File: INTERNALS.texinfo

package info (click to toggle)
tcpick 0.2.1-11
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,164 kB
  • sloc: ansic: 2,557; sh: 931; makefile: 16
file content (73 lines) | stat: -rw-r--r-- 2,467 bytes parent folder | download | duplicates (8) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
\input texinfo  @c -*-texinfo-*-
@setfilename INTERNALS
@settitle tcpick looked from the inside
@c @setchapternewpage odd
@c @paragraphindent asis



@c 1st page:
@titlepage
@title INTERNALS
@subtitle tcpick looked from the inside
@author Francesco 'DuskDruid' Stablum

@c copyright page
@end titlepage
@headings single


@c Contenuti
@contents

The starting function @code{main} is in the file @code{tcpick.c}.
Command-line arguments are parsed by @code{parse_args}
(@code{args.c}).

The packet capture engine is powered by the pcap library, that
handles, with the function @code{pcap_loop} the callback loop function
@code{got_packet} (@code{loop.c}).

When a packet has been captured by @code{pcap_loop} it will be
calculated the offset of the ip header (@code{ippacket}), the offset
of the tcp header (@code{tcppacket}). Finally the function
@code{verify} (@code{verify.c}) will be called to analyze the packet.

Packet offset and size are declared globally (@code{extern.h} and
@code{globals.h}) not to allocate the stack every time a function that
works on the packet is called

The source code that contains the function @code{verify} begins with
several @code{#define}'s used to verify if a sniffed packet match an
inizialized connection (or else if it creates a new one).

All connections tracked are stored in a linked list (i hope I will be
able to replace it with an efficient balanced tree).

The @code{struct host_descriptor_t} describes one side of the tcp
connection (the server or the client). The function @code{verify}
detects the changes of the status of the tracked connection and update
it with the function @code{status_switch} (@code{tracker.c}), that
calls the function @code{display_status} to notify the user of this
change and deletes the connection if it is @code{CLOSED}

When data are transmitted (@code{IS_DATA_FLOW}) the function 
@code{established_packet} (@code{verify.c}) is called. 
This function detects if the
packet is an acknowledgment one or a data one. 
Unacknowledged data
packets are stored in a linked-list 
by the function @code{addfr} (@code{fragments.c}).
When data are acknowledged by
a @code{ack}, 
the function @code{flush_ack} (@code{fragments.c}) is called.

In @code{flush_ack} acknowledged data are flushed 
to an output stream (display or file) 
by the function @code{wrebuild} (@code{write.c}).

The function @code{out_flavour} (@code{write.c}) 
is used to select the format of the
data wished by the user.