Re: [tcpdump-workers] complete struct for tcp_header

Tue, 12 Jul 2005 03:50:26 -0700 

Thanks for your reply!
Extracting the data is where I am stuck... 

The struck of option is below:
typedef struct option
{
byte byte1;
byte byte2;
byte byte3;
} option;

I created a method in main to display the timestamp:
void display_tsopt(const u_char *pkt_data, tcp_header* tcp, long &val, long &er)
{
        int x = (int)tcp->op.byte1;
        int y = (int)tcp->op.byte2;
        int z = (int)tcp->op.byte3;
                if(x==1 && y==1 && z==8)
        {
             char* tmp_c[4];

             u_char* tsv = (u_char*) (pkt_data + sizeof(struct
ethernet_header) + sizeof(struct ip_header) + 24);
                     for(u_int i=0; i<4; i++)
                        printf("%.2x ", tsv[i]);
             cout << endl;

                     u_char* tsr = (u_char*) (pkt_data + sizeof(struct
ethernet_header) +  sizeof(struct ip_header) + 28);
                     for(u_int i=0; i<4; i++)
                 printf("%.2x ", tsr[i]);
             cout << endl;
}

This function displays the correct hex values of the header
corresponding the the TSval and TSecr of the Timestamp option.
However, I want to store them in the two long variables being passed
in. Any ideas on how to extracting each 4 bytes number?

-Thinh



On 7/11/05, Guy Harris <[EMAIL PROTECTED]> wrote:
> Thinh Ho wrote:
> > Is there a struct for the options field of tcp_header?
> 
> No.  That field is variable in both length and contents, so there can't
> be a C-language data structure for it (and I don't know whether any
> language has a concept of "data structure", in the sense in which it's
> used in languages with a notion similar to how it's used in C - this
> includes languages that existed before C did :-) - powerful enough to
> express IP or TCP options).
> 
> I suspect most if not all code that parses IP and TCP options -
> including tcpdump and Ethereal - process the data in a loop that:
> 
>        extracts the option code as a byte value;
> 
>        checks whether that option has a length byte and, if so, extracts the
> length byte, othewise sets the length to 1;
> 
>        processes the option data, if it has any;
> 
>        advances to the next option if the option wasn't the EOL option;
> 
> checking, of course, for option lengths < 2 (the length includes the
> option and length bytes, and thus *must* be >= 2), and checking to make
> sure it doesn't run past the end of the TCP header or the end of the raw
> packet data.
> -
> This is the tcpdump-workers list.
> Visit https://lists.sandelman.ca/ to unsubscribe.
> 


-- 
Thinh Ho
University of Virginia
Engineering School
C: 571-594-1473
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Reply via email to