On Wed, Oct 29, 2014 at 12:23 PM, Matt <matta...@gmail.com> wrote: > For posterity, here is how I've done it: > conv = (conversation_t*)g_hash_table_find( > get_conversation_hashtable_exact(), check_mptcp_token, (gpointer)&token); > > I am now looking for a way to debug. printf seems the way(and not > g_log/Q_INFO ?) to go but I need to display the con sole to see the > messages and I 've been unable to find a way to do so with the Qt version. > I've set gui.console.open to ALWAYS in .wireshark/preferences (since prefs > dialog didn't save my changes) but I still have no console. Whaat do I do > wrong please ? There is some "bug" with console window and Qt... You can use proto_tree_add_debug_text to display in output and also add info on tree.
Regards, > > 2014-10-28 14:23 GMT+01:00 Matt <matta...@gmail.com>: >> >> From what I understand, I need either to redissect with a tcp filter (ie >> dfilter("tcp") ) but it looks slow. I would rather search through created >> TCP conversations. My problem is that conversations look saved into >> different hashtables such as "GHashTable* conversation_hashtable_exact". To >> compare my token with a key against all TCP connections, I believe I should >> compare it over the conversations in the 4 hashtables. Is that correct ? >> >> 2014-10-28 9:58 GMT+01:00 Matt <matta...@gmail.com>: >>> >>> >Is that option present in all TCP packets or just in the initial 3-way >>> > handshake? If the former, then you have the problem I described above, >>> > with >>> > the indicated workaround. >>> This is one of the problems (and advantages) of these multipath >>> protocols, it's easier to evade data capture. >>> Especially for MPTCP, you have to get all SYN/ACKs to be able to map a >>> subflow to an MPTCP >>> connection, otherwise you can't tell anything (MPTCP exchanges >>> keys/nonces to authenticate a subflow during the3WHS). >>> I wished to propose expert info in case of packet retransmission (such as >>> detecting wrong keys) but it's not mandatory. >>> >>> In fact, an MPTCP communication starts with a TCP 3WHS that exchanges >>> some cryptographic keys with the TCP option MPTCP_CAPABLE.Then data is sent >>> on this TCP connection. >>> >>> At anytime a new TCP connection can be made to join the precedent MPTCP >>> connection. It is achieved with the establishment of a new TCP connection >>> with the TCP option MP_JOIN. THis tcp option carries tokens derived from the >>> keys exchanged during the MPTCP connection. So I need to check the token >>> against all previous keys to see if it maches a previously registered MPTCP >>> connection. >>> That's why I need to loop through TCP connections >>> find_conversation() returns one conversation based on IP addresses/ports >>> but I want to run a check against token/keys and I dunno how to do it. >>> >>> Thanks for your help >>> >>> >>> >>> >>> 2014-10-27 14:47 GMT+01:00 Matt <matta...@gmail.com>: >>>> >>>> Hi, >>>> >>>> I am trying to improve the MPTCP support in the TCP dissector. To >>>> provide expert infos, I need to identify which host initiated the >>>> connection (ie sent the SYN). I wonder how to do that, I could use >>>> tcp_analysis::server_port if ports were guaranted to be different on >>>> both sides. >>>> >>>> Secondly, I am trying to setup an MPTCP *stream* identifier , similar >>>> to tcp stream. Indeed a single MPTCP connection can be composed of >>>> several TCP connections. Thing is to know to which MPTCP stream a TCP >>>> stream is bound to, I have to check a token (in a TCP option) against >>>> all MPTCP connections until I find a match. So I need to loop through >>>> TCP connections. How can I do that. >>>> >>>> Regards >>>> Matt >>> >>> >> > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe