5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 2
12 * of the License, or (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 #ifndef __PACKET_TCP_H__
25 #define __PACKET_TCP_H__
37 /* Idea for gt: either x > y, or y is much bigger (assume wrap) */
38 #define GT_SEQ(x, y) ((gint32)((y) - (x)) < 0)
39 #define LT_SEQ(x, y) ((gint32)((x) - (y)) < 0)
40 #define GE_SEQ(x, y) ((gint32)((y) - (x)) <= 0)
41 #define LE_SEQ(x, y) ((gint32)((x) - (y)) <= 0)
42 #define EQ_SEQ(x, y) ((x) == (y))
44 /* the tcp header structure, passed to tap listeners */
48 gboolean th_have_seglen; /* TRUE if th_seglen is valid */
50 guint32 th_win; /* make it 32 bits so we can handle some scaling */
60 * Private data passed from the TCP dissector to subdissectors. Passed to the
61 * subdissectors in pinfo->private_data
64 guint32 seq; /* Sequence number of first byte in the data */
65 guint32 nxtseq; /* Sequence number of first byte after data */
66 gboolean is_reassembled; /* This is reassembled data. */
67 gboolean urgent; /* TRUE if "urgent_pointer" is valid */
68 guint16 urgent_pointer; /* Urgent pointer value for the current packet. */
72 * Loop for dissecting PDUs within a TCP stream; assumes that a PDU
73 * consists of a fixed-length chunk of data that contains enough information
74 * to determine the length of the PDU, followed by rest of the PDU.
76 * The first three arguments are the arguments passed to the dissector
77 * that calls this routine.
79 * "proto_desegment" is the dissector's flag controlling whether it should
80 * desegment PDUs that cross TCP segment boundaries.
82 * "fixed_len" is the length of the fixed-length part of the PDU.
84 * "get_pdu_len()" is a routine called to get the length of the PDU from
85 * the fixed-length part of the PDU; it's passed "pinfo", "tvb" and "offset".
87 * "dissect_pdu()" is the routine to dissect a PDU.
90 tcp_dissect_pdus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
91 gboolean proto_desegment, guint fixed_len,
92 guint (*get_pdu_len)(packet_info *, tvbuff_t *, int),
93 dissector_t dissect_pdu);
95 extern struct tcp_multisegment_pdu *
96 pdu_store_sequencenumber_of_next_pdu(packet_info *pinfo, guint32 seq, guint32 nxtpdu, emem_tree_t *multisegment_pdus);
98 typedef struct _tcp_unacked_t {
99 struct _tcp_unacked_t *next;
111 nstime_t rto_ts; /* Time since previous packet for
114 guint32 dupack_num; /* dup ack number */
115 guint32 dupack_frame; /* dup ack to frame # */
118 /* One instance of this structure is created for each pdu that spans across
119 * multiple tcp segments.
121 struct tcp_multisegment_pdu {
126 nstime_t last_frame_time;
128 #define MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT 0x00000001
131 typedef struct _tcp_flow_t {
132 guint32 base_seq; /* base seq number (used by relative sequence numbers)
133 * or 0 if not yet known.
135 tcp_unacked_t *segments;
136 guint32 lastack; /* last seen ack */
137 nstime_t lastacktime; /* Time of the last ack packet */
138 guint32 lastnondupack; /* frame number of last seen non dupack */
139 guint32 dupacknum; /* dupack number */
140 guint32 nextseq; /* highest seen nextseq */
141 guint32 nextseqframe; /* frame number for segment with highest
144 nstime_t nextseqtime; /* Time of the nextseq packet so we can
145 * distinguish between retransmission,
146 * fast retransmissions and outoforder
148 guint32 window; /* last seen window */
149 gint16 win_scale; /* -1 is we dont know */
150 /* This tcp flow/session contains only one single PDU and should
151 * be reassembled until the final FIN segment.
153 #define TCP_FLOW_REASSEMBLE_UNTIL_FIN 0x0001
155 guint32 lastsegmentflags;
157 /* This tree is indexed by sequence number and keeps track of all
158 * all pdus spanning multiple segments for this flow.
160 emem_tree_t *multisegment_pdus;
164 struct tcp_analysis {
165 /* These two structs are managed based on comparing the source
166 * and destination addresses and, if they're equal, comparing
167 * the source and destination ports.
169 * If the source is greater than the destination, then stuff
170 * sent from src is in ual1.
172 * If the source is less than the destination, then stuff
173 * sent from src is in ual2.
175 * XXX - if the addresses and ports are equal, we don't guarantee
181 /* These pointers are set by get_tcp_conversation_data()
182 * fwd point in the same direction as the current packet
183 * and rev in the reverse direction
188 /* This pointer is NULL or points to a tcp_acked struct if this
189 * packet has "interesting" properties such as being a KeepAlive or
192 struct tcp_acked *ta;
193 /* This structure contains a tree containing all the various ta's
194 * keyed by frame number.
196 emem_tree_t *acked_table;
200 extern void dissect_tcp_payload(tvbuff_t *tvb, packet_info *pinfo, int offset,
201 guint32 seq, guint32 nxtseq, guint32 sport,
202 guint32 dport, proto_tree *tree,
203 proto_tree *tcp_tree,
204 struct tcp_analysis *tcpd);
206 extern struct tcp_analysis *get_tcp_conversation_data(packet_info *pinfo);
208 extern gboolean decode_tcp_ports(tvbuff_t *, int, packet_info *, proto_tree *, int, int, struct tcp_analysis *);