[ovs-dev] [PATCH] pcap-file: Allow capturing TCP streams where the SYN is not seen.

Ben Pfaff blp at nicira.com
Tue Feb 11 16:00:07 UTC 2014 

Applied to master, thanks!

On Wed, Feb 05, 2014 at 12:38:10PM -0500, Vasu Dasari wrote:
> Ben,
> 
> The code looks good to me and it also works for me.
> 
> -Vasu
> 
> 
> On Tue, Feb 4, 2014 at 12:05 PM, Ben Pfaff <blp at nicira.com> wrote:
> 
> > Until now, the tcp_stream() code has ignored any TCP packets that don't
> > correspond to a stream that began with a TCP SYN.  This commit changes the
> > code so that any TCP packet that contains a payload starts a new stream.
> >
> > Signed-off-by: Ben Pfaff <blp at nicira.com>
> > Reported-by: Vasu Dasari <vdasari at gmail.com>
> > ---
> >  AUTHORS         |    1 +
> >  lib/pcap-file.c |   63
> > +++++++++++++++++++++++++++++++++++--------------------
> >  2 files changed, 41 insertions(+), 23 deletions(-)
> >
> > diff --git a/AUTHORS b/AUTHORS
> > index c53e97a..652b611 100644
> > --- a/AUTHORS
> > +++ b/AUTHORS
> > @@ -245,6 +245,7 @@ Timothy Chen            tchen at nicira.com
> >  Torbjorn Tornkvist      kruskakli at gmail.com
> >  Valentin Bud            valentin at hackaserver.com
> >  Vasiliy Tolstov         v.tolstov at selfip.ru
> > +Vasu Dasari             vdasari at gmail.com
> >  Vishal Swarankar        vishal.swarnkar at gmail.com
> >  Vjekoslav Brajkovic     balkan at cs.washington.edu
> >  Voravit T.              voravit at kth.se
> > diff --git a/lib/pcap-file.c b/lib/pcap-file.c
> > index fdff33ca..2d3f9fe 100644
> > --- a/lib/pcap-file.c
> > +++ b/lib/pcap-file.c
> > @@ -1,5 +1,5 @@
> >  /*
> > - * Copyright (c) 2009, 2010, 2012, 2013 Nicira, Inc.
> > + * Copyright (c) 2009, 2010, 2012, 2013, 2014 Nicira, Inc.
> >   *
> >   * Licensed under the Apache License, Version 2.0 (the "License");
> >   * you may not use this file except in compliance with the License.
> > @@ -254,28 +254,27 @@ tcp_reader_close(struct tcp_reader *r)
> >  }
> >
> >  static struct tcp_stream *
> > -tcp_stream_lookup(struct tcp_reader *r, const struct flow *flow)
> > +tcp_stream_lookup(struct tcp_reader *r,
> > +                  const struct tcp_key *key, uint32_t hash)
> >  {
> >      struct tcp_stream *stream;
> > -    struct tcp_key key;
> > -    uint32_t hash;
> > -
> > -    memset(&key, 0, sizeof key);
> > -    key.nw_src = flow->nw_src;
> > -    key.nw_dst = flow->nw_dst;
> > -    key.tp_src = flow->tp_src;
> > -    key.tp_dst = flow->tp_dst;
> > -    hash = hash_bytes(&key, sizeof key, 0);
> >
> >      HMAP_FOR_EACH_WITH_HASH (stream, hmap_node, hash, &r->streams) {
> > -        if (!memcmp(&stream->key, &key, sizeof key)) {
> > +        if (!memcmp(&stream->key, key, sizeof *key)) {
> >              return stream;
> >          }
> >      }
> > +    return NULL;
> > +}
> > +
> > +static struct tcp_stream *
> > +tcp_stream_new(struct tcp_reader *r, const struct tcp_key *key, uint32_t
> > hash)
> > +{
> > +    struct tcp_stream *stream;
> >
> >      stream = xmalloc(sizeof *stream);
> >      hmap_insert(&r->streams, &stream->hmap_node, hash);
> > -    memcpy(&stream->key, &key, sizeof key);
> > +    memcpy(&stream->key, key, sizeof *key);
> >      stream->seq_no = 0;
> >      ofpbuf_init(&stream->payload, 2048);
> >      return stream;
> > @@ -299,6 +298,9 @@ tcp_reader_run(struct tcp_reader *r, const struct flow
> > *flow,
> >      struct tcp_stream *stream;
> >      struct tcp_header *tcp;
> >      struct ofpbuf *payload;
> > +    unsigned int l7_length;
> > +    struct tcp_key key;
> > +    uint32_t hash;
> >      uint32_t seq;
> >      uint8_t flags;
> >
> > @@ -307,14 +309,32 @@ tcp_reader_run(struct tcp_reader *r, const struct
> > flow *flow,
> >          || !packet->l7) {
> >          return NULL;
> >      }
> > -
> > -    stream = tcp_stream_lookup(r, flow);
> > -    payload = &stream->payload;
> > -
> >      tcp = packet->l4;
> >      flags = TCP_FLAGS(tcp->tcp_ctl);
> > +    l7_length = (char *) ofpbuf_end(packet) - (char *) packet->l7;
> >      seq = ntohl(get_16aligned_be32(&tcp->tcp_seq));
> > -    if (flags & TCP_SYN) {
> > +
> > +    /* Construct key. */
> > +    memset(&key, 0, sizeof key);
> > +    key.nw_src = flow->nw_src;
> > +    key.nw_dst = flow->nw_dst;
> > +    key.tp_src = flow->tp_src;
> > +    key.tp_dst = flow->tp_dst;
> > +    hash = hash_bytes(&key, sizeof key, 0);
> > +
> > +    /* Find existing stream or start a new one for a SYN or if there's
> > data. */
> > +    stream = tcp_stream_lookup(r, &key, hash);
> > +    if (!stream) {
> > +        if (flags & TCP_SYN || l7_length) {
> > +            stream = tcp_stream_new(r, &key, hash);
> > +            stream->seq_no = flags & TCP_SYN ? seq + 1 : seq;
> > +        } else {
> > +            return NULL;
> > +        }
> > +    }
> > +
> > +    payload = &stream->payload;
> > +    if (flags & TCP_SYN || !stream->seq_no) {
> >          ofpbuf_clear(payload);
> >          stream->seq_no = seq + 1;
> >          return NULL;
> > @@ -322,16 +342,13 @@ tcp_reader_run(struct tcp_reader *r, const struct
> > flow *flow,
> >          tcp_stream_destroy(r, stream);
> >          return NULL;
> >      } else if (seq == stream->seq_no) {
> > -        size_t length;
> > -
> >          /* Shift all of the existing payload to the very beginning of the
> >           * allocated space, so that we reuse allocated space instead of
> >           * continually expanding it. */
> >          ofpbuf_shift(payload, (char *) payload->base - (char *)
> > payload->data);
> >
> > -        length = (char *) ofpbuf_end(packet) - (char *) packet->l7;
> > -        ofpbuf_put(payload, packet->l7, length);
> > -        stream->seq_no += length;
> > +        ofpbuf_put(payload, packet->l7, l7_length);
> > +        stream->seq_no += l7_length;
> >          return payload;
> >      } else {
> >          return NULL;
> > --
> > 1.7.10.4
> >
> >

More information about the dev mailing list