JnetPcap

[shocked]

Привет всем. В общем есть вопрос тем кто имеет опыт работы с данной библиотекой. Есть 2 пакеты с одинаковыми seq/ack номерами но первый приходит с неполными tcp данными

1 packet

Frame:
Frame: number = 9
Frame: timestamp = 2012-09-04 19:44:27.392
Frame: wire length = 71 bytes
Frame: captured length = 71 bytes
Frame:
Eth: ******* Ethernet - "Ethernet" - offset=0 (0x0) length=14
Eth:
Eth: destination = c0:f8:da:17:89:af
Eth: .... ..0. .... .... = [2] LG bit
Eth: .... ...0 .... .... = [2] IG bit
Eth: source = 00:26:5a:51:bf:e6
Eth: .... ..0. .... .... = [2] LG bit
Eth: .... ...0 .... .... = [2] IG bit
Eth: type = 0x800 (2048) [ip version 4]
Eth:
Ip: ******* Ip4 - "ip version 4" - offset=14 (0xE) length=20 protocol suite=NETWORK
Ip:
Ip: version = 4
Ip: hlen = 5 [5 * 4 = 20 bytes, No Ip Options]
Ip: diffserv = 0x0 (0)
Ip: 0000 00.. = [0] code point: not set
Ip: .... ..0. = [0] ECN bit: not set
Ip: .... ...0 = [0] ECE bit: not set
Ip: length = 57
Ip: id = 0x3867 (14439)
Ip: flags = 0x2 (2)
Ip: 0.. = [0] reserved
Ip: .1. = [1] DF: do not fragment: set
Ip: ..0 = [0] MF: more fragments: not set
Ip: offset = 0
Ip: ttl = 110 [time to live]
Ip: type = 6 [next: Transmission Control]
Ip: checksum = 0xD0D7 (53463) [correct]
Ip: source = 84.53.237.151
Ip: destination = 192.168.1.11
Ip:
Tcp: ******* Tcp offset=34 (0x22) length=32
Tcp:
Tcp: source = 19253
Tcp: destination = 52123
Tcp: seq = 0x8FE5BB53 (2414197587)
Tcp: ack = 0x95E09F81 (2514526081)
Tcp: hlen = 8
Tcp: reserved = 0
Tcp: flags = 0x18 (24)
Tcp: 0... .... = [0] cwr: reduced (cwr)
Tcp: .0.. .... = [0] ece: ECN echo flag
Tcp: ..0. .... = [0] ack: urgent, out-of-band data
Tcp: ...1 .... = [1] ack: acknowledgment
Tcp: .... 1... = [1] ack: push current segment of data
Tcp: .... .0.. = [0] ack: reset connection
Tcp: .... ..0. = [0] ack: synchronize connection, startup
Tcp: .... ...0 = [0] fin: closing down connection
Tcp: window = 257
Tcp: checksum = 0x1290 (4752) [correct]
Tcp: urgent = 0
Tcp:
Tcp: + NoOp: offset=21 length=1
Tcp: code = 1
Tcp: length = 1 [implied length from option type]
Tcp:
Tcp: + Timestamp: offset=22 length=10
Tcp: code = 8
Tcp: length = 10
Tcp: tsval = 49303926
Tcp: tsecr = 17738810
Tcp:
Data: ******* Payload offset=66 (0x42) length=5
Data:
0042: 85 49 03 3a 3e .I.:>

2й пакет

2 packet

Frame:
Frame: number = 11
Frame: timestamp = 2012-09-04 19:44:27.92
Frame: wire length = 98 bytes
Frame: captured length = 98 bytes
Frame:
Eth: ******* Ethernet - "Ethernet" - offset=0 (0x0) length=14
Eth:
Eth: destination = c0:f8:da:17:89:af
Eth: .... ..0. .... .... = [2] LG bit
Eth: .... ...0 .... .... = [2] IG bit
Eth: source = 00:26:5a:51:bf:e6
Eth: .... ..0. .... .... = [2] LG bit
Eth: .... ...0 .... .... = [2] IG bit
Eth: type = 0x800 (2048) [ip version 4]
Eth:
Ip: ******* Ip4 - "ip version 4" - offset=14 (0xE) length=20 protocol suite=NETWORK
Ip:
Ip: version = 4
Ip: hlen = 5 [5 * 4 = 20 bytes, No Ip Options]
Ip: diffserv = 0x0 (0)
Ip: 0000 00.. = [0] code point: not set
Ip: .... ..0. = [0] ECN bit: not set
Ip: .... ...0 = [0] ECE bit: not set
Ip: length = 84
Ip: id = 0x3BC7 (15303)
Ip: flags = 0x2 (2)
Ip: 0.. = [0] reserved
Ip: .1. = [1] DF: do not fragment: set
Ip: ..0 = [0] MF: more fragments: not set
Ip: offset = 0
Ip: ttl = 110 [time to live]
Ip: type = 6 [next: Transmission Control]
Ip: checksum = 0xCD5C (52572) [correct]
Ip: source = 84.53.237.151
Ip: destination = 192.168.1.11
Ip:
Tcp: ******* Tcp offset=34 (0x22) length=32
Tcp:
Tcp: source = 19253
Tcp: destination = 52123
Tcp: seq = 0x8FE5BB53 (2414197587)
Tcp: ack = 0x95E09F81 (2514526081)
Tcp: hlen = 8
Tcp: reserved = 0
Tcp: flags = 0x18 (24)
Tcp: 0... .... = [0] cwr: reduced (cwr)
Tcp: .0.. .... = [0] ece: ECN echo flag
Tcp: ..0. .... = [0] ack: urgent, out-of-band data
Tcp: ...1 .... = [1] ack: acknowledgment
Tcp: .... 1... = [1] ack: push current segment of data
Tcp: .... .0.. = [0] ack: reset connection
Tcp: .... ..0. = [0] ack: synchronize connection, startup
Tcp: .... ...0 = [0] fin: closing down connection
Tcp: window = 257
Tcp: checksum = 0xF217 (61975) [correct]
Tcp: urgent = 0
Tcp:
Tcp: + NoOp: offset=21 length=1
Tcp: code = 1
Tcp: length = 1 [implied length from option type]
Tcp:
Tcp: + Timestamp: offset=22 length=10
Tcp: code = 8
Tcp: length = 10
Tcp: tsval = 49303979
Tcp: tsecr = 17738810
Tcp:
Data: ******* Payload offset=66 (0x42) length=32
Data:
0042: 85 49 03 3a 3e f4 36 e5 e5 ea ad fe d0 28 7d 65 .I.:>.6......(}e
0052: 53 66 ae f6 5c fe 82 3e b9 9f bc 8f 41 8f 6d 7e Sf..\..>....A.m~

В packetSamurai следующий код отвечает за такое
[src=java]
public void add(TCPPacket p) {
for (final SeqHolder sh : _waitingPrevious.values()) {
final TCPPacket old = sh.getPacket();
if (sh.getPacket().sequence == p.sequence) {
if (old.data.length < p.data.length) {
final int diff = p.data.length - old.data.length;
System.err.printf("DIFF %d = %d - %d \n",diff, p.data.length, old.data.length);
final long seq = (old.sequence + old.data.length)%MODULO;
//System.err.println("ADJUSTED TO SEQ: "+seq+"\nPACKET: "+p);
final byte[] data = new byte[diff];
System.arraycopy(p.data, p.data.length - diff, data, 0, data.length);
System.err.println(Util.hexDump(p.data));
p.data = data;
p.sequence = seq;

System.err.println(Util.hexDump(p.data));
}
else if (old.data.length == p.data.length) {
// packet retransmitted
// dont add, else the data will be duped (acked again)
return;
}
}
}
[/src]
И собственно вопрос как с jnetpcap записать в tcp.getPayload() массив ,который выше назван data.
System.arraycopy(...) не помог
Пробовал так
[src=java]
System.arraycopy(data, 0, packet..getHeader(tcp).getPayload(), packet.getHeader(tcp).getPayloadOffset(), data.length);
[/src]

[VISTALL]

я непонял смысл - таких манипуляций, можно обьяснитЬ?

[shocked]

В packetSamurai делается следующее
В old.data хранится следующий массив (неполный) [85 49 03 3A 3E ]. Приходит 2й пакет с такими же seq/ack номерами, только полный [85 49 03 3A 3E F4 36 E5 E5 EA AD FE D0 28 7D 65 53 66 AE F6 5C FE 82 3E B9 9F BC 8F 41 8F 6D 7E]. И в результате он записывает в новый пакет следующее [F4 36 E5 E5 EA AD FE D0 28 7D 65 53 66 AE F6 5C FE 82 3E B9 9F BC 8F 41 8F 6D 7E ], тоесть минус 5 байт предыдущих я хз зачем, но это работает и крипт\логика не падает)).
Ну и мне нада записать такой же массив в поле tcp data я не знаю как. Проще говоря код перевести с jpcap на jnetpcap

[VISTALL]

а по дампу - нормальные данные отображаются?(смотря на код)

[shocked]

Не, старая остается
[src=java]
for (final SeqHolder sh : _waitingPrevious.values()) {
final PcapPacket old = sh.getPacket();
if (sh.getPacket().getHeader(tcp).seq() == p.getHeader(tcp).seq()) {
if (old.getHeader(tcp).getPayloadLength() < p.getHeader(tcp).getPayloadLength()) {
final int diff = p.getHeader(tcp).getPayloadLength() - old.getHeader(tcp).getPayloadLength();
System.err.printf("DIFF %d = %d - %d \n",diff, p.getHeader(tcp).getPayloadLength(), old.getHeader(tcp).getPayloadLength());
final long seq = (old.getHeader(tcp).seq() + old.getHeader(tcp).getPayloadLength()) % MODULO;
//System.err.println("ADJUSTED TO SEQ: "+seq+"\nPACKET: "+p);
final byte[] data = new byte[diff];
System.arraycopy(p.getHeader(tcp).getPayload(), p.getHeader(tcp).getPayloadLength() - diff, data, 0, data.length);

System.out.println("old packet");
System.out.println(Util.hexDump(old.getHeader(tcp).getPayload()));
System.out.println("new packet");
System.out.println(Util.hexDump(p.getHeader(tcp).getPayload()));
System.out.println("data array[] for copy");
System.out.println(Util.hexDump(data));
System.arraycopy(data, 0, p.getHeader(tcp).getPayload(), 0, data.length);
System.out.println("after copy");
System.out.println(Util.hexDump(p.getHeader(tcp).getPayload()));
[/src]
out:
old packet
85 49 03 3A 3E

new packet
85 49 03 3A 3E F4 36 E5 E5 EA AD FE D0 28 7D 65
53 66 AE F6 5C FE 82 3E B9 9F BC 8F 41 8F 6D 7E

data array[] for copy
F4 36 E5 E5 EA AD FE D0 28 7D 65 53 66 AE F6 5C
FE 82 3E B9 9F BC 8F 41 8F 6D 7E

after copy
85 49 03 3A 3E F4 36 E5 E5 EA AD FE D0 28 7D 65
53 66 AE F6 5C FE 82 3E B9 9F BC 8F 41 8F 6D 7E
Весь гемор из-за одной строчки p.data = data =)

Пока нашел костыльное решение создавать новый JPacket и передавать в конструктор ему строку с нужными байтами, но это ппц неправильно ) хотя работает