File: INTERNALS

package info (click to toggle)
tcpick 0.2.1-10
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, sid
  • size: 1,164 kB
  • sloc: ansic: 2,557; sh: 931; makefile: 16
file content (46 lines) | stat: -rw-r--r-- 2,047 bytes parent folder | download | duplicates (7)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
This is INTERNALS, produced by makeinfo version 4.7 from
INTERNALS.texinfo.

   The starting function `main' is in the file `tcpick.c'.
Command-line arguments are parsed by `parse_args' (`args.c').

   The packet capture engine is powered by the pcap library, that
handles, with the function `pcap_loop' the callback loop function
`got_packet' (`loop.c').

   When a packet has been captured by `pcap_loop' it will be calculated
the offset of the ip header (`ippacket'), the offset of the tcp header
(`tcppacket'). Finally the function `verify' (`verify.c') will be
called to analyze the packet.

   Packet offset and size are declared globally (`extern.h' and
`globals.h') not to allocate the stack every time a function that works
on the packet is called

   The source code that contains the function `verify' begins with
several `#define''s used to verify if a sniffed packet match an
inizialized connection (or else if it creates a new one).

   All connections tracked are stored in a linked list (i hope I will be
able to replace it with an efficient balanced tree).

   The `struct host_descriptor_t' describes one side of the tcp
connection (the server or the client). The function `verify' detects
the changes of the status of the tracked connection and update it with
the function `status_switch' (`tracker.c'), that calls the function
`display_status' to notify the user of this change and deletes the
connection if it is `CLOSED'

   When data are transmitted (`IS_DATA_FLOW') the function
`established_packet' (`verify.c') is called.  This function detects if
the packet is an acknowledgment one or a data one.  Unacknowledged data
packets are stored in a linked-list by the function `addfr'
(`fragments.c').  When data are acknowledged by a `ack', the function
`flush_ack' (`fragments.c') is called.

   In `flush_ack' acknowledged data are flushed to an output stream
(display or file) by the function `wrebuild' (`write.c').

   The function `out_flavour' (`write.c') is used to select the format
of the data wished by the user.