Home    Product home page    Download    Order
Contents
Introduction
PSSDK basics
BPF programming
HNPSManager
HNAdapter
HNFileAdapter
HNAdapterConfig
HNUserFilter
HNPacket
HNQueue
HNTcpManager
Properties
Methods
Events
Wrappers
HNTcpSession
HNLBAdapter
HNLBSession
HNLBHosts
Structures
Constants enumerations
Events
RFC
WinPCap to PSSDK migration module
Error codes
FAQ
Packet Sniffer SDK DLL Edition

HNTcpManager

 Previous Next

HNTcpManager component is intended to control the process of TCP sessions reconstruction from captured traffic.

HNTcpManager functions:

  • filtering out TCP packets from the whole traffic;
  • checking TCP packets for correctness;
  • tracking the events of creating and closing TCP session;
  • tracking data transmission in TCP session;
  • assemling TCP sessions data flows;
  • creating HNTcpSession objects. With the help of these objects the application can get access to the properties and data of each TCP session found by the component.
Please do not use in HNTcpManager component HNPacket objects received directly from HNAdapter object in its HNAdapter.OnPacketReceive handler!

Such HNPacket objects can exist only in HNAdapter.OnPacketReceive handler, and their contents exist in this event handler context only.

Contents of such objects will be changed on receiving of a next packet.

We suggest you use only HNPacket objects, which have been created by PktCreate function or HNQueue component.

You also have to keep in mind that TCP protocol allows data transmission desequencing (RFC 793), that is why during the process of asssembling TCP session HNTcpManager component may cause a delay in the processing of a certain TCP packet. Consequently it is possible that a packet, that has been transmited in TcpMgrProcessPacket function for processing, may become accessible for further use in OnPacketReturn only after a while.

If you want to assemble TCP sessions in real time, we highly recommend you to use HNTcpManager with HNQueue for higher productivity instead of working with HNAdapter directly.

In such a case:

  1. You do not have to create your own repository for captured packets, since this has already been done in HNQueue;
  2. Since packets belonging to one and the same TCP session may be captured in the order different from the order of packets in a session, then they must be in memory together for their collating. When a new packet arrives in HNQueue for sessions reconstruction it should be transfered to HNTcpManager object;
  3. HNTcpManager sorts out packets for correct further session reconstruction and fires OnServerData and OnClientData events. After having put a packet in "the right place" of TCP session HNTcpManager fires OnPacketReturn event. It will inform you that the packet has been processed and HNTcpManager object does not need it any longer. In this event handler on using a queue it is necessary to return the packet to it.
// Create HNAdapter, HNQueue, and HNTcpManager objects:
HANDLE hAdp    = AdpCreate();
HANDLE hQue    = QueCreate();
HANDLE hTcpMgr = TcpMgrCreate();

// Set objects properties:
QueSetMaxPacketSize(hQue, 1514);
QueSetItemsCount(hQue, 2000;

// Allocate memory for queue items:
QueAllocItems();

// Bind HNAdapter with HNQueue:
AdpSetReceiveQueue(hQue);
AdpOpenAdapter();

...
// In HNQueue.OnPacketReceive event transfer received
// packet to HNTcpManager object:
TcpMgrProcessPacket(hPacket);

...
// In HNTcpManager.OnPacketReturn event return
// processed packet to the queue:
QueReturnFreeItem(hPacket);

To handle different events in assembled TCP sessions use the following HNTcpManager properties: OnSessionCreate, OnSessionDelete, OnSessionConnect, OnServerData, OnClientData.

For further processing of assembled sessions use HNTcpSession component.

If it is necessary to assemble sessions out of TCP packets received previously, then you have to create HNPacket object for each TCP packet, assign the contents of the packet (see PktCreate) and send this object to HNTcpManager object for its processing. A separate HNPacket object for each packet is necessary because of the possibility of unordered captured packets storing in your repository. HNPacket objects should be deleted in HNTcpManager.OnPacketReturn event handler only.

For more details on HNTcpManager event handlers creating and working with HNTcpSession object, please see Examples.

Particularly, we would like to draw your attention to the problem of unclosed sessions deleting and releasing resources, occupied by packets of such sessions. In most cases the releasing of such resources is executed after some time, i.e. time-out for TCP-sessions is introduced. In HNTcpManager component TcpMgrResetOnTimeOut function is implemented to solve this problem. Since HNTcpManager does not have its own thread, then it is the task of a programmer to make recurring TcpMgrResetOnTimeOut calls.

In the current PSSDK version there are some restrictions:

- Traffic can be processed only from Ethernet adapters, HNPacket object MediumType property must be set in atEthernet;
- Only IPv4 is supported;
- IP fragmentation is not supported.

Properties:

Methods:

Events:

Previous Next