For posterity, here is how I've done it: conv = (conversation_t*)g_hash_table_find( get_conversation_hashtable_exact(), check_mptcp_token, (gpointer)&token);
I am now looking for a way to debug. printf seems the way(and not g_log/Q_INFO ?) to go but I need to display the con sole to see the messages and I 've been unable to find a way to do so with the Qt version. I've set gui.console.open to ALWAYS in .wireshark/preferences (since prefs dialog didn't save my changes) but I still have no console. Whaat do I do wrong please ? 2014-10-28 14:23 GMT+01:00 Matt <[email protected]>: > From what I understand, I need either to redissect with a tcp filter (ie > dfilter("tcp") ) but it looks slow. I would rather search through created > TCP conversations. My problem is that conversations look saved into > different hashtables such as "GHashTable* conversation_hashtable_exact". To > compare my token with a key against all TCP connections, I believe I should > compare it over the conversations in the 4 hashtables. Is that correct ? > > 2014-10-28 9:58 GMT+01:00 Matt <[email protected]>: > >> >Is that option present in all TCP packets or just in the initial 3-way >> >handshake? If the former, then you have the problem I described above, >> >with the indicated workaround. >> This is one of the problems (and advantages) of these multipath protocols, >> it's easier to evade data capture. >> Especially for MPTCP, you have to get all SYN/ACKs to be able to map a >> subflow to an MPTCP >> connection, otherwise you can't tell anything (MPTCP exchanges keys/nonces >> to authenticate a subflow during the3WHS). >> I wished to propose expert info in case of packet retransmission (such as >> detecting wrong keys) but it's not mandatory. >> >> In fact, an MPTCP communication starts with a TCP 3WHS that exchanges some >> cryptographic keys with the TCP option MPTCP_CAPABLE.Then data is sent on >> this TCP connection. >> >> At anytime a new TCP connection can be made to join the precedent MPTCP >> connection. It is achieved with the establishment of a new TCP connection >> with the TCP option MP_JOIN. THis tcp option carries tokens derived from the >> keys exchanged during the MPTCP connection. So I need to check the token >> against all previous keys to see if it maches a previously registered MPTCP >> connection. >> That's why I need to loop through TCP connections >> find_conversation() returns one conversation based on IP addresses/ports but >> I want to run a check against token/keys and I dunno how to do it. >> >> Thanks for your help >> >> >> >> 2014-10-27 14:47 GMT+01:00 Matt <[email protected]>: >> >>> Hi, >>> >>> I am trying to improve the MPTCP support in the TCP dissector. To >>> provide expert infos, I need to identify which host initiated the >>> connection (ie sent the SYN). I wonder how to do that, I could use >>> tcp_analysis::server_port if ports were guaranted to be different on >>> both sides. >>> >>> Secondly, I am trying to setup an MPTCP *stream* identifier , similar >>> to tcp stream. Indeed a single MPTCP connection can be composed of >>> several TCP connections. Thing is to know to which MPTCP stream a TCP >>> stream is bound to, I have to check a token (in a TCP option) against >>> all MPTCP connections until I find a match. So I need to loop through >>> TCP connections. How can I do that. >>> >>> Regards >>> Matt >>> >> >> >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
