How to check if flag in TCP struct is set?

Question

I'm using the pcap C library to read packets. Currently, I use the following to check and see whether a flag in the struct tcphdr (this struct is defined in the netinet/tcp.h library) is set:

struct tcphdr *tcp = ....

if(tcp->th_flags & TH_SYN) {
        //SYN FLAG IS SET?
    }

Will this always work for checking if a particular flag is set in the struct? Or is there a better way? Would greatly appreciate any advice/tips :)

For those confused by the `u_int16_t syn:1;` notation in the definition for `tcphdr`, see [here](https://stackoverflow.com/questions/3186008/in-c-what-does-a-colon-mean-inside-a-declaration) — Kyle, Aug 20 '19 at 15:38

score 2 · Accepted Answer · answered Feb 14 '16 at 04:14

2

That looks fine to me. TH_SYN is a single bit, so that expression will be true (nonzero) if that bit is set in th_flags.

answered Feb 14 '16 at 04:14

Andy Schweig

6,597
2
16
22

Conversely, if I wish to check that say one of the flags is set but the other isn't, will the following work: if( (tcp->th_flags & TH_SYN) && !(tcp->th_flags & TH_ACK)) ? – The Legendary Programmer Feb 14 '16 at 04:18
Yes, or you could use if ((tcp->th_flags & (TH_SYN | TH_ACK)) == TH_SYN) – Andy Schweig Feb 14 '16 at 04:29

How to check if flag in TCP struct is set?

1 Answers1

Linked

Related