osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

TCP: Add expert info for ignored TCP Fast Open data 

Report case 2b from https://tools.ietf.org/html/rfc7413#page-6 where the
server drops the data and sends a SYN-ACK acknowleding only the SYN
sequence number. Tested with tfo.pcapng from the linked bug.

Bug: 16559
Change-Id: Ia03b923f8192f025e2e81716e615d49db4bafe91
Reviewed-on: https://code.wireshark.org/review/37161
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This commit is contained in:
Peter Wu 2020-05-07 23:40:55 +02:00
parent 099d241046
commit 65806b69c5
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
epan/dissectors/packet-tcp.c
View File

@ -384,6 +384,7 @@ static expert_field ei_tcp_analysis_zero_window = EI_INIT;
static expert_field ei_tcp_analysis_zero_window_probe_ack = EI_INIT;
static expert_field ei_tcp_analysis_tfo_syn = EI_INIT;
static expert_field ei_tcp_analysis_tfo_ack = EI_INIT;
static expert_field ei_tcp_analysis_tfo_ignored = EI_INIT;
static expert_field ei_tcp_scps_capable = EI_INIT;
static expert_field ei_tcp_option_snack_sequence = EI_INIT;
static expert_field ei_tcp_option_wscale_shift_invalid = EI_INIT;
@ -3981,6 +3982,7 @@ dissect_tcpopt_tfo_payload(tvbuff_t *tvb, int offset, guint optlen,
{
proto_item *ti;
struct tcpheader *tcph = (struct tcpheader*)data;
struct tcp_analysis *tcpd;
if (optlen == 2) {
/* Fast Open Cookie Request */
@ -3994,6 +3996,14 @@ dissect_tcpopt_tfo_payload(tvbuff_t *tvb, int offset, guint optlen,
col_append_str(pinfo->cinfo, COL_INFO, " TFO=C");
if ((tcph->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) {
expert_add_info(pinfo, ti, &ei_tcp_analysis_tfo_syn);
/* Is this a SYN with data and the cookie? */
if (tcph->th_have_seglen && tcph->th_seglen) {
tcpd = get_tcp_conversation_data(NULL, pinfo);
if (tcpd) {
tcpd->tfo_syn_data = 1;
}
}
}
}
}
@ -6412,6 +6422,8 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
if ((tcp_relative_seq && tcph->th_ack > 1) ||
(!tcp_relative_seq && tcpd && (tcph->th_ack - tcpd->rev->base_seq) > 1)) {
expert_add_info(pinfo, tf, &ei_tcp_analysis_tfo_ack);
} else if (tcpd && tcpd->tfo_syn_data) {
expert_add_info(pinfo, tf, &ei_tcp_analysis_tfo_ignored);
}
}
} else {
@ -7719,7 +7731,8 @@ proto_register_tcp(void)
{ &ei_tcp_analysis_zero_window, { "tcp.analysis.zero_window", PI_SEQUENCE, PI_WARN, "TCP Zero Window segment", EXPFILL }},
{ &ei_tcp_analysis_zero_window_probe_ack, { "tcp.analysis.zero_window_probe_ack", PI_SEQUENCE, PI_NOTE, "ACK to a TCP Zero Window Probe", EXPFILL }},
{ &ei_tcp_analysis_tfo_syn, { "tcp.analysis.tfo_syn", PI_SEQUENCE, PI_NOTE, "TCP SYN with TFO Cookie", EXPFILL }},
{ &ei_tcp_analysis_tfo_ack, { "tcp.analysis.tfo_ack", PI_SEQUENCE, PI_NOTE, "TCP SYN-ACK accepting data", EXPFILL }},
{ &ei_tcp_analysis_tfo_ack, { "tcp.analysis.tfo_ack", PI_SEQUENCE, PI_NOTE, "TCP SYN-ACK accepting TFO data", EXPFILL }},
{ &ei_tcp_analysis_tfo_ignored, { "tcp.analysis.tfo_ignored", PI_SEQUENCE, PI_NOTE, "TCP SYN-ACK ignoring TFO data", EXPFILL }},
{ &ei_tcp_scps_capable, { "tcp.analysis.zero_window_probe_ack", PI_SEQUENCE, PI_NOTE, "Connection establish request (SYN-ACK): SCPS Capabilities Negotiated", EXPFILL }},
{ &ei_tcp_option_snack_sequence, { "tcp.options.snack.sequence", PI_SEQUENCE, PI_NOTE, "SNACK Sequence", EXPFILL }},
{ &ei_tcp_option_wscale_shift_invalid, { "tcp.options.wscale.shift.invalid", PI_PROTOCOL, PI_WARN, "Window scale shift exceeds 14", EXPFILL }},

5
epan/dissectors/packet-tcp.h
View File

@ -446,6 +446,11 @@ struct tcp_analysis {
*/
guint16 server_port;
/* Set when the client sends a SYN with data and the cookie in the Fast Open
* option.
*/
guint8 tfo_syn_data : 1;
/* allocated only when mptcp enabled
* several tcp_analysis may refer to the same mptcp_analysis
* can exist without any meta