TCP Fast Open Chain

This module contains the TFOChain flow analysis chain which can be used by PATHspider’s Observer for recording TCP Fast Open [RFC7413] details.

class pathspider.chains.tfo.TFOChain[source]

This flow analysis chain records details of TCP Fast Open use in the flow record. It will determine whether the IANA assigned TCP option kind or the TCP Option Experiment ID [RFC6994] was used to identify the option, and whether the data sent on the SYN was acknowledged.

Field Name Type Meaning
tfo_synkind int Identified by pathspider.chains.tcp.TO_{FASTOPEN,EXPA,EXPB}
tfo_ackkind int Identified by pathspider.chains.tcp.TO_{FASTOPEN,EXPA,EXPB}
tfo_synclen int TFO cookie length in the forward direction
tfo_ackclen int TFO cookie length in the reverse direction
tfo_dlen int Length of SYN payload in the forward direction
tfo_ack int Bytes acknowledged on the SYN in the reverse direction
new_flow(rec, ip)[source]

For a new flow, all fields will be initialised to int(0).

Parameters:
  • rec (dict) – the flow record
  • ip (plt.ip or plt.ip6) – the IP or IPv6 packet that triggered the creation of a new flow record
Returns:

Always True

Return type:

bool

tcp(rec, tcp, rev)[source]

Records TCP Fast Open details.

TCP Option Used
The TCP options will be parsed for options that use either the IANA assigned TCP option number or one of the TCP Option Experiment option numbers with the TCP Option Experiment ID used by TCP Fast Open early in its standardisiation. If an option is found, the method by which it was identified will be recorded in the tfo_synkind field for the forward direction and tfo_ackkind field for the reverse direction.
TCP Fast Open Cookie Length
The length of the cookies observed on TCP options will be recorded in the tfo_synclen field for the forward direction and tfo_ackclen for the reverse direction. If no Fast Open option is found, this will remain at 0 when the flow is complete.
Acknowledgement of SYN data
The length of the data on the SYN in the forward direction will be recorded in the tfo_dlen field. The TCP sequence number for the SYN in the forward direction will be recorded in tfo_seq field and the TCP acknowledgement number for the SYN in the reverse direction will be recorded in the tfo_ack field.
Parameters:
  • rec (dict) – the flow record
  • tcp – the TCP segment that was observed to be part of this flow
  • rev (bool) – True if the packet was in the reverse direction, False if in the forward direction
Returns:

Always True

Return type:

bool