mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-09-03 15:55:19 +00:00
Code Issues Releases Wiki Activity

pcap-file: Allow capturing TCP streams where the SYN is not seen.

Browse Source 
Until now, the tcp_stream() code has ignored any TCP packets that don't
correspond to a stream that began with a TCP SYN.  This commit changes the
code so that any TCP packet that contains a payload starts a new stream.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Reported-by: Vasu Dasari <vdasari@gmail.com>
This commit is contained in:
Ben Pfaff
2014-02-04 09:01:16 -08:00
parent 94b8c324a1
commit 276e2864c5
2 changed files with 41 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
AUTHORS
View File

@@ -246,6 +246,7 @@ Timothy Chen tchen@nicira.com
Torbjorn Tornkvist kruskakli@gmail.com Torbjorn Tornkvist kruskakli@gmail.com
Valentin Bud valentin@hackaserver.com Valentin Bud valentin@hackaserver.com
Vasiliy Tolstov v.tolstov@selfip.ru Vasiliy Tolstov v.tolstov@selfip.ru
Vasu Dasari vdasari@gmail.com
Vishal Swarankar vishal.swarnkar@gmail.com Vishal Swarankar vishal.swarnkar@gmail.com
Vjekoslav Brajkovic balkan@cs.washington.edu Vjekoslav Brajkovic balkan@cs.washington.edu
Voravit T. voravit@kth.se Voravit T. voravit@kth.se

63
lib/pcap-file.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2009, 2010, 2012, 2013 Nicira, Inc. * Copyright (c) 2009, 2010, 2012, 2013, 2014 Nicira, Inc.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -254,28 +254,27 @@ tcp_reader_close(struct tcp_reader *r)
} }
static struct tcp_stream * static struct tcp_stream *
tcp_stream_lookup(struct tcp_reader *r, const struct flow *flow) tcp_stream_lookup(struct tcp_reader *r,
const struct tcp_key *key, uint32_t hash)
{ {
struct tcp_stream *stream; struct tcp_stream *stream;
struct tcp_key key;
uint32_t hash;
memset(&key, 0, sizeof key);
key.nw_src = flow->nw_src;
key.nw_dst = flow->nw_dst;
key.tp_src = flow->tp_src;
key.tp_dst = flow->tp_dst;
hash = hash_bytes(&key, sizeof key, 0);
HMAP_FOR_EACH_WITH_HASH (stream, hmap_node, hash, &r->streams) { HMAP_FOR_EACH_WITH_HASH (stream, hmap_node, hash, &r->streams) {
if (!memcmp(&stream->key, &key, sizeof key)) { if (!memcmp(&stream->key, key, sizeof *key)) {
return stream; return stream;
} }
} }
return NULL;
}
static struct tcp_stream *
tcp_stream_new(struct tcp_reader *r, const struct tcp_key *key, uint32_t hash)
{
struct tcp_stream *stream;
stream = xmalloc(sizeof *stream); stream = xmalloc(sizeof *stream);
hmap_insert(&r->streams, &stream->hmap_node, hash); hmap_insert(&r->streams, &stream->hmap_node, hash);
memcpy(&stream->key, &key, sizeof key); memcpy(&stream->key, key, sizeof *key);
stream->seq_no = 0; stream->seq_no = 0;
ofpbuf_init(&stream->payload, 2048); ofpbuf_init(&stream->payload, 2048);
return stream; return stream;
@@ -299,6 +298,9 @@ tcp_reader_run(struct tcp_reader *r, const struct flow *flow,
struct tcp_stream *stream; struct tcp_stream *stream;
struct tcp_header *tcp; struct tcp_header *tcp;
struct ofpbuf *payload; struct ofpbuf *payload;
unsigned int l7_length;
struct tcp_key key;
uint32_t hash;
uint32_t seq; uint32_t seq;
uint8_t flags; uint8_t flags;
@@ -307,14 +309,32 @@ tcp_reader_run(struct tcp_reader *r, const struct flow *flow,
|| !packet->l7) { || !packet->l7) {
return NULL; return NULL;
} }
stream = tcp_stream_lookup(r, flow);
payload = &stream->payload;
tcp = packet->l4; tcp = packet->l4;
flags = TCP_FLAGS(tcp->tcp_ctl); flags = TCP_FLAGS(tcp->tcp_ctl);
l7_length = (char *) ofpbuf_end(packet) - (char *) packet->l7;
seq = ntohl(get_16aligned_be32(&tcp->tcp_seq)); seq = ntohl(get_16aligned_be32(&tcp->tcp_seq));
if (flags & TCP_SYN) {
/* Construct key. */
memset(&key, 0, sizeof key);
key.nw_src = flow->nw_src;
key.nw_dst = flow->nw_dst;
key.tp_src = flow->tp_src;
key.tp_dst = flow->tp_dst;
hash = hash_bytes(&key, sizeof key, 0);
/* Find existing stream or start a new one for a SYN or if there's data. */
stream = tcp_stream_lookup(r, &key, hash);
if (!stream) {
if (flags & TCP_SYN || l7_length) {
stream = tcp_stream_new(r, &key, hash);
stream->seq_no = flags & TCP_SYN ? seq + 1 : seq;
} else {
return NULL;
}
}
payload = &stream->payload;
if (flags & TCP_SYN || !stream->seq_no) {
ofpbuf_clear(payload); ofpbuf_clear(payload);
stream->seq_no = seq + 1; stream->seq_no = seq + 1;
return NULL; return NULL;
@@ -322,16 +342,13 @@ tcp_reader_run(struct tcp_reader *r, const struct flow *flow,
tcp_stream_destroy(r, stream); tcp_stream_destroy(r, stream);
return NULL; return NULL;
} else if (seq == stream->seq_no) { } else if (seq == stream->seq_no) {
size_t length;
/* Shift all of the existing payload to the very beginning of the /* Shift all of the existing payload to the very beginning of the
* allocated space, so that we reuse allocated space instead of * allocated space, so that we reuse allocated space instead of
* continually expanding it. */ * continually expanding it. */
ofpbuf_shift(payload, (char *) payload->base - (char *) payload->data); ofpbuf_shift(payload, (char *) payload->base - (char *) payload->data);
length = (char *) ofpbuf_end(packet) - (char *) packet->l7; ofpbuf_put(payload, packet->l7, l7_length);
ofpbuf_put(payload, packet->l7, length); stream->seq_no += l7_length;
stream->seq_no += length;
return payload; return payload;
} else { } else {
return NULL; return NULL;