flowstate.c 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129
  1. /* $Id: flowstate.c 767 2004-10-06 12:48:49Z aturner $ */
  2. /*
  3. * Copyright (c) 2001-2004 Aaron Turner.
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions
  8. * are met:
  9. *
  10. * 1. Redistributions of source code must retain the above copyright
  11. * notice, this list of conditions and the following disclaimer.
  12. * 2. Redistributions in binary form must reproduce the above copyright
  13. * notice, this list of conditions and the following disclaimer in the
  14. * documentation and/or other materials provided with the distribution.
  15. * 3. Neither the names of the copyright owners nor the names of its
  16. * contributors may be used to endorse or promote products derived from
  17. * this software without specific prior written permission.
  18. *
  19. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  20. * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  21. * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  22. * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
  23. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  24. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
  25. * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  26. * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
  27. * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  28. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  29. * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  30. */
  31. #include "config.h"
  32. #include "flowreplay.h"
  33. #include "flownode.h"
  34. #include "tcpreplay.h"
  35. #include "flowstate.h"
  36. #include "err.h"
  37. /*
  38. * determines the new state for a TCP flow based on
  39. * the last known state and the current packet
  40. * returns the new state as well as setting it in the node
  41. */
  42. u_int32_t
  43. tcp_state(tcp_hdr_t * tcp_hdr, struct session_t *node)
  44. {
  45. /*
  46. * figure out the TCP state
  47. */
  48. if (node->state == 0x0) {
  49. /*
  50. * We go here if this is the first packet in the
  51. * in the TCP stream. This could be a Syn or
  52. * if we're trying to pickup the state from mid-stream
  53. */
  54. /* = Syn, start of new flow */
  55. if (tcp_hdr->th_flags & TH_SYN) {
  56. node->state = TH_SYN;
  57. dbg(3, "Setting state: New -> Syn");
  58. }
  59. /* Anything matching after this point is a mid-stream pickup */
  60. /* + Ack */
  61. if (tcp_hdr->th_flags & TH_ACK) {
  62. node->state ^= TH_ACK;
  63. dbg(3, "Mid-stream state pickup: +Ack");
  64. }
  65. /* = Fin */
  66. if (tcp_hdr->th_flags & TH_FIN) {
  67. node->state = TH_FIN;
  68. dbg(3, "Mid-stream state pickup: Fin");
  69. }
  70. /* else, just close */
  71. if (!node->state) {
  72. node->state = TCP_CLOSE;
  73. dbg(3, "Mid-stream state pickup: Close");
  74. }
  75. }
  76. else if ((tcp_hdr->th_flags & TH_SYN) &&
  77. (tcp_hdr->th_flags & TH_ACK) && (node->state == TH_SYN)) {
  78. /* server sent SYN/ACK */
  79. node->state = TH_SYN | TH_ACK;
  80. dbg(4, "Setting state: Syn -> Syn/Ack");
  81. }
  82. else if ((tcp_hdr->th_flags & TH_ACK) &&
  83. (node->state & TH_SYN) && (node->state & TH_ACK)) {
  84. /* Client sent ACK when we're Syn/Ack */
  85. node->state = TH_ACK;
  86. dbg(4, "Setting state: Syn/Ack -> Ack");
  87. }
  88. /* someone sent us the FIN */
  89. else if (tcp_hdr->th_flags & TH_FIN) {
  90. if (node->state == TH_ACK) {
  91. /* first FIN */
  92. node->state = TH_FIN;
  93. dbg(4, "Setting state: Ack -> Fin");
  94. }
  95. else {
  96. /* second FIN, close connection */
  97. dbg(4, "Setting state: Fin -> Close");
  98. node->state = TCP_CLOSE;
  99. }
  100. }
  101. /* Reset */
  102. else if (tcp_hdr->th_flags & TH_RST) {
  103. dbg(4, "Reset packet! Setting state: Rst");
  104. node->state = TCP_CLOSE;
  105. }
  106. else if ((node->state == TH_ACK) && (tcp_hdr->th_flags & TH_ACK)) {
  107. dbg(3, "No state change: Ack");
  108. }
  109. else {
  110. warnx("Unable to determine TCP state for node 0x%llx",
  111. pkeygen(node->key));
  112. }
  113. return node->state;
  114. }