ref: 13738d2aa200eeb5859525225ec1d7bec7e8134e
dir: /tcp.c/
#include <stdio.h>
#include <stdint.h>
#include "common.h"
int
parseTcp(const u_char *pkt, Tcp *tcp)
{
tcp->start = pos;
get(pkt, TCP_SRCPORT, &tcp->src);
get(pkt, TCP_DSTPORT, &tcp->dst);
get(pkt, TCP_SEQNUM, &tcp->seq);
get(pkt, TCP_ACKNUM, &tcp->ack);
/* offsets are multiplies of 4 (32-bit) values */
get(pkt, TCP_OFFSET, &tcp->offset);
/* some(?) compilers may do logical shift */
tcp->offset = (tcp->offset >> 4) & 0xf;
tcp->offset *= 4;
get(pkt, TCP_FLAGS, &tcp->flags);
get(pkt, TCP_WINSIZE, &tcp->winsize);
get(pkt, TCP_SUM, &tcp->sum);
get(pkt, TCP_URGPTR, &tcp->urgentptr);
/*
* we dont parse tcp options yet,
* offset alone shows size of tcp packet (options + headers)
* there is no need to add length of headers to pos twice.
*
* x--------x------------------------x------------x
* ^ pkt[0] ^ pkt[tcp.start] ^ pkt[pos] ^ pkt[tcp.offset]
*
* tcp.start < pos ≤ tcp.offset
*/
pos += tcp->offset - (pos - tcp->start);
return 1;
}
void
printTcp(Tcp tcp)
{
printf("tcp pkt:\n"
"\tsrc port: %d\tdst port: %d\n"
"\tseq num: %u\tack num: %u\n"
"\toffset: %d\tflags: %b (%x)\n"
"\twinsize: %d (%x)\tsum: %d\n",
tcp.src, tcp.dst,
tcp.seq, tcp.ack,
tcp.offset, tcp.flags, tcp.flags,
tcp.winsize, tcp.winsize, tcp.sum);
}
Parser tcpParser = {
.name = "tcp",
.parse = parseTcp,
.print = printTcp,
};