diff --git a/conf/stellar.toml b/conf/stellar.toml index 01cd25e..7c20b45 100644 --- a/conf/stellar.toml +++ b/conf/stellar.toml @@ -48,3 +48,9 @@ evicted_session_filter_enable = 1 evicted_session_filter_capacity = 1000000 evicted_session_filter_timeout = 10000 # ms, Range: 1-60,000 evicted_session_filter_error_rate = 0.00001 + +# TCP reassembly (Per direction) +tcp_reassembly_enable = 1 +tcp_reassembly_max_timeout = 10000 # ms, Range: 1-60,000 +tcp_reassembly_max_segments = 8 # 0: unlimited +tcp_reassembly_max_bytes = 0 # 0: unlimited diff --git a/src/config/config.cpp b/src/config/config.cpp index 63b34ae..72a92e6 100644 --- a/src/config/config.cpp +++ b/src/config/config.cpp @@ -357,6 +357,39 @@ static int parse_session_manager_options(toml_table_t *table, struct session_man } opts->evicted_session_filter_error_rate = atof(ptr); + // TCP reassembly + ptr = toml_raw_in(session_manager, "tcp_reassembly_enable"); + if (ptr == NULL) + { + CONFIG_LOG_ERROR("config file missing session_manager.tcp_reassembly_enable"); + return -1; + } + opts->tcp_reassembly_enable = atoi(ptr); + + ptr = toml_raw_in(session_manager, "tcp_reassembly_max_timeout"); + if (ptr == NULL) + { + CONFIG_LOG_ERROR("config file missing session_manager.tcp_reassembly_max_timeout"); + return -1; + } + opts->tcp_reassembly_max_timeout = atoi(ptr); + + ptr = toml_raw_in(session_manager, "tcp_reassembly_max_segments"); + if (ptr == NULL) + { + CONFIG_LOG_ERROR("config file missing session_manager.tcp_reassembly_max_segments"); + return -1; + } + opts->tcp_reassembly_max_segments = atoi(ptr); + + ptr = toml_raw_in(session_manager, "tcp_reassembly_max_bytes"); + if (ptr == NULL) + { + CONFIG_LOG_ERROR("config file missing session_manager.tcp_reassembly_max_bytes"); + return -1; + } + opts->tcp_reassembly_max_bytes = atoi(ptr); + return 0; } @@ -485,4 +518,10 @@ void print_config_options(struct config *config) CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_capacity : %d", sess_mgr_opts->evicted_session_filter_capacity); CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_timeout : %d", sess_mgr_opts->evicted_session_filter_timeout); CONFIG_LOG_DEBUG("session_manager->evicted_session_filter_error_rate : %f", sess_mgr_opts->evicted_session_filter_error_rate); + + // TCP reassembly + CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_enable : %d", sess_mgr_opts->tcp_reassembly_enable); + CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_timeout : %d", sess_mgr_opts->tcp_reassembly_max_timeout); + CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_segments : %d", sess_mgr_opts->tcp_reassembly_max_segments); + CONFIG_LOG_DEBUG("session_manager->tcp_reassembly_max_bytes : %d", sess_mgr_opts->tcp_reassembly_max_bytes); } diff --git a/src/packet_io/packet_io_dumpfile.cpp b/src/packet_io/packet_io_dumpfile.cpp index 640ae23..d8c2d5a 100644 --- a/src/packet_io/packet_io_dumpfile.cpp +++ b/src/packet_io/packet_io_dumpfile.cpp @@ -68,20 +68,23 @@ static void pcap_handle(u_char *user, const struct pcap_pkthdr *h, const u_char static int dumpfile_handle(const char *file, void *arg) { + char resolved_path[256]; + char pcap_errbuf[PCAP_ERRBUF_SIZE]; struct packet_io_dumpfile *handle = (struct packet_io_dumpfile *)arg; - PACKET_IO_LOG_STATE("dumpfile %s in-processing", file) + realpath(file, resolved_path); + PACKET_IO_LOG_STATE("dumpfile %s in-processing", resolved_path) - handle->pcap = pcap_open_offline(file, NULL); + handle->pcap = pcap_open_offline(file, pcap_errbuf); if (handle->pcap == NULL) { - PACKET_IO_LOG_ERROR("unable to open pcap file: %s", file); + PACKET_IO_LOG_ERROR("unable to open pcap file: %s, %s", resolved_path, pcap_errbuf); return -1; } pcap_loop(handle->pcap, -1, pcap_handle, (u_char *)handle); pcap_close(handle->pcap); - PACKET_IO_LOG_STATE("dumpfile %s processed", file) + PACKET_IO_LOG_STATE("dumpfile %s processed", resolved_path) return 0; } diff --git a/src/session/CMakeLists.txt b/src/session/CMakeLists.txt index 0ff60e0..0eae949 100644 --- a/src/session/CMakeLists.txt +++ b/src/session/CMakeLists.txt @@ -9,6 +9,6 @@ add_library(session_manager ) target_include_directories(session_manager PUBLIC ${CMAKE_CURRENT_LIST_DIR}) target_include_directories(session_manager PUBLIC ${CMAKE_SOURCE_DIR}/src/stellar) -target_link_libraries(session_manager timeout id_generator duplicated_packet_filter evicted_session_filter log) +target_link_libraries(session_manager timeout id_generator duplicated_packet_filter evicted_session_filter log tcp_reassembly) add_subdirectory(test) \ No newline at end of file diff --git a/src/session/session.cpp b/src/session/session.cpp index 11a1b8d..4a303be 100644 --- a/src/session/session.cpp +++ b/src/session/session.cpp @@ -236,6 +236,47 @@ enum session_dir session_get_cur_dir(const struct session *sess) return sess->cur_dir; } +/****************************************************************************** + * session tcp reassembly + ******************************************************************************/ + +const char *session_peek_tcp_payload(struct session *sess, uint32_t *len) +{ + if (sess->type != SESSION_TYPE_TCP) + { + *len = 0; + assert(0); + return NULL; + } + + if (sess->cur_dir == SESSION_DIR_C2S) + { + return tcp_reassembly_peek(sess->c2s_reassembly, len); + } + else + { + return tcp_reassembly_peek(sess->s2c_reassembly, len); + } +} + +void session_consume_tcp_payload(struct session *sess, uint32_t len) +{ + if (sess->type != SESSION_TYPE_TCP) + { + assert(0); + return; + } + + if (sess->cur_dir == SESSION_DIR_C2S) + { + tcp_reassembly_consume(sess->c2s_reassembly, len); + } + else + { + tcp_reassembly_consume(sess->s2c_reassembly, len); + } +} + /****************************************************************************** * session ex data ******************************************************************************/ @@ -327,7 +368,7 @@ void session_free_ex_data(struct session *sess, uint8_t idx) sess->ex_data[idx] = NULL; } -void session_clean(struct session *sess) +void session_free_all_ex_data(struct session *sess) { if (sess) { @@ -335,18 +376,6 @@ void session_clean(struct session *sess) { session_free_ex_data(sess, i); } - - if (sess->c2s_1st_pkt) - { - packet_free(sess->c2s_1st_pkt); - sess->c2s_1st_pkt = NULL; - } - - if (sess->s2c_1st_pkt) - { - packet_free(sess->s2c_1st_pkt); - sess->s2c_1st_pkt = NULL; - } } } diff --git a/src/session/session.h b/src/session/session.h index dbeaecb..b51bdc0 100644 --- a/src/session/session.h +++ b/src/session/session.h @@ -121,6 +121,13 @@ const struct packet *session_get0_cur_pkt(const struct session *sess); void session_set_cur_dir(struct session *sess, enum session_dir dir); enum session_dir session_get_cur_dir(const struct session *sess); +/****************************************************************************** + * session tcp reassembly + ******************************************************************************/ + +const char *session_peek_tcp_payload(struct session *sess, uint32_t *len); +void session_consume_tcp_payload(struct session *sess, uint32_t len); + /****************************************************************************** * session ex data ******************************************************************************/ @@ -150,7 +157,7 @@ void *session_get0_ex_data(const struct session *sess, uint8_t idx); * if user want to free ex_data, should use session_free_ex_data. */ void session_free_ex_data(struct session *sess, uint8_t idx); -void session_clean(struct session *sess); +void session_free_all_ex_data(struct session *sess); /****************************************************************************** * session expire diff --git a/src/session/session_manager.cpp b/src/session/session_manager.cpp index 762a2ad..1e6324d 100644 --- a/src/session/session_manager.cpp +++ b/src/session/session_manager.cpp @@ -32,6 +32,8 @@ struct session_manager #define EVICTE_SESSION_BURST (RX_BURST_MAX) +struct tcp_reassembly_options tcp_reassembly_opts = {0}; + /****************************************************************************** * Options ******************************************************************************/ @@ -150,6 +152,20 @@ static int check_options(struct session_manager_options *opts) return -1; } } + // TCP reassembly opts + if (opts->tcp_reassembly_enable != 0 && opts->tcp_reassembly_enable != 1) + { + SESSION_LOG_ERROR("invalid tcp reassembly enable, support range: 0-1"); + return -1; + } + if (opts->tcp_reassembly_enable) + { + if (opts->tcp_reassembly_max_timeout < 1 || opts->tcp_reassembly_max_timeout > 60000) + { + SESSION_LOG_ERROR("invalid tcp reassembly max timeout, support range: 1-60,000"); + return -1; + } + } return 0; } @@ -500,16 +516,31 @@ static struct session *session_manager_new_tcp_session(struct session_manager *m assert(0); return NULL; } - mgr->stat.tcp_sess.nr_sess_used++; session_init(sess); session_set_id(sess, id_generator_alloc()); + sess->c2s_reassembly = tcp_reassembly_new(&tcp_reassembly_opts); + sess->s2c_reassembly = tcp_reassembly_new(&tcp_reassembly_opts); + if (sess->c2s_reassembly == NULL || sess->s2c_reassembly == NULL) + { + assert(0); + session_pool_push(mgr->sess_pool, sess); + return NULL; + } + mgr->stat.tcp_sess.nr_sess_used++; enum session_dir dir = tcp_hdr_get_ack_flag(hdr) ? SESSION_DIR_S2C : SESSION_DIR_C2S; enum session_state next_state = session_transition_run(SESSION_STATE_INIT, TCP_SYN); - session_transition_log(sess, SESSION_STATE_INIT, next_state, TCP_SYN); session_update(sess, next_state, pkt, key, dir, now); + session_transition_log(sess, SESSION_STATE_INIT, next_state, TCP_SYN); session_stat_inc(&mgr->stat.tcp_sess, next_state); + tcp_reassembly_init(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly, tcp_hdr_get_seq(hdr)); + if (tcp_layer->pld_len) + { + tcp_reassembly_insert(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly, + tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now); + } + uint64_t timeout = tcp_hdr_get_ack_flag(hdr) ? opts->tcp_timeout_handshake : opts->tcp_timeout_init; timer_update(mgr->sess_timer, sess, now + timeout); session_table_add(mgr->tcp_sess_table, key, sess); @@ -542,8 +573,8 @@ static struct session *session_manager_new_udp_session(struct session_manager *m enum session_dir dir = identify_direction_by_port(ntohs(key->src_port), ntohs(key->dst_port)); enum session_state next_state = session_transition_run(SESSION_STATE_INIT, UDP_DATA); - session_transition_log(sess, SESSION_STATE_INIT, next_state, UDP_DATA); session_update(sess, next_state, pkt, key, dir, now); + session_transition_log(sess, SESSION_STATE_INIT, next_state, UDP_DATA); session_stat_inc(&mgr->stat.udp_sess, next_state); timer_update(mgr->sess_timer, sess, now + opts->udp_timeout_data); @@ -564,10 +595,22 @@ static int session_manager_update_tcp_session(struct session_manager *mgr, struc inputs |= tcp_layer->pld_len ? TCP_DATA : NONE; enum session_state curr_state = session_get_state(sess); enum session_state next_state = session_transition_run(curr_state, inputs); - session_transition_log(sess, curr_state, next_state, inputs); session_update(sess, next_state, pkt, key, dir, now); + session_transition_log(sess, curr_state, next_state, inputs); session_stat_update(mgr, sess, curr_state, next_state); + if (tcp_hdr_get_syn_flag(hdr)) + { + tcp_reassembly_init(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly, tcp_hdr_get_seq(hdr)); + } + tcp_reassembly_expire(sess->c2s_reassembly, now); + tcp_reassembly_expire(sess->s2c_reassembly, now); + if (tcp_layer->pld_len) + { + tcp_reassembly_insert(dir == SESSION_DIR_C2S ? sess->c2s_reassembly : sess->s2c_reassembly, + tcp_hdr_get_seq(hdr), tcp_layer->pld_ptr, tcp_layer->pld_len, now); + } + // select next timeout uint64_t timeout = 0; switch (next_state) @@ -616,8 +659,8 @@ static int session_manager_update_udp_session(struct session_manager *mgr, struc enum session_dir dir = identify_direction_by_history(sess, key); enum session_state curr_state = session_get_state(sess); enum session_state next_state = session_transition_run(curr_state, UDP_DATA); - session_transition_log(sess, curr_state, next_state, UDP_DATA); session_update(sess, next_state, pkt, key, dir, now); + session_transition_log(sess, curr_state, next_state, UDP_DATA); session_stat_update(mgr, sess, curr_state, next_state); timer_update(mgr->sess_timer, sess, now + opts->udp_timeout_data); @@ -653,6 +696,13 @@ struct session_manager *session_manager_new(struct session_manager_options *opts .timeout_sec = opts->evicted_session_filter_timeout, .error_rate = opts->evicted_session_filter_error_rate, }; + tcp_reassembly_opts = { + .enable = opts->tcp_reassembly_enable, + .max_timeout = opts->tcp_reassembly_max_timeout, + .max_segments = opts->tcp_reassembly_max_segments, + .max_bytes = opts->tcp_reassembly_max_bytes, + }; + mgr->sess_pool = session_pool_new(opts->max_tcp_session_num + opts->max_udp_session_num); mgr->tcp_sess_table = session_table_new(); mgr->udp_sess_table = session_table_new(); @@ -738,6 +788,8 @@ void session_manager_free_session(struct session_manager *mgr, struct session *s switch (session_get_type(sess)) { case SESSION_TYPE_TCP: + tcp_reassembly_free(sess->c2s_reassembly); + tcp_reassembly_free(sess->s2c_reassembly); session_table_del(mgr->tcp_sess_table, session_get0_key(sess)); session_stat_dec(&mgr->stat.tcp_sess, session_get_state(sess)); mgr->stat.tcp_sess.nr_sess_used--; @@ -754,7 +806,9 @@ void session_manager_free_session(struct session_manager *mgr, struct session *s session_set0_cur_pkt(sess, NULL); session_set_cur_dir(sess, SESSION_DIR_NONE); - session_clean(sess); + packet_free(sess->c2s_1st_pkt); + packet_free(sess->s2c_1st_pkt); + session_free_all_ex_data(sess); session_pool_push(mgr->sess_pool, sess); sess = NULL; } diff --git a/src/session/session_manager.h b/src/session/session_manager.h index 487d7c5..34292b0 100644 --- a/src/session/session_manager.h +++ b/src/session/session_manager.h @@ -44,6 +44,12 @@ struct session_manager_options uint32_t evicted_session_filter_capacity; uint32_t evicted_session_filter_timeout; // ms, Range: 1-60,000 double evicted_session_filter_error_rate; + + // TCP reassembly + uint8_t tcp_reassembly_enable; + uint32_t tcp_reassembly_max_timeout; // ms, Range: 1-60,000 + uint32_t tcp_reassembly_max_segments; // 0: unlimited + uint32_t tcp_reassembly_max_bytes; // 0: unlimited }; struct session_stat diff --git a/src/session/session_private.h b/src/session/session_private.h index f1457e6..900cf57 100644 --- a/src/session/session_private.h +++ b/src/session/session_private.h @@ -13,8 +13,9 @@ extern "C" #include "timeout.h" #include "uthash.h" #include "session.h" +#include "tcp_reassembly.h" -#define EX_DATA_MAX_COUNT 128 +#define EX_DATA_MAX_COUNT 16 struct session { @@ -50,6 +51,13 @@ struct session // session user data void *user_data; + /****************************** + * Session TCP Reassembly + ******************************/ + + struct tcp_reassembly *c2s_reassembly; + struct tcp_reassembly *s2c_reassembly; + /****************************** * Session Current Packet ******************************/ diff --git a/src/session/test/CMakeLists.txt b/src/session/test/CMakeLists.txt index 695b0fb..21ac2a0 100644 --- a/src/session/test/CMakeLists.txt +++ b/src/session/test/CMakeLists.txt @@ -90,6 +90,13 @@ target_link_libraries(gtest_overload_evict_udp_sess session_manager gtest) add_executable(gtest_session_transition gtest_session_transition.cpp) target_link_libraries(gtest_session_transition session_manager gtest) +############################################################################### +# gtest tcp reassembly +############################################################################### + +add_executable(gtest_sess_mgr_tcp_reassembly gtest_sess_mgr_tcp_reassembly.cpp) +target_link_libraries(gtest_sess_mgr_tcp_reassembly session_manager gtest) + ############################################################################### # gtest ############################################################################### @@ -121,3 +128,5 @@ gtest_discover_tests(gtest_overload_evict_tcp_sess) gtest_discover_tests(gtest_overload_evict_udp_sess) gtest_discover_tests(gtest_session_transition) + +gtest_discover_tests(gtest_sess_mgr_tcp_reassembly) \ No newline at end of file diff --git a/src/session/test/gtest_filter_tcp_dupkt.cpp b/src/session/test/gtest_filter_tcp_dupkt.cpp index 9a2330f..95f9e6d 100644 --- a/src/session/test/gtest_filter_tcp_dupkt.cpp +++ b/src/session/test/gtest_filter_tcp_dupkt.cpp @@ -37,6 +37,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; static void packet_set_ip_id(struct packet *pkt, uint16_t ip_id) diff --git a/src/session/test/gtest_overload_evict_tcp_sess.cpp b/src/session/test/gtest_overload_evict_tcp_sess.cpp index 7bd77d4..b2f02b4 100644 --- a/src/session/test/gtest_overload_evict_tcp_sess.cpp +++ b/src/session/test/gtest_overload_evict_tcp_sess.cpp @@ -39,6 +39,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; static void packet_set_tcp_src_addr(struct packet *pkt, uint32_t addr) diff --git a/src/session/test/gtest_overload_evict_udp_sess.cpp b/src/session/test/gtest_overload_evict_udp_sess.cpp index dbd2f53..d048d19 100644 --- a/src/session/test/gtest_overload_evict_udp_sess.cpp +++ b/src/session/test/gtest_overload_evict_udp_sess.cpp @@ -39,6 +39,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; static void packet_set_tcp_src_addr(struct packet *pkt, uint32_t addr) diff --git a/src/session/test/gtest_sess_mgr_tcp_reassembly.cpp b/src/session/test/gtest_sess_mgr_tcp_reassembly.cpp new file mode 100644 index 0000000..99426b4 --- /dev/null +++ b/src/session/test/gtest_sess_mgr_tcp_reassembly.cpp @@ -0,0 +1,349 @@ +#include + +#include "session.h" +#include "session_manager.h" + +#include "ipv4_utils.h" +#include "test_packets.h" + +struct session_manager_options opts = { + // max session number + .max_tcp_session_num = 256, + .max_udp_session_num = 256, + + // session overload + .tcp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session + .udp_overload_evict_old_sess = 1, // 1: evict old session, 0: bypass new session + + // tcp timeout + .tcp_timeout_init = 1, + .tcp_timeout_handshake = 2, + .tcp_timeout_data = 3, + .tcp_timeout_half_closed = 4, + .tcp_timeout_time_wait = 5, + .tcp_timeout_discard = 6, + + // udp timeout + .udp_timeout_data = 7, + + // duplicate packet filter + .duplicated_packet_filter_enable = 1, + .duplicated_packet_filter_capacity = 1000, + .duplicated_packet_filter_timeout = 10, + .duplicated_packet_filter_error_rate = 0.0001, + + // evicted session filter + .evicted_session_filter_enable = 1, + .evicted_session_filter_capacity = 1000, + .evicted_session_filter_timeout = 10, + .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, +}; + +static void hex_dump(const char *payload, uint32_t len) +{ + printf("Payload Length: %d\n", len); + for (uint32_t i = 0; i < len; i++) + { + if (i > 0 && i % 16 == 0) + { + printf("\n"); + } + printf("%02x ", (uint8_t)payload[i]); + } + printf("\n"); +} + +#if 1 +TEST(SESS_MGR_TCP_REASSEMBLY, OUT_OF_ORDER) +{ + uint32_t len = 0; + const char *payload = NULL; + struct packet pkt; + struct session *sess = NULL; + struct session_manager *mgr = NULL; + + mgr = session_manager_new(&opts, 1); + EXPECT_TRUE(mgr != NULL); + + // C2S SYN Packet + printf("\n=> Packet Parse: TCP C2S SYN packet\n"); + packet_parse(&pkt, (const char *)tcp_out_of_order_pkt1, sizeof(tcp_out_of_order_pkt1)); + printf("<= Packet Parse: done\n\n"); + + // lookup session + EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt) == NULL); + // new session + sess = session_manager_new_session(mgr, &pkt, 1); + EXPECT_TRUE(sess); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload == NULL); + EXPECT_TRUE(len == 0); + + // C2S ACK Packet + printf("\n=> Packet Parse: TCP C2S ACK packet\n"); + packet_parse(&pkt, (const char *)tcp_out_of_order_pkt2, sizeof(tcp_out_of_order_pkt2)); + printf("<= Packet Parse: done\n\n"); + + // lookup session + sess = session_manager_lookup_session(mgr, &pkt); + EXPECT_TRUE(sess); + // update session + EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload == NULL); + EXPECT_TRUE(len == 0); + + // C2S Data Packet 2222 + printf("\n=> Packet Parse: TCP C2S Data packet\n"); + packet_parse(&pkt, (const char *)tcp_out_of_order_pkt3, sizeof(tcp_out_of_order_pkt3)); + printf("<= Packet Parse: done\n\n"); + + // lookup session + sess = session_manager_lookup_session(mgr, &pkt); + EXPECT_TRUE(sess); + // update session + EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 3) == 0); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload == NULL); + EXPECT_TRUE(len == 0); + + // C2S Data Packet 3333 + printf("\n=> Packet Parse: TCP C2S Data packet\n"); + packet_parse(&pkt, (const char *)tcp_out_of_order_pkt4, sizeof(tcp_out_of_order_pkt4)); + printf("<= Packet Parse: done\n\n"); + + // lookup session + sess = session_manager_lookup_session(mgr, &pkt); + EXPECT_TRUE(sess); + // update session + EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 4) == 0); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload == NULL); + EXPECT_TRUE(len == 0); + + // C2S Data Packet 4444 + printf("\n=> Packet Parse: TCP C2S Data packet\n"); + packet_parse(&pkt, (const char *)tcp_out_of_order_pkt5, sizeof(tcp_out_of_order_pkt5)); + printf("<= Packet Parse: done\n\n"); + + // lookup session + sess = session_manager_lookup_session(mgr, &pkt); + EXPECT_TRUE(sess); + // update session + EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 5) == 0); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload == NULL); + EXPECT_TRUE(len == 0); + + // C2S Data Packet 5555 + printf("\n=> Packet Parse: TCP C2S Data packet\n"); + packet_parse(&pkt, (const char *)tcp_out_of_order_pkt6, sizeof(tcp_out_of_order_pkt6)); + printf("<= Packet Parse: done\n\n"); + + // lookup session + sess = session_manager_lookup_session(mgr, &pkt); + EXPECT_TRUE(sess); + // update session + EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 6) == 0); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload == NULL); + EXPECT_TRUE(len == 0); + + // C2S Data Packet 1111 + printf("\n=> Packet Parse: TCP C2S Data packet\n"); + packet_parse(&pkt, (const char *)tcp_out_of_order_pkt7, sizeof(tcp_out_of_order_pkt7)); + printf("<= Packet Parse: done\n\n"); + + // lookup session + sess = session_manager_lookup_session(mgr, &pkt); + EXPECT_TRUE(sess); + // update session + EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 7) == 0); + + /* + * 11111111111111111111111111111111111111111111111111111111111111 + * 22222222222222222222222222222222222222222222222222222222222222 + * 33333333333333333333333333333333333333333333333333333333333333 + * 44444444444444444444444444444444444444444444444444444444444444 + * 55555555555555555555555555555555555555555555555555555555555555 + */ + + unsigned char payload1[] = { + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x0a}; + unsigned char payload2[] = { + 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, + 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, + 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x0a}; + unsigned char payload3[] = { + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x0a}; + unsigned char payload4[] = { + 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, + 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, + 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x0a}; + unsigned char payload5[] = { + 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, + 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, + 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x0a}; + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload != NULL); + EXPECT_TRUE(len == sizeof(payload1)); + EXPECT_TRUE(memcmp((void *)payload, payload1, sizeof(payload1)) == 0); + hex_dump(payload, len); + session_consume_tcp_payload(sess, len); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload != NULL); + EXPECT_TRUE(len == sizeof(payload2)); + EXPECT_TRUE(memcmp((void *)payload, payload2, sizeof(payload2)) == 0); + hex_dump(payload, len); + session_consume_tcp_payload(sess, len); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload != NULL); + EXPECT_TRUE(len == sizeof(payload3)); + EXPECT_TRUE(memcmp((void *)payload, payload3, sizeof(payload3)) == 0); + hex_dump(payload, len); + session_consume_tcp_payload(sess, len); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload != NULL); + EXPECT_TRUE(len == sizeof(payload4)); + EXPECT_TRUE(memcmp((void *)payload, payload4, sizeof(payload4)) == 0); + hex_dump(payload, len); + session_consume_tcp_payload(sess, len); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload != NULL); + EXPECT_TRUE(len == sizeof(payload5)); + EXPECT_TRUE(memcmp((void *)payload, payload5, sizeof(payload5)) == 0); + hex_dump(payload, len); + session_consume_tcp_payload(sess, len); + + // expire session + EXPECT_TRUE(session_manager_get_expired_session(mgr, 7 + opts.tcp_timeout_data) == NULL); // active -> closing + sess = session_manager_get_expired_session(mgr, 7 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); // closing -> closed + EXPECT_TRUE(sess); + EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); + EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); + session_dump(sess); + // free session + session_manager_free_session(mgr, sess); + + session_manager_free(mgr); +} +#endif + +#if 1 +TEST(SESS_MGR_TCP_REASSEMBLY, SEQ_WRAPAROUND) +{ + uint32_t len = 0; + const char *payload = NULL; + struct packet pkt; + struct session *sess = NULL; + struct session_manager *mgr = NULL; + + mgr = session_manager_new(&opts, 1); + EXPECT_TRUE(mgr != NULL); + + // C2S SYN Packet + printf("\n=> Packet Parse: TCP C2S SYN packet\n"); + packet_parse(&pkt, (const char *)tcp_seq_wraparound_pkt1, sizeof(tcp_seq_wraparound_pkt1)); + printf("<= Packet Parse: done\n\n"); + + // lookup session + EXPECT_TRUE(session_manager_lookup_session(mgr, &pkt) == NULL); + // new session + sess = session_manager_new_session(mgr, &pkt, 1); + EXPECT_TRUE(sess); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload == NULL); + EXPECT_TRUE(len == 0); + + // C2S ACK Packet + printf("\n=> Packet Parse: TCP C2S ACK packet\n"); + packet_parse(&pkt, (const char *)tcp_seq_wraparound_pkt2, sizeof(tcp_seq_wraparound_pkt2)); + printf("<= Packet Parse: done\n\n"); + + // lookup session + sess = session_manager_lookup_session(mgr, &pkt); + EXPECT_TRUE(sess); + // update session + EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 2) == 0); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload == NULL); + EXPECT_TRUE(len == 0); + + // C2S Data Packet + printf("\n=> Packet Parse: TCP C2S Data packet\n"); + packet_parse(&pkt, (const char *)tcp_seq_wraparound_pkt3, sizeof(tcp_seq_wraparound_pkt3)); + printf("<= Packet Parse: done\n\n"); + + // lookup session + sess = session_manager_lookup_session(mgr, &pkt); + EXPECT_TRUE(sess); + // update session + EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 3) == 0); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload != NULL); + EXPECT_TRUE(len == sizeof(tcp_seq_wraparound_pkt3_payload)); + EXPECT_TRUE(memcmp((void *)payload, tcp_seq_wraparound_pkt3_payload, sizeof(tcp_seq_wraparound_pkt3_payload)) == 0); + hex_dump(payload, len); + session_consume_tcp_payload(sess, len); + + // C2S Data Packet + printf("\n=> Packet Parse: TCP C2S Data packet\n"); + packet_parse(&pkt, (const char *)tcp_seq_wraparound_pkt4, sizeof(tcp_seq_wraparound_pkt4)); + printf("<= Packet Parse: done\n\n"); + + // lookup session + sess = session_manager_lookup_session(mgr, &pkt); + EXPECT_TRUE(sess); + // update session + EXPECT_TRUE(session_manager_update_session(mgr, sess, &pkt, 4) == 0); + + payload = session_peek_tcp_payload(sess, &len); + EXPECT_TRUE(payload != NULL); + EXPECT_TRUE(len == sizeof(tcp_seq_wraparound_pkt4_payload)); + EXPECT_TRUE(memcmp((void *)payload, tcp_seq_wraparound_pkt4_payload, sizeof(tcp_seq_wraparound_pkt4_payload)) == 0); + hex_dump(payload, len); + session_consume_tcp_payload(sess, len); + + // expire session + EXPECT_TRUE(session_manager_get_expired_session(mgr, 4 + opts.tcp_timeout_data) == NULL); // active -> closing + sess = session_manager_get_expired_session(mgr, 4 + opts.tcp_timeout_data + opts.tcp_timeout_time_wait); // closing -> closed + EXPECT_TRUE(sess); + EXPECT_TRUE(session_get_state(sess) == SESSION_STATE_CLOSED); + EXPECT_TRUE(session_get_closing_reason(sess) == CLOSING_BY_TIMEOUT); + session_dump(sess); + // free session + session_manager_free_session(mgr, sess); + + session_manager_free(mgr); +} +#endif + +int main(int argc, char **argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/src/session/test/gtest_state_tcp_active_to_closing.cpp b/src/session/test/gtest_state_tcp_active_to_closing.cpp index 961a76d..cba6050 100644 --- a/src/session/test/gtest_state_tcp_active_to_closing.cpp +++ b/src/session/test/gtest_state_tcp_active_to_closing.cpp @@ -38,6 +38,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; static void build_active_tcp_session(struct session_manager *mgr, struct session *sess) diff --git a/src/session/test/gtest_state_tcp_init_to_opening.cpp b/src/session/test/gtest_state_tcp_init_to_opening.cpp index 85ff614..5c41770 100644 --- a/src/session/test/gtest_state_tcp_init_to_opening.cpp +++ b/src/session/test/gtest_state_tcp_init_to_opening.cpp @@ -38,6 +38,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; /****************************************************************************** diff --git a/src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp b/src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp index 98155bd..0dd0176 100644 --- a/src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp +++ b/src/session/test/gtest_state_tcp_init_to_opening_to_active_to_closing_to_closed.cpp @@ -37,6 +37,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; #if 1 diff --git a/src/session/test/gtest_state_tcp_opening_to_active.cpp b/src/session/test/gtest_state_tcp_opening_to_active.cpp index f3d1b63..1fcfb03 100644 --- a/src/session/test/gtest_state_tcp_opening_to_active.cpp +++ b/src/session/test/gtest_state_tcp_opening_to_active.cpp @@ -37,6 +37,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; /****************************************************************************** diff --git a/src/session/test/gtest_state_tcp_opening_to_closing.cpp b/src/session/test/gtest_state_tcp_opening_to_closing.cpp index 1d7bcda..dc59935 100644 --- a/src/session/test/gtest_state_tcp_opening_to_closing.cpp +++ b/src/session/test/gtest_state_tcp_opening_to_closing.cpp @@ -38,6 +38,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; /****************************************************************************** diff --git a/src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp b/src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp index 0a74e0d..b48ac4b 100644 --- a/src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp +++ b/src/session/test/gtest_state_udp_init_to_opening_to_active_to_closing.cpp @@ -37,6 +37,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; #if 1 diff --git a/src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp b/src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp index 9ff4ba7..9489c78 100644 --- a/src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp +++ b/src/session/test/gtest_state_udp_init_to_opening_to_closing.cpp @@ -37,6 +37,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; /****************************************************************************** diff --git a/src/session/test/gtest_timeout_tcp_data.cpp b/src/session/test/gtest_timeout_tcp_data.cpp index dad6ace..3f2e0d2 100644 --- a/src/session/test/gtest_timeout_tcp_data.cpp +++ b/src/session/test/gtest_timeout_tcp_data.cpp @@ -36,6 +36,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; #if 1 diff --git a/src/session/test/gtest_timeout_tcp_handshake.cpp b/src/session/test/gtest_timeout_tcp_handshake.cpp index 4b8309d..b1bcce1 100644 --- a/src/session/test/gtest_timeout_tcp_handshake.cpp +++ b/src/session/test/gtest_timeout_tcp_handshake.cpp @@ -37,6 +37,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; #if 1 diff --git a/src/session/test/gtest_timeout_tcp_init.cpp b/src/session/test/gtest_timeout_tcp_init.cpp index 0397854..5e86b9d 100644 --- a/src/session/test/gtest_timeout_tcp_init.cpp +++ b/src/session/test/gtest_timeout_tcp_init.cpp @@ -37,6 +37,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; #if 1 diff --git a/src/session/test/gtest_timeout_udp_data.cpp b/src/session/test/gtest_timeout_udp_data.cpp index 35003da..c60bd30 100644 --- a/src/session/test/gtest_timeout_udp_data.cpp +++ b/src/session/test/gtest_timeout_udp_data.cpp @@ -36,6 +36,12 @@ struct session_manager_options opts = { .evicted_session_filter_capacity = 1000, .evicted_session_filter_timeout = 10, .evicted_session_filter_error_rate = 0.0001, + + // TCP Reassembly + .tcp_reassembly_enable = 1, + .tcp_reassembly_max_timeout = 60000, + .tcp_reassembly_max_segments = 0, + .tcp_reassembly_max_bytes = 0, }; #if 1 diff --git a/src/session/test/test_packets.h b/src/session/test/test_packets.h index e36da7d..4d897f4 100644 --- a/src/session/test/test_packets.h +++ b/src/session/test/test_packets.h @@ -1471,6 +1471,1233 @@ unsigned char udp_pkt2_dns_resp[] = { 0x53, 0x1e, 0xc0, 0x8c, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x01, 0xa7, 0x1a, 0x00, 0x10, 0x20, 0x01, 0x05, 0x03, 0xa8, 0x3e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30}; +/****************************************************************************** + * test packet: TCP C2S seq wraparound + ******************************************************************************/ + +/* + * Frame 1: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) + * Ethernet II, Src: EvocInte_2f:90:37 (00:22:46:2f:90:37), Dst: EvocInte_36:b6:79 (00:22:46:36:b6:79) + * Destination: EvocInte_36:b6:79 (00:22:46:36:b6:79) + * Address: EvocInte_36:b6:79 (00:22:46:36:b6:79) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Source: EvocInte_2f:90:37 (00:22:46:2f:90:37) + * Address: EvocInte_2f:90:37 (00:22:46:2f:90:37) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 10.3.22.137, Dst: 10.3.22.11 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 56 + * Identification: 0x019a (410) + * 010. .... = Flags: 0x2, Don't fragment + * 0... .... = Reserved bit: Not set + * .1.. .... = Don't fragment: Set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0xf88c [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0xf88c] + * Source Address: 10.3.22.137 + * Destination Address: 10.3.22.11 + * Transmission Control Protocol, Src Port: 44760, Dst Port: 12345, Seq: 0, Len: 0 + * Source Port: 44760 + * Destination Port: 12345 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 0] + * Sequence Number: 0 (relative sequence number) + * Sequence Number (raw): 4294967134 + * [Next Sequence Number: 1 (relative sequence number)] + * Acknowledgment Number: 0 + * Acknowledgment number (raw): 0 + * 1001 .... = Header Length: 36 bytes (9) + * Flags: 0x002 (SYN) + * 000. .... .... = Reserved: Not set + * ...0 .... .... = Accurate ECN: Not set + * .... 0... .... = Congestion Window Reduced: Not set + * .... .0.. .... = ECN-Echo: Not set + * .... ..0. .... = Urgent: Not set + * .... ...0 .... = Acknowledgment: Not set + * .... .... 0... = Push: Not set + * .... .... .0.. = Reset: Not set + * .... .... ..1. = Syn: Set + * [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 12345] + * [Connection establish request (SYN): server port 12345] + * [Severity level: Chat] + * [Group: Sequence] + * .... .... ...0 = Fin: Not set + * [TCP Flags: ··········S·] + * Window: 29200 + * [Calculated window size: 29200] + * Checksum: 0xd68c incorrect, should be 0x24e6(maybe caused by "TCP checksum offload"?) + * [Expert Info (Error/Checksum): Bad checksum [should be 0x24e6]] + * [Bad checksum [should be 0x24e6]] + * [Severity level: Error] + * [Group: Checksum] + * [Checksum Status: Bad] + * [Calculated Checksum: 0x24e6] + * Urgent Pointer: 0 + * Options: (16 bytes), Maximum segment size, SACK permitted, Timestamps + * TCP Option - Maximum segment size: 1460 bytes + * Kind: Maximum Segment Size (2) + * Length: 4 + * MSS Value: 1460 + * TCP Option - SACK permitted + * Kind: SACK Permitted (4) + * Length: 2 + * TCP Option - Timestamps + * Kind: Time Stamp Option (8) + * Length: 10 + * Timestamp value: 441027524: TSval 441027524, TSecr 0 + * Timestamp echo reply: 0 + * [Timestamps] + * [Time since first frame in this TCP stream: 0.000000000 seconds] + * [Time since previous frame in this TCP stream: 0.000000000 seconds] + */ + +unsigned char tcp_seq_wraparound_pkt1[] = { + 0x00, 0x22, 0x46, 0x36, 0xb6, 0x79, 0x00, 0x22, 0x46, 0x2f, 0x90, 0x37, 0x08, 0x00, 0x45, 0x00, 0x00, 0x38, 0x01, 0x9a, 0x40, 0x00, 0x40, 0x06, 0xf8, 0x8c, + 0x0a, 0x03, 0x16, 0x89, 0x0a, 0x03, 0x16, 0x0b, 0xae, 0xd8, 0x30, 0x39, 0xff, 0xff, 0xff, 0x5e, 0x00, 0x00, 0x00, 0x00, 0x90, 0x02, 0x72, 0x10, 0xd6, 0x8c, + 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4, 0x04, 0x02, 0x08, 0x0a, 0x1a, 0x49, 0x8b, 0xc4, 0x00, 0x00, 0x00, 0x00}; + +/* + * Frame 3: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) + * Ethernet II, Src: EvocInte_2f:90:37 (00:22:46:2f:90:37), Dst: EvocInte_36:b6:79 (00:22:46:36:b6:79) + * Destination: EvocInte_36:b6:79 (00:22:46:36:b6:79) + * Address: EvocInte_36:b6:79 (00:22:46:36:b6:79) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Source: EvocInte_2f:90:37 (00:22:46:2f:90:37) + * Address: EvocInte_2f:90:37 (00:22:46:2f:90:37) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 10.3.22.137, Dst: 10.3.22.11 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 52 + * Identification: 0x019b (411) + * 010. .... = Flags: 0x2, Don't fragment + * 0... .... = Reserved bit: Not set + * .1.. .... = Don't fragment: Set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0xf88f [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0xf88f] + * Source Address: 10.3.22.137 + * Destination Address: 10.3.22.11 + * Transmission Control Protocol, Src Port: 44760, Dst Port: 12345, Seq: 1, Ack: 1, Len: 0 + * Source Port: 44760 + * Destination Port: 12345 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 0] + * Sequence Number: 1 (relative sequence number) + * Sequence Number (raw): 4294967135 + * [Next Sequence Number: 1 (relative sequence number)] + * Acknowledgment Number: 1 (relative ack number) + * Acknowledgment number (raw): 2769824760 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x010 (ACK) + * 000. .... .... = Reserved: Not set + * ...0 .... .... = Accurate ECN: Not set + * .... 0... .... = Congestion Window Reduced: Not set + * .... .0.. .... = ECN-Echo: Not set + * .... ..0. .... = Urgent: Not set + * .... ...1 .... = Acknowledgment: Set + * .... .... 0... = Push: Not set + * .... .... .0.. = Reset: Not set + * .... .... ..0. = Syn: Not set + * .... .... ...0 = Fin: Not set + * [TCP Flags: ·······A····] + * Window: 29200 + * [Calculated window size: 29200] + * [Window size scaling factor: -2 (no window scaling used)] + * Checksum: 0xcd87 incorrect, should be 0x1be1(maybe caused by "TCP checksum offload"?) + * [Expert Info (Error/Checksum): Bad checksum [should be 0x1be1]] + * [Bad checksum [should be 0x1be1]] + * [Severity level: Error] + * [Group: Checksum] + * [Checksum Status: Bad] + * [Calculated Checksum: 0x1be1] + * Urgent Pointer: 0 + * Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - Timestamps + * Kind: Time Stamp Option (8) + * Length: 10 + * Timestamp value: 441027526: TSval 441027526, TSecr 2924913737 + * Timestamp echo reply: 2924913737 + * [Timestamps] + * [Time since first frame in this TCP stream: 0.001642000 seconds] + * [Time since previous frame in this TCP stream: 0.001507000 seconds] + * [SEQ/ACK analysis] + * [This is an ACK to the segment in frame: 2] + * [The RTT to ACK the segment was: 0.001507000 seconds] + * [iRTT: 0.001642000 seconds] + */ + +unsigned char tcp_seq_wraparound_pkt2[] = { + 0x00, 0x22, 0x46, 0x36, 0xb6, 0x79, 0x00, 0x22, 0x46, 0x2f, 0x90, 0x37, 0x08, 0x00, 0x45, 0x00, 0x00, 0x34, 0x01, 0x9b, 0x40, 0x00, 0x40, 0x06, 0xf8, 0x8f, + 0x0a, 0x03, 0x16, 0x89, 0x0a, 0x03, 0x16, 0x0b, 0xae, 0xd8, 0x30, 0x39, 0xff, 0xff, 0xff, 0x5f, 0xa5, 0x18, 0x2b, 0xf8, 0x80, 0x10, 0x72, 0x10, 0xcd, 0x87, + 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x1a, 0x49, 0x8b, 0xc6, 0xae, 0x56, 0xa4, 0x49}; + +/* + * Frame 4: 947 bytes on wire (7576 bits), 947 bytes captured (7576 bits) + * Ethernet II, Src: EvocInte_2f:90:37 (00:22:46:2f:90:37), Dst: EvocInte_36:b6:79 (00:22:46:36:b6:79) + * Destination: EvocInte_36:b6:79 (00:22:46:36:b6:79) + * Address: EvocInte_36:b6:79 (00:22:46:36:b6:79) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Source: EvocInte_2f:90:37 (00:22:46:2f:90:37) + * Address: EvocInte_2f:90:37 (00:22:46:2f:90:37) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 10.3.22.137, Dst: 10.3.22.11 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 933 + * Identification: 0x019c (412) + * 010. .... = Flags: 0x2, Don't fragment + * 0... .... = Reserved bit: Not set + * .1.. .... = Don't fragment: Set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0xf51d [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0xf51d] + * Source Address: 10.3.22.137 + * Destination Address: 10.3.22.11 + * Transmission Control Protocol, Src Port: 44760, Dst Port: 12345, Seq: 1, Ack: 1, Len: 881 + * Source Port: 44760 + * Destination Port: 12345 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 881] + * Sequence Number: 1 (relative sequence number) + * Sequence Number (raw): 4294967135 + * [Next Sequence Number: 882 (relative sequence number)] + * Acknowledgment Number: 1 (relative ack number) + * Acknowledgment number (raw): 2769824760 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x018 (PSH, ACK) + * 000. .... .... = Reserved: Not set + * ...0 .... .... = Accurate ECN: Not set + * .... 0... .... = Congestion Window Reduced: Not set + * .... .0.. .... = ECN-Echo: Not set + * .... ..0. .... = Urgent: Not set + * .... ...1 .... = Acknowledgment: Set + * .... .... 1... = Push: Set + * .... .... .0.. = Reset: Not set + * .... .... ..0. = Syn: Not set + * .... .... ...0 = Fin: Not set + * [TCP Flags: ·······AP···] + * Window: 29200 + * [Calculated window size: 29200] + * [Window size scaling factor: -2 (no window scaling used)] + * Checksum: 0x98ef incorrect, should be 0xe748(maybe caused by "TCP checksum offload"?) + * [Expert Info (Error/Checksum): Bad checksum [should be 0xe748]] + * [Bad checksum [should be 0xe748]] + * [Severity level: Error] + * [Group: Checksum] + * [Checksum Status: Bad] + * [Calculated Checksum: 0xe748] + * Urgent Pointer: 0 + * Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - Timestamps + * Kind: Time Stamp Option (8) + * Length: 10 + * Timestamp value: 441067096: TSval 441067096, TSecr 2924913737 + * Timestamp echo reply: 2924913737 + * [Timestamps] + * [Time since first frame in this TCP stream: 39.570855000 seconds] + * [Time since previous frame in this TCP stream: 39.569213000 seconds] + * [SEQ/ACK analysis] + * [iRTT: 0.001642000 seconds] + * [Bytes in flight: 881] + * [Bytes sent since last PSH flag: 881] + * TCP payload (881 bytes) + * Data (881 bytes) + * Data: 313131313131313131313131313131313131313131313131313131313131313131313131… + * [Length: 881] + */ + +unsigned char tcp_seq_wraparound_pkt3[] = { + 0x00, 0x22, 0x46, 0x36, 0xb6, 0x79, 0x00, 0x22, 0x46, 0x2f, 0x90, 0x37, 0x08, 0x00, 0x45, 0x00, 0x03, 0xa5, 0x01, 0x9c, 0x40, 0x00, 0x40, 0x06, 0xf5, 0x1d, + 0x0a, 0x03, 0x16, 0x89, 0x0a, 0x03, 0x16, 0x0b, 0xae, 0xd8, 0x30, 0x39, 0xff, 0xff, 0xff, 0x5f, 0xa5, 0x18, 0x2b, 0xf8, 0x80, 0x18, 0x72, 0x10, 0x98, 0xef, + 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x1a, 0x4a, 0x26, 0x58, 0xae, 0x56, 0xa4, 0x49, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x0a}; + +unsigned char tcp_seq_wraparound_pkt3_payload[] = { + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x0a}; + +/* + * Frame 6: 1381 bytes on wire (11048 bits), 1381 bytes captured (11048 bits) + * Ethernet II, Src: EvocInte_2f:90:37 (00:22:46:2f:90:37), Dst: EvocInte_36:b6:79 (00:22:46:36:b6:79) + * Destination: EvocInte_36:b6:79 (00:22:46:36:b6:79) + * Address: EvocInte_36:b6:79 (00:22:46:36:b6:79) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Source: EvocInte_2f:90:37 (00:22:46:2f:90:37) + * Address: EvocInte_2f:90:37 (00:22:46:2f:90:37) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 10.3.22.137, Dst: 10.3.22.11 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 1367 + * Identification: 0x019e (414) + * 010. .... = Flags: 0x2, Don't fragment + * 0... .... = Reserved bit: Not set + * .1.. .... = Don't fragment: Set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0xf369 [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0xf369] + * Source Address: 10.3.22.137 + * Destination Address: 10.3.22.11 + * Transmission Control Protocol, Src Port: 44760, Dst Port: 12345, Seq: 882, Ack: 882, Len: 1315 + * Source Port: 44760 + * Destination Port: 12345 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 1315] + * Sequence Number: 882 (relative sequence number) + * Sequence Number (raw): 720 + * [Next Sequence Number: 2197 (relative sequence number)] + * Acknowledgment Number: 882 (relative ack number) + * Acknowledgment number (raw): 2769825641 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x018 (PSH, ACK) + * 000. .... .... = Reserved: Not set + * ...0 .... .... = Accurate ECN: Not set + * .... 0... .... = Congestion Window Reduced: Not set + * .... .0.. .... = ECN-Echo: Not set + * .... ..0. .... = Urgent: Not set + * .... ...1 .... = Acknowledgment: Set + * .... .... 1... = Push: Set + * .... .... .0.. = Reset: Not set + * .... .... ..0. = Syn: Not set + * .... .... ...0 = Fin: Not set + * [TCP Flags: ·······AP···] + * Window: 30835 + * [Calculated window size: 30835] + * [Window size scaling factor: -2 (no window scaling used)] + * Checksum: 0x1175 incorrect, should be 0x5fcf(maybe caused by "TCP checksum offload"?) + * [Expert Info (Error/Checksum): Bad checksum [should be 0x5fcf]] + * [Bad checksum [should be 0x5fcf]] + * [Severity level: Error] + * [Group: Checksum] + * [Checksum Status: Bad] + * [Calculated Checksum: 0x5fcf] + * Urgent Pointer: 0 + * Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - Timestamps + * Kind: Time Stamp Option (8) + * Length: 10 + * Timestamp value: 441090728: TSval 441090728, TSecr 2924960573 + * Timestamp echo reply: 2924960573 + * [Timestamps] + * [Time since first frame in this TCP stream: 63.203588000 seconds] + * [Time since previous frame in this TCP stream: 16.367494000 seconds] + * [SEQ/ACK analysis] + * [This is an ACK to the segment in frame: 5] + * [The RTT to ACK the segment was: 16.367494000 seconds] + * [iRTT: 0.001642000 seconds] + * [Bytes in flight: 1315] + * [Bytes sent since last PSH flag: 1315] + * TCP payload (1315 bytes) + * Data (1315 bytes) + * Data: 7b22636f6d6d6f6e5f736368656d615f74797065223a2248545450222c22636f6d6d6f6e… + * [Length: 1315] + */ + +unsigned char tcp_seq_wraparound_pkt4[] = { + 0x00, 0x22, 0x46, 0x36, 0xb6, 0x79, 0x00, 0x22, 0x46, 0x2f, 0x90, 0x37, 0x08, 0x00, 0x45, 0x00, 0x05, 0x57, 0x01, 0x9e, 0x40, 0x00, 0x40, 0x06, 0xf3, 0x69, + 0x0a, 0x03, 0x16, 0x89, 0x0a, 0x03, 0x16, 0x0b, 0xae, 0xd8, 0x30, 0x39, 0x00, 0x00, 0x02, 0xd0, 0xa5, 0x18, 0x2f, 0x69, 0x80, 0x18, 0x78, 0x73, 0x11, 0x75, + 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x1a, 0x4a, 0x82, 0xa8, 0xae, 0x57, 0x5b, 0x3d, 0x7b, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x63, 0x68, + 0x65, 0x6d, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0x3a, 0x22, 0x48, 0x54, 0x54, 0x50, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, + 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x3a, 0x31, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x6c, + 0x69, 0x6e, 0x65, 0x22, 0x3a, 0x22, 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x22, 0x2c, 0x22, 0x68, 0x74, 0x74, + 0x70, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x22, 0x3a, 0x22, 0x4d, 0x6f, 0x7a, 0x69, 0x6c, 0x6c, 0x61, 0x2f, 0x35, 0x2e, 0x30, + 0x20, 0x28, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x20, 0x4e, 0x54, 0x20, 0x31, 0x30, 0x2e, 0x30, 0x3b, 0x20, 0x57, 0x69, 0x6e, 0x36, 0x34, 0x3b, 0x20, + 0x78, 0x36, 0x34, 0x29, 0x22, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x75, 0x72, 0x6c, 0x22, 0x3a, 0x22, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, + 0x32, 0x2e, 0x32, 0x30, 0x30, 0x2f, 0x22, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x6c, 0x69, 0x6e, + 0x65, 0x22, 0x3a, 0x22, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x22, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, + 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0x3a, 0x22, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x22, + 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x22, 0x3a, 0x22, 0x31, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x22, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x69, 0x73, 0x6e, 0x22, 0x3a, 0x31, 0x33, 0x36, 0x33, 0x31, 0x38, 0x35, 0x38, 0x31, + 0x37, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x68, 0x74, 0x74, + 0x70, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x22, 0x68, 0x74, 0x74, 0x70, 0x31, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x22, 0x3a, 0x22, 0x54, 0x43, 0x50, 0x2f, 0x49, 0x50, 0x76, 0x34, + 0x2f, 0x45, 0x54, 0x48, 0x45, 0x52, 0x4e, 0x45, 0x54, 0x22, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, + 0x3a, 0x31, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x32, 0x73, 0x5f, 0x69, 0x70, 0x66, 0x72, 0x61, 0x67, 0x5f, 0x6e, 0x75, 0x6d, 0x22, + 0x3a, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x32, 0x63, 0x5f, 0x69, 0x70, 0x66, 0x72, 0x61, 0x67, 0x5f, 0x6e, 0x75, 0x6d, 0x22, + 0x3a, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x32, 0x73, 0x5f, 0x74, 0x63, 0x70, 0x5f, 0x75, 0x6e, 0x6f, 0x72, 0x64, 0x65, 0x72, + 0x5f, 0x6e, 0x75, 0x6d, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x32, 0x63, 0x5f, 0x74, 0x63, 0x70, 0x5f, 0x75, 0x6e, + 0x6f, 0x72, 0x64, 0x65, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x32, 0x73, 0x5f, 0x74, + 0x63, 0x70, 0x5f, 0x6c, 0x6f, 0x73, 0x74, 0x6c, 0x65, 0x6e, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x32, 0x63, 0x5f, + 0x74, 0x63, 0x70, 0x5f, 0x6c, 0x6f, 0x73, 0x74, 0x6c, 0x65, 0x6e, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x5f, 0x69, 0x70, 0x22, 0x3a, 0x22, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x32, 0x2e, 0x32, 0x30, 0x30, 0x22, 0x2c, 0x22, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x70, 0x22, 0x3a, 0x22, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, + 0x32, 0x2e, 0x31, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x3a, + 0x38, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x3a, 0x31, 0x36, + 0x31, 0x31, 0x36, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x64, 0x69, 0x72, 0x22, 0x3a, 0x33, 0x2c, + 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0x3a, 0x34, 0x2c, 0x22, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x32, 0x63, 0x5f, 0x70, 0x6b, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x22, 0x3a, 0x37, 0x34, 0x2c, 0x22, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x32, 0x63, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x5f, 0x6e, 0x75, 0x6d, 0x22, 0x3a, 0x34, 0x36, 0x30, 0x32, 0x34, 0x2c, 0x22, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x32, 0x73, 0x5f, 0x70, 0x6b, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x22, 0x3a, 0x31, 0x36, 0x2c, 0x22, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x32, 0x73, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x5f, 0x6e, 0x75, 0x6d, 0x22, 0x3a, 0x31, 0x33, 0x30, 0x34, 0x2c, 0x22, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x22, 0x3a, 0x31, 0x36, 0x30, 0x37, 0x35, 0x30, 0x36, 0x39, 0x37, + 0x39, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x65, 0x6e, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x22, 0x3a, 0x31, 0x36, 0x30, 0x37, 0x35, 0x30, + 0x37, 0x30, 0x32, 0x31, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, + 0x6d, 0x73, 0x22, 0x3a, 0x34, 0x32, 0x30, 0x30, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x74, + 0x72, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x22, 0x3a, 0x22, 0x31, 0x31, 0x35, 0x32, 0x39, 0x39, 0x34, 0x32, 0x39, 0x32, 0x33, 0x30, 0x33, 0x37, 0x37, 0x33, + 0x36, 0x33, 0x31, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x6c, 0x34, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22, 0x3a, + 0x22, 0x49, 0x50, 0x76, 0x34, 0x5f, 0x54, 0x43, 0x50, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x22, 0x3a, 0x22, 0x31, 0x36, 0x31, 0x31, 0x36, 0x2d, 0x38, 0x30, 0x2d, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x32, + 0x2e, 0x31, 0x2d, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x32, 0x2e, 0x32, 0x30, 0x30, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, + 0x6c, 0x37, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22, 0x3a, 0x22, 0x48, 0x54, 0x54, 0x50, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x5f, 0x65, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x5f, 0x6c, 0x61, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x6d, 0x73, 0x22, 0x3a, 0x35, 0x33, + 0x31, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x36, 0x39, 0x2c, 0x22, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x6c, 0x65, 0x64, 0x5f, 0x69, 0x70, 0x22, 0x3a, 0x22, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x34, 0x30, + 0x2e, 0x31, 0x36, 0x31, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x22, 0x3a, 0x22, + 0x43, 0x42, 0x54, 0x32, 0x32, 0x30, 0x31, 0x39, 0x32, 0x35, 0x30, 0x30, 0x30, 0x30, 0x30, 0x31, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, + 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x3a, 0x22, 0x41, 0x6c, 0x6d, 0x61, 0x74, 0x79, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x69, 0x64, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x22, 0x3a, 0x31, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, + 0x30, 0x7d, 0x0a}; + +unsigned char tcp_seq_wraparound_pkt4_payload[] = { + 0x7b, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0x3a, 0x22, 0x48, 0x54, 0x54, + 0x50, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x3a, 0x31, 0x2c, 0x22, 0x68, 0x74, + 0x74, 0x70, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x22, 0x3a, 0x22, 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20, 0x48, 0x54, + 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x22, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x22, 0x3a, + 0x22, 0x4d, 0x6f, 0x7a, 0x69, 0x6c, 0x6c, 0x61, 0x2f, 0x35, 0x2e, 0x30, 0x20, 0x28, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x73, 0x20, 0x4e, 0x54, 0x20, 0x31, + 0x30, 0x2e, 0x30, 0x3b, 0x20, 0x57, 0x69, 0x6e, 0x36, 0x34, 0x3b, 0x20, 0x78, 0x36, 0x34, 0x29, 0x22, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x75, 0x72, + 0x6c, 0x22, 0x3a, 0x22, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x32, 0x2e, 0x32, 0x30, 0x30, 0x2f, 0x22, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, + 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x22, 0x3a, 0x22, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, + 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x22, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, + 0x3a, 0x22, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x22, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, + 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x22, 0x3a, 0x22, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x22, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x69, 0x73, + 0x6e, 0x22, 0x3a, 0x31, 0x33, 0x36, 0x33, 0x31, 0x38, 0x35, 0x38, 0x31, 0x37, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, + 0x66, 0x6c, 0x61, 0x67, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x22, 0x68, 0x74, + 0x74, 0x70, 0x31, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x6c, 0x61, 0x62, 0x65, + 0x6c, 0x22, 0x3a, 0x22, 0x54, 0x43, 0x50, 0x2f, 0x49, 0x50, 0x76, 0x34, 0x2f, 0x45, 0x54, 0x48, 0x45, 0x52, 0x4e, 0x45, 0x54, 0x22, 0x2c, 0x22, 0x68, 0x74, + 0x74, 0x70, 0x5f, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x22, 0x3a, 0x31, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x32, 0x73, + 0x5f, 0x69, 0x70, 0x66, 0x72, 0x61, 0x67, 0x5f, 0x6e, 0x75, 0x6d, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x32, 0x63, + 0x5f, 0x69, 0x70, 0x66, 0x72, 0x61, 0x67, 0x5f, 0x6e, 0x75, 0x6d, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x32, 0x73, + 0x5f, 0x74, 0x63, 0x70, 0x5f, 0x75, 0x6e, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x22, 0x3a, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x5f, 0x73, 0x32, 0x63, 0x5f, 0x74, 0x63, 0x70, 0x5f, 0x75, 0x6e, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x22, 0x3a, 0x30, 0x2c, 0x22, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x32, 0x73, 0x5f, 0x74, 0x63, 0x70, 0x5f, 0x6c, 0x6f, 0x73, 0x74, 0x6c, 0x65, 0x6e, 0x22, 0x3a, 0x30, 0x2c, + 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x32, 0x63, 0x5f, 0x74, 0x63, 0x70, 0x5f, 0x6c, 0x6f, 0x73, 0x74, 0x6c, 0x65, 0x6e, 0x22, 0x3a, 0x30, + 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x70, 0x22, 0x3a, 0x22, 0x31, 0x39, 0x32, 0x2e, 0x31, + 0x36, 0x38, 0x2e, 0x32, 0x2e, 0x32, 0x30, 0x30, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, + 0x70, 0x22, 0x3a, 0x22, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x32, 0x2e, 0x31, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x3a, 0x38, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x3a, 0x31, 0x36, 0x31, 0x31, 0x36, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x74, + 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x64, 0x69, 0x72, 0x22, 0x3a, 0x33, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, + 0x73, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0x3a, 0x34, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x32, 0x63, 0x5f, 0x70, 0x6b, 0x74, 0x5f, + 0x6e, 0x75, 0x6d, 0x22, 0x3a, 0x37, 0x34, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x32, 0x63, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x5f, 0x6e, + 0x75, 0x6d, 0x22, 0x3a, 0x34, 0x36, 0x30, 0x32, 0x34, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x32, 0x73, 0x5f, 0x70, 0x6b, 0x74, 0x5f, + 0x6e, 0x75, 0x6d, 0x22, 0x3a, 0x31, 0x36, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, 0x32, 0x73, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x5f, 0x6e, + 0x75, 0x6d, 0x22, 0x3a, 0x31, 0x33, 0x30, 0x34, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x74, 0x69, 0x6d, + 0x65, 0x22, 0x3a, 0x31, 0x36, 0x30, 0x37, 0x35, 0x30, 0x36, 0x39, 0x37, 0x39, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x65, 0x6e, 0x64, 0x5f, + 0x74, 0x69, 0x6d, 0x65, 0x22, 0x3a, 0x31, 0x36, 0x30, 0x37, 0x35, 0x30, 0x37, 0x30, 0x32, 0x31, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x63, + 0x6f, 0x6e, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x73, 0x22, 0x3a, 0x34, 0x32, 0x30, 0x30, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x22, 0x3a, 0x22, 0x31, 0x31, 0x35, 0x32, + 0x39, 0x39, 0x34, 0x32, 0x39, 0x32, 0x33, 0x30, 0x33, 0x37, 0x37, 0x33, 0x36, 0x33, 0x31, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x6c, + 0x34, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22, 0x3a, 0x22, 0x49, 0x50, 0x76, 0x34, 0x5f, 0x54, 0x43, 0x50, 0x22, 0x2c, 0x22, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x22, 0x3a, 0x22, 0x31, 0x36, 0x31, 0x31, 0x36, 0x2d, + 0x38, 0x30, 0x2d, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x32, 0x2e, 0x31, 0x2d, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x32, 0x2e, 0x32, + 0x30, 0x30, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x6c, 0x37, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22, 0x3a, 0x22, + 0x48, 0x54, 0x54, 0x50, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x65, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x5f, 0x6c, 0x61, + 0x74, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x6d, 0x73, 0x22, 0x3a, 0x35, 0x33, 0x31, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x64, 0x69, 0x72, 0x65, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x36, 0x39, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x6c, 0x65, 0x64, 0x5f, 0x69, 0x70, 0x22, + 0x3a, 0x22, 0x31, 0x39, 0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x34, 0x30, 0x2e, 0x31, 0x36, 0x31, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, + 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x22, 0x3a, 0x22, 0x43, 0x42, 0x54, 0x32, 0x32, 0x30, 0x31, 0x39, 0x32, 0x35, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x31, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x3a, 0x22, + 0x41, 0x6c, 0x6d, 0x61, 0x74, 0x79, 0x22, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x69, 0x64, 0x22, + 0x3a, 0x30, 0x2c, 0x22, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x22, 0x3a, 0x31, 0x2c, 0x22, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x30, 0x7d, 0x0a}; + +/****************************************************************************** + * test packet: TCP C2S out of order + ******************************************************************************/ + +/* + * Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface unknown, id 0 + * Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Destination: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Source: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 60 + * Identification: 0xe8ea (59626) + * 010. .... = Flags: 0x2, Don't fragment + * 0... .... = Reserved bit: Not set + * .1.. .... = Don't fragment: Set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0x53cf [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0x53cf] + * Source Address: 127.0.0.1 + * Destination Address: 127.0.0.1 + * Transmission Control Protocol, Src Port: 40812, Dst Port: 55555, Seq: 0, Len: 0 + * Source Port: 40812 + * Destination Port: 55555 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 0] + * Sequence Number: 0 (relative sequence number) + * Sequence Number (raw): 3903031379 + * [Next Sequence Number: 1 (relative sequence number)] + * Acknowledgment Number: 0 + * Acknowledgment number (raw): 0 + * 1010 .... = Header Length: 40 bytes (10) + * Flags: 0x002 (SYN) + * 000. .... .... = Reserved: Not set + * ...0 .... .... = Accurate ECN: Not set + * .... 0... .... = Congestion Window Reduced: Not set + * .... .0.. .... = ECN-Echo: Not set + * .... ..0. .... = Urgent: Not set + * .... ...0 .... = Acknowledgment: Not set + * .... .... 0... = Push: Not set + * .... .... .0.. = Reset: Not set + * .... .... ..1. = Syn: Set + * [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 55555] + * [Connection establish request (SYN): server port 55555] + * [Severity level: Chat] + * [Group: Sequence] + * .... .... ...0 = Fin: Not set + * [TCP Flags: ··········S·] + * Window: 43690 + * [Calculated window size: 43690] + * Checksum: 0xfe30 incorrect, should be 0xc5a7(maybe caused by "TCP checksum offload"?) + * [Expert Info (Error/Checksum): Bad checksum [should be 0xc5a7]] + * [Bad checksum [should be 0xc5a7]] + * [Severity level: Error] + * [Group: Checksum] + * [Checksum Status: Bad] + * [Calculated Checksum: 0xc5a7] + * Urgent Pointer: 0 + * Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale + * TCP Option - Maximum segment size: 65495 bytes + * Kind: Maximum Segment Size (2) + * Length: 4 + * MSS Value: 65495 + * TCP Option - SACK permitted + * Kind: SACK Permitted (4) + * Length: 2 + * TCP Option - Timestamps + * Kind: Time Stamp Option (8) + * Length: 10 + * Timestamp value: 2506514617: TSval 2506514617, TSecr 0 + * Timestamp echo reply: 0 + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - Window scale: 7 (multiply by 128) + * Kind: Window Scale (3) + * Length: 3 + * Shift count: 7 + * [Multiplier: 128] + * [Timestamps] + * [Time since first frame in this TCP stream: 0.000000000 seconds] + * [Time since previous frame in this TCP stream: 0.000000000 seconds] + */ + +unsigned char tcp_out_of_order_pkt1[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x45, 0x00, 0x00, 0x3c, 0xe8, 0xea, 0x40, 0x00, 0x40, 0x06, 0x53, 0xcf, + 0x7f, 0x00, 0x00, 0x01, 0x7f, 0x00, 0x00, 0x01, 0x9f, 0x6c, 0xd9, 0x03, 0xe8, 0xa3, 0x88, 0x53, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0xaa, 0xaa, 0xfe, 0x30, + 0x00, 0x00, 0x02, 0x04, 0xff, 0xd7, 0x04, 0x02, 0x08, 0x0a, 0x95, 0x66, 0x60, 0xb9, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x03, 0x07}; + +/* + * Frame 3: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface unknown, id 0 + * Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Destination: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Source: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 52 + * Identification: 0xe8eb (59627) + * 010. .... = Flags: 0x2, Don't fragment + * 0... .... = Reserved bit: Not set + * .1.. .... = Don't fragment: Set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0x53d6 [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0x53d6] + * Source Address: 127.0.0.1 + * Destination Address: 127.0.0.1 + * Transmission Control Protocol, Src Port: 40812, Dst Port: 55555, Seq: 1, Ack: 1, Len: 0 + * Source Port: 40812 + * Destination Port: 55555 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 0] + * Sequence Number: 1 (relative sequence number) + * Sequence Number (raw): 3903031380 + * [Next Sequence Number: 1 (relative sequence number)] + * Acknowledgment Number: 1 (relative ack number) + * Acknowledgment number (raw): 272792950 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x010 (ACK) + * 000. .... .... = Reserved: Not set + * ...0 .... .... = Accurate ECN: Not set + * .... 0... .... = Congestion Window Reduced: Not set + * .... .0.. .... = ECN-Echo: Not set + * .... ..0. .... = Urgent: Not set + * .... ...1 .... = Acknowledgment: Set + * .... .... 0... = Push: Not set + * .... .... .0.. = Reset: Not set + * .... .... ..0. = Syn: Not set + * .... .... ...0 = Fin: Not set + * [TCP Flags: ·······A····] + * Window: 342 + * [Calculated window size: 43776] + * [Window size scaling factor: 128] + * Checksum: 0xfe28 incorrect, should be 0x1404(maybe caused by "TCP checksum offload"?) + * [Expert Info (Error/Checksum): Bad checksum [should be 0x1404]] + * [Bad checksum [should be 0x1404]] + * [Severity level: Error] + * [Group: Checksum] + * [Checksum Status: Bad] + * [Calculated Checksum: 0x1404] + * Urgent Pointer: 0 + * Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - Timestamps + * Kind: Time Stamp Option (8) + * Length: 10 + * Timestamp value: 2506514617: TSval 2506514617, TSecr 2506514617 + * Timestamp echo reply: 2506514617 + * [Timestamps] + * [Time since first frame in this TCP stream: 0.000037000 seconds] + * [Time since previous frame in this TCP stream: 643767903.523730000 seconds] + * [SEQ/ACK analysis] + * [This is an ACK to the segment in frame: 2] + * [The RTT to ACK the segment was: 643767903.523730000 seconds] + * [iRTT: 0.000037000 seconds] + */ + +unsigned char tcp_out_of_order_pkt2[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x45, 0x00, 0x00, 0x34, 0xe8, 0xeb, 0x40, 0x00, 0x40, 0x06, 0x53, 0xd6, + 0x7f, 0x00, 0x00, 0x01, 0x7f, 0x00, 0x00, 0x01, 0x9f, 0x6c, 0xd9, 0x03, 0xe8, 0xa3, 0x88, 0x54, 0x10, 0x42, 0x7d, 0x76, 0x80, 0x10, 0x01, 0x56, 0xfe, 0x28, + 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x95, 0x66, 0x60, 0xb9, 0x95, 0x66, 0x60, 0xb9}; + +/* + * Frame 4: 129 bytes on wire (1032 bits), 129 bytes captured (1032 bits) on interface unknown, id 0 + * Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Destination: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Source: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 115 + * Identification: 0xe8ed (59629) + * 010. .... = Flags: 0x2, Don't fragment + * 0... .... = Reserved bit: Not set + * .1.. .... = Don't fragment: Set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0x5395 [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0x5395] + * Source Address: 127.0.0.1 + * Destination Address: 127.0.0.1 + * Transmission Control Protocol, Src Port: 40812, Dst Port: 55555, Seq: 64, Ack: 1, Len: 63 + * Source Port: 40812 + * Destination Port: 55555 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 63] + * Sequence Number: 64 (relative sequence number) + * Sequence Number (raw): 3903031443 + * [Next Sequence Number: 127 (relative sequence number)] + * Acknowledgment Number: 1 (relative ack number) + * Acknowledgment number (raw): 272792950 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x018 (PSH, ACK) + * 000. .... .... = Reserved: Not set + * ...0 .... .... = Accurate ECN: Not set + * .... 0... .... = Congestion Window Reduced: Not set + * .... .0.. .... = ECN-Echo: Not set + * .... ..0. .... = Urgent: Not set + * .... ...1 .... = Acknowledgment: Set + * .... .... 1... = Push: Set + * .... .... .0.. = Reset: Not set + * .... .... ..0. = Syn: Not set + * .... .... ...0 = Fin: Not set + * [TCP Flags: ·······AP···] + * Window: 342 + * [Calculated window size: 43776] + * [Window size scaling factor: 128] + * Checksum: 0xfe67 incorrect, should be 0xc4b9(maybe caused by "TCP checksum offload"?) + * [Expert Info (Error/Checksum): Bad checksum [should be 0xc4b9]] + * [Bad checksum [should be 0xc4b9]] + * [Severity level: Error] + * [Group: Checksum] + * [Checksum Status: Bad] + * [Calculated Checksum: 0xc4b9] + * Urgent Pointer: 0 + * Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - Timestamps + * Kind: Time Stamp Option (8) + * Length: 10 + * Timestamp value: 2506523081: TSval 2506523081, TSecr 2506518617 + * Timestamp echo reply: 2506518617 + * [Timestamps] + * [Time since first frame in this TCP stream: 8.464205000 seconds] + * [Time since previous frame in this TCP stream: 8.464168000 seconds] + * [SEQ/ACK analysis] + * [iRTT: 0.000037000 seconds] + * [TCP Analysis Flags] + * [Expert Info (Warning/Sequence): Previous segment(s) not captured (common at capture start)] + * [Previous segment(s) not captured (common at capture start)] + * [Severity level: Warning] + * [Group: Sequence] + * TCP payload (63 bytes) + * Data (63 bytes) + * Data: 323232323232323232323232323232323232323232323232323232323232323232323232… + * [Length: 63] + */ + +unsigned char tcp_out_of_order_pkt3[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x45, 0x00, 0x00, 0x73, 0xe8, 0xed, 0x40, 0x00, 0x40, 0x06, 0x53, 0x95, + 0x7f, 0x00, 0x00, 0x01, 0x7f, 0x00, 0x00, 0x01, 0x9f, 0x6c, 0xd9, 0x03, 0xe8, 0xa3, 0x88, 0x93, 0x10, 0x42, 0x7d, 0x76, 0x80, 0x18, 0x01, 0x56, 0xfe, 0x67, + 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x95, 0x66, 0x81, 0xc9, 0x95, 0x66, 0x70, 0x59, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, + 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, + 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x0a}; + +/* + * Frame 5: 129 bytes on wire (1032 bits), 129 bytes captured (1032 bits) on interface unknown, id 0 + * Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Destination: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Source: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 115 + * Identification: 0xe8ee (59630) + * 010. .... = Flags: 0x2, Don't fragment + * 0... .... = Reserved bit: Not set + * .1.. .... = Don't fragment: Set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0x5394 [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0x5394] + * Source Address: 127.0.0.1 + * Destination Address: 127.0.0.1 + * Transmission Control Protocol, Src Port: 40812, Dst Port: 55555, Seq: 127, Ack: 1, Len: 63 + * Source Port: 40812 + * Destination Port: 55555 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 63] + * Sequence Number: 127 (relative sequence number) + * Sequence Number (raw): 3903031506 + * [Next Sequence Number: 190 (relative sequence number)] + * Acknowledgment Number: 1 (relative ack number) + * Acknowledgment number (raw): 272792950 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x018 (PSH, ACK) + * 000. .... .... = Reserved: Not set + * ...0 .... .... = Accurate ECN: Not set + * .... 0... .... = Congestion Window Reduced: Not set + * .... .0.. .... = ECN-Echo: Not set + * .... ..0. .... = Urgent: Not set + * .... ...1 .... = Acknowledgment: Set + * .... .... 1... = Push: Set + * .... .... .0.. = Reset: Not set + * .... .... ..0. = Syn: Not set + * .... .... ...0 = Fin: Not set + * [TCP Flags: ·······AP···] + * Window: 342 + * [Calculated window size: 43776] + * [Window size scaling factor: 128] + * Checksum: 0xfe67 incorrect, should be 0x823b(maybe caused by "TCP checksum offload"?) + * [Expert Info (Error/Checksum): Bad checksum [should be 0x823b]] + * [Bad checksum [should be 0x823b]] + * [Severity level: Error] + * [Group: Checksum] + * [Checksum Status: Bad] + * [Calculated Checksum: 0x823b] + * Urgent Pointer: 0 + * Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - Timestamps + * Kind: Time Stamp Option (8) + * Length: 10 + * Timestamp value: 2506527609: TSval 2506527609, TSecr 2506523081 + * Timestamp echo reply: 2506523081 + * [Timestamps] + * [Time since first frame in this TCP stream: 12.992217000 seconds] + * [Time since previous frame in this TCP stream: 4.528012000 seconds] + * TCP payload (63 bytes) + * Data (63 bytes) + * Data: 333333333333333333333333333333333333333333333333333333333333333333333333… + * [Length: 63] + */ + +unsigned char tcp_out_of_order_pkt4[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x45, 0x00, 0x00, 0x73, 0xe8, 0xee, 0x40, 0x00, 0x40, 0x06, 0x53, 0x94, + 0x7f, 0x00, 0x00, 0x01, 0x7f, 0x00, 0x00, 0x01, 0x9f, 0x6c, 0xd9, 0x03, 0xe8, 0xa3, 0x88, 0xd2, 0x10, 0x42, 0x7d, 0x76, 0x80, 0x18, 0x01, 0x56, 0xfe, 0x67, + 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x95, 0x66, 0x93, 0x79, 0x95, 0x66, 0x81, 0xc9, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x0a}; + +/* + * Frame 6: 129 bytes on wire (1032 bits), 129 bytes captured (1032 bits) on interface unknown, id 0 + * Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Destination: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Source: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 115 + * Identification: 0xe8ef (59631) + * 010. .... = Flags: 0x2, Don't fragment + * 0... .... = Reserved bit: Not set + * .1.. .... = Don't fragment: Set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0x5393 [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0x5393] + * Source Address: 127.0.0.1 + * Destination Address: 127.0.0.1 + * Transmission Control Protocol, Src Port: 40812, Dst Port: 55555, Seq: 190, Ack: 1, Len: 63 + * Source Port: 40812 + * Destination Port: 55555 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 63] + * Sequence Number: 190 (relative sequence number) + * Sequence Number (raw): 3903031569 + * [Next Sequence Number: 253 (relative sequence number)] + * Acknowledgment Number: 1 (relative ack number) + * Acknowledgment number (raw): 272792950 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x018 (PSH, ACK) + * 000. .... .... = Reserved: Not set + * ...0 .... .... = Accurate ECN: Not set + * .... 0... .... = Congestion Window Reduced: Not set + * .... .0.. .... = ECN-Echo: Not set + * .... ..0. .... = Urgent: Not set + * .... ...1 .... = Acknowledgment: Set + * .... .... 1... = Push: Set + * .... .... .0.. = Reset: Not set + * .... .... ..0. = Syn: Not set + * .... .... ...0 = Fin: Not set + * [TCP Flags: ·······AP···] + * Window: 342 + * [Calculated window size: 43776] + * [Window size scaling factor: 128] + * Checksum: 0xfe67 incorrect, should be 0x3e2d(maybe caused by "TCP checksum offload"?) + * [Expert Info (Error/Checksum): Bad checksum [should be 0x3e2d]] + * [Bad checksum [should be 0x3e2d]] + * [Severity level: Error] + * [Group: Checksum] + * [Checksum Status: Bad] + * [Calculated Checksum: 0x3e2d] + * Urgent Pointer: 0 + * Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - Timestamps + * Kind: Time Stamp Option (8) + * Length: 10 + * Timestamp value: 2506532473: TSval 2506532473, TSecr 2506527609 + * Timestamp echo reply: 2506527609 + * [Timestamps] + * [Time since first frame in this TCP stream: 17.856214000 seconds] + * [Time since previous frame in this TCP stream: 4.863997000 seconds] + * TCP payload (63 bytes) + * Data (63 bytes) + * Data: 343434343434343434343434343434343434343434343434343434343434343434343434… + * [Length: 63] + */ + +unsigned char tcp_out_of_order_pkt5[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x45, 0x00, 0x00, 0x73, 0xe8, 0xef, 0x40, 0x00, 0x40, 0x06, 0x53, 0x93, + 0x7f, 0x00, 0x00, 0x01, 0x7f, 0x00, 0x00, 0x01, 0x9f, 0x6c, 0xd9, 0x03, 0xe8, 0xa3, 0x89, 0x11, 0x10, 0x42, 0x7d, 0x76, 0x80, 0x18, 0x01, 0x56, 0xfe, 0x67, + 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x95, 0x66, 0xa6, 0x79, 0x95, 0x66, 0x93, 0x79, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, + 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, + 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x34, 0x0a}; + +/* + * Frame 7: 129 bytes on wire (1032 bits), 129 bytes captured (1032 bits) on interface unknown, id 0 + * Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Destination: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Source: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 115 + * Identification: 0xe8f0 (59632) + * 010. .... = Flags: 0x2, Don't fragment + * 0... .... = Reserved bit: Not set + * .1.. .... = Don't fragment: Set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0x5392 [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0x5392] + * Source Address: 127.0.0.1 + * Destination Address: 127.0.0.1 + * Transmission Control Protocol, Src Port: 40812, Dst Port: 55555, Seq: 253, Ack: 1, Len: 63 + * Source Port: 40812 + * Destination Port: 55555 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 63] + * Sequence Number: 253 (relative sequence number) + * Sequence Number (raw): 3903031632 + * [Next Sequence Number: 316 (relative sequence number)] + * Acknowledgment Number: 1 (relative ack number) + * Acknowledgment number (raw): 272792950 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x018 (PSH, ACK) + * 000. .... .... = Reserved: Not set + * ...0 .... .... = Accurate ECN: Not set + * .... 0... .... = Congestion Window Reduced: Not set + * .... .0.. .... = ECN-Echo: Not set + * .... ..0. .... = Urgent: Not set + * .... ...1 .... = Acknowledgment: Set + * .... .... 1... = Push: Set + * .... .... .0.. = Reset: Not set + * .... .... ..0. = Syn: Not set + * .... .... ...0 = Fin: Not set + * [TCP Flags: ·······AP···] + * Window: 342 + * [Calculated window size: 43776] + * [Window size scaling factor: 128] + * Checksum: 0xfe67 incorrect, should be 0xf636(maybe caused by "TCP checksum offload"?) + * [Expert Info (Error/Checksum): Bad checksum [should be 0xf636]] + * [Bad checksum [should be 0xf636]] + * [Severity level: Error] + * [Group: Checksum] + * [Checksum Status: Bad] + * [Calculated Checksum: 0xf636] + * Urgent Pointer: 0 + * Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - Timestamps + * Kind: Time Stamp Option (8) + * Length: 10 + * Timestamp value: 2506538001: TSval 2506538001, TSecr 2506532473 + * Timestamp echo reply: 2506532473 + * [Timestamps] + * [Time since first frame in this TCP stream: 23.384147000 seconds] + * [Time since previous frame in this TCP stream: 5.527933000 seconds] + * TCP payload (63 bytes) + * Data (63 bytes) + * Data: 353535353535353535353535353535353535353535353535353535353535353535353535… + * [Length: 63] + */ + +unsigned char tcp_out_of_order_pkt6[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x45, 0x00, 0x00, 0x73, 0xe8, 0xf0, 0x40, 0x00, 0x40, 0x06, 0x53, 0x92, + 0x7f, 0x00, 0x00, 0x01, 0x7f, 0x00, 0x00, 0x01, 0x9f, 0x6c, 0xd9, 0x03, 0xe8, 0xa3, 0x89, 0x50, 0x10, 0x42, 0x7d, 0x76, 0x80, 0x18, 0x01, 0x56, 0xfe, 0x67, + 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x95, 0x66, 0xbc, 0x11, 0x95, 0x66, 0xa6, 0x79, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, + 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, + 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x0a}; + +/* + * Frame 8: 129 bytes on wire (1032 bits), 129 bytes captured (1032 bits) on interface unknown, id 0 + * Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Destination: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Source: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Address: 00:00:00_00:00:00 (00:00:00:00:00:00) + * .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) + * .... ...0 .... .... .... .... = IG bit: Individual address (unicast) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 115 + * Identification: 0xe8ec (59628) + * 010. .... = Flags: 0x2, Don't fragment + * 0... .... = Reserved bit: Not set + * .1.. .... = Don't fragment: Set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0x5396 [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0x5396] + * Source Address: 127.0.0.1 + * Destination Address: 127.0.0.1 + * Transmission Control Protocol, Src Port: 40812, Dst Port: 55555, Seq: 1, Ack: 1, Len: 63 + * Source Port: 40812 + * Destination Port: 55555 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 63] + * Sequence Number: 1 (relative sequence number) + * Sequence Number (raw): 3903031380 + * [Next Sequence Number: 64 (relative sequence number)] + * Acknowledgment Number: 1 (relative ack number) + * Acknowledgment number (raw): 272792950 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x018 (PSH, ACK) + * 000. .... .... = Reserved: Not set + * ...0 .... .... = Accurate ECN: Not set + * .... 0... .... = Congestion Window Reduced: Not set + * .... .0.. .... = ECN-Echo: Not set + * .... ..0. .... = Urgent: Not set + * .... ...1 .... = Acknowledgment: Set + * .... .... 1... = Push: Set + * .... .... .0.. = Reset: Not set + * .... .... ..0. = Syn: Not set + * .... .... ...0 = Fin: Not set + * [TCP Flags: ·······AP···] + * Window: 342 + * [Calculated window size: 43776] + * [Window size scaling factor: 128] + * Checksum: 0xfe67 incorrect, should be 0x0528(maybe caused by "TCP checksum offload"?) + * [Expert Info (Error/Checksum): Bad checksum [should be 0x0528]] + * [Bad checksum [should be 0x0528]] + * [Severity level: Error] + * [Group: Checksum] + * [Checksum Status: Bad] + * [Calculated Checksum: 0x0528] + * Urgent Pointer: 0 + * Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - No-Operation (NOP) + * Kind: No-Operation (1) + * TCP Option - Timestamps + * Kind: Time Stamp Option (8) + * Length: 10 + * Timestamp value: 2506518617: TSval 2506518617, TSecr 2506514617 + * Timestamp echo reply: 2506514617 + * [Timestamps] + * [Time since first frame in this TCP stream: 4.000292000 seconds] + * [Time since previous frame in this TCP stream: -19.383855000 seconds] + * [SEQ/ACK analysis] + * [iRTT: 0.000037000 seconds] + * [TCP Analysis Flags] + * [Expert Info (Note/Sequence): This frame is a (suspected) retransmission] + * [This frame is a (suspected) retransmission] + * [Severity level: Note] + * [Group: Sequence] + * [The RTO for this segment was: -4.463913000 seconds] + * [RTO based on delta from frame: 4] + * TCP payload (63 bytes) + */ + +unsigned char tcp_out_of_order_pkt7[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x45, 0x00, 0x00, 0x73, 0xe8, 0xec, 0x40, 0x00, 0x40, 0x06, 0x53, 0x96, + 0x7f, 0x00, 0x00, 0x01, 0x7f, 0x00, 0x00, 0x01, 0x9f, 0x6c, 0xd9, 0x03, 0xe8, 0xa3, 0x88, 0x54, 0x10, 0x42, 0x7d, 0x76, 0x80, 0x18, 0x01, 0x56, 0xfe, 0x67, + 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x95, 0x66, 0x70, 0x59, 0x95, 0x66, 0x60, 0xb9, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, + 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x0a}; + #ifdef __cpluscplus } #endif diff --git a/src/stellar/stellar.cpp b/src/stellar/stellar.cpp index 120efff..b0da27e 100644 --- a/src/stellar/stellar.cpp +++ b/src/stellar/stellar.cpp @@ -56,7 +56,20 @@ struct session_manager_options *sess_mgr_opts = &stellar_context.config.sess_mgr static const char *log_config_file = "./conf/log.toml"; static const char *stellar_config_file = "./conf/stellar.toml"; -// TODO +static void hex_dump(const char *payload, uint32_t len) +{ + printf("Payload Length: %d\n", len); + for (uint32_t i = 0; i < len; i++) + { + if (i > 0 && i % 16 == 0) + { + printf("\n"); + } + printf("%02x ", (uint8_t)payload[i]); + } + printf("\n"); +} + void *plugin_manager_new_ctx() { return NULL; @@ -74,8 +87,22 @@ void plugin_manager_dispatch(void *plugin_mgr, struct session *sess, const struc return; } + uint32_t len = 0; + const char *payload = NULL; + printf("=> plugin dispatch session: %p\n", sess); session_dump(sess); + + if (session_get_type(sess) == SESSION_TYPE_TCP) + { + payload = session_peek_tcp_payload(sess, &len); + if (payload && len > 0) + { + hex_dump(payload, len); + } + session_consume_tcp_payload(sess, len); + } + printf("<= plugin dispatch session\n"); } diff --git a/src/tcp_reassembly/tcp_reassembly.cpp b/src/tcp_reassembly/tcp_reassembly.cpp index 0106945..dec557d 100644 --- a/src/tcp_reassembly/tcp_reassembly.cpp +++ b/src/tcp_reassembly/tcp_reassembly.cpp @@ -161,6 +161,7 @@ void tcp_reassembly_init(struct tcp_reassembly *assy, uint32_t syn_seq) } assy->exp_seq = syn_seq + 1; + TCP_REASSEMBLE_DEBUG("reassembler %p init expect seq %lu", assy, assy->exp_seq); } void tcp_reassembly_expire(struct tcp_reassembly *assy, uint64_t now) @@ -189,7 +190,7 @@ void tcp_reassembly_expire(struct tcp_reassembly *assy, uint64_t now) }; assy->stat.timeout_discard_segments++; assy->stat.timeout_discard_bytes += seg->len; - TCP_REASSEMBLE_DEBUG("expire %p [%lu, %lu] (time: %lu, now: %lu)", seg, seg->offset, high, seg->time, now); + TCP_REASSEMBLE_DEBUG("reassembler %p expire segment %p [%lu, %lu] (time: %lu, now: %lu)", assy, seg, seg->offset, high, seg->time, now); itree_remove(assy->itree, &expire); } @@ -214,7 +215,7 @@ void tcp_reassembly_insert(struct tcp_reassembly *assy, uint32_t offset, const c { assy->stat.overload_bypass_segments++; assy->stat.overload_bypass_bytes += len; - TCP_REASSEMBLE_DEBUG("insert [%lu, %lu] failed, reach max packets %u", low, high, assy->opts.max_segments); + TCP_REASSEMBLE_DEBUG("reassembler %p insert [%lu, %lu] failed, reach max packets %u", assy, low, high, assy->opts.max_segments); return; } @@ -222,7 +223,7 @@ void tcp_reassembly_insert(struct tcp_reassembly *assy, uint32_t offset, const c { assy->stat.overload_bypass_segments++; assy->stat.overload_bypass_bytes += len; - TCP_REASSEMBLE_DEBUG("insert [%lu, %lu] failed, reach max bytes %u", low, high, assy->opts.max_bytes); + TCP_REASSEMBLE_DEBUG("reassembler %p insert [%lu, %lu] failed, reach max bytes %u", assy, low, high, assy->opts.max_bytes); return; } @@ -230,7 +231,7 @@ void tcp_reassembly_insert(struct tcp_reassembly *assy, uint32_t offset, const c { assy->stat.retrans_bypass_segments++; assy->stat.retrans_bypass_bytes += len; - TCP_REASSEMBLE_DEBUG("insert [%lu, %lu] failed, less the expect seq %lu", low, high, assy->exp_seq); + TCP_REASSEMBLE_DEBUG("reassembler %p insert [%lu, %lu] failed, less the expect seq %lu", assy, low, high, assy->exp_seq); return; } @@ -257,7 +258,7 @@ void tcp_reassembly_insert(struct tcp_reassembly *assy, uint32_t offset, const c free(seg); return; } - TCP_REASSEMBLE_DEBUG("insert %p [%lu, %lu]", seg, insert.low, insert.high); + TCP_REASSEMBLE_DEBUG("reassembler %p insert segment %p [%lu, %lu]", assy, seg, insert.low, insert.high); segment_list_add(&assy->list, seg); @@ -327,10 +328,10 @@ const char *tcp_reassembly_peek(struct tcp_reassembly *assy, uint32_t *len) { overlap = assy->exp_seq - seg->offset; *len = seg->len - overlap; - TCP_REASSEMBLE_DEBUG("peek [%lu, +∞], found %p [%lu, %lu] (left overlap: %lu)", assy->exp_seq, seg, oldest->low, oldest->high, overlap); + TCP_REASSEMBLE_DEBUG("reassembler %p peek [%lu, +∞], found segment %p [%lu, %lu] (left overlap: %lu)", assy, assy->exp_seq, seg, oldest->low, oldest->high, overlap); return seg->payload + overlap; } - TCP_REASSEMBLE_DEBUG("peek [%lu, +∞], found %p [%lu, %lu]", assy->exp_seq, seg, oldest->low, oldest->high); + TCP_REASSEMBLE_DEBUG("reassembler %p peek [%lu, +∞], found segment %p [%lu, %lu]", assy, assy->exp_seq, seg, oldest->low, oldest->high); *len = seg->len; return seg->payload; @@ -357,15 +358,33 @@ void tcp_reassembly_consume(struct tcp_reassembly *assy, uint32_t len) ilisttrav_t *trav = NULL; struct segment *seg = NULL; + /* + * https://www.ietf.org/rfc/rfc0793.txt + * + * This space ranges from 0 to 2**32 - 1. + * Since the space is finite, all arithmetic dealing with sequence + * numbers must be performed modulo 2**32. This unsigned arithmetic + * preserves the relationship of sequence numbers as they cycle from + * 2**32 - 1 to 0 again. There are some subtleties to computer modulo + * arithmetic, so great care should be taken in programming the + * comparison of such values. The symbol "=<" means "less than or equal" + * (modulo 2**32). + * + * UINT32_MAX = 4294967295 + * 2^32 = 4294967296 + * 2^32 - 1 = 4294967295 + * seq range: [0, 4294967295] + * seq range: [0, UINT32_MAX] + */ old_exp_seq = assy->exp_seq; assy->exp_seq += len; if (assy->exp_seq > UINT32_MAX) { - assy->exp_seq = assy->exp_seq % UINT32_MAX; + assy->exp_seq = assy->exp_seq % 4294967296; } new_exp_seq = assy->exp_seq; - TCP_REASSEMBLE_DEBUG("consume [%lu, %lu], update expect seq %lu -> %lu", old_exp_seq, old_exp_seq + len - 1, old_exp_seq, new_exp_seq); + TCP_REASSEMBLE_DEBUG("reassembler %p consume [%lu, %lu], update expect seq %lu -> %lu", assy, old_exp_seq, old_exp_seq + len - 1, old_exp_seq, new_exp_seq); consume = { .low = old_exp_seq, @@ -397,7 +416,7 @@ void tcp_reassembly_consume(struct tcp_reassembly *assy, uint32_t len) seg = (struct segment *)del->data; assy->stat.remove_segments++; assy->stat.remove_bytes += seg->len; - TCP_REASSEMBLE_DEBUG("consume [%lu, %lu], delete %p [%lu, %lu]", old_exp_seq, old_exp_seq + len - 1, seg, del->low, del->high); + TCP_REASSEMBLE_DEBUG("reassembler %p consume [%lu, %lu], delete segment %p [%lu, %lu]", assy, old_exp_seq, old_exp_seq + len - 1, seg, del->low, del->high); itree_remove(assy->itree, del); } } @@ -422,11 +441,11 @@ void tcp_reassembly_print_stat(struct tcp_reassembly *assy) return; } - TCP_REASSEMBLE_DEBUG("current : segments %lu, bytes %lu", assy->stat.curr_segments, assy->stat.curr_bytes); - TCP_REASSEMBLE_DEBUG("insert : segments %lu, bytes %lu", assy->stat.insert_segments, assy->stat.insert_bytes); - TCP_REASSEMBLE_DEBUG("remove : segments %lu, bytes %lu", assy->stat.remove_segments, assy->stat.remove_bytes); - TCP_REASSEMBLE_DEBUG("consume : segments %lu, bytes %lu", assy->stat.consume_segments, assy->stat.consume_bytes); - TCP_REASSEMBLE_DEBUG("retrans bypass : segments %lu, bytes %lu", assy->stat.retrans_bypass_segments, assy->stat.retrans_bypass_bytes); - TCP_REASSEMBLE_DEBUG("overload bypass : segments %lu, bytes %lu", assy->stat.overload_bypass_segments, assy->stat.overload_bypass_bytes); - TCP_REASSEMBLE_DEBUG("timeout discard : segments %lu, bytes %lu", assy->stat.timeout_discard_segments, assy->stat.timeout_discard_bytes); + TCP_REASSEMBLE_DEBUG("reassembler %p current : segments %lu, bytes %lu", assy, assy->stat.curr_segments, assy->stat.curr_bytes); + TCP_REASSEMBLE_DEBUG("reassembler %p insert : segments %lu, bytes %lu", assy, assy->stat.insert_segments, assy->stat.insert_bytes); + TCP_REASSEMBLE_DEBUG("reassembler %p remove : segments %lu, bytes %lu", assy, assy->stat.remove_segments, assy->stat.remove_bytes); + TCP_REASSEMBLE_DEBUG("reassembler %p consume : segments %lu, bytes %lu", assy, assy->stat.consume_segments, assy->stat.consume_bytes); + TCP_REASSEMBLE_DEBUG("reassembler %p retrans bypass : segments %lu, bytes %lu", assy, assy->stat.retrans_bypass_segments, assy->stat.retrans_bypass_bytes); + TCP_REASSEMBLE_DEBUG("reassembler %p overload bypass : segments %lu, bytes %lu", assy, assy->stat.overload_bypass_segments, assy->stat.overload_bypass_bytes); + TCP_REASSEMBLE_DEBUG("reassembler %p timeout discard : segments %lu, bytes %lu", assy, assy->stat.timeout_discard_segments, assy->stat.timeout_discard_bytes); } diff --git a/src/tcp_reassembly/tcp_reassembly.h b/src/tcp_reassembly/tcp_reassembly.h index bdccf5b..f2ebfb6 100644 --- a/src/tcp_reassembly/tcp_reassembly.h +++ b/src/tcp_reassembly/tcp_reassembly.h @@ -20,7 +20,7 @@ extern "C" struct tcp_reassembly_options { - bool enable; + uint8_t enable; uint32_t max_timeout; uint32_t max_segments; uint32_t max_bytes; diff --git a/src/tcp_reassembly/test/gtest_tcp_reassembly.cpp b/src/tcp_reassembly/test/gtest_tcp_reassembly.cpp index 64dfc62..9851333 100644 --- a/src/tcp_reassembly/test/gtest_tcp_reassembly.cpp +++ b/src/tcp_reassembly/test/gtest_tcp_reassembly.cpp @@ -29,40 +29,6 @@ static void tcp_reassembly_check_stat(struct tcp_reassembly *assy, EXPECT_TRUE(stat->timeout_discard_bytes == timeout_discard_bytes); } -#if 0 -const char *session_peek_tcp_payload(struct session *session, uint32_t *len) -{ - struct tcp_reassembly *assy; - struct session_dir *dir = session_get_cur_dir(session); - - if (dir == SESSION_DIR_C2S) - { - assy = session_get_tcp_c2s_reassembly(session); - } - else - { - assy = session_get_tcp_s2c_reassembly(session); - } - return tcp_reassembly_peek(assy, len); -} - -void session_consume_tcp_payload(struct session *session, uint32_t len) -{ - struct tcp_reassembly *assy; - struct session_dir *dir = session_get_cur_dir(session); - - if (dir == SESSION_DIR_C2S) - { - assy = session_get_tcp_c2s_reassembly(session); - } - else - { - assy = session_get_tcp_s2c_reassembly(session); - } - tcp_reassembly_consume(assy, len); -} -#endif - #if 1 TEST(TCP_REASSEMBLY, TEST) { @@ -286,8 +252,6 @@ TEST(TCP_REASSEMBLY, REPEAT2) * +---> 90 +---> 100 +---> 109 */ - // C2S - tcp_reassembly_insert(assy, 90, (const char *)"0123456789", 10, 0); tcp_reassembly_check_stat(assy, 1, 10, // curr_segments, curr_bytes @@ -476,6 +440,7 @@ TEST(TCP_REASSEMBLY, SEQ_WRAPAROUND) .max_segments = 16, .max_bytes = 1500}; + // UINT32_MAX = 4294967295 printf("UINT32_MAX = %u\n", UINT32_MAX); assy = tcp_reassembly_new(&opts); @@ -502,9 +467,9 @@ TEST(TCP_REASSEMBLY, SEQ_WRAPAROUND) * | | | |A|B|C|D|E|F|G|H|I|J| * | | | +-+-+-+-+-+-+-+-+-+-+ * | | | | | | - * | | | | | +---> UINT32_MAX + 11 - * | | | | +---> UINT32_MAX + 5 - * | | | +---> UINT32_MAX + 2 + * | | | | | +---> 10 + * | | | | +---> 4 + * | | | +---> 1 * | | +---> UINT32_MAX - 1 * | +---> UINT32_MAX - 4 * +---> UINT32_MAX - 10 @@ -532,7 +497,7 @@ TEST(TCP_REASSEMBLY, SEQ_WRAPAROUND) 0, 0, // retrans_bypass_segments, retrans_bypass_bytes 0, 0, // overload_bypass_segments, overload_bypass_bytes 0, 0); // timeout_discard_segments, timeout_discard_bytes - tcp_reassembly_insert(assy, 2, (const char *)"ABCDEFGHIJ", 10, 0); + tcp_reassembly_insert(assy, 1, (const char *)"ABCDEFGHIJ", 10, 0); tcp_reassembly_check_stat(assy, 3, 30, // curr_segments, curr_bytes 3, 30, // insert_segments, insert_bytes @@ -627,7 +592,6 @@ TEST(TCP_REASSEMBLY, MAX_TIMEOUT1) * +---> 90 +---> 100 +---> 109 */ - // C2S tcp_reassembly_insert(assy, 90, (const char *)"0123456789", 10, 0); tcp_reassembly_check_stat(assy, 1, 10, // curr_segments, curr_bytes @@ -828,7 +792,6 @@ TEST(TCP_REASSEMBLY, MAX_PACKETS) * +---> 90 +---> 100 +---> 110 */ - // C2S tcp_reassembly_insert(assy, 90, (const char *)"0123456789", 10, 0); tcp_reassembly_check_stat(assy, 1, 10, // curr_segments, curr_bytes @@ -917,7 +880,6 @@ TEST(TCP_REASSEMBLY, MAX_BYTES) * +---> 90 +---> 100 +---> 110 */ - // C2S tcp_reassembly_insert(assy, 90, (const char *)"0123456789", 10, 0); tcp_reassembly_check_stat(assy, 1, 10, // curr_segments, curr_bytes