diff options
author | Peter Wu <peter@lekensteyn.nl> | 2020-05-07 23:40:55 +0200 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2020-05-25 16:41:27 +0000 |
commit | 65806b69c5e1e58ffbd157c51837fb450da61f06 (patch) | |
tree | 1548a6dfd03d72454b1c99f4489804442fc35daa /epan/dissectors/packet-tcp.c | |
parent | 099d241046e7e81268ee4979e129c8c19cd6c137 (diff) |
TCP: Add expert info for ignored TCP Fast Open data
Report case 2b from https://tools.ietf.org/html/rfc7413#page-6 where the
server drops the data and sends a SYN-ACK acknowleding only the SYN
sequence number. Tested with tfo.pcapng from the linked bug.
Bug: 16559
Change-Id: Ia03b923f8192f025e2e81716e615d49db4bafe91
Reviewed-on: https://code.wireshark.org/review/37161
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/dissectors/packet-tcp.c')
-rw-r--r-- | epan/dissectors/packet-tcp.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c index aaab86a194..a11e6d0c62 100644 --- a/epan/dissectors/packet-tcp.c +++ b/epan/dissectors/packet-tcp.c @@ -384,6 +384,7 @@ static expert_field ei_tcp_analysis_zero_window = EI_INIT; static expert_field ei_tcp_analysis_zero_window_probe_ack = EI_INIT; static expert_field ei_tcp_analysis_tfo_syn = EI_INIT; static expert_field ei_tcp_analysis_tfo_ack = EI_INIT; +static expert_field ei_tcp_analysis_tfo_ignored = EI_INIT; static expert_field ei_tcp_scps_capable = EI_INIT; static expert_field ei_tcp_option_snack_sequence = EI_INIT; static expert_field ei_tcp_option_wscale_shift_invalid = EI_INIT; @@ -3981,6 +3982,7 @@ dissect_tcpopt_tfo_payload(tvbuff_t *tvb, int offset, guint optlen, { proto_item *ti; struct tcpheader *tcph = (struct tcpheader*)data; + struct tcp_analysis *tcpd; if (optlen == 2) { /* Fast Open Cookie Request */ @@ -3994,6 +3996,14 @@ dissect_tcpopt_tfo_payload(tvbuff_t *tvb, int offset, guint optlen, col_append_str(pinfo->cinfo, COL_INFO, " TFO=C"); if ((tcph->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) { expert_add_info(pinfo, ti, &ei_tcp_analysis_tfo_syn); + + /* Is this a SYN with data and the cookie? */ + if (tcph->th_have_seglen && tcph->th_seglen) { + tcpd = get_tcp_conversation_data(NULL, pinfo); + if (tcpd) { + tcpd->tfo_syn_data = 1; + } + } } } } @@ -6412,6 +6422,8 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) if ((tcp_relative_seq && tcph->th_ack > 1) || (!tcp_relative_seq && tcpd && (tcph->th_ack - tcpd->rev->base_seq) > 1)) { expert_add_info(pinfo, tf, &ei_tcp_analysis_tfo_ack); + } else if (tcpd && tcpd->tfo_syn_data) { + expert_add_info(pinfo, tf, &ei_tcp_analysis_tfo_ignored); } } } else { @@ -7719,7 +7731,8 @@ proto_register_tcp(void) { &ei_tcp_analysis_zero_window, { "tcp.analysis.zero_window", PI_SEQUENCE, PI_WARN, "TCP Zero Window segment", EXPFILL }}, { &ei_tcp_analysis_zero_window_probe_ack, { "tcp.analysis.zero_window_probe_ack", PI_SEQUENCE, PI_NOTE, "ACK to a TCP Zero Window Probe", EXPFILL }}, { &ei_tcp_analysis_tfo_syn, { "tcp.analysis.tfo_syn", PI_SEQUENCE, PI_NOTE, "TCP SYN with TFO Cookie", EXPFILL }}, - { &ei_tcp_analysis_tfo_ack, { "tcp.analysis.tfo_ack", PI_SEQUENCE, PI_NOTE, "TCP SYN-ACK accepting data", EXPFILL }}, + { &ei_tcp_analysis_tfo_ack, { "tcp.analysis.tfo_ack", PI_SEQUENCE, PI_NOTE, "TCP SYN-ACK accepting TFO data", EXPFILL }}, + { &ei_tcp_analysis_tfo_ignored, { "tcp.analysis.tfo_ignored", PI_SEQUENCE, PI_NOTE, "TCP SYN-ACK ignoring TFO data", EXPFILL }}, { &ei_tcp_scps_capable, { "tcp.analysis.zero_window_probe_ack", PI_SEQUENCE, PI_NOTE, "Connection establish request (SYN-ACK): SCPS Capabilities Negotiated", EXPFILL }}, { &ei_tcp_option_snack_sequence, { "tcp.options.snack.sequence", PI_SEQUENCE, PI_NOTE, "SNACK Sequence", EXPFILL }}, { &ei_tcp_option_wscale_shift_invalid, { "tcp.options.wscale.shift.invalid", PI_PROTOCOL, PI_WARN, "Window scale shift exceeds 14", EXPFILL }}, |