Pull request #4426: packet_tracer: add tcp window size, options and meta-ack info

Merge in SNORT/snort3 from ~SBAIGAL/snort3:meta-ack-win to master

Squashed commit of the following:

commit 7a336ceee9838076d706ba55a30d1135b2012b8a
Author: Steven Baigal <sbaigal@cisco.com>
Date:   Fri Aug 23 14:12:22 2024 -0400

    packet_tracer: add tcp window size, options and meta-ack info

diff --git a/src/packet_io/packet_tracer.cc b/src/packet_io/packet_tracer.cc
index 2a19685f4a939e680dfebaf2999345a235dd5c5f..bac33bd3450bc30a36362a3048c9c9935169a406 100644 (file)
--- a/src/packet_io/packet_tracer.cc
+++ b/src/packet_io/packet_tracer.cc
@@ -37,6 +37,7 @@
 #include "protocols/ip.h"
 #include "protocols/packet.h"
 #include "protocols/tcp.h"
+#include "protocols/tcp_options.h"
 #include "utils/util.h"
 
 #include "active.h"
@@ -85,6 +86,37 @@ bool PacketTracer::is_daq_activated()
 { return s_pkt_trace ? s_pkt_trace->daq_activated : false; }
 #endif
 
+static std::string stringify_tcp_options(const Packet* const pkt)
+{
+    std::ostringstream oss;
+    tcp::TcpOptIterator iter(pkt->ptrs.tcph, pkt);
+
+    for (const tcp::TcpOption& opt : iter)
+    {
+        switch (opt.code)
+        {
+        case tcp::TcpOptCode::WSCALE:
+            oss << "ws " << (uint16_t)opt.data[0] << ", ";
+            break;
+        case tcp::TcpOptCode::MAXSEG:
+            oss << "mss " << ntohs(*((const uint16_t*)(opt.data)) ) << ", ";
+            break;
+        case tcp::TcpOptCode::SACKOK:
+            oss << "sack OK, ";
+            break;
+        default:
+            break;
+        }
+    }
+    std::string opts = oss.str();
+    if (!opts.empty())
+    {
+        opts.insert(0, "options [");
+        opts.replace(opts.size() - 2, 2, "] ");
+    }
+    return opts;
+}
+
 void PacketTracer::set_log_file(const std::string& file)
 { log_file = file; }
 
@@ -426,16 +458,24 @@ void PacketTracer::add_packet_type_info(const Packet& p)
             char tcpFlags[10];
             p.ptrs.tcph->stringify_flags(tcpFlags);
 
+            std::string opts;
+            if (p.ptrs.tcph->th_flags & TH_SYN)
+                opts = stringify_tcp_options(&p);
+
             if (p.ptrs.tcph->th_flags & TH_ACK)
-                PacketTracer::log("Packet %" PRIu64 ": TCP %s, %s, seq %u, ack %u, dsize %u%s\n",
+                PacketTracer::log("Packet %" PRIu64 ": TCP %s, %s, seq %u, ack %u, win %u, %sdsize %u%s\n",
                     p.context->packet_number, tcpFlags, timestamp,
-                    p.ptrs.tcph->seq(), p.ptrs.tcph->ack(), p.dsize,
+                    p.ptrs.tcph->seq(), p.ptrs.tcph->ack(), p.ptrs.tcph->win(), opts.c_str(), p.dsize,
                     p.is_retry() ? ", retry pkt" : "");
             else
-                PacketTracer::log("Packet %" PRIu64 ": TCP %s, %s, seq %u, dsize %u%s\n",
+                PacketTracer::log("Packet %" PRIu64 ": TCP %s, %s, seq %u, win %u, %sdsize %u%s\n",
                     p.context->packet_number, tcpFlags, timestamp, p.ptrs.tcph->seq(),
-                    p.dsize,
+                    p.ptrs.tcph->win(), opts.c_str(), p.dsize,
                     p.is_retry() ? ", retry pkt" : "");
+            DAQ_PktTcpAckData_t* tcp_mack = (DAQ_PktTcpAckData_t*)p.daq_msg->meta[DAQ_PKT_META_TCP_ACK_DATA];
+            if ( tcp_mack )
+                PacketTracer::log("Meta_ack: ack %u, win %u\n",
+                    ntohl(tcp_mack->tcp_ack_seq_num), ntohs(tcp_mack->tcp_window_size));
             break;
         }