+, DF, rsvd], proto TCP (6), length 62, bad cksum 8e7f (->c283)!)
- 19.128.128.20.323 > 76.19.6.127.49600: Flags [none], seq 2684354563:2684354585, win 28672, length 22
+ 19.128.128.20.323 > 76.19.6.127.49600: Flags [e], seq 2684354563:2684354585, win 28672, length 22
RPKI-RTRv171 (unknown)
projects / tcpdump / commitdiff
