u_tcppacket.pas

linux program to read packet data

(*
 * One Way Network Sniffer (OWNS)
 * Copyright (C) 2001-2002 OWNS
 *
 * http://owns.sourceforge.net/
 * http://www.owns.st
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *)

(*
 * $Id: u_TCPPacket.pas,v 1.3 2001/08/10 11:00:16 owns Exp $
 * represents a TCP packet
 *)

unit u_TCPPacket;
interface
uses //windows,
     u_IpPacket,u_EThernetFrame;

const
TCP_FLAG_FIN =	$01;
TCP_FLAG_SYN =	$02;
TCP_FLAG_RST =	$04;
TCP_FLAG_PSH =	$08;
TCP_FLAG_ACK =	$10;
TCP_FLAG_URG =	$20;

type
TCP_RHDR = packed record
  Source:        array[0..1] of Byte; //Source Port
  Destination:   array[0..1] of Byte; //Destination Port
  Seq:           array[0..3] of Byte;
  Ack:           array[0..3] of Byte;
  Rsvd0_Off:     Byte;
  Flags_Rsvd1:   Byte;
  Window:        array[0..1] of Byte;
  Checksum:      array[0..1] of Byte;
  UrgPoint:      array[0..1] of Byte;
  Data:          array[0..0] of Byte;
end;
PTCP_RHDR = ^TCP_RHDR;

  TTCPPacket = class(TIPPacket)
  private
    FTCPHdr: PTCP_RHDR;

    function getTCPSourcePort : Word;
    function getTCPDestPort : Word;
    function getTCPSeq : Cardinal;
    function getTCPAck : Cardinal;
    function getTCPFlag : Word;
    function getTCPData : PCHar;
    function getTCPDataLength : Word;
    function getKeySrc : Int64;
    function getKeyDest : Int64;
    function getHashValue : Int64;
  public
    constructor Create(uBuffer: PChar); override;
    destructor Destroy; override;

    property TCPHeader: PTCP_RHDR read FTCPHdr;


    property TCPSourcePort: Word read getTCPSourcePort;
    property TCPDestPort: Word read getTCPDestPort;
    property TCPSeqNum: Cardinal read getTCPSeq;
    property TCPAckNum: Cardinal read getTCPAck;
    property TCPFlag: Word read getTCPFlag;
    property TCPData : PChar read getTCPData;
    property TCPDataLength : Word read getTCPDataLength;
    property KeySrc : Int64 read getKeySrc;
    property KeyDest : Int64 read getKeyDest;
    property HashValue : Int64 read getHashValue;
  end;

function TCPFlagToStr(p_Flag : Word) : String;

implementation

function TCPFlagToStr(p_Flag : Word) : String;
begin
  result := '';
  if (p_Flag and TCP_FLAG_FIN <> 0) then result := result+'FIN ';
  if (p_Flag and TCP_FLAG_SYN <> 0) then result := result+'SYN ';
  if (p_Flag and TCP_FLAG_RST <> 0) then result := result+'RST ';
  if (p_Flag and TCP_FLAG_PSH <> 0) then result := result+'PSH ';
  if (p_Flag and TCP_FLAG_ACK <> 0) then result := result+'ACK ';
  if (p_Flag and TCP_FLAG_URG <> 0) then result := result+'URG ';
end;

constructor TTCPPacket.Create(uBuffer: PChar);

begin
  inherited Create(uBuffer);
  FTCPHdr := PTCP_RHDR(IPData);
end;

function TTCPPacket.getTCPSourcePort : Word;
begin
  result := TOUSHORT(@(FTCPHdr^.Source[0]));
end;

function TTCPPacket.getTCPDestPort : Word;
begin
  result := TOUSHORT(@(FTCPHdr^.Destination[0]));
end;

function TTCPPacket.getTCPSeq : Cardinal;
begin
  result := TOULONG(@(FTCPHdr^.Seq[0]));
end;

function TTCPPacket.getTCPAck : Cardinal;
begin
  result := TOULONG(@(FTCPHdr^.Ack[0]));
end;

function TTCPPacket.getTCPFlag : Word;
begin
  result := FTCPHdr^.Flags_Rsvd1 and $3F;
end;

function TTCPPacket.getTCPData : PCHar;
var
  l_TCPHdrLength : Word;
begin
  l_TCPHdrLength := (FTCPHdr^.Rsvd0_Off shr 4)*4;
  result := @(IPData[l_TCPHdrLength]);
end;

function TTCPPacket.getTCPDataLength : Word;
var
  l_TCPHdrLength : Word;
begin
  l_TCPHdrLength := (FTCPHdr^.Rsvd0_Off shr 4)*4;
  result := IPDataLength-l_TCPHdrLength;
end;

destructor TTCPPacket.Destroy;
begin
  inherited Destroy;
end;

// give an Int64 that identifies the sender
// a connection is represented by its KeySrc and KeyDest
function TTCPPacket.getKeySrc : Int64;
begin
  // 8.8.8.8.16 bits
  result := TCPSourcePort+Int64(IPSourceAddr[3]) shl 16 +
                          Int64(IPSourceAddr[2]) shl 24 +
                          Int64(IPSourceAddr[1]) shl 32 +
                          Int64(IPSourceAddr[0]) shl 40;
end;

// give an Int64 that identifies the receiver
function TTCPPacket.getKeyDest : Int64;
begin
  // 8.8.8.8.16 bits
  result := TCPDestPort+Int64(IPDestAddr[3]) shl 16 +
                     Int64(IPDestAddr[2]) shl 24 +
                     Int64(IPDestAddr[1]) shl 32 +
                     Int64(IPDestAddr[0]) shl 40;
end;

// two objects with the same hash value do no necessarily represents the same
// connection
// if this function is modified, don't forget to modify TConnectionTCP too !
function TTCPPacket.getHashValue : Int64;
begin
  result := KeyDest;
end;


end.