drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Dunning <tdunn...@mapr.com>
Subject Re: PCAP Issues
Date Tue, 02 Jan 2018 06:42:15 GMT

PacketConstants.ETHER_HEADER_LENGTH + getIPHeaderLength() +13 to get the word that has the
flags

Looks to me like


     getByte(raw, ipOffset + getIPHeaderLength() + 13)


is what you need. And this gets you the byte, not the word.
________________________________
From: Charles Givre <cgivre@gmail.com>
Sent: Monday, January 1, 2018 12:31:17 PM
To: dev@drill.apache.org
Cc: Ted Dunning
Subject: PCAP Issues

Hello all,
I was playing with the PCAP functionality in Drill and I wanted to add the TCP flags to the
data that Drill is returning.  I was also interested in adding the TCP Sequence and Ack numbers
as well.  I noticed that the code as written currently has a function in Packet.java which
returns the TCP Sequence number, however this was never added to the schema, so I added that
and rebuilt Drill, however, it doesn’t seem to be returning the correct result.  The file
I was querying is attached to this email, and should in all cases return a sequence number
of zero.

Questions:
1.  Could someone please take a look at the code for the tcp_sequence and see if I did something
wrong, or if the offset is not being calculated correctly
2.  I’m trying to figure out the offsets for the various TCP flags.   I would think that
the offset should be PacketConstants.ETHER_HEADER_LENGTH + getIPHeaderLength() +13 to get
the word that has the flags and then from there, access the individual bits.  However, this
doesn’t seem to work.  What am I missing?
Thanks and Happy New Year!
- C

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message