Tux

...making Linux just a little more fun!

kernel inquiry

Ignacio, Domingo Jr Ostria - igndo001 [DomingoJr.Ignacio at postgrads.unisa.edu.au]


Thu, 3 Jul 2008 16:51:39 +0930

Hi guys,

In the tcp.h header file , I found the variables:

#define TCPOPT_WINDOW			3
#define TCPOPT_SACK			5
#define TCPOPT_TIMESTAMP 		8

Does anyone can help me with what the numbers 3,5,8 means? Are they the tcp option numbers in the TCP header? Or are they port definitions?

Cheers, Dom


Top    Back


René Pfeiffer [lynx at luchs.at]


Thu, 3 Jul 2008 23:24:33 +0200

Re!

On Jul 03, 2008 at 1651 +0930, Ignacio, Domingo Jr Ostria - igndo001 appear= ed and said:

> [...]
> In the tcp.h header file , I found the variables:
> #define TCPOPT_WINDOW			3
> #define TCPOPT_SACK			5
> #define TCPOPT_TIMESTAMP 		8

No, these are constants, not variables. This is an important difference.

> Does anyone can help me with what the numbers 3,5,8 means? Are they the
> tcp option numbers in the TCP header? Or are they port definitions?

It depends on where the constants go. You can trace them in the kernel source. If you use the Linux kernel source cross reference project, you can do that online: https://lxr.linux.no/linux/include/net/tcp.h

If you use the search function on this web page you see which C source files use the constants. As far as I see it the constants are bit positions.

Best, René.


Top    Back


Ben Okopnik [ben at linuxgazette.net]


Thu, 3 Jul 2008 19:58:37 -0400

On Thu, Jul 03, 2008 at 11:24:33PM +0200, René Pfeiffer wrote:

> Re!
> 
> On Jul 03, 2008 at 1651 +0930, Ignacio, Domingo Jr Ostria - igndo001 appeared and said:
> > [...]
> > In the tcp.h header file , I found the variables:
> > #define TCPOPT_WINDOW			3
> > #define TCPOPT_SACK			5
> > #define TCPOPT_TIMESTAMP 		8
> 
> No, these are constants, not variables. This is an important difference.

Y'know, I must admit to scratching my head a bit on that one. It seems to me that screwing about with TCP arcana, etc. and then actually *being able to interpret the results* requires a very, very solid grounding in C programming. Which Dom does not appear to have - /vide supra/. This may well be an XY problem.

https://www.perlmonks.org/index.pl?node_id=542341

> > Does anyone can help me with what the numbers 3,5,8 means? Are they the
> > tcp option numbers in the TCP header? Or are they port definitions?
> 
> It depends on where the constants go. You can trace them in the kernel
> source. If you use the Linux kernel source cross reference project, you
> can do that online: https://lxr.linux.no/linux/include/net/tcp.h
> 
> If you use the search function on this web page you see which C source
> files use the constants. As far as I see it the constants are bit
> positions.

Or, given that Dom now has the kernel source and headers, he can do it live [1]. There are tons of matches for these in the kernel tree:

ben@Tyr:/usr/src/linux-headers-2.6.20-15$ ack -a 'TCPOPT_'
include/net/tcp.h
158:#define TCPOPT_NOP          1       /* Padding */
159:#define TCPOPT_EOL          0       /* End of options */
160:#define TCPOPT_MSS          2       /* Segment size negotiating */
161:#define TCPOPT_WINDOW               3       /* Window scaling */
162:#define TCPOPT_SACK_PERM        4       /* SACK Permitted */
163:#define TCPOPT_SACK             5       /* SACK Block */
164:#define TCPOPT_TIMESTAMP    8       /* Better RTT estimations/PAWS */
165:#define TCPOPT_MD5SIG               19      /* MD5 Signature (RFC2385) */
 
ben@Tyr:/usr/src/linux-2.6.20$ ack -l --type=cc 'TCPOPT_'
drivers/net/s2io.c
include/net/tcp.h
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
net/ipv4/netfilter/ip_nat_helper.c
net/ipv4/netfilter/ipt_TCPMSS.c
net/ipv4/netfilter/nf_nat_helper.c
net/ipv4/tcp_input.c
net/ipv4/tcp_ipv4.c
net/ipv4/tcp_output.c
net/ipv6/tcp_ipv6.c
net/netfilter/nf_conntrack_proto_tcp.c
net/netfilter/xt_tcpmss.c

The comments in these files are well-written and informative, as well as full of breadcrumbs - e.g.

   case TCPOPT_NOP:        /* Ref: RFC 793 section 3.1 */

[1] The command I used to search the tree, "ack", is just a smarter version of "grep", with highlighting, etc. - available from 'https://CPAN.org'. Oh, and it supports a "--thpppt" option - how can you go wrong?

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * https://LinuxGazette.NET *


Top    Back