I had a couple spare cycles, so I decided to just take a WAG at what might be done, which was to say that if the IP len was zero, just go ahead and guess that this was a TSO and set the len to the length parm pass-in to print-ip and hope.
Basically, before the change, tracing on a system with TSO enabled would look something like this (modulo word-wrap):
000024 IP 192.168.13.223.32879 > 192.168.13.1.61941: S 3328985709:3328985709(0) win 5840 <mss 1460,sackOK,timestamp 19361257 0,nop,w
scale 2>
000101 IP 192.168.13.1.61941 > 192.168.13.223.32879: S 629210769:629210769(0) ack 3328985710 win 65535 <mss 1460,nop,nop,sackOK,wsca
le 2,nop,nop,nop,timestamp 945581949 19361257>
000014 IP 192.168.13.223.32879 > 192.168.13.1.61941: . ack 1 win 1460 <nop,nop,timestamp 19361257 945581949>
000033 IP bad-len 0
000202 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 1449 win 32768 <nop,nop,timestamp 945581949 19361257>
000001 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 4345 win 32768 <nop,nop,timestamp 945581949 19361257>
000145 IP bad-len 0
000229 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 8689 win 32768 <nop,nop,timestamp 945581949 19361257>
000011 IP bad-len 0
039339 IP 192.168.13.223.32878 > 192.168.13.1.12865: . ack 513 win 1996 <nop,nop,timestamp 19361297 945581949>
024992 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 13033 win 32768 <nop,nop,timestamp 945581956 19361258>
000007 IP bad-len 0
000118 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 14481 win 32768 <nop,nop,timestamp 945581956 19361322>
000001 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 17377 win 32768 <nop,nop,timestamp 945581956 19361322>
000011 IP bad-len 0
with the change, it becomes:
000024 IP 192.168.13.223.32879 > 192.168.13.1.61941: S 3328985709:3328985709(0) win 5840 <mss 1460,sackOK,timestamp 19361257 0,nop,w
scale 2>
000101 IP 192.168.13.1.61941 > 192.168.13.223.32879: S 629210769:629210769(0) ack 3328985710 win 65535 <mss 1460,nop,nop,sackOK,wsca
le 2,nop,nop,nop,timestamp 945581949 19361257>
000014 IP 192.168.13.223.32879 > 192.168.13.1.61941: . ack 1 win 1460 <nop,nop,timestamp 19361257 945581949>
000033 IP 192.168.13.223.32879 > 192.168.13.1.61941: . 1:4345(4344) ack 1 win 1460 <nop,nop,timestamp 19361257 945581949>
000202 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 1449 win 32768 <nop,nop,timestamp 945581949 19361257>
000001 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 4345 win 32768 <nop,nop,timestamp 945581949 19361257>
000145 IP 192.168.13.223.32879 > 192.168.13.1.61941: . 4345:8689(4344) ack 1 win 1460 <nop,nop,timestamp 19361257 945581949>
000229 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 8689 win 32768 <nop,nop,timestamp 945581949 19361257>
000011 IP 192.168.13.223.32879 > 192.168.13.1.61941: . 8689:13033(4344) ack 1 win 1460 <nop,nop,timestamp 19361258 945581949>
039339 IP 192.168.13.223.32878 > 192.168.13.1.12865: . ack 513 win 1996 <nop,nop,timestamp 19361297 945581949>
024992 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 13033 win 32768 <nop,nop,timestamp 945581956 19361258>
000007 IP 192.168.13.223.32879 > 192.168.13.1.61941: . 13033:17377(4344) ack 1 win 1460 <nop,nop,timestamp 19361322 945581956>
000118 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 14481 win 32768 <nop,nop,timestamp 945581956 19361322>
000001 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 17377 win 32768 <nop,nop,timestamp 945581956 19361322>
000011 IP 192.168.13.223.32879 > 192.168.13.1.61941: . 17377:21721(4344) ack 1 win 1460 <nop,nop,timestamp 19361322 945581956>
000113 IP 192.168.13.1.61941 > 192.168.13.223.32879: . ack 21721 win 32768 <nop,nop,timestamp 945581956 19361322>
Now, I have _no_ clue where this might fall down, and don't know if this is something that should be controlled with a run-time switch or what, but here is the rough prototype diff where it is controlled via an #ifdef:
# diff -c print-ip.c.orig print-ip.c *** print-ip.c.orig 2005-01-12 03:19:08.000000000 -0800 --- print-ip.c 2005-01-19 11:33:40.160746848 -0800 *************** *** 21,27 ****
#ifndef lint
static const char rcsid[] _U_ =
! "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.146 2005/01/12 11:19:08 hannes Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H --- 21,27 ----
#ifndef lint
static const char rcsid[] _U_ =
! "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.146+TSO 2005/01/19 17:19:08 raj Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H *************** *** 399,406 **** --- 399,417 ---- (void)printf("truncated-ip - %u bytes missing! ", len - length); if (len < hlen) { + #ifdef GUESS_TSO + if (len) { + (void)printf("bad-len %u", len); + return; + } + else { + /* we guess that it is a TSO send */ + len = length; + } + #else (void)printf("bad-len %u", len); return; + #endif /* GUESS_TSO */ }
/*
basically, if the IP len is zero, ass-u-me that the segment is TSO and wing it.
rick jones - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.