Exemplo n.º 1
0
        // here we search through all the frag we have collected to see if one fits
        private bool checkFragments()
        {
            TcpFragment prev    = null;
            TcpFragment current = _fragment;

            while (current != null)
            {
                if (current.sequenceNumber == _sequenceNumber)
                {
                    // this fragment fits the stream
                    _sequenceNumber += current.length;
                    if (current.data != null)
                    {
                        writeData(current.data, current.ppacket, "next packet from fragments");
                    }
                    //_sequenceNumber += current.length;
                    if (prev != null)
                    {
                        prev.next = current.next;
                    }
                    else
                    {
                        _fragment = current.next;
                    }
                    current.data = null;
                    current      = null;
                    return(true);
                }
                prev    = current;
                current = current.next;
            }
            return(false);
        }
Exemplo n.º 2
0
        /* here we search through all the frag we have collected to see if one fits */
        bool check_fragments(int index)
        {
            TcpFragment prev = null;
            TcpFragment current;

            current = _fragments[index];
            while (current != null)
            {
                if (current.sequenceNumber == _sequenceNumbers[index])
                {
                    /* this fragment fits the stream */
                    if (current.data != null)
                    {
                        write_packet_data(index, current.data);
                    }
                    _sequenceNumbers[index] += current.length;
                    if (prev != null)
                    {
                        prev.next = current.next;
                    }
                    else
                    {
                        _fragments[index] = current.next;
                    }
                    current.data = null;
                    current      = null;
                    return(true);
                }
                prev    = current;
                current = current.next;
            }
            return(false);
        }
Exemplo n.º 3
0
        private void reassemble_tcp(uint sequenceNumber, uint length, byte[] data, uint dataLength, bool synflag, uint sourceAdress, ushort sourcePort, uint destinationAdress, ushort destinationPort)
        {
            //long srcx, dstx;
            int  src_index, j;
            bool first = false;
            //ulong newseq;
            uint        newSequenceNumber;
            TcpFragment tmp_frag;

            src_index = -1;

            /* Now check if the packet is for this connection. */
            uint srcx = sourceAdress;
            uint dstx = destinationAdress;

            /* Check to see if we have seen this source IP and port before.
             * (Yes, we have to check both source IP and port; the connection
             * might be between two different ports on the same machine.) */
            for (j = 0; j < 2; j++)
            {
                if (_sourceAdresses[j] == srcx && _sourcePorts[j] == sourcePort)
                {
                    src_index = j;
                }
            }
            /* we didn't find it if src_index == -1 */
            if (src_index < 0)
            {
                /* assign it to a src_index and get going */
                for (j = 0; j < 2; j++)
                {
                    if (_sourcePorts[j] == 0)
                    {
                        _sourceAdresses[j] = srcx;
                        _sourcePorts[j]    = sourcePort;
                        src_index          = j;
                        first = true;
                        break;
                    }
                }
            }
            if (src_index < 0)
            {
                throw new Exception("ERROR in reassemble_tcp: Too many addresses!");
            }

            if (dataLength < length)
            {
                _incompleteTcpStream = true;
            }

            /* now that we have filed away the srcs, lets get the sequence number stuff
             * figured out */
            if (first)
            {
                /* this is the first time we have seen this src's sequence number */
                _sequenceNumbers[src_index] = sequenceNumber + length;
                if (synflag)
                {
                    _sequenceNumbers[src_index]++;
                }
                /* write out the packet data */
                write_packet_data(src_index, data);
                return;
            }

            /* if we are here, we have already seen this src, let's
             * try and figure out if this packet is in the right place */
            if (sequenceNumber < _sequenceNumbers[src_index])
            {
                /* this sequence number seems dated, but
                 * check the end to make sure it has no more
                 * info than we have already seen */
                newSequenceNumber = sequenceNumber + length;
                if (newSequenceNumber > _sequenceNumbers[src_index])
                {
                    //ulong new_len;
                    uint new_len;

                    /* this one has more than we have seen. let's get the
                     * payload that we have not seen. */

                    new_len = _sequenceNumbers[src_index] - sequenceNumber;

                    if (dataLength <= new_len)
                    {
                        data                 = null;
                        dataLength           = 0;
                        _incompleteTcpStream = true;
                    }
                    else
                    {
                        dataLength -= new_len;
                        byte[] tmpData = new byte[dataLength];
                        for (ulong i = 0; i < dataLength; i++)
                        {
                            tmpData[i] = data[i + new_len];
                        }
                        data = tmpData;
                    }
                    sequenceNumber = _sequenceNumbers[src_index];
                    length         = newSequenceNumber - _sequenceNumbers[src_index];

                    /* this will now appear to be right on time :) */
                }
            }
            if (sequenceNumber == _sequenceNumbers[src_index])
            {
                /* right on time */
                _sequenceNumbers[src_index] += length;
                if (synflag)
                {
                    _sequenceNumbers[src_index]++;
                }
                if (data != null)
                {
                    write_packet_data(src_index, data);
                }
                /* done with the packet, see if it caused a fragment to fit */
                while (check_fragments(src_index))
                {
                    ;
                }
            }
            else
            {
                /* out of order packet */
                if (dataLength > 0 && sequenceNumber > _sequenceNumbers[src_index])
                {
                    tmp_frag                = new TcpFragment();
                    tmp_frag.data           = data;
                    tmp_frag.sequenceNumber = sequenceNumber;
                    tmp_frag.length         = length;
                    tmp_frag.dataLength     = dataLength;

                    if (_fragments[src_index] != null)
                    {
                        tmp_frag.next = _fragments[src_index];
                    }
                    else
                    {
                        tmp_frag.next = null;
                    }
                    _fragments[src_index] = tmp_frag;
                }
            }
        }
Exemplo n.º 4
0
 // here we search through all the frag we have collected to see if one fits
 private bool checkFragments()
 {
     TcpFragment prev = null;
     TcpFragment current = _fragment;
     while (current != null)
     {
         if (current.sequenceNumber == _sequenceNumber)
         {
             // this fragment fits the stream
             _sequenceNumber += current.length;
             if (current.data != null)
                 writeData(current.data, current.ppacket, "next packet from fragments");
             //_sequenceNumber += current.length;
             if (prev != null)
                 prev.next = current.next;
             else
                 _fragment = current.next;
             current.data = null;
             current = null;
             return true;
         }
         prev = current;
         current = current.next;
     }
     return false;
 }
Exemplo n.º 5
0
        public void Add(Packet packet)
        {
            _packet = packet;
            TcpDatagram tcp = packet.Ethernet.IpV4.Tcp;

            // if the paylod length is zero bail out
            uint length = (uint)tcp.PayloadLength;
            if (length == 0)
                return;

            //uint dataLength
            byte[] data = tcp.Payload.ToArray();

            uint dataLength = (uint)data.Length;
            if (dataLength < length)
                _incompleteTcpStream = true;

            uint sequenceNumber = tcp.SequenceNumber;

            // now that we have filed away the srcs, lets get the sequence number stuff figured out
            if (_first)
            {
                // this is the first time we have seen this src's sequence number
                _sequenceNumber = sequenceNumber + length;
                if (tcp.IsSynchronize)
                    _sequenceNumber++;
                if (!(!tcp.IsPush && dataLength == 1 && length == 1 && data[0] == 0))
                    writeData(data, _ppacket, "first packet");
                _first = false;
                return;
            }

            // if we are here, we have already seen this src, let's try and figure out if this packet is in the right place
            if (sequenceNumber < _sequenceNumber)
            {
                // this sequence number seems dated, but check the end to make sure it has no more info than we have already seen
                uint newSequenceNumber = sequenceNumber + length;
                if (newSequenceNumber > _sequenceNumber)
                {
                    // this one has more than we have seen. let's get the payload that we have not seen.

                    uint new_len = _sequenceNumber - sequenceNumber;

                    if (dataLength <= new_len)
                    {
                        data = null;
                        dataLength = 0;
                        _incompleteTcpStream = true;
                    }
                    else
                    {
                        dataLength -= new_len;
                        byte[] tmpData = new byte[dataLength];
                        for (uint i = 0; i < dataLength; i++)
                            tmpData[i] = data[i + new_len];
                        data = tmpData;
                    }
                    sequenceNumber = _sequenceNumber;
                    length = newSequenceNumber - _sequenceNumber;

                    // this will now appear to be right on time :)
                }
            }

            if (sequenceNumber == _sequenceNumber)
            {
                // right on time
                _sequenceNumber += length;
                if (tcp.IsSynchronize)
                    _sequenceNumber++;
                if (data != null)
                    writeData(data, _ppacket, "next packet");

                // done with the packet, see if it caused a fragment to fit
                while (checkFragments())
                    ;
            }
            else
            {
                // out of order packet
                if (dataLength > 0 && sequenceNumber > _sequenceNumber)
                {
                    TcpFragment tmp_frag = new TcpFragment();
                    tmp_frag.data = data;
                    tmp_frag.sequenceNumber = sequenceNumber;
                    tmp_frag.length = length;
                    tmp_frag.dataLength = dataLength;
                    tmp_frag.ppacket = _ppacket;

                    if (_fragment != null)
                        tmp_frag.next = _fragment;
                    else
                        tmp_frag.next = null;
                    _fragment = tmp_frag;
                }
            }
        }
Exemplo n.º 6
0
        private void reassemble_tcp(uint sequenceNumber, uint length, byte[] data, uint dataLength, bool synflag, uint sourceAdress, ushort sourcePort, uint destinationAdress, ushort destinationPort)
        {
            //long srcx, dstx;
            int src_index, j;
            bool first = false;
            //ulong newseq;
            uint newSequenceNumber;
            TcpFragment tmp_frag;

            src_index = -1;

            /* Now check if the packet is for this connection. */
            uint srcx = sourceAdress;
            uint dstx = destinationAdress;

            /* Check to see if we have seen this source IP and port before.
            (Yes, we have to check both source IP and port; the connection
            might be between two different ports on the same machine.) */
            for (j = 0; j < 2; j++)
            {
                if (_sourceAdresses[j] == srcx && _sourcePorts[j] == sourcePort)
                {
                    src_index = j;
                }
            }
            /* we didn't find it if src_index == -1 */
            if (src_index < 0)
            {
                /* assign it to a src_index and get going */
                for (j = 0; j < 2; j++)
                {
                    if (_sourcePorts[j] == 0)
                    {
                        _sourceAdresses[j] = srcx;
                        _sourcePorts[j] = sourcePort;
                        src_index = j;
                        first = true;
                        break;
                    }
                }
            }
            if (src_index < 0)
            {
                throw new Exception("ERROR in reassemble_tcp: Too many addresses!");
            }

            if (dataLength < length)
            {
                _incompleteTcpStream = true;
            }

            /* now that we have filed away the srcs, lets get the sequence number stuff
            figured out */
            if (first)
            {
                /* this is the first time we have seen this src's sequence number */
                _sequenceNumbers[src_index] = sequenceNumber + length;
                if (synflag)
                {
                    _sequenceNumbers[src_index]++;
                }
                /* write out the packet data */
                write_packet_data(src_index, data);
                return;
            }
            /* if we are here, we have already seen this src, let's
            try and figure out if this packet is in the right place */
            if (sequenceNumber < _sequenceNumbers[src_index])
            {
                /* this sequence number seems dated, but
                check the end to make sure it has no more
                info than we have already seen */
                newSequenceNumber = sequenceNumber + length;
                if (newSequenceNumber > _sequenceNumbers[src_index])
                {
                    //ulong new_len;
                    uint new_len;

                    /* this one has more than we have seen. let's get the
                    payload that we have not seen. */

                    new_len = _sequenceNumbers[src_index] - sequenceNumber;

                    if (dataLength <= new_len)
                    {
                        data = null;
                        dataLength = 0;
                        _incompleteTcpStream = true;
                    }
                    else
                    {
                        dataLength -= new_len;
                        byte[] tmpData = new byte[dataLength];
                        for (ulong i = 0; i < dataLength; i++)
                            tmpData[i] = data[i + new_len];
                        data = tmpData;
                    }
                    sequenceNumber = _sequenceNumbers[src_index];
                    length = newSequenceNumber - _sequenceNumbers[src_index];

                    /* this will now appear to be right on time :) */
                }
            }
            if (sequenceNumber == _sequenceNumbers[src_index])
            {
                /* right on time */
                _sequenceNumbers[src_index] += length;
                if (synflag) _sequenceNumbers[src_index]++;
                if (data != null)
                {
                    write_packet_data(src_index, data);
                }
                /* done with the packet, see if it caused a fragment to fit */
                while (check_fragments(src_index))
                    ;
            }
            else
            {
                /* out of order packet */
                if (dataLength > 0 && sequenceNumber > _sequenceNumbers[src_index])
                {
                    tmp_frag = new TcpFragment();
                    tmp_frag.data = data;
                    tmp_frag.sequenceNumber = sequenceNumber;
                    tmp_frag.length = length;
                    tmp_frag.dataLength = dataLength;

                    if (_fragments[src_index] != null)
                    {
                        tmp_frag.next = _fragments[src_index];
                    }
                    else
                    {
                        tmp_frag.next = null;
                    }
                    _fragments[src_index] = tmp_frag;
                }
            }
        }
Exemplo n.º 7
0
        public void Add(Packet packet)
        {
            _packet = packet;
            TcpDatagram tcp = packet.Ethernet.IpV4.Tcp;

            // if the paylod length is zero bail out
            uint length = (uint)tcp.PayloadLength;

            if (length == 0)
            {
                return;
            }

            //uint dataLength
            byte[] data = tcp.Payload.ToArray();

            uint dataLength = (uint)data.Length;

            if (dataLength < length)
            {
                _incompleteTcpStream = true;
            }

            uint sequenceNumber = tcp.SequenceNumber;

            // now that we have filed away the srcs, lets get the sequence number stuff figured out
            if (_first)
            {
                // this is the first time we have seen this src's sequence number
                _sequenceNumber = sequenceNumber + length;
                if (tcp.IsSynchronize)
                {
                    _sequenceNumber++;
                }
                if (!(!tcp.IsPush && dataLength == 1 && length == 1 && data[0] == 0))
                {
                    writeData(data, _ppacket, "first packet");
                }
                _first = false;
                return;
            }

            // if we are here, we have already seen this src, let's try and figure out if this packet is in the right place
            if (sequenceNumber < _sequenceNumber)
            {
                // this sequence number seems dated, but check the end to make sure it has no more info than we have already seen
                uint newSequenceNumber = sequenceNumber + length;
                if (newSequenceNumber > _sequenceNumber)
                {
                    // this one has more than we have seen. let's get the payload that we have not seen.

                    uint new_len = _sequenceNumber - sequenceNumber;

                    if (dataLength <= new_len)
                    {
                        data                 = null;
                        dataLength           = 0;
                        _incompleteTcpStream = true;
                    }
                    else
                    {
                        dataLength -= new_len;
                        byte[] tmpData = new byte[dataLength];
                        for (uint i = 0; i < dataLength; i++)
                        {
                            tmpData[i] = data[i + new_len];
                        }
                        data = tmpData;
                    }
                    sequenceNumber = _sequenceNumber;
                    length         = newSequenceNumber - _sequenceNumber;

                    // this will now appear to be right on time :)
                }
            }

            if (sequenceNumber == _sequenceNumber)
            {
                // right on time
                _sequenceNumber += length;
                if (tcp.IsSynchronize)
                {
                    _sequenceNumber++;
                }
                if (data != null)
                {
                    writeData(data, _ppacket, "next packet");
                }

                // done with the packet, see if it caused a fragment to fit
                while (checkFragments())
                {
                    ;
                }
            }
            else
            {
                // out of order packet
                if (dataLength > 0 && sequenceNumber > _sequenceNumber)
                {
                    TcpFragment tmp_frag = new TcpFragment();
                    tmp_frag.data           = data;
                    tmp_frag.sequenceNumber = sequenceNumber;
                    tmp_frag.length         = length;
                    tmp_frag.dataLength     = dataLength;
                    tmp_frag.ppacket        = _ppacket;

                    if (_fragment != null)
                    {
                        tmp_frag.next = _fragment;
                    }
                    else
                    {
                        tmp_frag.next = null;
                    }
                    _fragment = tmp_frag;
                }
            }
        }