Re: important query on tcpdump header files and source codes

[Guy Harris <guy () alum mit edu>]

On Jul 15, 2008, at 12:57 AM, Ignacio, Domingo Jr Ostria - igndo001  
wrote:

> I try to modify print-tcp.c and tcp.h source code and header file file
> of tcpdump-3.9.8 to include a new option which is th_srtt, a  
> variable I
> added to my linux kernel protocol stacks.

Where did you add that option?

You cannot add fields to this portion of the TCP header:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          Source Port          |       Destination Port        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Sequence Number                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Acknowledgment Number                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Data |           |U|A|P|R|S|F|                               |
   | Offset| Reserved  |R|C|S|S|Y|I|            Window             |
   |       |           |G|K|H|T|N|N|                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Checksum            |         Urgent Pointer        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

If your SRTT value is an option, i.e. something in *this* portion of  
the TCP header:

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Options                    |    Padding    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

then you can add it, as long as you follow the follow all the rules of  
RFC 793 for adding it (i.e., it has to have an option length, so that  
a TCP implementation that doesn't know about the option can ignore it)  
and either get an option number from the IANA or pick an option number  
not used by any option from an RFC or Internet-Draft and are prepared  
to have somebody else get your option number in a future RFC or  
Internet-Draft.

> I added into the header(tcp.h
> of tcpdump) my th_srtt variable

Where did you add that variable?

> and on print-tcp.c tcp options field. It
> compiled. Once I run tcpdump I got the error message:
>
> <[bad opt]>, <tcpdump bad hdr length 20 - too short, <28>

You appear to have added your SRTT field to "struct tcphdr".

That is the wrong thing to do.  Either

	1) you added your SRTT field to the portion of the TCP header to  
which you cannot add fields, in which case you made a mistake even  
before you modified tcpdump (because you no longer have a TCP  
implementation, you have an implementation of your own TCP-like  
protocol that's not compatible with TCP)

or

	2) you added it as a TCP option, in which case it's not part of  
"struct tcphdr" - "struct tcphdr" is the structure for the portion of  
the TCP header to which you cannot add fields - but part of the  
options, in which case you need to add to the "Handle any options"  
code in tcp_print() code to handle your option.

> I increased the snaplen ( as seen on previous faq at tcpdump.org)and
> still get a bad opt error.

That won't help.  The problem is that your changes to tcpdump's  
"struct tcphdr" make tcpdump no longer correctly handle TCP - it  
thinks the fixed-length portion of the TCP header is 28 bytes long,  
which it is *NOT*, and therefore it will report an error in any TCP  
segment it receives with no options.

> 1. I successfully added and compiled the new variable th_srtt into the
> tcp option field into my linux kernel (net/tcp.h, tcp_input.c)  
> protocol
> stacks.

What do you mean by "the tcp option field"?  At least in the 2.6.23  
kernel, include/net/tcp.h has a "struct tcp_options_received"  
structure, but that doesn't represent anything that's transmitted over  
the network, it represents the options that have been processed by the  
TCP input code.  There's also "struct tcphdr", but that's just like  
the "struct tcphdr" in tcpdump (and in various BSD-flavored UN*Xes),  
in that it represents the fixed-length portion of the TCP header,  
which you *CANNOT* change.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.