diff options
author | Evan Huus <eapache@gmail.com> | 2014-06-17 23:12:58 -0700 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2014-06-18 15:07:08 +0000 |
commit | b5a462b087bdd7670e1a69786ebbe3f073084ac3 (patch) | |
tree | f69e032721848b150833fce9ef5bc98e6b414271 | |
parent | cd56eb970f143aec3d85323c5ee1eeeda66040cf (diff) |
Try to calculate the initial RTT of tcp conns
This (if it works well) will let us do much more accurate out-of-order
detection, which is currently otherwise hardcoded to 3ms. Ask Jörg for details.
Change-Id: Ie0662723946edeaea1e43958bf7f5158f09dde71
Reviewed-on: https://code.wireshark.org/review/2367
Reviewed-by: Evan Huus <eapache@gmail.com>
-rw-r--r-- | epan/dissectors/packet-tcp.c | 29 | ||||
-rw-r--r-- | epan/dissectors/packet-tcp.h | 9 |
2 files changed, 38 insertions, 0 deletions
diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c index 7452056462..b5116f0320 100644 --- a/epan/dissectors/packet-tcp.c +++ b/epan/dissectors/packet-tcp.c @@ -126,6 +126,7 @@ static int hf_tcp_analysis_flags = -1; static int hf_tcp_analysis_bytes_in_flight = -1; static int hf_tcp_analysis_acks_frame = -1; static int hf_tcp_analysis_ack_rtt = -1; +static int hf_tcp_analysis_first_rtt = -1; static int hf_tcp_analysis_rto = -1; static int hf_tcp_analysis_rto_frame = -1; static int hf_tcp_analysis_duplicate_ack = -1; @@ -548,6 +549,8 @@ init_tcp_conversation_data(packet_info *pinfo) tcpd->acked_table=wmem_tree_new(wmem_file_scope()); tcpd->ts_first.secs=pinfo->fd->abs_ts.secs; tcpd->ts_first.nsecs=pinfo->fd->abs_ts.nsecs; + nstime_set_zero(&tcpd->ts_mru_syn); + nstime_set_zero(&tcpd->ts_first_rtt); tcpd->ts_prev.secs=pinfo->fd->abs_ts.secs; tcpd->ts_prev.nsecs=pinfo->fd->abs_ts.nsecs; tcpd->flow1.valid_bif = 1; @@ -1592,6 +1595,11 @@ tcp_print_sequence_number_analysis(packet_info *pinfo, tvbuff_t *tvb, proto_tree PROTO_ITEM_SET_GENERATED(item); } } + if (!nstime_is_zero(&tcpd->ts_first_rtt)) { + item = proto_tree_add_time(tree, hf_tcp_analysis_first_rtt, + tvb, 0, 0, &(tcpd->ts_first_rtt)); + PROTO_ITEM_SET_GENERATED(item); + } if(ta->bytes_in_flight) { /* print results for amount of data in flight */ @@ -4459,6 +4467,8 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) dst_port_str); /* Save the server port to help determine dissector used */ tcpd->server_port = tcph->th_dport; + tcpd->ts_mru_syn.secs = pinfo->fd->abs_ts.secs; + tcpd->ts_mru_syn.nsecs = pinfo->fd->abs_ts.nsecs; } } if(tcph->th_flags & TH_FIN) @@ -4468,6 +4478,21 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* XXX - find a way to know the server port and output only that one */ expert_add_info(pinfo, tf_rst, &ei_tcp_connection_rst); + if(tcp_analyze_seq + && (tcph->th_flags & (TH_SYN|TH_ACK)) == TH_ACK + && !nstime_is_zero(&tcpd->ts_mru_syn) + && nstime_is_zero(&tcpd->ts_first_rtt)) { + /* If all of the following: + * - we care (the pref is set) + * - this is a pure ACK + * - we have a timestamp for the most-recently-transmitted SYN + * - we haven't seen a pure ACK yet (no ts_first_rtt stored) + * then assume it's the last part of the handshake and store the initial + * RTT time + */ + nstime_delta(&(tcpd->ts_first_rtt), &(pinfo->fd->abs_ts), &(tcpd->ts_mru_syn)); + } + /* Supply the sequence number of the first byte and of the first byte after the segment. */ tcpinfo.seq = tcph->th_seq; @@ -5024,6 +5049,10 @@ proto_register_tcp(void) { "The RTT to ACK the segment was", "tcp.analysis.ack_rtt", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, "How long time it took to ACK the segment (RTT)", HFILL}}, + { &hf_tcp_analysis_first_rtt, + { "The initial RTT from SYN to ACK was", "tcp.analysis.first_rtt", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, + "How long it took for the SYN to ACK handshake (RTT)", HFILL}}, + { &hf_tcp_analysis_rto, { "The RTO for this segment was", "tcp.analysis.rto", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, "How long transmission was delayed before this segment was retransmitted (RTO)", HFILL}}, diff --git a/epan/dissectors/packet-tcp.h b/epan/dissectors/packet-tcp.h index 1fcf7d2f57..e01b2a6adf 100644 --- a/epan/dissectors/packet-tcp.h +++ b/epan/dissectors/packet-tcp.h @@ -239,6 +239,15 @@ struct tcp_analysis { */ nstime_t ts_first; + /* Remember the timestamp of the most recent SYN in this conversation in + * order to calculate the first_rtt below. Not necessarily ts_first, if + * the SYN is retransmitted. */ + nstime_t ts_mru_syn; + + /* If we have the handshake, remember the RTT between the initial SYN + * and ACK for use detecting out-of-order segments. */ + nstime_t ts_first_rtt; + /* Remember the timestamp of the frame that was last seen in this * tcp conversation to be able to calculate a delta time compared * to previous frame in this conversation |