Question

I have the followiing code for tcp header:

struct tcp_header {
    uint16_t tcp_sport;
    uint16_t tcp_dport;
    uint32_t tcp_th_seq;
    uint32_t tcp_ack;
    uint8_t tcp_off:4;
    uint8_t tcp_res:6;
    uint8_t tcp_uf:1, tcp_af:1, tcp_pf:1, tcp_rf:1, tcp_sf:1, tcp_ff:1;
    uint16_t tcp_win;
    uint16_t tcp_sum;
    uint16_t tcp_urp;
};

...

void decode_tcp(const unsigned char *header_start) {

    const struct tcp_header *tcp_hdr;

    tcp_hdr = (const struct tcp_header *)(header_start + ETHERNET_HEADER_SIZE + IP_HEADER_SIZE);

    printf("\n    TCP Header\n");

    printf("\tSource Port       : %u\n", ntohs(tcp_hdr->tcp_sport));
    printf("\tDestination Port  : %u\n", ntohs(tcp_hdr->tcp_dport));
    printf("\tSequence number   : %u\n", ntohl(tcp_hdr->tcp_th_seq));
    printf("\tAcknowledge number: %u\n", ntohl(tcp_hdr->tcp_ack));
    printf("\tOffset            : %d\n", tcp_hdr->tcp_off);
    printf("\tReserved          : %d\n", (unsigned int)tcp_hdr->tcp_res);
    printf("\tUrgent Flag       : %d\n", (unsigned int)tcp_hdr->tcp_uf);
    printf("\tAcknoledge Flag   : %d\n", (unsigned int)tcp_hdr->tcp_af);
    printf("\tPush Flag         : %d\n", (unsigned int)tcp_hdr->tcp_pf);
    printf("\tReset Flag        : %d\n", (unsigned int)tcp_hdr->tcp_rf);
    printf("\tSynchronise Flag  : %d\n", (unsigned int)tcp_hdr->tcp_sf);
    printf("\tFinish Flag       : %d\n", (unsigned int)tcp_hdr->tcp_ff);
    printf("\tWindow            : %d\n", ntohs(tcp_hdr->tcp_win));
    printf("\tChecksum          : %d\n", ntohs(tcp_hdr->tcp_sum));
    printf("\tUrgent Pointer    : %d", ntohs(tcp_hdr->tcp_urp));
}

The output I get is enter image description here

CHecksum is 0, so I think something is false. Can you guys spot the mistake? Or canchecksum should be 0?

Also can sourceport be 22?

Was it helpful?

Solution

Your code has some problems:

  • do not use bitfields! They are not portable across different ABIs.
  • ensure that structure is packed (e.g. by __attribute__((__packed__)) annotation). ABI can add padding between attributes else.
  • the tcp_hdr = (const struct tcp_header *)(header_start can cause misaligned access when reading/writing tcp_hdr fields. The __packed__ annotation above can prevent this; alternatively, you can copy content in a (correctly aligned) local variable.

I would add some sanity checks like

BUILD_BUG_ON(offsetof(struct tcp_header, tcp_sum) != 0x10));

(please check in tcp rfc whether tcp_sum is really at position 0x10!)

OTHER TIPS

Most of the conversion specifiers used are wrong here:

printf("\tSource Port       : %u\n", ntohs(tcp_hdr->tcp_sport));
printf("\tDestination Port  : %u\n", ntohs(tcp_hdr->tcp_dport));
printf("\tSequence number   : %u\n", ntohl(tcp_hdr->tcp_th_seq));
printf("\tAcknowledge number: %u\n", ntohl(tcp_hdr->tcp_ack));
printf("\tOffset            : %d\n", tcp_hdr->tcp_off);
printf("\tReserved          : %d\n", (unsigned int)tcp_hdr->tcp_res);
printf("\tUrgent Flag       : %d\n", (unsigned int)tcp_hdr->tcp_uf);
printf("\tAcknoledge Flag   : %d\n", (unsigned int)tcp_hdr->tcp_af);
printf("\tPush Flag         : %d\n", (unsigned int)tcp_hdr->tcp_pf);
printf("\tReset Flag        : %d\n", (unsigned int)tcp_hdr->tcp_rf);
printf("\tSynchronise Flag  : %d\n", (unsigned int)tcp_hdr->tcp_sf);
printf("\tFinish Flag       : %d\n", (unsigned int)tcp_hdr->tcp_ff);
printf("\tWindow            : %d\n", ntohs(tcp_hdr->tcp_win));
printf("\tChecksum          : %d\n", ntohs(tcp_hdr->tcp_sum));
printf("\tUrgent Pointer    : %d", ntohs(tcp_hdr->tcp_urp));

It should be:

printf("\tSource Port       : %hu\n", ntohs(tcp_hdr->tcp_sport));
printf("\tDestination Port  : %hu\n", ntohs(tcp_hdr->tcp_dport));
printf("\tSequence number   : %u\n", ntohl(tcp_hdr->tcp_th_seq));
printf("\tAcknowledge number: %u\n", ntohl(tcp_hdr->tcp_ack));
printf("\tOffset            : %hhu\n", tcp_hdr->tcp_off);
printf("\tReserved          : %u\n", (unsigned int)tcp_hdr->tcp_res);
printf("\tUrgent Flag       : %u\n", (unsigned int)tcp_hdr->tcp_uf);
printf("\tAcknoledge Flag   : %u\n", (unsigned int)tcp_hdr->tcp_af);
printf("\tPush Flag         : %u\n", (unsigned int)tcp_hdr->tcp_pf);
printf("\tReset Flag        : %u\n", (unsigned int)tcp_hdr->tcp_rf);
printf("\tSynchronise Flag  : %u\n", (unsigned int)tcp_hdr->tcp_sf);
printf("\tFinish Flag       : %u\n", (unsigned int)tcp_hdr->tcp_ff);
printf("\tWindow            : %hu\n", ntohs(tcp_hdr->tcp_win));
printf("\tChecksum          : %hu\n", ntohs(tcp_hdr->tcp_sum));
printf("\tUrgent Pointer    : %hu", ntohs(tcp_hdr->tcp_urp));

If you'd removed all those castings to unsigned int you could use hhu as conversion specifier for printf()ing, as all those variables are defined to be unsigned 8-bit values.

I think your TCP header definiton has problem (which is 24 bytes but standard header is 20). Use standard declaration on system which also considers alignment:

#include <netinet/tcp.h>

tcp header definition:

struct tcphdr {
    u_short th_sport;               /* source port */
    u_short th_dport;               /* destination port */
    tcp_seq th_seq;                 /* sequence number */
    tcp_seq th_ack;                 /* acknowledgement number */
#if __BYTE_ORDER == __LITTLE_ENDIAN
    u_int   th_x2:4,                /* (unused) */
        th_off:4;               /* data offset */
#endif
#if __BYTE_ORDER == __BIG_ENDIAN
    u_int   th_off:4,               /* data offset */
        th_x2:4;                /* (unused) */
#endif
    u_char  th_flags;
#define TH_FIN  0x01
#define TH_SYN  0x02
#define TH_RST  0x04
#define TH_PUSH 0x08
#define TH_ACK  0x10
#define TH_URG  0x20
#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG)

    u_short th_win;                 /* window */
    u_short th_sum;                 /* checksum */
    u_short th_urp;                 /* urgent pointer */
};

Inbound or outbound? The outbound checksum can be 0 if checksum offloading to the NIC is enabled...

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top