TCP Fast Open Chain¶
This module contains the TFOChain flow analysis chain which can be used by PATHspider’s Observer for recording TCP Fast Open [RFC7413] details.
-
class
pathspider.chains.tfo.
TFOChain
[source]¶ This flow analysis chain records details of TCP Fast Open use in the flow record. It will determine whether the IANA assigned TCP option kind or the TCP Option Experiment ID [RFC6994] was used to identify the option, and whether the data sent on the SYN was acknowledged.
Field Name Type Meaning tfo_synkind
int Identified by pathspider.chains.tcp.TO_{FASTOPEN,EXPA,EXPB}
tfo_ackkind
int Identified by pathspider.chains.tcp.TO_{FASTOPEN,EXPA,EXPB}
tfo_synclen
int TFO cookie length in the forward direction tfo_ackclen
int TFO cookie length in the reverse direction tfo_dlen
int Length of SYN payload in the forward direction tfo_ack
int Bytes acknowledged on the SYN in the reverse direction -
new_flow
(rec, ip)[source]¶ For a new flow, all fields will be initialised to
int(0)
.Parameters: - rec (dict) – the flow record
- ip (plt.ip or plt.ip6) – the IP or IPv6 packet that triggered the creation of a new flow record
Returns: Always
True
Return type: bool
-
tcp
(rec, tcp, rev)[source]¶ Records TCP Fast Open details.
- TCP Option Used
- The TCP options will be parsed for options that use either the
IANA assigned TCP option number or one of the TCP Option Experiment
option numbers with the TCP Option Experiment ID used by TCP Fast
Open early in its standardisiation. If an option is found, the
method by which it was identified will be recorded in the
tfo_synkind
field for the forward direction andtfo_ackkind
field for the reverse direction. - TCP Fast Open Cookie Length
- The length of the cookies observed on TCP options will be recorded
in the
tfo_synclen
field for the forward direction andtfo_ackclen
for the reverse direction. If no Fast Open option is found, this will remain at 0 when the flow is complete. - Acknowledgement of SYN data
- The length of the data on the SYN in the forward direction will be
recorded in the
tfo_dlen
field. The TCP sequence number for the SYN in the forward direction will be recorded intfo_seq
field and the TCP acknowledgement number for the SYN in the reverse direction will be recorded in thetfo_ack
field.
Parameters: - rec (dict) – the flow record
- tcp – the TCP segment that was observed to be part of this flow
- rev (bool) – True if the packet was in the reverse direction, False if in the forward direction
Returns: Always True
Return type: bool
-