Ethereal-dev: [Ethereal-dev] [PATCH] Ethereal 'Follow TCP Stream' gets confused when symmetric

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Gregory Stark <gsstark@xxxxxxx>
Date: Thu, 03 Jul 2003 20:15:50 -0000
'Follow TCP Stream' gets very confused if you have two streams between the
same ip addresses with reversed source and destination ports. Ie, if host a
connects to host b on port 80 at the same time as host b connects to host a on
port and both choose the same source port. This may seem like a strange event
but it can occur quite easily when NAT is involved and a host is contacting
itself through the NAT router.

The attached patch straightens out this problem, it seems to work for me.


bash-2.05b# diff -u follow.c.~1~ follow.c
--- follow.c.~1~	2002-12-03 20:36:10.000000000 -0500
+++ follow.c	2003-07-03 15:01:28.000000000 -0400
@@ -140,12 +140,16 @@
   /* Now check if the packet is for this connection. */
   memcpy(srcx, net_src->data, len);
   memcpy(dstx, net_dst->data, len);
-  if ((memcmp(srcx, ip_address[0], len) != 0 &&
-       memcmp(srcx, ip_address[1], len) != 0) ||
-      (memcmp(dstx, ip_address[0], len) != 0 &&
-       memcmp(dstx, ip_address[1], len) != 0) ||
-      (srcport != tcp_port[0] && srcport != tcp_port[1]) ||
-      (dstport != tcp_port[0] && dstport != tcp_port[1]))
+  if (
+      ! (
+	 !memcmp(srcx, ip_address[0], len) && !memcmp(dstx, ip_address[1], len) &&
+	 srcport == tcp_port[0] && dstport == tcp_port[1]
+	 ) &&
+      ! (
+	 !memcmp(srcx, ip_address[1], len) && !memcmp(dstx, ip_address[0], len) &&
+	 srcport == tcp_port[1] && dstport == tcp_port[0]
+	 )
+      ) 
     return;
 
   /* Initialize our stream chunk.  This data gets written to disk. */

-- 
greg