search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bpf: indent one space for better visibility
[netsniff-ng.git] / src / proto_tcp.h
blob2340411f733c1782a2be4a2fc05d7d6668815c60
1 /*
2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2009, 2010 Daniel Borkmann.
5 * Subject to the GPL, version 2.
6 */
7
8 #ifndef TCP_H
9 #define TCP_H
10
11 #include <stdio.h>
12 #include <stdint.h>
13 #include <netinet/in.h> /* for ntohs() */
14
15 #include "proto_struct.h"
16 #include "dissector_eth.h"
17 #include "pkt_buff.h"
18
19 struct tcphdr {
20 uint16_t source;
21 uint16_t dest;
22 uint32_t seq;
23 uint32_t ack_seq;
24 #if defined(__LITTLE_ENDIAN_BITFIELD)
25 __extension__ uint16_t res1:4,
26 doff:4,
27 fin:1,
28 syn:1,
29 rst:1,
30 psh:1,
31 ack:1,
32 urg:1,
33 ece:1,
34 cwr:1;
35 #elif defined(__BIG_ENDIAN_BITFIELD)
36 __extension__ uint16_t doff:4,
37 res1:4,
38 cwr:1,
39 ece:1,
40 urg:1,
41 ack:1,
42 psh:1,
43 rst:1,
44 syn:1,
45 fin:1;
46 #else
47 # error "Adjust your <asm/byteorder.h> defines"
48 #endif
49 uint16_t window;
50 uint16_t check;
51 uint16_t urg_ptr;
52 } __attribute__((packed));
53
54 static inline uint16_t tcp_port(uint16_t src, uint16_t dst)
55 {
56 char *tmp1, *tmp2;
57
58 src = ntohs(src);
59 dst = ntohs(dst);
60
61 /* XXX: Is there a better way to determine? */
62 if (src < dst && src < 1024) {
63 return src;
64 } else if (dst < src && dst < 1024) {
65 return dst;
66 } else {
67 tmp1 = lookup_port_tcp(src);
68 tmp2 = lookup_port_tcp(dst);
69 if (tmp1 && !tmp2) {
70 return src;
71 } else if (!tmp1 && tmp2) {
72 return dst;
73 } else {
74 if (src < dst)
75 return src;
76 else
77 return dst;
78 }
79 }
80 }
81
82 static inline void tcp(struct pkt_buff *pkt)
83 {
84 struct tcphdr *tcp = (struct tcphdr *) pkt_pull(pkt, sizeof(*tcp));
85
86 if (tcp == NULL)
87 return;
88
89 tprintf(" [ TCP ");
90 tprintf("Port (%u => %u, %s%s%s), ",
91 ntohs(tcp->source), ntohs(tcp->dest),
92 colorize_start(bold),
93 lookup_port_tcp(tcp_port(tcp->source, tcp->dest)),
94 colorize_end());
95 tprintf("SN (0x%x), ", ntohl(tcp->seq));
96 tprintf("AN (0x%x), ", ntohl(tcp->ack_seq));
97 tprintf("DataOff (%u), ", tcp->doff);
98 tprintf("Res (%u), ", tcp->res1);
99 tprintf("Flags (");
100 if (tcp->fin)
101 tprintf("FIN ");
102 if (tcp->syn)
103 tprintf("SYN ");
104 if (tcp->rst)
105 tprintf("RST ");
106 if (tcp->psh)
107 tprintf("PSH ");
108 if (tcp->ack)
109 tprintf("ACK ");
110 if (tcp->urg)
111 tprintf("URG ");
112 if (tcp->ece)
113 tprintf("ECE ");
114 if (tcp->cwr)
115 tprintf("CWR ");
116 tprintf("), ");
117 tprintf("Window (%u), ", ntohs(tcp->window));
118 tprintf("CSum (0x%.4x), ", ntohs(tcp->check));
119 tprintf("UrgPtr (%u)", ntohs(tcp->urg_ptr));
120 tprintf(" ]\n");
121
122 pkt_set_proto(pkt, &eth_lay4, tcp_port(tcp->source, tcp->dest));
123 }
124
125 static inline void tcp_less(struct pkt_buff *pkt)
126 {
127 struct tcphdr *tcp = (struct tcphdr *) pkt_pull(pkt, sizeof(*tcp));
128
129 if (tcp == NULL)
130 return;
131
132 tprintf(" TCP %s%s%s %u/%u F%s",
133 colorize_start(bold),
134 lookup_port_tcp(tcp_port(tcp->source, tcp->dest)),
135 colorize_end(), ntohs(tcp->source), ntohs(tcp->dest),
136 colorize_start(bold));
137 if (tcp->fin)
138 tprintf(" FIN");
139 if (tcp->syn)
140 tprintf(" SYN");
141 if (tcp->rst)
142 tprintf(" RST");
143 if (tcp->psh)
144 tprintf(" PSH");
145 if (tcp->ack)
146 tprintf(" ACK");
147 if (tcp->urg)
148 tprintf(" URG");
149 if (tcp->ece)
150 tprintf(" ECE");
151 if (tcp->cwr)
152 tprintf(" CWR");
153 tprintf("%s Win %u S/A 0x%x/0x%x", colorize_end(),
154 ntohs(tcp->window), ntohl(tcp->seq), ntohl(tcp->ack_seq));
155
156 pkt_set_proto(pkt, &eth_lay4, tcp_port(tcp->source, tcp->dest));
157 }
158
159 struct protocol tcp_ops = {
160 .key = 0x06,
161 .print_full = tcp,
162 .print_less = tcp_less,
163 };
164
165 #endif /* TCP_H */
netsniff-ng toolkit, the packet sniffing beast, staging tree