FireBall
asked on
Simple byte to uint question
Hello ,
I am trying to read an hex part as given below i am hitting firs 08 with if it is ok than getting the size with 0a -> 10 it is also ok but i couldnot get into a variable .
I am trying to read an hex part as given below i am hitting firs 08 with if it is ok than getting the size with 0a -> 10 it is also ok but i couldnot get into a variable .
08 0a 59 97 a9 ef 07 29 c3 28
if (kind == 8) {
p++;
uint8_t size = *p;
p++;
TS=(*(uint32_t *)p)
//printk(KERN_ERR "4. TS %d ",(*(uint32_t *)p));
p += (size-2);
}
ASKER
so how should i read it
your code already did it rightly and the integer you were lookin for is in TS.
here is my test code
Sara
here is my test code
unsigned char b8[8] = { 0x59, 0x97, 0xa9, 0xef, 0x07, 0x29, 0xc3, 0x28 };
unsigned int ui = (*(unsigned int *)&b8[0]);
int l = (*(int *)&b8[0]);
i got the integer values by using the debugger. you also could use printf("%d %u", TS, TS); to get the integer values. however, as i told this byte sequence doesn't look like as if it was a valid integer.Sara
ASKER
The value is stored in the p ; how should i read it from p and append into the char b8 as this :
unsigned char b8[8] = { 0x59, 0x97, 0xa9, 0xef, 0x07, 0x29, 0xc3, 0x28 };
unsigned char b8[8] = { 0x59, 0x97, 0xa9, 0xef, 0x07, 0x29, 0xc3, 0x28 };
the p is pointing to the first byte same as the pointer &b[0] is pointing to the first byte in my sample code. simply exchange &b[0] by p and you get the unsigned integer in ui and the signed integer in l.
Sara
Sara
ASKER
I tryed that but it locked the kernel :)
unsigned char b8[8] ;//unsigned char b8[8] = { 0x59, 0x97, 0xa9, 0xef, 0x07, 0x29, 0xc3, 0x28 };
int a =0;
while(a<size){
b8[a]=p;
p++;
a++;
}
unsigned int ui = (*(unsigned int *)&b8[0]);
int l = (*(int *)&b8[0]);
printk(KERN_ERR "4. TS %d ",l);
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This are the timestamp values in a TCP packet ;
http://www.networksorcery.com/enp/protocol/tcp/option008.htm
It must be the unix timestamp value :(
Result like this :
http://www.networksorcery.com/enp/protocol/tcp/option008.htm
It must be the unix timestamp value :(
Result like this :
[ 577.075516] 4. l= -975534336 ui =
[ 577.209237] 4. l= -421886208 ui =
[ 577.657528] 4. l= 1457227520 ui =
[ 578.029184] 4. l= -1277458688 ui =
[ 578.075247] 4. l= -1076132096 ui =
[ 578.209109] 4. l= -522483968 ui =
[ 578.382220] 4. l= 199001856 ui =
[ 579.029096] 4. l= -1378056448 ui =
[ 579.382120] 4. l= 98404096 ui =
[ 579.638480] 4. l= 1256032000 ui =
[ 580.079313] 4. l= -1260550400 ui =
[ 580.213328] 4. l= -706902272 ui =
[ 580.638660] 4. l= 1155434240 ui =
[ 581.032997] 4. l= -1562474752 ui =
ASKER
I think it needs to be splited into 2 part :(
TCP Timestamps Option (TSopt):
Kind: 8
Length: 10 bytes
+-------+-------+---------------------+---------------------+
|Kind=8 | 10 | TS Value (TSval) |TS Echo Reply (TSecr)|
+-------+-------+---------------------+---------------------+
1 1 4 4
The Timestamps option carries two four-byte timestamp fields.
The Timestamp Value field (TSval) contains the current value of
the timestamp clock of the TCP sending the option.
The Timestamp Echo Reply field (TSecr) is only valid if the ACK
bit is set in the TCP header; if it is valid, it echos a times-
tamp value that was sent by the remote TCP in the TSval field
of a Timestamps option. When TSecr is not valid, its value
must be zero. The TSecr value will generally be from the most
recent Timestamp option that was received; however, there are
exceptions that are explained below.
ASKER
It seems ok like this i thik , but the dates are so strange :D
[ 1341.648602] 4. TS1= 1824885248 TS2 = 0
[ 1343.652446] 4. TS1= 1640466944 TS2 = 0
[ 1344.650826] 4. TS1= 1523091968 TS2 = 0
[ 1345.650794] 4. TS1= 1422494208 TS2 = 0
unsigned int TS1 = (*(uint32_t *)p);
p+=4;
unsigned int TS2 = (*(uint32_t *)p);
p+=4;
printk(KERN_ERR "4. TS1= %u TS2 = %u",TS1, TS2);
should be
in my sample code.
for the timestamp it might be easier using a structure:
Sara
printk(KERN_ERR "4. l= %d ui = %u",l, ui);
in my sample code.
for the timestamp it might be easier using a structure:
typedef struct TS10
{
unsigned char kind;
unsigned char sizeTS;
unsigned int TSVal;
unsigned int TSSec;
} TS10;
...
if (kind == 8)
{
TS10 * pts = (TS10 *)p;
printk("TSVal=%u TSSec=%u", pts->TSVal, pts->TSSec);
p+=10;
}
note, you also could use the timestamp structure supplied by your compiler.Sara
ASKER
You are giving me vision :) thank you so so so so much
Results are correct but there is sth. different in RFC
https://www.ietf.org/rfc/rfc1323.txt
i will check detailed to correct TS thank you tooooooo mcuh
Results are correct but there is sth. different in RFC
https://www.ietf.org/rfc/rfc1323.txt
i will check detailed to correct TS thank you tooooooo mcuh
the TSVal is the clock value of the sender. clock - normally - is the number of milliseconds since system start. so it might be an odd number and pretty high if the server run for some days without reboot. note, after 2^(32-1) what is more than 4 billion, there is an integer overflow and the clock would restart by 0.
even with that overflow you could use the clock value to determine how much time has expired between two requests from same ip if you would store the last TSVal in the struct IP4Count.
Sara
even with that overflow you could use the clock value to determine how much time has expired between two requests from same ip if you would store the last TSVal in the struct IP4Count.
Sara
ASKER
Dear sara
please check out this question too for create array :
https://www.experts-exchange.com/questions/29053123/Strcut-Map-in-c.html
please check out this question too for create array :
https://www.experts-exchange.com/questions/29053123/Strcut-Map-in-c.html
the variable TS contains the unsigned long integer which is 4020868953 decimal from bytes 59 97 a9 ef 07 29 c3 28.
actually it is rather a big number which looks more like a pointer or handle rather than an integer. even interpreted as a signed integer it is -274098343 what also doesn't look to be a valid number.
Sara