Source code for pathspider.chains.tcpopt

.. module:: pathspider.chains.tcp
   :synopsis: A flow analysis chain for TCP options (timestamp, Window Scaling, SACK)

This module contains the TCPOptChain flow analysis chain which can be used by
PATHspider's Observer for recording the presentent of the TCP TS, WS, and SACK options.

.. codeauthor:: Mirja Kuehlewind <>


from pathspider.chains.base import Chain
from pathspider.chains.tcp import tcp_options
from pathspider.chains.tcp import TO_SACKOK
from pathspider.chains.tcp import TO_TS
from pathspider.chains.tcp import TO_WS

[docs]class TCPOptChain(Chain): """ This flow analysis chain records details of the TCP Maximum Segment Size (MSS) option in the flow record. It will determine the length and value of the field if present in SYN packets. +----------------+--------+------------------------------------------------------------------+ | Field Name | Type | Meaning | +================+========+==================================================================+ | ``tcpopt_ts`` | bool | Indicates if the timestamp option is present in the SYN/ACK. | +----------------+--------+------------------------------------------------------------------+ | ``tcpopt_ws`` | bool | Indicates if the Window Scaling option is present in the SYN/ACK.| +----------------+--------+------------------------------------------------------------------+ | ``tcpopt_sack``| bool | Indicates if the Sack option is present in the SYN/ACK. | +----------------+--------+------------------------------------------------------------------+ """
[docs] def new_flow(self, rec, ip): """ For a new flow, all fields will be initialised to ``None``. :param rec: the flow record :type rec: dict :param ip: the IP or IPv6 packet that triggered the creation of a new flow record :type ip: plt.ip or plt.ip6 :return: Always ``True`` :rtype: bool """ rec['tcpopt_ts'] = None rec['tcpopt_ws'] = None rec['tcpopt_sack'] = None return True
[docs] def tcp(self, rec, tcp, rev): # pylint: disable=unused-argument,no-self-use """ Records if TCP option (TS, WS, SACK) are present in the SYN/ACK. :param rec: the flow record :type rec: dict :param tcp: the TCP segment that was observed to be part of this flow :type ip: plt.tcp :param rev: True if the packet was in the reverse direction, False if in the forward direction :type rev: bool :return: Always True :rtype: bool """ # Shortcut non-SYN if not tcp.syn_flag: return True # Only look at reverse path for SYN/ACK if not rev: return True opts = tcp_options(tcp) if TO_TS in opts: rec['tcpopt_ts'] = True if TO_WS in opts: rec['tcpopt_ws'] = True if TO_SACKOK in opts: rec['tcpopt_sack'] = True # tell observer to keep going return True