>Is that option present in all TCP packets or just in the initial 3-way >handshake? If the former, then you have the problem I described above, with >the indicated workaround. This is one of the problems (and advantages) of these multipath protocols, it's easier to evade data capture. Especially for MPTCP, you have to get all SYN/ACKs to be able to map a subflow to an MPTCP connection, otherwise you can't tell anything (MPTCP exchanges keys/nonces to authenticate a subflow during the3WHS). I wished to propose expert info in case of packet retransmission (such as detecting wrong keys) but it's not mandatory.
In fact, an MPTCP communication starts with a TCP 3WHS that exchanges some cryptographic keys with the TCP option MPTCP_CAPABLE.Then data is sent on this TCP connection. At anytime a new TCP connection can be made to join the precedent MPTCP connection. It is achieved with the establishment of a new TCP connection with the TCP option MP_JOIN. THis tcp option carries tokens derived from the keys exchanged during the MPTCP connection. So I need to check the token against all previous keys to see if it maches a previously registered MPTCP connection. That's why I need to loop through TCP connections find_conversation() returns one conversation based on IP addresses/ports but I want to run a check against token/keys and I dunno how to do it. Thanks for your help 2014-10-27 14:47 GMT+01:00 Matt <[email protected]>: > Hi, > > I am trying to improve the MPTCP support in the TCP dissector. To > provide expert infos, I need to identify which host initiated the > connection (ie sent the SYN). I wonder how to do that, I could use > tcp_analysis::server_port if ports were guaranted to be different on > both sides. > > Secondly, I am trying to setup an MPTCP *stream* identifier , similar > to tcp stream. Indeed a single MPTCP connection can be composed of > several TCP connections. Thing is to know to which MPTCP stream a TCP > stream is bound to, I have to check a token (in a TCP option) against > all MPTCP connections until I find a match. So I need to loop through > TCP connections. How can I do that. > > Regards > Matt >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
