1 /* 2 p0f - portable IP and TCP headers 3 --------------------------------- 4 5 Note that all multi-byte fields are in network (i.e., big) endian, and may 6 need to be converted before use. 7 8 Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx> 9 10 Distributed under the terms and conditions of GNU LGPL. 11 12 */ 13 14 #ifndef _HAVE_TCP_H 15 #define _HAVE_TCP_H 16 17 #include "types.h" 18 19 /************* 20 * IP common * 21 *************/ 22 23 /* Protocol versions: */ 24 25 #define IP_VER4 0x04 26 #define IP_VER6 0x06 27 28 /* IP-level ECN: */ 29 30 #define IP_TOS_CE 0x01 /* Congestion encountered */ 31 #define IP_TOS_ECT 0x02 /* ECN supported */ 32 33 /* Encapsulated protocols we care about: */ 34 35 #define PROTO_TCP 0x06 36 37 38 /******** 39 * IPv4 * 40 ********/ 41 42 struct ipv4_hdr { 43 44 u8 ver_hlen; /* IP version (4), IP hdr len in dwords (4) */ 45 u8 tos_ecn; /* ToS field (6), ECN flags (2) */ 46 u16 tot_len; /* Total packet length, in bytes */ 47 u16 id; /* IP ID */ 48 u16 flags_off; /* Flags (3), fragment offset (13) */ 49 u8 ttl; /* Time to live */ 50 u8 proto; /* Next protocol */ 51 u16 cksum; /* Header checksum */ 52 u8 src[4]; /* Source IP */ 53 u8 dst[4]; /* Destination IP */ 54 55 /* Dword-aligned options may follow. */ 56 57 } __attribute__((packed)); 58 59 /* IP flags: */ 60 61 #define IP4_MBZ 0x8000 /* "Must be zero" */ 62 #define IP4_DF 0x4000 /* Don't fragment (usually PMTUD) */ 63 #define IP4_MF 0x2000 /* More fragments coming */ 64 65 66 /******** 67 * IPv6 * 68 ********/ 69 70 struct ipv6_hdr { 71 72 u32 ver_tos; /* Version (4), ToS (6), ECN (2), flow (20) */ 73 u16 pay_len; /* Total payload length, in bytes */ 74 u8 proto; /* Next protocol */ 75 u8 ttl; /* Time to live */ 76 u8 src[16]; /* Source IP */ 77 u8 dst[16]; /* Destination IP */ 78 79 /* Dword-aligned options may follow if proto != PROTO_TCP and are 80 included in total_length; but we won't be seeing such traffic due 81 to BPF rules. */ 82 83 } __attribute__((packed)); 84 85 86 87 /******* 88 * TCP * 89 *******/ 90 91 struct tcp_hdr { 92 93 u16 sport; /* Source port */ 94 u16 dport; /* Destination port */ 95 u32 seq; /* Sequence number */ 96 u32 ack; /* Acknowledgment number */ 97 u8 doff_rsvd; /* Data off dwords (4), rsvd (3), ECN (1) */ 98 u8 flags; /* Flags, including ECN */ 99 u16 win; /* Window size */ 100 u16 cksum; /* Header and payload checksum */ 101 u16 urg; /* "Urgent" pointer */ 102 103 /* Dword-aligned options may follow. */ 104 105 } __attribute__((packed)); 106 107 108 /* Normal flags: */ 109 110 #define TCP_FIN 0x01 111 #define TCP_SYN 0x02 112 #define TCP_RST 0x04 113 #define TCP_PUSH 0x08 114 #define TCP_ACK 0x10 115 #define TCP_URG 0x20 116 117 /* ECN stuff: */ 118 119 #define TCP_ECE 0x40 /* ECN supported (SYN) or detected */ 120 #define TCP_CWR 0x80 /* ECE acknowledgment */ 121 #define TCP_NS_RES 0x01 /* ECE notification via TCP */ 122 123 /* Notable options: */ 124 125 #define TCPOPT_EOL 0 /* End of options (1) */ 126 #define TCPOPT_NOP 1 /* No-op (1) */ 127 #define TCPOPT_MAXSEG 2 /* Maximum segment size (4) */ 128 #define TCPOPT_WSCALE 3 /* Window scaling (3) */ 129 #define TCPOPT_SACKOK 4 /* Selective ACK permitted (2) */ 130 #define TCPOPT_SACK 5 /* Actual selective ACK (10-34) */ 131 #define TCPOPT_TSTAMP 8 /* Timestamp (10) */ 132 133 134 /*************** 135 * Other stuff * 136 ***************/ 137 138 #define MIN_TCP4 (sizeof(struct ipv4_hdr) + sizeof(struct tcp_hdr)) 139 #define MIN_TCP6 (sizeof(struct ipv6_hdr) + sizeof(struct tcp_hdr)) 140 141 #endif /* !_HAVE_TCP_H */ 142