Browse Source

Import upstream version 2.3.3

Aaron Turner 16 years ago
parent
commit
564129c502
100 changed files with 36813 additions and 1393 deletions
  1. 0 14
      CHANGES
  2. 0 20
      CREDITS
  3. 0 15
      CVS/Entries
  4. 0 1
      CVS/Repository
  5. 0 1
      CVS/Root
  6. 2 0
      Docs/.svn/README.txt
  7. 5 0
      Docs/.svn/dir-wcprops
  8. 0 0
      Docs/.svn/empty-file
  9. 104 0
      Docs/.svn/entries
  10. 1 0
      Docs/.svn/format
  11. 9 0
      Docs/.svn/prop-base/CHANGELOG.svn-base
  12. 9 0
      Docs/.svn/prop-base/CREDIT.svn-base
  13. 9 0
      Docs/.svn/prop-base/FAQ.lyx.svn-base
  14. 9 0
      Docs/.svn/prop-base/HACKING.svn-base
  15. 9 0
      Docs/.svn/prop-base/INSTALL.svn-base
  16. 9 0
      Docs/.svn/prop-base/LICENSE.svn-base
  17. 9 0
      Docs/.svn/prop-base/Makefile.svn-base
  18. 9 0
      Docs/.svn/prop-base/TODO.svn-base
  19. 5 0
      Docs/.svn/prop-base/flowheader.fig.svn-base
  20. 9 0
      Docs/.svn/prop-base/flowreplay.lyx.svn-base
  21. 9 0
      Docs/.svn/props/CHANGELOG.svn-work
  22. 9 0
      Docs/.svn/props/CREDIT.svn-work
  23. 9 0
      Docs/.svn/props/FAQ.lyx.svn-work
  24. 9 0
      Docs/.svn/props/HACKING.svn-work
  25. 9 0
      Docs/.svn/props/INSTALL.svn-work
  26. 9 0
      Docs/.svn/props/LICENSE.svn-work
  27. 9 0
      Docs/.svn/props/Makefile.svn-work
  28. 9 0
      Docs/.svn/props/TODO.svn-work
  29. 5 0
      Docs/.svn/props/flowheader.fig.svn-work
  30. 9 0
      Docs/.svn/props/flowreplay.lyx.svn-work
  31. 277 0
      Docs/.svn/text-base/CHANGELOG.svn-base
  32. 33 0
      Docs/.svn/text-base/CREDIT.svn-base
  33. 2277 0
      Docs/.svn/text-base/FAQ.lyx.svn-base
  34. 122 0
      Docs/.svn/text-base/HACKING.svn-base
  35. 24 0
      Docs/.svn/text-base/INSTALL.svn-base
  36. 32 0
      Docs/.svn/text-base/LICENSE.svn-base
  37. 40 0
      Docs/.svn/text-base/Makefile.svn-base
  38. 47 0
      Docs/.svn/text-base/TODO.svn-base
  39. 92 0
      Docs/.svn/text-base/flowheader.fig.svn-base
  40. 1125 0
      Docs/.svn/text-base/flowreplay.lyx.svn-base
  41. 5 0
      Docs/.svn/wcprops/CHANGELOG.svn-work
  42. 5 0
      Docs/.svn/wcprops/CREDIT.svn-work
  43. 5 0
      Docs/.svn/wcprops/FAQ.lyx.svn-work
  44. 5 0
      Docs/.svn/wcprops/HACKING.svn-work
  45. 5 0
      Docs/.svn/wcprops/INSTALL.svn-work
  46. 5 0
      Docs/.svn/wcprops/LICENSE.svn-work
  47. 5 0
      Docs/.svn/wcprops/Makefile.svn-work
  48. 5 0
      Docs/.svn/wcprops/TODO.svn-work
  49. 5 0
      Docs/.svn/wcprops/flowheader.fig.svn-work
  50. 5 0
      Docs/.svn/wcprops/flowreplay.lyx.svn-work
  51. 277 0
      Docs/CHANGELOG
  52. 33 0
      Docs/CREDIT
  53. 34 0
      Docs/FAQ.css
  54. BIN
      Docs/FAQ.dvi
  55. 2346 0
      Docs/FAQ.html
  56. 2277 0
      Docs/FAQ.lyx
  57. BIN
      Docs/FAQ.pdf
  58. 2028 0
      Docs/FAQ.ps
  59. 1355 0
      Docs/FAQ.tex
  60. 1499 0
      Docs/FAQ.txt
  61. 122 0
      Docs/HACKING
  62. 24 0
      Docs/INSTALL
  63. 9 6
      LICENSE
  64. 40 0
      Docs/Makefile
  65. 47 0
      Docs/TODO
  66. 9 0
      Docs/WARNINGS
  67. 278 0
      Docs/flowheader.eps
  68. 92 0
      Docs/flowheader.fig
  69. 172 0
      Docs/flowreplay.css
  70. BIN
      Docs/flowreplay.dvi
  71. 664 0
      Docs/flowreplay.html
  72. 1125 0
      Docs/flowreplay.lyx
  73. BIN
      Docs/flowreplay.pdf
  74. 1224 0
      Docs/flowreplay.ps
  75. 520 0
      Docs/flowreplay.tex
  76. 498 0
      Docs/flowreplay.txt
  77. 5 0
      Docs/images.aux
  78. 234 0
      Docs/images.log
  79. 12 0
      Docs/images.pl
  80. 193 0
      Docs/images.tex
  81. BIN
      Docs/img1.png
  82. 664 0
      Docs/index.html
  83. 13 0
      Docs/labels.pl
  84. 0 45
      INSTALL
  85. 125 35
      Makefile.in
  86. 1 54
      README
  87. 0 1
      VERSION
  88. 108 0
      aclocal.m4
  89. 375 0
      cache.c
  90. 103 0
      cache.h
  91. 152 0
      capinfo.c
  92. 46 0
      capinfo.h
  93. 504 0
      cidr.c
  94. 63 0
      cidr.h
  95. 1354 0
      config.guess
  96. 63 9
      config.h.in
  97. 1460 0
      config.sub
  98. 11731 1177
      configure
  99. 531 15
      configure.in
  100. 0 0
      dlt.h

+ 0 - 14
CHANGES

@@ -1,14 +0,0 @@
-$Id: CHANGES,v 1.3 1999/05/19 20:05:01 dugsong Exp $
-
-v1.0.1 Wed May 19 16:03:38 EDT 1999
-
-- Added Solaris support.
-
-v1.0 Thu May 13 11:05:04 EDT 1999
-
-- Public release.
-
-v0.1b Wed May  5 10:06:07 EDT 1999
-
-- Initial release.
-

+ 0 - 20
CREDITS

@@ -1,20 +0,0 @@
-
-Tcpreplay author:
-
-   Matt Undy <mundy@anzen.com>
-
-Tcpreplay includes code from libnet and libpcap:
-
-   LBNL Network Research Group <libpcap@ee.lbl.gov>
-   ftp://ftp.ee.lbl.gov/libpcap.tar.Z
-
-   Mike D. Schiffman <mike@infonexus.com>
-   route|daemon9 <route@infonexus.com>
-   http://www.packetfactory.net/libnet
-
-Additional contributors:
-
-   None so far!
-
----
-$Id: CREDITS,v 1.2 1999/05/13 15:02:10 dugsong Exp $

+ 0 - 15
CVS/Entries

@@ -1,15 +0,0 @@
-/CREDITS/1.2/Thu May 13 15:02:10 1999//
-/INSTALL/1.3/Thu May 13 15:02:10 1999//
-/LICENSE/1.2/Fri Apr 23 20:05:47 1999//
-/Makefile.in/1.5/Wed Apr 21 22:16:41 1999//
-/config.h.in/1.2/Wed Apr 21 22:16:41 1999//
-/install-sh/1.1/Tue Apr 20 19:41:49 1999//
-/tcpreplay.8/1.4/Wed May  5 13:16:55 1999//
-D/Libnet-0.99////
-D/libpcap-0.4////
-/CHANGES/1.3/Wed May 19 20:05:01 1999//
-/README/1.5/Wed May 19 20:05:01 1999//
-/VERSION/1.4/Wed May 19 20:00:42 1999//
-/configure/1.3/Wed May 19 19:55:31 1999//
-/configure.in/1.3/Wed May 19 19:55:28 1999//
-/tcpreplay.c/1.18/Wed May 19 20:00:35 1999//

+ 0 - 1
CVS/Repository

@@ -1 +0,0 @@
-/usr/anzen/src/nidsbench/nidsbench/tcpreplay

+ 0 - 1
CVS/Root

@@ -1 +0,0 @@
-/usr/anzen/src/nidsbench

+ 2 - 0
Docs/.svn/README.txt

@@ -0,0 +1,2 @@
+This is a Subversion working copy administrative directory.
+Visit http://subversion.tigris.org/ for more information.

+ 5 - 0
Docs/.svn/dir-wcprops

@@ -0,0 +1,5 @@
+K 25
+svn:wc:ra_dav:version-url
+V 48
+/svn/!svn/ver/769/tcpreplay/branches/stable/Docs
+END

+ 0 - 0
Docs/.svn/empty-file


+ 104 - 0
Docs/.svn/entries

@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="utf-8"?>
+<wc-entries
+   xmlns="svn:">
+<entry
+   committed-rev="767"
+   name=""
+   committed-date="2004-10-06T12:48:49.445445Z"
+   url="https://www.synfin.net:444/svn/tcpreplay/branches/stable/Docs"
+   last-author="aturner"
+   kind="dir"
+   uuid="0192c630-c6e5-0310-95d6-b430f9ea3712"
+   revision="877"/>
+<entry
+   committed-rev="622"
+   name="flowreplay.lyx"
+   text-time="2004-10-26T17:15:35.000000Z"
+   committed-date="2004-03-25T02:31:50.000000Z"
+   checksum="a786d7d9d39dc58eb5444edc98a79cc4"
+   last-author="aturner"
+   kind="file"
+   prop-time="2004-10-26T17:15:35.000000Z"/>
+<entry
+   committed-rev="578"
+   name="LICENSE"
+   text-time="2004-10-26T17:15:35.000000Z"
+   committed-date="2004-01-31T23:42:15.000000Z"
+   checksum="7dbc88d059f05dedbfa01da04edf1254"
+   last-author="aturner"
+   kind="file"
+   prop-time="2004-10-26T17:15:35.000000Z"/>
+<entry
+   committed-rev="753"
+   name="FAQ.lyx"
+   text-time="2004-10-26T17:15:36.000000Z"
+   committed-date="2004-09-20T21:32:36.000000Z"
+   checksum="5b69933de891d4e94273f89d17d66581"
+   last-author="aturner"
+   kind="file"
+   prop-time="2004-10-26T17:15:36.000000Z"/>
+<entry
+   committed-rev="479"
+   name="flowheader.fig"
+   text-time="2004-10-26T17:15:36.000000Z"
+   committed-date="2003-10-24T03:30:25.000000Z"
+   checksum="8e5e0f5a5ef76f6e7b22d912e0a8e2e8"
+   last-author="aturner"
+   kind="file"
+   prop-time="2004-10-26T17:15:36.000000Z"/>
+<entry
+   committed-rev="767"
+   name="HACKING"
+   text-time="2004-10-26T17:15:36.000000Z"
+   committed-date="2004-10-06T12:48:49.445445Z"
+   checksum="dbf38d3bfd5808e3a8bb4ca8e50ce87a"
+   last-author="aturner"
+   kind="file"
+   prop-time="2004-10-26T17:15:36.000000Z"/>
+<entry
+   committed-rev="720"
+   name="TODO"
+   text-time="2004-10-26T17:15:36.000000Z"
+   committed-date="2004-07-25T23:35:20.000000Z"
+   checksum="cc1965bd0bbd4a23532428611757c82c"
+   last-author="aturner"
+   kind="file"
+   prop-time="2004-10-26T17:15:36.000000Z"/>
+<entry
+   committed-rev="767"
+   name="INSTALL"
+   text-time="2004-10-26T17:15:36.000000Z"
+   committed-date="2004-10-06T12:48:49.445445Z"
+   checksum="ade780bbb32233787211dfd888359228"
+   last-author="aturner"
+   kind="file"
+   prop-time="2004-10-26T17:15:36.000000Z"/>
+<entry
+   committed-rev="1133"
+   name="CHANGELOG"
+   text-time="2005-02-09T01:31:17.000000Z"
+   committed-date="2005-02-09T01:31:16.732097Z"
+   checksum="ef930af2dd1ba2034447acbc50d47b18"
+   last-author="aturner"
+   kind="file"
+   prop-time="2004-10-26T17:15:36.000000Z"
+   revision="1133"/>
+<entry
+   committed-rev="767"
+   name="CREDIT"
+   text-time="2004-10-26T17:15:36.000000Z"
+   committed-date="2004-10-06T12:48:49.445445Z"
+   checksum="0214c3ee73a86b847cf8e43e39481160"
+   last-author="aturner"
+   kind="file"
+   prop-time="2004-10-26T17:15:36.000000Z"/>
+<entry
+   committed-rev="619"
+   name="Makefile"
+   text-time="2004-10-26T17:15:36.000000Z"
+   committed-date="2004-03-25T00:58:20.000000Z"
+   checksum="849ee017ce47422f81ccb0165f858541"
+   last-author="aturner"
+   kind="file"
+   prop-time="2004-10-26T17:15:36.000000Z"/>
+</wc-entries>

+ 1 - 0
Docs/.svn/format

@@ -0,0 +1 @@
+4

+ 9 - 0
Docs/.svn/prop-base/CHANGELOG.svn-base

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/prop-base/CREDIT.svn-base

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/prop-base/FAQ.lyx.svn-base

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/prop-base/HACKING.svn-base

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/prop-base/INSTALL.svn-base

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/prop-base/LICENSE.svn-base

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/prop-base/Makefile.svn-base

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/prop-base/TODO.svn-base

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 5 - 0
Docs/.svn/prop-base/flowheader.fig.svn-base

@@ -0,0 +1,5 @@
+K 13
+svn:mime-type
+V 24
+application/octet-stream
+END

+ 9 - 0
Docs/.svn/prop-base/flowreplay.lyx.svn-base

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/props/CHANGELOG.svn-work

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/props/CREDIT.svn-work

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/props/FAQ.lyx.svn-work

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/props/HACKING.svn-work

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/props/INSTALL.svn-work

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/props/LICENSE.svn-work

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/props/Makefile.svn-work

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 9 - 0
Docs/.svn/props/TODO.svn-work

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 5 - 0
Docs/.svn/props/flowheader.fig.svn-work

@@ -0,0 +1,5 @@
+K 13
+svn:mime-type
+V 24
+application/octet-stream
+END

+ 9 - 0
Docs/.svn/props/flowreplay.lyx.svn-work

@@ -0,0 +1,9 @@
+K 12
+svn:keywords
+V 23
+author date id revision
+K 13
+svn:eol-style
+V 6
+native
+END

+ 277 - 0
Docs/.svn/text-base/CHANGELOG.svn-base

@@ -0,0 +1,277 @@
+$Id$
+
+02/09/2005: Version 2.3.3
+    - Fix port rewriting feature on little-endian systems
+    - configure now properly handles --with-libnet and --with-libpcap
+
+11/08/2004: Version 2.3.2
+    - When sending via -1, report which interface the packet will exit
+    - Fix bug when caplen > packet len
+    - Allow rewriting of Layer 2 via -2 for Cisco HDLC (DLT_CHDLC)
+
+09/19/2004: Version 2.3.1
+    - Fix bug with fakepcap.c which appeared on systems using an older
+      version of libpcap (such as Red Hat 9.0)
+    - Don't die when setting STDERR to non-blocking
+
+09/05/2004: Version 2.3.0
+    - Fix longstanding endian bug in cache files on little endian systems
+      (note that this breaks compatibility w/ existing cache files created
+      on little endian systems)
+    - Add support to tcpreplay and tcpprep for DLT_CHDLC (Cisco HDLC)
+    - Clean up validate_l2() and rewrite_l2()
+    - Write a simple perl script to parse net/bpf.h of DLT values
+    - Teach everything the names of all the current DLT values
+    - Detect if libpcap supports pcap_datalink_val_to_description()
+    - Start printing datalink descriptions instead of DLT values
+    - Remove magic numbers from tcpreplay.c
+    - Add a HACKING document
+
+06/21/2004: Version 2.2.2
+    - tcpprep now supports DLT_RAW and DLT_LINUX_SLL
+    - add makefile target for website docs (FAQ.html, FAQ.pdf, CHANGELOG)
+    - Fix some sanity checks in tcpreplay for processing various DLT types
+      in validate_l2()
+    - Fix -x & -X
+    - Merge in patch from Denis which rewrites TCP/UDP ports via -4
+    - Fix rewrite of source MAC address in single interface mode (bug #975848)
+
+05/16/2004: Version 2.2.1
+    - Fix compile issue under RH9
+    - Fix compile issue when not using --with-debug
+
+05/15/2004: Version 2.2.0
+    - Fix pseudo-NAT (not evaluating all rules and an infinate loop)
+    - Start using strtok_r() in any function to prevent future bugs
+    - Minor updates to tcpprep.1 & tcpreplay.8 man pages
+    - Re-org some functions into different files for better modularity
+    - Clean up of some of the cache comment code
+    - flowreplay man page moved to section 1
+    - Update tcpprep and tcpreplay man pages and the FAQ
+    - Improve documentation regarding pseudo-NAT feature
+    - Fix one output mode which treated all packets as primary
+    - Add endpoint mode (-e) which rewrites all traffic between two IP's
+    - Fix rewrite of IP addresses in ARP requests & replies w/ pseudo-NAT
+    - Fix CIDR matching of 0.0.0.0/0 (all packets) which matched only 
+      255.255.255.255
+    - All CIDR notation now accepts IP addresses w/o requiring /32
+    - non-debug mode now uses -O3 -funroll-loops for better performance
+
+05/01/2004: Version 2.1.1
+    - Fix ntohll/htonll compile error on big endian systems
+
+04/23/2004: Version 2.1.0
+    - Add support for per output interface/file NAT tables 
+    - Add support for using dual output features w/ a single output
+    - Add support to tcpprep for splitting via destination port
+    - Now fully 64bit when tracking number of packets
+    - Fix a bug where sometimes the last few packets are not sent when using
+      a tcpprep cache file
+    - Some code refactorization/cleanup
+    - tcpprep cache files now support user comments
+    - Fix bug where regex optimization was turned always turned off
+
+03/24/2004: Version 2.0.3
+    - Add support for rewriting src mac & Linux SLL loopback frames
+    - Update FAQ
+
+02/25/2004: Version 2.0.2
+    - Fix compile issue in edit_packet.c on strict aligned archs
+
+02/03/2004: Version 2.0.1
+    - Re-organize FAQ and add more content
+    - Add support for "pseudo NAT" (-N) for ARP and IPv4
+    - Code optimization to only run the checksum fixer once per packet
+    - Clean up help (-h) a little
+
+02/01/2004: Version 2.0.0
+    - Remove libpcapnav requirement
+    - Now support libpcapnav >= 0.4
+    - Add -1 to replay one packet at a time (user must hit <ENTER>)
+    - Add tcpdump packet parsing to print packets as sent (-v)
+    - Place flowreplay manpage in correct location
+    - More FAQ updates
+    - Rename 1.5.x as 2.0
+    - Fix/standardize all licensing info.  Still BSD of course.
+    - -T now forces -F
+    - tcpprep now actually accepts -n (client|server)
+    - Update the INSTALL doc
+    - Remove the Docs/README... the FAQ has replaced it.
+
+12/10/2003: Version 1.5.alpha6
+    - Add BPF filter support to tcpprep and tcpreplay (-x F:"filter")
+    - Update the FAQ
+    - Add two new auto modes to tcpprep (client and server)
+    - Make clean no longer wipes out the compiled documentation in Docs
+    - Add support for replaying live traffic
+    - Add bridge mode
+    - Add -L to limit the total number of packets to send
+
+11/03/2003: Version 1.5.alpha5
+    - Add -T to truncate packets > MTU so they can be sent
+    - Now fixes ICMP checksums as appropriate
+    - Updated FAQ
+    - Updated flowreplay design doc
+    - Merge packetrate code from 1.4.5
+    - Fix compile issues under Libnet 1.1.1
+    - --with-debug now enables debuging during 'make test'
+    - Fix various Solaris compatibility bugs
+    - Add data dump mode which dumps layer 7 data to the file (-D)
+    - Now requires libpcapnav
+    - Allow to jump X bytes into the pcap and start replaying packets (-o)
+    - Can now split traffic/data into files (-w & -W)
+
+07/16/2003: Version 1.5.alpha4
+    - Split do_packets.c & do_packets() -> edit_packet.c & rewrite_l2()
+    - Don't die when packet > MTU, just skip
+    - Fix a ptr bug in do_packets() w/ the ethernet header
+    - Merge Ctrl-C fix from 1.4.4 for libnet_adv_write_link() 
+        in do_packets.c
+    - Rewrite flowreplay design document
+    - Fix an integer overflow in packet_stats() in tcpreplay.c
+    - tcpreplay's -2 now accepts a hex string rather then a filename
+    - tcpreplay now can output to a file (-w <file>)
+    - fix bug in checksum fixer
+    - Add support for files > 2GB
+
+06/06/2003: Version 1.5.alpha3
+    - Add support for Linux Cooked Sockets (SLL) format rewriting
+    - Added a flowreplay design doc in Docs/
+    - A lot more work on flowreplay
+    - Start work on read-ahead buffering of packets in flowreplay        
+    - Add support for specifying MTU.
+    - Update tcpreplay man page
+    - Fix compile of do_packets() under OpenBSD
+    - configure now checks for libpcap >= 0.6 (required for SLL)
+
+
+05/29/2003: Version 1.5.alpha2
+    - Add -F to force checksum fixing
+    - Fix packet corruption when not using -2
+    - Improve timerdiv() code
+    - Port from libredblack to OpenBSD RB_*
+    - Add flowreplay application
+    - Fix a bunch of compiler warnings about miss-matched sign
+    - IP & layer 4 checksums now work when IP options exist (tcpreplay)
+    - Updated FAQ
+    - Fix spec file
+
+05/07/2003: Version 1.5.alpha1
+    - Add layer2 rewriting
+
+05/07/2002: Branch 1.4.x tree
+
+05/04/2003: Version 1.4.beta5
+    - Fixed a one-off bug when replaying tcpprep cache files
+    - Fixed a small reporting bug in tcpprep
+
+05/02/2003: Version 1.4.beta4
+    - significantly improved timing accuracy between packets
+    - fix bug with writing only about 1/2 of cache data which caused
+        tcpreplay to bitch
+    - updated 'make test' standard cache files
+    - improved alignment of cache header (20bytes vs 17bytes)
+
+04/30/2003: Version 1.4.beta3
+    - Specifying a list of packets to include/exclude now works (-x/X P:)
+    - Minor code cleanups (better error messages, etc)
+    - Add -p option to pause a given number of sec/usec between each packet
+    - Ported tcpprep to libpcap
+    - Increase final report resolution to two sig digits
+    - Switch to err.h that we ship rather then system provided err.h
+    - Don't reset timer each time we open a file for reading
+    - fix --mandir option for ./configure
+    - fix SIGSEGV in tcpprep
+    - Add SIGUSR1 and SIGCONT signal support to tcpreplay
+    - Updated tcpreplay man pages
+    - Remove need for math.h/libm
+
+01/07/2003: Version 1.4.beta2
+    - Major updates to configure script
+    - Remove unneeded memcpy() for non-strict aligned architectures
+        for added performance boost
+    - Switch to libpcap for reading packets
+    - Fix portability issues with tcpprep cache files
+
+12/23/2002: Version 1.4.beta1
+    - Remove libnet 1.0 support
+    - Start a quality FAQ for all programs
+    - Add support for detecting libpcap in autoconf
+    - Add pcapmerge to makefile and port to non-BSD OS's
+    - Write pcapmerge manpage
+    - Variety of small configure/makefile improvements
+
+12/13/2002: Version 1.3.0
+    - Re-release 1.3.beta6 as 1.3.0
+
+11/22/2002: Version 1.3.beta6
+    - Improve cross platform compatibility of test subsystem
+    - Fix bug in Makefile which caused possible failures of clean/distclean
+    - Fix bug with CCFLAGS when using --with-debug
+    - Fix bug with -x/-X which would drop/send all packets in certain 
+        conditions
+    - Update libredblack to 1.2 (latest)
+    - Add support for OSX
+    - Add --with-testnic and --with-testnic2 to allow end user to specify
+        specific network cards to be used for 'make test'
+    - Fixes SIGBUS errors on SPARC
+
+11/08/2002: Version 1.3-beta5
+    - Add testing subsystem
+    - Fix segfault when we don't send a packet
+    - Improve debug output support in dbg()
+
+10/21/2002: Version 1.3-beta4
+    - Updated tcpprep man page with -x and -X options
+    - Now supports (again) the include/exclude options in the config file
+    - Fixed -x|-X sanity check in tcpprep/tcpreplay
+
+10/13/2002: Version 1.3-beta3
+    - Fix compile of list.c under FreeBSD 4.7 and others
+    - Add -x|-X to tcpprep
+    - Modify cache file format to be 2 bits/packet to allow caching of
+        -x|-X args (dropping packets)
+    - Modularize some more code
+
+10/08/2002: Version 1.3-beta2
+    - Fix ./configure bug w/ INET_ATON and INET_ADDR
+    - Add support for filtering packets to send based on
+        IP address or packet number (-x & -X)
+    - Move a lot of code from tcpreplay.c to do_packets.c
+    - Update tcpreplay man page
+
+10/03/2002: Version 1.3-beta1
+    - Add support for randomizing IP addresses (-s)
+    - Update tcpreplay man page
+    - Fix problem with checksums after untruncate
+
+08/21/2002: Version 1.2a
+    - Fix compile bug in tree.c w/ libnet 1.1
+    - Sync tcpprep version to tcpreplay
+
+08/19/2002: Version 1.2
+    - Configuration files specified via -f
+    - Now requires a recent version of AutoConf (2.53)
+    - Added support for Libnet 1.1.x (requires beta8 or better)
+    - Added -V switch to print version info (tcpprep & tcpreplay)
+    - Added CIDR dual-nic support to tcpreplay. 
+    - Fix for -I in tcpreplay when only using a single NIC.
+    - Remove requirement for libpcap in tcpprep.  We're now
+        100% libpcap independant.
+    - tcpprep now supports snoop files.
+    - Added -u flag to untruncate IP packets (pad/trunc)
+    - Fixed --with-debug configure option
+    - Added RPM .spec file
+    - Added -M flag to ignore martian IP packets
+    - Now auto-detects snoop/pcap files.  Remove -S flag from tcpprep and
+        tcpreplay
+    - tcpprep now detects servers via ICMP port unreachable
+    - Improve usefulness of -h
+    - Rename -I to -v in tcpprep
+
+06/17/2002: Version 1.1
+    - Major rewrite
+    - Support multiple nics
+    - Better control over packet rates
+    - Added support for snoop capture files
+    - Includes tcpprep and capinfo commands

+ 33 - 0
Docs/.svn/text-base/CREDIT.svn-base

@@ -0,0 +1,33 @@
+$Id$ 
+
+Here's a list of people in no particular order who have kindly submitted
+patches or code snippets for me to use in tcpreplay.
+
+Branden Moore <bmoore-at-cse.nd.edu>
+	- Patch to pad truncated packets
+	- Patch to allow specifying a destination MAC w/ only a single NIC
+
+Scott Mace <smace@intt.org>
+	- Patch for tcpreplay to support CIDR mode
+	- Patch for ignoring martian IP packets 
+
+Jeffrey Guttenfelder <guttenfelder@sourceforge.net>
+        - Code for pausing/restarting tcpreplay via signals.
+
+John Carlson
+        - Patch for improved timerdiv() accuracy
+
+Frey Kuo <kero@3sheep.com>
+        - Patch to replace pause option with packets/sec
+
+Seth Robertson (seth at sysd dot com)
+        - Patch to allow replaying of live traffic
+
+Nick Mathewson <nickm@freehaven.net>
+	- Kindly giving me his BSD licensed implimentation of poll()
+	  using select() so I don't have to worry about cross platform
+	  issues.
+          
+Denis McLaughlin <denism@cyberus.ca>
+        - Patch to allow TCP/UDP port translation
+

File diff suppressed because it is too large
+ 2277 - 0
Docs/.svn/text-base/FAQ.lyx.svn-base


+ 122 - 0
Docs/.svn/text-base/HACKING.svn-base

@@ -0,0 +1,122 @@
+$Id$
+
+                          Guide to Hacking Tcpreplay
+
+[Note: Pay attention to the last update date at the top of this file.  If it
+was significantly long ago, this document may be out of date.]
+
+0. Contributing Code
+
+If you contribute code the following will happen:
+    a) You will be given credit in the CREDITS file
+    b) Your code will be licensed under the same license as that of tcpreplay
+    c) You will be assigning your copyright to me
+
+I do this for a simple reason: keep things simple for me.
+
+1. Introduction
+
+If you're reading this to find out how to add a new feature or fix a bug in
+tcpreplay or tcpprep, then you've come to the right place.  This isn't the
+place to find answers regarding how to use tcpreplay, the meaning of life,
+etc.
+
+2. File Layout
+
+The file layout is pretty simple:
+
+/       - Code, header files, autoconf stuff
+/Docs   - Where to find documentation
+/test   - Test scripts and stuff which is used during 'make test'
+/man    - Unix man pages which get copied to $MANPATH
+
+3. Adding support for additional DLTs (Data Link Types)
+
+There are a number of files/functions that need to be touched to add support
+for a new DLT to tcpreplay and tcpprep.  Note that for a patch to be
+accepted, BOTH tcpreplay and tcpprep need to be updated to support the new
+DLT.
+
+3a) dlt.h
+Two things need to be added here:
+    - A structure defining the header
+    - A #define for the length of the header
+
+    example for DLT_CHDLC (Cisco HDLC):
+    
+/* Cisco HDLC has a simple 32 bit header */
+#define CISCO_HDLC_LEN 4
+struct cisco_hdlc_header {
+    u_int16_t address;
+    u_int16_t protocol;
+}
+
+3b) tcpreplay.c
+You will need to edit validate_l2() to process the DLT type as defined by
+pcap-bpf.h which is included with libpcap.  The key here is that tcpreplay
+needs to be able to generate a valid 802.3 ethernet frame.  Basically
+validate_l2() has to make sure that between the existing Layer 2 header (if
+any) and the user supplied arguments (-2, -I, -J, -K and -k) that enough
+information is available.  Generally this means one of:
+    - The DLT already has a valid header
+    - User specified their own complete header via -2
+    - The existing header + user specified MAC addresses are enough
+
+validate_l2() also calcuates the 'maxpacket' which is the maximum size of a
+packet that we can send out of the interface.  Generally this is the length
+of the Layer 2 header + MTU.  You shouldn't need to change anything here.
+
+3c) edit_packet.c
+Next, you'll have to edit rewrite_l2() to add support for rewriting the
+Layer 2 header from your DLT to a standard 802.3 header.  Note that
+do_packets.c will automatically fill out the source/destination MAC address
+if the appropriate flag is used (-I, -J, -K and -k) so there is no need to
+copy those values over here.
+
+3d) tcpprep.c
+Look at process_raw_packets().  Should be painfully obvious what do do here.
+
+3e) dlt_names.h
+Look in dlt_names.h and make sure your DLT type is listed here.  Note that
+this file is generated by scripts/dlt2name.pl.  If it's not listed here,
+your best bet is to edit scripts/dlt2name.pl and list it in the %known hash
+and then run:
+    make dlt_names
+
+Note that editing dlt_names.h is NOT going to work, since it will get 
+overwritten the next time it is regenerated.
+
+4. Hacking tcprewrite
+
+tcprewrite order of execution:
+
+Figure out if input file's DLT is supported
+
+foreach (packet) {
+	Update packet timestamp based on modifier
+	
+	Decide packet path via cache or CIDR lookup
+	
+	if (a Layer 2 header is specified) {
+	    if (existing Layer 2 header) {
+	        strip existing Layer 2 header
+	    }
+	    prepend specified Layer 2 header
+	}
+	
+	if (primary path or single path) {
+	    re-write MAC addresses
+	    re-write IP addresses
+	    re-write Ports
+	} else if (secondary path) {
+	    re-write MAC addresses
+	    re-write IP addresses
+	    re-write Ports
+	}
+	
+	pad or truncate packet
+	
+	fix checksums
+	
+	write packet to outfile
+}

+ 24 - 0
Docs/.svn/text-base/INSTALL.svn-base

@@ -0,0 +1,24 @@
+$Id$
+
+You'll need:
+
+- libnet 1.1.x (1.1.1 or greater is recommended)
+http://www.packetfactory.net/Projects/libnet/
+
+- libpcap >= 0.6 (0.7 or greater is recommended)
+http://www.tcpdump.org/
+
+- libpcapnav >= 0.4 (Optional. If you want the jump to byte offset feature)
+http://netdude.sf.net/
+
+- tcpdump (Also optional. If you want packet decoding of sent packets)
+http://www.tcpdump.org/
+
+Run:
+./configure ; make
+
+Run as root:
+make test -i    (optional)
+make install
+
+For more detailed information, see the FAQ.

+ 32 - 0
Docs/.svn/text-base/LICENSE.svn-base

@@ -0,0 +1,32 @@
+Copyright (c) 2001-2004 Aaron Turner, Matt Bing.  All rights reserved.
+
+Some portions of code are:
+Copyright(c) 1999 Anzen Computing. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. Neither the names of the copyright owners nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+4. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+       This product includes software developed by Anzen Computing, Inc.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+ 40 - 0
Docs/.svn/text-base/Makefile.svn-base

@@ -0,0 +1,40 @@
+MAKEFLAGS=-s
+
+all: images pdf txt ps rmtemp html
+
+images:
+	fig2dev -L eps flowheader.fig flowheader.eps
+
+tex: images
+	lyx -e latex FAQ.lyx
+	lyx -e latex flowreplay.lyx
+
+dvi: tex 
+	texi2dvi FAQ.tex
+	texi2dvi flowreplay.tex
+
+html: tex 
+	latex2html -nonavigation -no_subdir -split 0 -show_section_numbers FAQ.tex
+	latex2html -nonavigation -no_subdir -split 0 -show_section_numbers flowreplay.tex
+
+
+pdf: dvi
+	dvipdfm FAQ.dvi
+	dvipdfm flowreplay.dvi
+
+txt:
+	lyx -e text FAQ.lyx
+	lyx -e text flowreplay.lyx
+
+ps: dvi
+	dvips -o FAQ.ps FAQ.dvi
+	dvips -o flowreplay.ps flowreplay.dvi
+
+rmtemp:
+	rm -f labels.pl *.log *.toc WARNINGS *.aux index.html 
+
+clean: rmtemp
+	rm -f *~
+
+distclean: rmtemp clean
+	rm -f *.html *.pdf *.txt *.ps *.dvi *.tex  *.css images.pl img1.png *.eps

+ 47 - 0
Docs/.svn/text-base/TODO.svn-base

@@ -0,0 +1,47 @@
+This is a general list of things which should/could/may be done.
+If any of these features interest you let me know- especially if you're
+willing and able to help code it.
+
+- Look at VLAN packets
+    - others non-vanilla types?
+    - Add tags?  Remove tags?  Change tags?
+
+- Add support for setting the ethernet protocol field so we can use
+    -I, -K to fill out an entire ethernet header w/o using -2
+
+- Add a secondary interface full layer two rewrite option
+
+- Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
+
+- Add support for more linktypes (Prism Monitor, 802.11, etc)
+    - Make it easier for others to add support for others
+
+- Rip out packet munger from tcpreplay and put it into another tool so
+  that tcpreplay can be more optimized
+    - perhaps use libnetdude?
+    - make into a library?
+    - definately put it into a seperate binary
+
+- Improve config file format
+  - better variable names
+  - use "var: value" format
+  - have tcpreplay, tcpprep, tcprewrite sections
+
+- Add support for dual-nic send on one intf, wait for packet, send next.
+  would be really useful for testing the effectiveness of how well an IPS
+  detects and blocks attacks.
+
+- Support fragrouter like features 
+    - basic IP fragmenation
+    - TCP fudging 
+    - then more advanced stuff
+
+- Support connection tracking and generating 3way handshake for connections
+  missing them.
+
+- Bump Syn/Ack numbers by a random or given value so that running 
+  the same pcap will behave as different streams.
+
+- Improve flowreplay so it actually works
+
+- IPv6 support?

+ 92 - 0
Docs/.svn/text-base/flowheader.fig.svn-base

@@ -0,0 +1,92 @@
+#FIG 3.2
+Landscape
+Center
+Inches
+Letter  
+100.00
+Single
+-2
+1200 2
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 6000 3150 6000 3450
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 6000 3450 6000 3750
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 2850 8400 2850
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 3150 8400 3150
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 3450 8400 3450
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 3750 8400 3750
+2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
+	 3600 2550 8400 2550 8400 4350 3600 4350 3600 2550
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 7200 3150 7200 3450
+2 1 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 2
+	 3600 4050 8400 4050
+2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
+	 3600 4950 8400 4950 8400 5250 3600 5250 3600 4950
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 4800 5250 4800 5550
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 5550 8400 5550
+2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
+	 3600 5250 8400 5250 8400 6150 3600 6150 3600 5250
+2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
+	 3600 1350 8400 1350 8400 1950 3600 1950 3600 1350
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 1650 8400 1650
+2 2 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 5
+	 3600 6750 8400 6750 8400 7950 3600 7950 3600 6750
+2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
+	 3600 6150 8400 6150 8400 6750 3600 6750 3600 6150
+2 1 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 2
+	 3600 6450 8400 6450
+2 1 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 2
+	 3600 5850 8400 5850
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 450 8400 450
+2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
+	 3600 150 8400 150 8400 750 3600 750 3600 150
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 4800 150 4800 450
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 6000 150 6000 450
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 7200 150 7200 450
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 6000 5250 6000 5550
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 6000 1650 6000 1950
+4 0 0 50 0 0 12 0.0000 4 135 840 4350 3375 IP Protocol\001
+4 0 0 50 0 0 12 0.0000 4 180 1380 5250 2775 Client (Source) IP\001
+4 0 0 50 0 0 12 0.0000 4 180 1785 5100 3075 Server (Destination) IP\001
+4 0 0 50 0 0 12 0.0000 4 180 1725 3900 3675 Client Port/ICMP Type\001
+4 0 0 50 0 0 12 0.0000 4 135 1785 6375 3675 Server Port/ICMP Code\001
+4 0 0 50 0 0 12 0.0000 4 180 420 6375 3375 Flags\001
+4 0 0 50 0 0 12 0.0000 4 135 660 7350 3375 Instance\001
+4 0 0 50 0 0 12 0.0000 4 180 1260 8625 5100 Flag 1: Direction\001
+4 0 0 50 0 0 12 0.0000 4 180 1365 8625 2775 Flag 1: Last Index\001
+4 0 0 50 0 0 12 0.0000 4 180 1035 8625 3000 Flag 2: Ignore\001
+4 0 0 50 0 0 12 0.0000 4 180 1620 8625 3225 Flag 3: Server Socket\001
+4 0 0 50 0 0 12 0.0000 4 180 1035 8625 5325 Flag 2: Ignore\001
+4 0 0 50 0 0 12 0.0000 4 180 2100 4950 5175 Data Length of This Stream\001
+4 0 0 50 0 0 12 0.0000 4 180 420 3675 5475 Flags\001
+4 0 0 50 0 0 12 0.0000 4 135 2100 4875 3975 Offset to First Data Stream\001
+4 0 0 50 0 0 12 0.0000 4 180 2040 8625 5775 Flag 4: Urgent Data Exists\001
+4 0 0 50 0 0 12 0.0000 4 180 1125 5400 1575 Magic Number\001
+4 0 0 50 0 0 12 0.0000 4 135 960 5475 7350 Data Stream\001
+4 0 0 50 0 0 12 0.0000 4 180 2235 4950 6375 Offset to Next Data Segment\001
+4 0 0 50 0 0 12 0.0000 4 135 915 5475 675 32 Bit Word\001
+4 0 0 50 0 0 12 0.0000 4 135 450 3975 375 8 Bits\001
+4 0 0 50 0 0 12 0.0000 4 180 705 5100 5475 Urg Data\001
+4 0 0 50 0 0 12 0.0000 4 135 720 6825 5475 Reserved\001
+4 0 0 50 0 0 12 0.0000 4 180 840 5625 5775 Timestamp\001
+4 0 0 50 0 0 12 0.0000 4 135 945 5475 6675 In This Flow\001
+4 0 0 50 0 0 12 0.0000 4 180 1305 5325 2475 Flow Index Entry\001
+4 0 0 50 0 0 12 0.0000 4 135 1560 5250 4875 Data Stream Header\001
+4 0 0 50 0 0 12 0.0000 4 180 1635 5250 1275 Flowprep File Header\001
+4 0 0 50 0 0 12 0.0000 4 180 2055 8625 5550 Flag 3: More Data Streams\001
+4 0 0 50 0 0 12 0.0000 4 135 720 6900 1875 Reserved\001
+4 0 0 50 0 0 12 0.0000 4 135 600 4575 1875 Version\001

File diff suppressed because it is too large
+ 1125 - 0
Docs/.svn/text-base/flowreplay.lyx.svn-base


+ 5 - 0
Docs/.svn/wcprops/CHANGELOG.svn-work

@@ -0,0 +1,5 @@
+K 25
+svn:wc:ra_dav:version-url
+V 59
+/svn/!svn/ver/1133/tcpreplay/branches/stable/Docs/CHANGELOG
+END

+ 5 - 0
Docs/.svn/wcprops/CREDIT.svn-work

@@ -0,0 +1,5 @@
+K 25
+svn:wc:ra_dav:version-url
+V 55
+/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/CREDIT
+END

+ 5 - 0
Docs/.svn/wcprops/FAQ.lyx.svn-work

@@ -0,0 +1,5 @@
+K 25
+svn:wc:ra_dav:version-url
+V 56
+/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/FAQ.lyx
+END

+ 5 - 0
Docs/.svn/wcprops/HACKING.svn-work

@@ -0,0 +1,5 @@
+K 25
+svn:wc:ra_dav:version-url
+V 56
+/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/HACKING
+END

+ 5 - 0
Docs/.svn/wcprops/INSTALL.svn-work

@@ -0,0 +1,5 @@
+K 25
+svn:wc:ra_dav:version-url
+V 56
+/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/INSTALL
+END

+ 5 - 0
Docs/.svn/wcprops/LICENSE.svn-work

@@ -0,0 +1,5 @@
+K 25
+svn:wc:ra_dav:version-url
+V 56
+/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/LICENSE
+END

+ 5 - 0
Docs/.svn/wcprops/Makefile.svn-work

@@ -0,0 +1,5 @@
+K 25
+svn:wc:ra_dav:version-url
+V 57
+/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/Makefile
+END

+ 5 - 0
Docs/.svn/wcprops/TODO.svn-work

@@ -0,0 +1,5 @@
+K 25
+svn:wc:ra_dav:version-url
+V 53
+/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/TODO
+END

+ 5 - 0
Docs/.svn/wcprops/flowheader.fig.svn-work

@@ -0,0 +1,5 @@
+K 25
+svn:wc:ra_dav:version-url
+V 63
+/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/flowheader.fig
+END

+ 5 - 0
Docs/.svn/wcprops/flowreplay.lyx.svn-work

@@ -0,0 +1,5 @@
+K 25
+svn:wc:ra_dav:version-url
+V 63
+/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/flowreplay.lyx
+END

+ 277 - 0
Docs/CHANGELOG

@@ -0,0 +1,277 @@
+$Id: CHANGELOG 1133 2005-02-09 01:31:16Z aturner $
+
+02/09/2005: Version 2.3.3
+    - Fix port rewriting feature on little-endian systems
+    - configure now properly handles --with-libnet and --with-libpcap
+
+11/08/2004: Version 2.3.2
+    - When sending via -1, report which interface the packet will exit
+    - Fix bug when caplen > packet len
+    - Allow rewriting of Layer 2 via -2 for Cisco HDLC (DLT_CHDLC)
+
+09/19/2004: Version 2.3.1
+    - Fix bug with fakepcap.c which appeared on systems using an older
+      version of libpcap (such as Red Hat 9.0)
+    - Don't die when setting STDERR to non-blocking
+
+09/05/2004: Version 2.3.0
+    - Fix longstanding endian bug in cache files on little endian systems
+      (note that this breaks compatibility w/ existing cache files created
+      on little endian systems)
+    - Add support to tcpreplay and tcpprep for DLT_CHDLC (Cisco HDLC)
+    - Clean up validate_l2() and rewrite_l2()
+    - Write a simple perl script to parse net/bpf.h of DLT values
+    - Teach everything the names of all the current DLT values
+    - Detect if libpcap supports pcap_datalink_val_to_description()
+    - Start printing datalink descriptions instead of DLT values
+    - Remove magic numbers from tcpreplay.c
+    - Add a HACKING document
+
+06/21/2004: Version 2.2.2
+    - tcpprep now supports DLT_RAW and DLT_LINUX_SLL
+    - add makefile target for website docs (FAQ.html, FAQ.pdf, CHANGELOG)
+    - Fix some sanity checks in tcpreplay for processing various DLT types
+      in validate_l2()
+    - Fix -x & -X
+    - Merge in patch from Denis which rewrites TCP/UDP ports via -4
+    - Fix rewrite of source MAC address in single interface mode (bug #975848)
+
+05/16/2004: Version 2.2.1
+    - Fix compile issue under RH9
+    - Fix compile issue when not using --with-debug
+
+05/15/2004: Version 2.2.0
+    - Fix pseudo-NAT (not evaluating all rules and an infinate loop)
+    - Start using strtok_r() in any function to prevent future bugs
+    - Minor updates to tcpprep.1 & tcpreplay.8 man pages
+    - Re-org some functions into different files for better modularity
+    - Clean up of some of the cache comment code
+    - flowreplay man page moved to section 1
+    - Update tcpprep and tcpreplay man pages and the FAQ
+    - Improve documentation regarding pseudo-NAT feature
+    - Fix one output mode which treated all packets as primary
+    - Add endpoint mode (-e) which rewrites all traffic between two IP's
+    - Fix rewrite of IP addresses in ARP requests & replies w/ pseudo-NAT
+    - Fix CIDR matching of 0.0.0.0/0 (all packets) which matched only 
+      255.255.255.255
+    - All CIDR notation now accepts IP addresses w/o requiring /32
+    - non-debug mode now uses -O3 -funroll-loops for better performance
+
+05/01/2004: Version 2.1.1
+    - Fix ntohll/htonll compile error on big endian systems
+
+04/23/2004: Version 2.1.0
+    - Add support for per output interface/file NAT tables 
+    - Add support for using dual output features w/ a single output
+    - Add support to tcpprep for splitting via destination port
+    - Now fully 64bit when tracking number of packets
+    - Fix a bug where sometimes the last few packets are not sent when using
+      a tcpprep cache file
+    - Some code refactorization/cleanup
+    - tcpprep cache files now support user comments
+    - Fix bug where regex optimization was turned always turned off
+
+03/24/2004: Version 2.0.3
+    - Add support for rewriting src mac & Linux SLL loopback frames
+    - Update FAQ
+
+02/25/2004: Version 2.0.2
+    - Fix compile issue in edit_packet.c on strict aligned archs
+
+02/03/2004: Version 2.0.1
+    - Re-organize FAQ and add more content
+    - Add support for "pseudo NAT" (-N) for ARP and IPv4
+    - Code optimization to only run the checksum fixer once per packet
+    - Clean up help (-h) a little
+
+02/01/2004: Version 2.0.0
+    - Remove libpcapnav requirement
+    - Now support libpcapnav >= 0.4
+    - Add -1 to replay one packet at a time (user must hit <ENTER>)
+    - Add tcpdump packet parsing to print packets as sent (-v)
+    - Place flowreplay manpage in correct location
+    - More FAQ updates
+    - Rename 1.5.x as 2.0
+    - Fix/standardize all licensing info.  Still BSD of course.
+    - -T now forces -F
+    - tcpprep now actually accepts -n (client|server)
+    - Update the INSTALL doc
+    - Remove the Docs/README... the FAQ has replaced it.
+
+12/10/2003: Version 1.5.alpha6
+    - Add BPF filter support to tcpprep and tcpreplay (-x F:"filter")
+    - Update the FAQ
+    - Add two new auto modes to tcpprep (client and server)
+    - Make clean no longer wipes out the compiled documentation in Docs
+    - Add support for replaying live traffic
+    - Add bridge mode
+    - Add -L to limit the total number of packets to send
+
+11/03/2003: Version 1.5.alpha5
+    - Add -T to truncate packets > MTU so they can be sent
+    - Now fixes ICMP checksums as appropriate
+    - Updated FAQ
+    - Updated flowreplay design doc
+    - Merge packetrate code from 1.4.5
+    - Fix compile issues under Libnet 1.1.1
+    - --with-debug now enables debuging during 'make test'
+    - Fix various Solaris compatibility bugs
+    - Add data dump mode which dumps layer 7 data to the file (-D)
+    - Now requires libpcapnav
+    - Allow to jump X bytes into the pcap and start replaying packets (-o)
+    - Can now split traffic/data into files (-w & -W)
+
+07/16/2003: Version 1.5.alpha4
+    - Split do_packets.c & do_packets() -> edit_packet.c & rewrite_l2()
+    - Don't die when packet > MTU, just skip
+    - Fix a ptr bug in do_packets() w/ the ethernet header
+    - Merge Ctrl-C fix from 1.4.4 for libnet_adv_write_link() 
+        in do_packets.c
+    - Rewrite flowreplay design document
+    - Fix an integer overflow in packet_stats() in tcpreplay.c
+    - tcpreplay's -2 now accepts a hex string rather then a filename
+    - tcpreplay now can output to a file (-w <file>)
+    - fix bug in checksum fixer
+    - Add support for files > 2GB
+
+06/06/2003: Version 1.5.alpha3
+    - Add support for Linux Cooked Sockets (SLL) format rewriting
+    - Added a flowreplay design doc in Docs/
+    - A lot more work on flowreplay
+    - Start work on read-ahead buffering of packets in flowreplay        
+    - Add support for specifying MTU.
+    - Update tcpreplay man page
+    - Fix compile of do_packets() under OpenBSD
+    - configure now checks for libpcap >= 0.6 (required for SLL)
+
+
+05/29/2003: Version 1.5.alpha2
+    - Add -F to force checksum fixing
+    - Fix packet corruption when not using -2
+    - Improve timerdiv() code
+    - Port from libredblack to OpenBSD RB_*
+    - Add flowreplay application
+    - Fix a bunch of compiler warnings about miss-matched sign
+    - IP & layer 4 checksums now work when IP options exist (tcpreplay)
+    - Updated FAQ
+    - Fix spec file
+
+05/07/2003: Version 1.5.alpha1
+    - Add layer2 rewriting
+
+05/07/2002: Branch 1.4.x tree
+
+05/04/2003: Version 1.4.beta5
+    - Fixed a one-off bug when replaying tcpprep cache files
+    - Fixed a small reporting bug in tcpprep
+
+05/02/2003: Version 1.4.beta4
+    - significantly improved timing accuracy between packets
+    - fix bug with writing only about 1/2 of cache data which caused
+        tcpreplay to bitch
+    - updated 'make test' standard cache files
+    - improved alignment of cache header (20bytes vs 17bytes)
+
+04/30/2003: Version 1.4.beta3
+    - Specifying a list of packets to include/exclude now works (-x/X P:)
+    - Minor code cleanups (better error messages, etc)
+    - Add -p option to pause a given number of sec/usec between each packet
+    - Ported tcpprep to libpcap
+    - Increase final report resolution to two sig digits
+    - Switch to err.h that we ship rather then system provided err.h
+    - Don't reset timer each time we open a file for reading
+    - fix --mandir option for ./configure
+    - fix SIGSEGV in tcpprep
+    - Add SIGUSR1 and SIGCONT signal support to tcpreplay
+    - Updated tcpreplay man pages
+    - Remove need for math.h/libm
+
+01/07/2003: Version 1.4.beta2
+    - Major updates to configure script
+    - Remove unneeded memcpy() for non-strict aligned architectures
+        for added performance boost
+    - Switch to libpcap for reading packets
+    - Fix portability issues with tcpprep cache files
+
+12/23/2002: Version 1.4.beta1
+    - Remove libnet 1.0 support
+    - Start a quality FAQ for all programs
+    - Add support for detecting libpcap in autoconf
+    - Add pcapmerge to makefile and port to non-BSD OS's
+    - Write pcapmerge manpage
+    - Variety of small configure/makefile improvements
+
+12/13/2002: Version 1.3.0
+    - Re-release 1.3.beta6 as 1.3.0
+
+11/22/2002: Version 1.3.beta6
+    - Improve cross platform compatibility of test subsystem
+    - Fix bug in Makefile which caused possible failures of clean/distclean
+    - Fix bug with CCFLAGS when using --with-debug
+    - Fix bug with -x/-X which would drop/send all packets in certain 
+        conditions
+    - Update libredblack to 1.2 (latest)
+    - Add support for OSX
+    - Add --with-testnic and --with-testnic2 to allow end user to specify
+        specific network cards to be used for 'make test'
+    - Fixes SIGBUS errors on SPARC
+
+11/08/2002: Version 1.3-beta5
+    - Add testing subsystem
+    - Fix segfault when we don't send a packet
+    - Improve debug output support in dbg()
+
+10/21/2002: Version 1.3-beta4
+    - Updated tcpprep man page with -x and -X options
+    - Now supports (again) the include/exclude options in the config file
+    - Fixed -x|-X sanity check in tcpprep/tcpreplay
+
+10/13/2002: Version 1.3-beta3
+    - Fix compile of list.c under FreeBSD 4.7 and others
+    - Add -x|-X to tcpprep
+    - Modify cache file format to be 2 bits/packet to allow caching of
+        -x|-X args (dropping packets)
+    - Modularize some more code
+
+10/08/2002: Version 1.3-beta2
+    - Fix ./configure bug w/ INET_ATON and INET_ADDR
+    - Add support for filtering packets to send based on
+        IP address or packet number (-x & -X)
+    - Move a lot of code from tcpreplay.c to do_packets.c
+    - Update tcpreplay man page
+
+10/03/2002: Version 1.3-beta1
+    - Add support for randomizing IP addresses (-s)
+    - Update tcpreplay man page
+    - Fix problem with checksums after untruncate
+
+08/21/2002: Version 1.2a
+    - Fix compile bug in tree.c w/ libnet 1.1
+    - Sync tcpprep version to tcpreplay
+
+08/19/2002: Version 1.2
+    - Configuration files specified via -f
+    - Now requires a recent version of AutoConf (2.53)
+    - Added support for Libnet 1.1.x (requires beta8 or better)
+    - Added -V switch to print version info (tcpprep & tcpreplay)
+    - Added CIDR dual-nic support to tcpreplay. 
+    - Fix for -I in tcpreplay when only using a single NIC.
+    - Remove requirement for libpcap in tcpprep.  We're now
+        100% libpcap independant.
+    - tcpprep now supports snoop files.
+    - Added -u flag to untruncate IP packets (pad/trunc)
+    - Fixed --with-debug configure option
+    - Added RPM .spec file
+    - Added -M flag to ignore martian IP packets
+    - Now auto-detects snoop/pcap files.  Remove -S flag from tcpprep and
+        tcpreplay
+    - tcpprep now detects servers via ICMP port unreachable
+    - Improve usefulness of -h
+    - Rename -I to -v in tcpprep
+
+06/17/2002: Version 1.1
+    - Major rewrite
+    - Support multiple nics
+    - Better control over packet rates
+    - Added support for snoop capture files
+    - Includes tcpprep and capinfo commands

+ 33 - 0
Docs/CREDIT

@@ -0,0 +1,33 @@
+$Id: CREDIT 767 2004-10-06 12:48:49Z aturner $ 
+
+Here's a list of people in no particular order who have kindly submitted
+patches or code snippets for me to use in tcpreplay.
+
+Branden Moore <bmoore-at-cse.nd.edu>
+	- Patch to pad truncated packets
+	- Patch to allow specifying a destination MAC w/ only a single NIC
+
+Scott Mace <smace@intt.org>
+	- Patch for tcpreplay to support CIDR mode
+	- Patch for ignoring martian IP packets 
+
+Jeffrey Guttenfelder <guttenfelder@sourceforge.net>
+        - Code for pausing/restarting tcpreplay via signals.
+
+John Carlson
+        - Patch for improved timerdiv() accuracy
+
+Frey Kuo <kero@3sheep.com>
+        - Patch to replace pause option with packets/sec
+
+Seth Robertson (seth at sysd dot com)
+        - Patch to allow replaying of live traffic
+
+Nick Mathewson <nickm@freehaven.net>
+	- Kindly giving me his BSD licensed implimentation of poll()
+	  using select() so I don't have to worry about cross platform
+	  issues.
+          
+Denis McLaughlin <denism@cyberus.ca>
+        - Patch to allow TCP/UDP port translation
+

+ 34 - 0
Docs/FAQ.css

@@ -0,0 +1,34 @@
+/* Century Schoolbook font is very similar to Computer Modern Math: cmmi */
+.MATH    { font-family: "Century Schoolbook", serif; }
+.MATH I  { font-family: "Century Schoolbook", serif; font-style: italic }
+.BOLDMATH { font-family: "Century Schoolbook", serif; font-weight: bold }
+
+/* implement both fixed-size and relative sizes */
+SMALL.XTINY		{ font-size : xx-small }
+SMALL.TINY		{ font-size : x-small  }
+SMALL.SCRIPTSIZE	{ font-size : smaller  }
+SMALL.FOOTNOTESIZE	{ font-size : small    }
+SMALL.SMALL		{  }
+BIG.LARGE		{  }
+BIG.XLARGE		{ font-size : large    }
+BIG.XXLARGE		{ font-size : x-large  }
+BIG.HUGE		{ font-size : larger   }
+BIG.XHUGE		{ font-size : xx-large }
+
+/* heading styles */
+H1		{  }
+H2		{  }
+H3		{  }
+H4		{  }
+H5		{  }
+
+/* mathematics styles */
+DIV.displaymath		{ }	/* math displays */
+TD.eqno			{ }	/* equation-number cells */
+
+
+/* document-specific styles come next */
+DIV.navigation		{   }
+DIV.center		{   }
+SPAN.textit		{ font-style: italic  }
+SPAN.arabic		{   }

BIN
Docs/FAQ.dvi


File diff suppressed because it is too large
+ 2346 - 0
Docs/FAQ.html


File diff suppressed because it is too large
+ 2277 - 0
Docs/FAQ.lyx


BIN
Docs/FAQ.pdf


File diff suppressed because it is too large
+ 2028 - 0
Docs/FAQ.ps


File diff suppressed because it is too large
+ 1355 - 0
Docs/FAQ.tex


File diff suppressed because it is too large
+ 1499 - 0
Docs/FAQ.txt


+ 122 - 0
Docs/HACKING

@@ -0,0 +1,122 @@
+$Id: HACKING 767 2004-10-06 12:48:49Z aturner $
+
+                          Guide to Hacking Tcpreplay
+
+[Note: Pay attention to the last update date at the top of this file.  If it
+was significantly long ago, this document may be out of date.]
+
+0. Contributing Code
+
+If you contribute code the following will happen:
+    a) You will be given credit in the CREDITS file
+    b) Your code will be licensed under the same license as that of tcpreplay
+    c) You will be assigning your copyright to me
+
+I do this for a simple reason: keep things simple for me.
+
+1. Introduction
+
+If you're reading this to find out how to add a new feature or fix a bug in
+tcpreplay or tcpprep, then you've come to the right place.  This isn't the
+place to find answers regarding how to use tcpreplay, the meaning of life,
+etc.
+
+2. File Layout
+
+The file layout is pretty simple:
+
+/       - Code, header files, autoconf stuff
+/Docs   - Where to find documentation
+/test   - Test scripts and stuff which is used during 'make test'
+/man    - Unix man pages which get copied to $MANPATH
+
+3. Adding support for additional DLTs (Data Link Types)
+
+There are a number of files/functions that need to be touched to add support
+for a new DLT to tcpreplay and tcpprep.  Note that for a patch to be
+accepted, BOTH tcpreplay and tcpprep need to be updated to support the new
+DLT.
+
+3a) dlt.h
+Two things need to be added here:
+    - A structure defining the header
+    - A #define for the length of the header
+
+    example for DLT_CHDLC (Cisco HDLC):
+    
+/* Cisco HDLC has a simple 32 bit header */
+#define CISCO_HDLC_LEN 4
+struct cisco_hdlc_header {
+    u_int16_t address;
+    u_int16_t protocol;
+}
+
+3b) tcpreplay.c
+You will need to edit validate_l2() to process the DLT type as defined by
+pcap-bpf.h which is included with libpcap.  The key here is that tcpreplay
+needs to be able to generate a valid 802.3 ethernet frame.  Basically
+validate_l2() has to make sure that between the existing Layer 2 header (if
+any) and the user supplied arguments (-2, -I, -J, -K and -k) that enough
+information is available.  Generally this means one of:
+    - The DLT already has a valid header
+    - User specified their own complete header via -2
+    - The existing header + user specified MAC addresses are enough
+
+validate_l2() also calcuates the 'maxpacket' which is the maximum size of a
+packet that we can send out of the interface.  Generally this is the length
+of the Layer 2 header + MTU.  You shouldn't need to change anything here.
+
+3c) edit_packet.c
+Next, you'll have to edit rewrite_l2() to add support for rewriting the
+Layer 2 header from your DLT to a standard 802.3 header.  Note that
+do_packets.c will automatically fill out the source/destination MAC address
+if the appropriate flag is used (-I, -J, -K and -k) so there is no need to
+copy those values over here.
+
+3d) tcpprep.c
+Look at process_raw_packets().  Should be painfully obvious what do do here.
+
+3e) dlt_names.h
+Look in dlt_names.h and make sure your DLT type is listed here.  Note that
+this file is generated by scripts/dlt2name.pl.  If it's not listed here,
+your best bet is to edit scripts/dlt2name.pl and list it in the %known hash
+and then run:
+    make dlt_names
+
+Note that editing dlt_names.h is NOT going to work, since it will get 
+overwritten the next time it is regenerated.
+
+4. Hacking tcprewrite
+
+tcprewrite order of execution:
+
+Figure out if input file's DLT is supported
+
+foreach (packet) {
+	Update packet timestamp based on modifier
+	
+	Decide packet path via cache or CIDR lookup
+	
+	if (a Layer 2 header is specified) {
+	    if (existing Layer 2 header) {
+	        strip existing Layer 2 header
+	    }
+	    prepend specified Layer 2 header
+	}
+	
+	if (primary path or single path) {
+	    re-write MAC addresses
+	    re-write IP addresses
+	    re-write Ports
+	} else if (secondary path) {
+	    re-write MAC addresses
+	    re-write IP addresses
+	    re-write Ports
+	}
+	
+	pad or truncate packet
+	
+	fix checksums
+	
+	write packet to outfile
+}

+ 24 - 0
Docs/INSTALL

@@ -0,0 +1,24 @@
+$Id: INSTALL 767 2004-10-06 12:48:49Z aturner $
+
+You'll need:
+
+- libnet 1.1.x (1.1.1 or greater is recommended)
+http://www.packetfactory.net/Projects/libnet/
+
+- libpcap >= 0.6 (0.7 or greater is recommended)
+http://www.tcpdump.org/
+
+- libpcapnav >= 0.4 (Optional. If you want the jump to byte offset feature)
+http://netdude.sf.net/
+
+- tcpdump (Also optional. If you want packet decoding of sent packets)
+http://www.tcpdump.org/
+
+Run:
+./configure ; make
+
+Run as root:
+make test -i    (optional)
+make install
+
+For more detailed information, see the FAQ.

+ 9 - 6
LICENSE

@@ -1,4 +1,7 @@
-Copyright (c) 1999 Anzen Computing. All rights reserved.
+Copyright (c) 2001-2004 Aaron Turner, Matt Bing.  All rights reserved.
+
+Some portions of code are:
+Copyright(c) 1999 Anzen Computing. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
@@ -9,12 +12,12 @@ are met:
 2. Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer in the
    documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
+3. Neither the names of the copyright owners nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+4. All advertising materials mentioning features or use of this software
    must display the following acknowledgement:
-      This product includes software developed by Anzen Computing, Inc.
-4. Neither the name of Anzen Computing, Inc. nor the names of its
-   contributors may be used to endorse or promote products derived
-   from this software without specific prior written permission.
+       This product includes software developed by Anzen Computing, Inc.
 
 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

+ 40 - 0
Docs/Makefile

@@ -0,0 +1,40 @@
+MAKEFLAGS=-s
+
+all: images pdf txt ps rmtemp html
+
+images:
+	fig2dev -L eps flowheader.fig flowheader.eps
+
+tex: images
+	lyx -e latex FAQ.lyx
+	lyx -e latex flowreplay.lyx
+
+dvi: tex 
+	texi2dvi FAQ.tex
+	texi2dvi flowreplay.tex
+
+html: tex 
+	latex2html -nonavigation -no_subdir -split 0 -show_section_numbers FAQ.tex
+	latex2html -nonavigation -no_subdir -split 0 -show_section_numbers flowreplay.tex
+
+
+pdf: dvi
+	dvipdfm FAQ.dvi
+	dvipdfm flowreplay.dvi
+
+txt:
+	lyx -e text FAQ.lyx
+	lyx -e text flowreplay.lyx
+
+ps: dvi
+	dvips -o FAQ.ps FAQ.dvi
+	dvips -o flowreplay.ps flowreplay.dvi
+
+rmtemp:
+	rm -f labels.pl *.log *.toc WARNINGS *.aux index.html 
+
+clean: rmtemp
+	rm -f *~
+
+distclean: rmtemp clean
+	rm -f *.html *.pdf *.txt *.ps *.dvi *.tex  *.css images.pl img1.png *.eps

+ 47 - 0
Docs/TODO

@@ -0,0 +1,47 @@
+This is a general list of things which should/could/may be done.
+If any of these features interest you let me know- especially if you're
+willing and able to help code it.
+
+- Look at VLAN packets
+    - others non-vanilla types?
+    - Add tags?  Remove tags?  Change tags?
+
+- Add support for setting the ethernet protocol field so we can use
+    -I, -K to fill out an entire ethernet header w/o using -2
+
+- Add a secondary interface full layer two rewrite option
+
+- Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
+
+- Add support for more linktypes (Prism Monitor, 802.11, etc)
+    - Make it easier for others to add support for others
+
+- Rip out packet munger from tcpreplay and put it into another tool so
+  that tcpreplay can be more optimized
+    - perhaps use libnetdude?
+    - make into a library?
+    - definately put it into a seperate binary
+
+- Improve config file format
+  - better variable names
+  - use "var: value" format
+  - have tcpreplay, tcpprep, tcprewrite sections
+
+- Add support for dual-nic send on one intf, wait for packet, send next.
+  would be really useful for testing the effectiveness of how well an IPS
+  detects and blocks attacks.
+
+- Support fragrouter like features 
+    - basic IP fragmenation
+    - TCP fudging 
+    - then more advanced stuff
+
+- Support connection tracking and generating 3way handshake for connections
+  missing them.
+
+- Bump Syn/Ack numbers by a random or given value so that running 
+  the same pcap will behave as different streams.
+
+- Improve flowreplay so it actually works
+
+- IPv6 support?

+ 9 - 0
Docs/WARNINGS

@@ -0,0 +1,9 @@
+No implementation found for style `pslatex'
+No implementation found for style `fontenc'
+No implementation found for style `geometry'
+No implementation found for style `graphicx'
+
+The flowreplay.aux file was not found, so sections will not be numbered 
+and cross-references will be shown as icons.
+
+? brace missing for \setlength

+ 278 - 0
Docs/flowheader.eps

@@ -0,0 +1,278 @@
+%!PS-Adobe-2.0 EPSF-2.0
+%%Title: flowheader.fig
+%%Creator: fig2dev Version 3.2 Patchlevel 5-alpha5
+%%CreationDate: Thu Feb 10 12:32:01 2005
+%%For: aturner@vodka (Aaron Turner,,,)
+%%BoundingBox: 0 0 430 470
+%Magnification: 1.0000
+%%EndComments
+/$F2psDict 200 dict def
+$F2psDict begin
+$F2psDict /mtrx matrix put
+/col-1 {0 setgray} bind def
+/col0 {0.000 0.000 0.000 srgb} bind def
+/col1 {0.000 0.000 1.000 srgb} bind def
+/col2 {0.000 1.000 0.000 srgb} bind def
+/col3 {0.000 1.000 1.000 srgb} bind def
+/col4 {1.000 0.000 0.000 srgb} bind def
+/col5 {1.000 0.000 1.000 srgb} bind def
+/col6 {1.000 1.000 0.000 srgb} bind def
+/col7 {1.000 1.000 1.000 srgb} bind def
+/col8 {0.000 0.000 0.560 srgb} bind def
+/col9 {0.000 0.000 0.690 srgb} bind def
+/col10 {0.000 0.000 0.820 srgb} bind def
+/col11 {0.530 0.810 1.000 srgb} bind def
+/col12 {0.000 0.560 0.000 srgb} bind def
+/col13 {0.000 0.690 0.000 srgb} bind def
+/col14 {0.000 0.820 0.000 srgb} bind def
+/col15 {0.000 0.560 0.560 srgb} bind def
+/col16 {0.000 0.690 0.690 srgb} bind def
+/col17 {0.000 0.820 0.820 srgb} bind def
+/col18 {0.560 0.000 0.000 srgb} bind def
+/col19 {0.690 0.000 0.000 srgb} bind def
+/col20 {0.820 0.000 0.000 srgb} bind def
+/col21 {0.560 0.000 0.560 srgb} bind def
+/col22 {0.690 0.000 0.690 srgb} bind def
+/col23 {0.820 0.000 0.820 srgb} bind def
+/col24 {0.500 0.190 0.000 srgb} bind def
+/col25 {0.630 0.250 0.000 srgb} bind def
+/col26 {0.750 0.380 0.000 srgb} bind def
+/col27 {1.000 0.500 0.500 srgb} bind def
+/col28 {1.000 0.630 0.630 srgb} bind def
+/col29 {1.000 0.750 0.750 srgb} bind def
+/col30 {1.000 0.880 0.880 srgb} bind def
+/col31 {1.000 0.840 0.000 srgb} bind def
+
+end
+save
+newpath 0 470 moveto 0 0 lineto 430 0 lineto 430 470 lineto closepath clip newpath
+-215.3 477.7 translate
+1 -1 scale
+
+/cp {closepath} bind def
+/ef {eofill} bind def
+/gr {grestore} bind def
+/gs {gsave} bind def
+/sa {save} bind def
+/rs {restore} bind def
+/l {lineto} bind def
+/m {moveto} bind def
+/rm {rmoveto} bind def
+/n {newpath} bind def
+/s {stroke} bind def
+/sh {show} bind def
+/slc {setlinecap} bind def
+/slj {setlinejoin} bind def
+/slw {setlinewidth} bind def
+/srgb {setrgbcolor} bind def
+/rot {rotate} bind def
+/sc {scale} bind def
+/sd {setdash} bind def
+/ff {findfont} bind def
+/sf {setfont} bind def
+/scf {scalefont} bind def
+/sw {stringwidth} bind def
+/tr {translate} bind def
+/tnt {dup dup currentrgbcolor
+  4 -2 roll dup 1 exch sub 3 -1 roll mul add
+  4 -2 roll dup 1 exch sub 3 -1 roll mul add
+  4 -2 roll dup 1 exch sub 3 -1 roll mul add srgb}
+  bind def
+/shd {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
+  4 -2 roll mul srgb} bind def
+/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
+/$F2psEnd {$F2psEnteredState restore end} def
+
+$F2psBegin
+10 setmiterlimit
+0 slj 0 slc
+ 0.06000 0.06000 sc
+%
+% Fig objects follow
+%
+% 
+% here starts figure with depth 50
+% Polyline
+0 slj
+0 slc
+7.500 slw
+n 6000 3150 m
+ 6000 3450 l gs col0 s gr 
+% Polyline
+n 6000 3450 m
+ 6000 3750 l gs col0 s gr 
+% Polyline
+n 3600 2850 m
+ 8400 2850 l gs col0 s gr 
+% Polyline
+n 3600 3150 m
+ 8400 3150 l gs col0 s gr 
+% Polyline
+n 3600 3450 m
+ 8400 3450 l gs col0 s gr 
+% Polyline
+n 3600 3750 m
+ 8400 3750 l gs col0 s gr 
+% Polyline
+n 3600 2550 m 8400 2550 l 8400 4350 l 3600 4350 l
+ cp gs col0 s gr 
+% Polyline
+n 7200 3150 m
+ 7200 3450 l gs col0 s gr 
+% Polyline
+ [15 45] 45 sd
+n 3600 4050 m
+ 8400 4050 l gs col0 s gr  [] 0 sd
+% Polyline
+n 3600 4950 m 8400 4950 l 8400 5250 l 3600 5250 l
+ cp gs col0 s gr 
+% Polyline
+n 4800 5250 m
+ 4800 5550 l gs col0 s gr 
+% Polyline
+n 3600 5550 m
+ 8400 5550 l gs col0 s gr 
+% Polyline
+n 3600 5250 m 8400 5250 l 8400 6150 l 3600 6150 l
+ cp gs col0 s gr 
+% Polyline
+n 3600 1350 m 8400 1350 l 8400 1950 l 3600 1950 l
+ cp gs col0 s gr 
+% Polyline
+n 3600 1650 m
+ 8400 1650 l gs col0 s gr 
+% Polyline
+ [15 45] 45 sd
+n 3600 6750 m 8400 6750 l 8400 7950 l 3600 7950 l
+ cp gs col0 s gr  [] 0 sd
+% Polyline
+n 3600 6150 m 8400 6150 l 8400 6750 l 3600 6750 l
+ cp gs col0 s gr 
+% Polyline
+ [15 45] 45 sd
+n 3600 6450 m
+ 8400 6450 l gs col0 s gr  [] 0 sd
+% Polyline
+ [15 45] 45 sd
+n 3600 5850 m
+ 8400 5850 l gs col0 s gr  [] 0 sd
+% Polyline
+n 3600 450 m
+ 8400 450 l gs col0 s gr 
+% Polyline
+n 3600 150 m 8400 150 l 8400 750 l 3600 750 l
+ cp gs col0 s gr 
+% Polyline
+n 4800 150 m
+ 4800 450 l gs col0 s gr 
+% Polyline
+n 6000 150 m
+ 6000 450 l gs col0 s gr 
+% Polyline
+n 7200 150 m
+ 7200 450 l gs col0 s gr 
+% Polyline
+n 6000 5250 m
+ 6000 5550 l gs col0 s gr 
+% Polyline
+n 6000 1650 m
+ 6000 1950 l gs col0 s gr 
+/Times-Roman ff 180.00 scf sf
+4350 3375 m
+gs 1 -1 sc (IP Protocol) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+5250 2775 m
+gs 1 -1 sc (Client \(Source\) IP) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+5100 3075 m
+gs 1 -1 sc (Server \(Destination\) IP) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+3900 3675 m
+gs 1 -1 sc (Client Port/ICMP Type) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+6375 3675 m
+gs 1 -1 sc (Server Port/ICMP Code) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+6375 3375 m
+gs 1 -1 sc (Flags) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+7350 3375 m
+gs 1 -1 sc (Instance) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+8625 5100 m
+gs 1 -1 sc (Flag 1: Direction) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+8625 2775 m
+gs 1 -1 sc (Flag 1: Last Index) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+8625 3000 m
+gs 1 -1 sc (Flag 2: Ignore) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+8625 3225 m
+gs 1 -1 sc (Flag 3: Server Socket) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+8625 5325 m
+gs 1 -1 sc (Flag 2: Ignore) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+4950 5175 m
+gs 1 -1 sc (Data Length of This Stream) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+3675 5475 m
+gs 1 -1 sc (Flags) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+4875 3975 m
+gs 1 -1 sc (Offset to First Data Stream) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+8625 5775 m
+gs 1 -1 sc (Flag 4: Urgent Data Exists) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+5400 1575 m
+gs 1 -1 sc (Magic Number) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+5475 7350 m
+gs 1 -1 sc (Data Stream) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+4950 6375 m
+gs 1 -1 sc (Offset to Next Data Segment) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+5475 675 m
+gs 1 -1 sc (32 Bit Word) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+3975 375 m
+gs 1 -1 sc (8 Bits) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+5100 5475 m
+gs 1 -1 sc (Urg Data) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+6825 5475 m
+gs 1 -1 sc (Reserved) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+5625 5775 m
+gs 1 -1 sc (Timestamp) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+5475 6675 m
+gs 1 -1 sc (In This Flow) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+5325 2475 m
+gs 1 -1 sc (Flow Index Entry) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+5250 4875 m
+gs 1 -1 sc (Data Stream Header) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+5250 1275 m
+gs 1 -1 sc (Flowprep File Header) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+8625 5550 m
+gs 1 -1 sc (Flag 3: More Data Streams) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+6900 1875 m
+gs 1 -1 sc (Reserved) col0 sh gr
+/Times-Roman ff 180.00 scf sf
+4575 1875 m
+gs 1 -1 sc (Version) col0 sh gr
+% here ends figure;
+$F2psEnd
+rs
+showpage
+%%Trailer
+%EOF

+ 92 - 0
Docs/flowheader.fig

@@ -0,0 +1,92 @@
+#FIG 3.2
+Landscape
+Center
+Inches
+Letter  
+100.00
+Single
+-2
+1200 2
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 6000 3150 6000 3450
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 6000 3450 6000 3750
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 2850 8400 2850
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 3150 8400 3150
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 3450 8400 3450
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 3750 8400 3750
+2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
+	 3600 2550 8400 2550 8400 4350 3600 4350 3600 2550
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 7200 3150 7200 3450
+2 1 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 2
+	 3600 4050 8400 4050
+2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
+	 3600 4950 8400 4950 8400 5250 3600 5250 3600 4950
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 4800 5250 4800 5550
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 5550 8400 5550
+2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
+	 3600 5250 8400 5250 8400 6150 3600 6150 3600 5250
+2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
+	 3600 1350 8400 1350 8400 1950 3600 1950 3600 1350
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 1650 8400 1650
+2 2 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 5
+	 3600 6750 8400 6750 8400 7950 3600 7950 3600 6750
+2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
+	 3600 6150 8400 6150 8400 6750 3600 6750 3600 6150
+2 1 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 2
+	 3600 6450 8400 6450
+2 1 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 2
+	 3600 5850 8400 5850
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 3600 450 8400 450
+2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
+	 3600 150 8400 150 8400 750 3600 750 3600 150
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 4800 150 4800 450
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 6000 150 6000 450
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 7200 150 7200 450
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 6000 5250 6000 5550
+2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
+	 6000 1650 6000 1950
+4 0 0 50 0 0 12 0.0000 4 135 840 4350 3375 IP Protocol\001
+4 0 0 50 0 0 12 0.0000 4 180 1380 5250 2775 Client (Source) IP\001
+4 0 0 50 0 0 12 0.0000 4 180 1785 5100 3075 Server (Destination) IP\001
+4 0 0 50 0 0 12 0.0000 4 180 1725 3900 3675 Client Port/ICMP Type\001
+4 0 0 50 0 0 12 0.0000 4 135 1785 6375 3675 Server Port/ICMP Code\001
+4 0 0 50 0 0 12 0.0000 4 180 420 6375 3375 Flags\001
+4 0 0 50 0 0 12 0.0000 4 135 660 7350 3375 Instance\001
+4 0 0 50 0 0 12 0.0000 4 180 1260 8625 5100 Flag 1: Direction\001
+4 0 0 50 0 0 12 0.0000 4 180 1365 8625 2775 Flag 1: Last Index\001
+4 0 0 50 0 0 12 0.0000 4 180 1035 8625 3000 Flag 2: Ignore\001
+4 0 0 50 0 0 12 0.0000 4 180 1620 8625 3225 Flag 3: Server Socket\001
+4 0 0 50 0 0 12 0.0000 4 180 1035 8625 5325 Flag 2: Ignore\001
+4 0 0 50 0 0 12 0.0000 4 180 2100 4950 5175 Data Length of This Stream\001
+4 0 0 50 0 0 12 0.0000 4 180 420 3675 5475 Flags\001
+4 0 0 50 0 0 12 0.0000 4 135 2100 4875 3975 Offset to First Data Stream\001
+4 0 0 50 0 0 12 0.0000 4 180 2040 8625 5775 Flag 4: Urgent Data Exists\001
+4 0 0 50 0 0 12 0.0000 4 180 1125 5400 1575 Magic Number\001
+4 0 0 50 0 0 12 0.0000 4 135 960 5475 7350 Data Stream\001
+4 0 0 50 0 0 12 0.0000 4 180 2235 4950 6375 Offset to Next Data Segment\001
+4 0 0 50 0 0 12 0.0000 4 135 915 5475 675 32 Bit Word\001
+4 0 0 50 0 0 12 0.0000 4 135 450 3975 375 8 Bits\001
+4 0 0 50 0 0 12 0.0000 4 180 705 5100 5475 Urg Data\001
+4 0 0 50 0 0 12 0.0000 4 135 720 6825 5475 Reserved\001
+4 0 0 50 0 0 12 0.0000 4 180 840 5625 5775 Timestamp\001
+4 0 0 50 0 0 12 0.0000 4 135 945 5475 6675 In This Flow\001
+4 0 0 50 0 0 12 0.0000 4 180 1305 5325 2475 Flow Index Entry\001
+4 0 0 50 0 0 12 0.0000 4 135 1560 5250 4875 Data Stream Header\001
+4 0 0 50 0 0 12 0.0000 4 180 1635 5250 1275 Flowprep File Header\001
+4 0 0 50 0 0 12 0.0000 4 180 2055 8625 5550 Flag 3: More Data Streams\001
+4 0 0 50 0 0 12 0.0000 4 135 720 6900 1875 Reserved\001
+4 0 0 50 0 0 12 0.0000 4 135 600 4575 1875 Version\001

+ 172 - 0
Docs/flowreplay.css

@@ -0,0 +1,172 @@
+/* Century Schoolbook font is very similar to Computer Modern Math: cmmi */
+.MATH    { font-family: "Century Schoolbook", serif; }
+.MATH I  { font-family: "Century Schoolbook", serif; font-style: italic }
+.BOLDMATH { font-family: "Century Schoolbook", serif; font-weight: bold }
+
+/* implement both fixed-size and relative sizes */
+SMALL.XTINY		{ font-size : xx-small }
+SMALL.TINY		{ font-size : x-small  }
+SMALL.SCRIPTSIZE	{ font-size : smaller  }
+SMALL.FOOTNOTESIZE	{ font-size : small    }
+SMALL.SMALL		{  }
+BIG.LARGE		{  }
+BIG.XLARGE		{ font-size : large    }
+BIG.XXLARGE		{ font-size : x-large  }
+BIG.HUGE		{ font-size : larger   }
+BIG.XHUGE		{ font-size : xx-large }
+
+/* heading styles */
+H1		{  }
+H2		{  }
+H3		{  }
+H4		{  }
+H5		{  }
+
+/* mathematics styles */
+DIV.displaymath		{ }	/* math displays */
+TD.eqno			{ }	/* equation-number cells */
+
+
+/* document-specific styles come next */
+DIV.navigation		{   }
+DIV.center		{   }
+DIV.quote		{   }
+SPAN.textit		{ font-style: italic  }
+SPAN.arabic		{   }
+#hue100		{ color: #000000;  }
+#hue102		{ color: #000000;  }
+#hue104		{ color: #000000;  }
+#hue106		{ color: #000000;  }
+#hue108		{ color: #000000;  }
+#hue110		{ color: #000000;  }
+#hue112		{ color: #000000;  }
+#hue114		{ color: #000000;  }
+#hue117		{ color: #000000;  }
+#hue119		{ color: #000000;  }
+#hue121		{ color: #000000;  }
+#hue123		{ color: #000000;  }
+#hue126		{ color: #000000;  }
+#hue128		{ color: #000000;  }
+#hue133		{ color: #000000;  }
+#hue135		{ color: #000000;  }
+#hue139		{ color: #000000;  }
+#hue141		{ color: #000000;  }
+#hue143		{ color: #000000;  }
+#hue146		{ color: #000000;  }
+#hue150		{ color: #000000;  }
+#hue153		{ color: #000000;  }
+#hue157		{ color: #000000;  }
+#hue159		{ color: #000000;  }
+#hue162		{ color: #000000;  }
+#hue164		{ color: #000000;  }
+#hue166		{ color: #000000;  }
+#hue168		{ color: #000000;  }
+#hue170		{ color: #000000;  }
+#hue173		{ color: #000000;  }
+#hue175		{ color: #000000;  }
+#hue177		{ color: #000000;  }
+#hue179		{ color: #000000;  }
+#hue181		{ color: #000000;  }
+#hue184		{ color: #000000;  }
+#hue186		{ color: #000000;  }
+#hue188		{ color: #000000;  }
+#hue190		{ color: #000000;  }
+#hue193		{ color: #000000;  }
+#hue195		{ color: #000000;  }
+#hue197		{ color: #000000;  }
+#hue200		{ color: #000000;  }
+#hue202		{ color: #000000;  }
+#hue204		{ color: #000000;  }
+#hue207		{ color: #000000;  }
+#hue210		{ color: #000000;  }
+#hue212		{ color: #000000;  }
+#hue215		{ color: #000000;  }
+#hue218		{ color: #000000;  }
+#hue220		{ color: #000000;  }
+#hue231		{ color: #000000;  }
+#hue233		{ color: #000000;  }
+#hue238		{ color: #000000;  }
+#hue240		{ color: #000000;  }
+#hue247		{ color: #000000;  }
+#hue250		{ color: #000000;  }
+#hue252		{ color: #000000;  }
+#hue256		{ color: #000000;  }
+#hue258		{ color: #000000;  }
+#hue260		{ color: #000000;  }
+#hue263		{ color: #000000;  }
+#hue265		{ color: #000000;  }
+#hue267		{ color: #000000;  }
+#hue274		{ color: #000000;  }
+#hue276		{ color: #000000;  }
+#hue280		{ color: #000000;  }
+#hue282		{ color: #000000;  }
+#hue284		{ color: #000000;  }
+#hue288		{ color: #000000;  }
+#hue290		{ color: #000000;  }
+#hue292		{ color: #000000;  }
+#hue299		{ color: #000000;  }
+#hue309		{ color: #000000;  }
+#hue311		{ color: #000000;  }
+#hue314		{ color: #000000;  }
+#hue316		{ color: #000000;  }
+#hue318		{ color: #000000;  }
+#hue321		{ color: #000000;  }
+#hue324		{ color: #000000;  }
+#hue326		{ color: #000000;  }
+#hue328		{ color: #000000;  }
+#hue33		{ color: #000000;  }
+#hue330		{ color: #000000;  }
+#hue332		{ color: #000000;  }
+#hue335		{ color: #000000;  }
+#hue338		{ color: #000000;  }
+#hue340		{ color: #000000;  }
+#hue342		{ color: #000000;  }
+#hue344		{ color: #000000;  }
+#hue346		{ color: #000000;  }
+#hue348		{ color: #000000;  }
+#hue35		{ color: #000000;  }
+#hue365		{ color: #000000;  }
+#hue366		{ color: #000000;  }
+#hue37		{ color: #000000;  }
+#hue375		{ color: #000000;  }
+#hue377		{ color: #000000;  }
+#hue379		{ color: #000000;  }
+#hue383		{ color: #000000;  }
+#hue384		{ color: #000000;  }
+#hue385		{ color: #000000;  }
+#hue386		{ color: #000000;  }
+#hue387		{ color: #000000;  }
+#hue389		{ color: #000000;  }
+#hue39		{ color: #000000;  }
+#hue390		{ color: #000000;  }
+#hue392		{ color: #000000;  }
+#hue394		{ color: #000000;  }
+#hue396		{ color: #000000;  }
+#hue397		{ color: #000000;  }
+#hue398		{ color: #000000;  }
+#hue399		{ color: #000000;  }
+#hue41		{ color: #000000;  }
+#hue43		{ color: #000000;  }
+#hue45		{ color: #000000;  }
+#hue47		{ color: #000000;  }
+#hue49		{ color: #000000;  }
+#hue51		{ color: #000000;  }
+#hue53		{ color: #000000;  }
+#hue55		{ color: #000000;  }
+#hue58		{ color: #000000;  }
+#hue60		{ color: #000000;  }
+#hue62		{ color: #000000;  }
+#hue64		{ color: #000000;  }
+#hue66		{ color: #000000;  }
+#hue68		{ color: #000000;  }
+#hue74		{ color: #000000;  }
+#hue77		{ color: #000000;  }
+#hue80		{ color: #000000;  }
+#hue82		{ color: #000000;  }
+#hue84		{ color: #000000;  }
+#hue86		{ color: #000000;  }
+#hue88		{ color: #000000;  }
+#hue90		{ color: #000000;  }
+#hue93		{ color: #000000;  }
+#hue95		{ color: #000000;  }
+#hue97		{ color: #000000;  }

BIN
Docs/flowreplay.dvi


+ 664 - 0
Docs/flowreplay.html

@@ -0,0 +1,664 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
+original version by:  Nikos Drakos, CBLU, University of Leeds
+* revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
+* with significant contributions from:
+  Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
+<HTML>
+<HEAD>
+<TITLE>Flowreplay Design Notes</TITLE>
+<META NAME="description" CONTENT="Flowreplay Design Notes">
+<META NAME="keywords" CONTENT="flowreplay">
+<META NAME="resource-type" CONTENT="document">
+<META NAME="distribution" CONTENT="global">
+
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
+<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
+
+<LINK REL="STYLESHEET" HREF="flowreplay.css">
+
+</HEAD>
+
+<BODY >
+
+<P>
+
+<P>
+
+<P>
+
+<P>
+<H1 ALIGN="CENTER"><SPAN ID="hue33">Flowreplay Design Notes</SPAN></H1>
+<DIV CLASS="author_info">
+
+<P ALIGN="CENTER"><STRONG><SPAN ID="hue35">Aaron Turner </SPAN></STRONG></P>
+<P ALIGN="CENTER"><I><SPAN ID="hue37">http://synfin.net/</SPAN></I></P>
+<P ALIGN="CENTER"><STRONG><SPAN ID="hue39">Last Edited:</SPAN>
+<BR><SPAN ID="hue41">October 23, 2003</SPAN></STRONG></P>
+</DIV>
+
+<P>
+
+<H1><A NAME="SECTION00010000000000000000">
+<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue43">Overview</SPAN></A>
+</H1>
+
+<P>
+<SPAN ID="hue45">Tcpreplay</SPAN><A NAME="tex2html1"
+  HREF="#foot362"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A> <SPAN ID="hue49">was designed to replay traffic previously captured
+in the pcap format back onto the wire for testing NIDS and other passive
+devices. Over time, it was enhanced to be able to test in-line network
+devices. However, a re-occurring feature request for tcpreplay is
+to connect to a server in order to test applications and host TCP/IP
+stacks. It was determined early on, that adding this feature to tcpreplay
+was far too complex, so I decided to create a new tool specifically
+designed for this.</SPAN>
+<P>
+<SPAN ID="hue51">Flowreplay is designed to replay traffic at Layer
+4 or 7 depending on the protocol rather then at Layer 2 like tcpreplay
+does. This allows flowreplay to connect to one or more servers using
+a pcap savefile as the basis of the connections. Hence, flowreplay
+allows the testing of applications running on real servers rather
+then passive devices. </SPAN>
+<P>
+
+<H1><A NAME="SECTION00020000000000000000">
+<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue53">Features</SPAN></A>
+</H1>
+
+<P>
+
+<H2><A NAME="SECTION00021000000000000000">
+<SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue55">Requirements</SPAN></A>
+</H2>
+
+<P>
+
+<OL>
+<LI><SPAN ID="hue58">Full TCP/IP support, including IP fragments and
+TCP stream reassembly.</SPAN>
+</LI>
+<LI><SPAN ID="hue60">Support replaying TCP and UDP flows.</SPAN>
+</LI>
+<LI><SPAN ID="hue62">Code should handle each flow/service independently.</SPAN>
+</LI>
+<LI><SPAN ID="hue64">Should be able to connect to the server(s) in the
+pcap file or to a user specified IP address.</SPAN>
+</LI>
+<LI><SPAN ID="hue66">Support a plug-in architecture to allow adding application
+layer intelligence.</SPAN>
+</LI>
+<LI><SPAN ID="hue68">Plug-ins must be able to support multi-flow protocols
+like FTP.</SPAN>
+</LI>
+<LI><SPAN ID="hue365">Ship with a default plug-in which will work ``well
+enough'' for simple single-flow protocols like HTTP and telnet.</SPAN>
+</LI>
+<LI><SPAN ID="hue366">Flows being replayed ``correctly'' is more important
+then performance (Mbps).</SPAN>
+</LI>
+<LI><SPAN ID="hue74">Portable to run on common flavors of Unix and Unix-like
+systems.</SPAN>
+</LI>
+</OL>
+
+<P>
+
+<H2><A NAME="SECTION00022000000000000000">
+<SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue77">Wishes</SPAN></A>
+</H2>
+
+<P>
+
+<OL>
+<LI><SPAN ID="hue80">Support clients connecting to flowreplay on a limited
+basis. Flowreplay would replay the server side of the connection.</SPAN>
+</LI>
+<LI><SPAN ID="hue82">Support other IP based traffic (ICMP, VRRP, OSPF,
+etc) via plug-ins.</SPAN>
+</LI>
+<LI><SPAN ID="hue84">Support non-IP traffic (ARP, STP, CDP, etc) via
+plug-ins.</SPAN>
+</LI>
+<LI><SPAN ID="hue86">Limit which flows are replayed using user defined
+filters. (bpf filter syntax?)</SPAN>
+</LI>
+<LI><SPAN ID="hue88">Process pcap files directly with no intermediary
+file conversions.</SPAN>
+</LI>
+<LI><SPAN ID="hue90">Should be able to scale to pcap files in the 100's
+of MB in size and 100+ simultaneous flows on a P3 500MHz w/ 256MB
+of RAM.</SPAN>
+</LI>
+</OL>
+
+<P>
+
+<H1><A NAME="SECTION00030000000000000000">
+<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue93">Design Thoughts</SPAN></A>
+</H1>
+
+<P>
+
+<H2><A NAME="SECTION00031000000000000000">
+<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue95">Sending and Receiving traffic</SPAN></A>
+</H2>
+
+<P>
+<SPAN ID="hue97">Flowreplay must be able to process multiple connections
+to one or more devices. There are two options:</SPAN>
+<P>
+
+<OL>
+<LI><SPAN ID="hue100">Use sockets</SPAN><A NAME="tex2html2"
+  HREF="#foot370"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A> <SPAN ID="hue104">to send and receive data</SPAN>
+</LI>
+<LI><SPAN ID="hue106">Use libpcap</SPAN><A NAME="tex2html3"
+  HREF="#foot371"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> <SPAN ID="hue110">to receive packets and libnet</SPAN><A NAME="tex2html4"
+  HREF="#foot372"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A> <SPAN ID="hue114">to send packets</SPAN>
+</LI>
+</OL>
+<SPAN ID="hue117">Although using libpcap/libnet would allow more simultaneous
+connections and greater flexibility, there would be a very high complexity
+cost associated with it. With that in mind, I've decided to use sockets
+to send and receive data.</SPAN>
+<P>
+
+<H2><A NAME="SECTION00032000000000000000">
+<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue119">Handling Multiple Connections</SPAN></A>
+</H2>
+
+<P>
+<SPAN ID="hue121">Because a pcap file can contain multiple simultaneous
+flows, we need to be able to support that too. The biggest problem
+with this is reading packet data in a different order then stored
+in the pcap file. </SPAN>
+<P>
+<SPAN ID="hue123">Reading and writing to multiple sockets is easy
+with select() or poll(), however a pcap file has it's data stored
+serially, but we need to access it randomly. There are a number of
+possible solutions for this such as caching packets in RAM where they
+can be accessed more randomly, creating an index of the packets in
+the pcap file, or converting the pcap file to another format altogether.
+Alternatively, I've started looking at libpcapnav</SPAN><A NAME="tex2html5"
+  HREF="#foot124"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A> <SPAN ID="hue126">as an alternate means to navigate a pcap file and
+process packets out of order.</SPAN>
+<P>
+
+<H2><A NAME="SECTION00033000000000000000">
+<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue128">Data Synchronization</SPAN></A>
+</H2>
+
+<P>
+<SPAN ID="hue375">Knowing when to start sending client traffic in
+response to the server will be &#34;tricky&#34;. Without
+understanding the actual protocol involved, probably the best general
+solution is waiting for a given period of time after no more data
+from the server has been received. Not sure what to do if the client
+traffic doesn't elicit a response from the server (implement some
+kind of timeout?). This will be the basis for the default plug-in.</SPAN>
+<P>
+
+<H2><A NAME="SECTION00034000000000000000">
+<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">4</SPAN> <SPAN ID="hue133">TCP/IP</SPAN></A>
+</H2>
+
+<P>
+<SPAN ID="hue135">Dealing with IP fragmentation and TCP stream reassembly
+will be another really complex problem. We're basically talking about
+implementing a significant portion of a TCP/IP stack. One thought
+is to use libnids</SPAN><A NAME="tex2html6"
+  HREF="#foot403"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A> <SPAN ID="hue139">which basically implements a Linux 2.0.37 TCP/IP
+stack in user-space. Other solutions include porting a TCP/IP stack
+from Open/Net/FreeBSD or writing our own custom stack from scratch.</SPAN>
+<P>
+
+<H1><A NAME="SECTION00040000000000000000">
+<SPAN CLASS="arabic">4</SPAN> <SPAN ID="hue141">Multiple Independent Flows</SPAN></A>
+</H1>
+
+<P>
+<SPAN ID="hue143">The biggest asynchronous problem, that pcap files
+are serial, has to be solved in a scaleable manner. Not much can be
+assumed about the network traffic contained in a pcap savefile other
+then Murphy's Law will be in effect. This means we'll have to deal
+with:</SPAN>
+<P>
+
+<UL>
+<LI><SPAN ID="hue146">Thousands of small simultaneous flows (captured
+on a busy network)</SPAN>
+</LI>
+<LI><SPAN ID="hue379">Flows which ``hang'' mid-stream (an exploit
+against a server causes it to crash)</SPAN>
+</LI>
+<LI><SPAN ID="hue150">Flows which contain large quantities of data (FTP
+transfers of ISO's for example)</SPAN>
+</LI>
+</UL>
+<SPAN ID="hue153">How we implement parallel processing of the pcap
+savefile will dramatically effect how well we can scale. A few considerations:</SPAN>
+<P>
+
+<UL>
+<LI>Most Unix systems limit the maximum number of open file descriptors
+a single process can have. Generally speaking this shouldn't be a
+problem except for highly parallel pcap's.
+</LI>
+<LI>While RAM isn't limitless, we can use mmap() to get around this.
+</LI>
+<LI>Many Unix systems have enhanced solutions to poll() which will improve
+flow management.
+</LI>
+</UL>
+
+<P>
+
+<H2><A NAME="SECTION00041000000000000000">
+<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue157">IP Fragments and TCP Streams</SPAN></A>
+</H2>
+
+<P>
+<SPAN ID="hue159">There are five major complications with flowreplay:</SPAN>
+<P>
+
+<OL>
+<LI><SPAN ID="hue162">The IP datagrams may be fragmented- we won't be
+able to use the standard 5-tuple (src/dst IP, src/dst port, protocol)
+to lookup which flow a packet belongs to.</SPAN>
+</LI>
+<LI><SPAN ID="hue164">IP fragments may arrive out of order which will
+complicate ordering of data to be sent.</SPAN>
+</LI>
+<LI><SPAN ID="hue166">The TCP segments may arrive out of order which will
+complicate ordering of data to be sent.</SPAN>
+</LI>
+<LI><SPAN ID="hue168">Packets may be missing in the pcap file because
+they were dropped during capture.</SPAN>
+</LI>
+<LI><SPAN ID="hue170">There are tools like fragrouter which intentionally
+create non-deterministic situations.</SPAN>
+</LI>
+</OL>
+<SPAN ID="hue173">First off, I've decided, that I'm not going to worry
+about fragrouter or it's cousins. I'll handle non-deterministic situations
+one and only one way, so that the way flowreplay handles the traffic
+will be deterministic. Perhaps, I'll make it easy for others to write
+a plug-in which will change it, but that's not something I'm going
+to concern myself with now.</SPAN>
+<P>
+<SPAN ID="hue175">Missing packets in the pcap file will probably make
+that flow unplayable. There are proabably certain situation where
+we can make an educated guess, but this is far too complex to worry
+about for the first stable release.</SPAN>
+<P>
+<SPAN ID="hue177">That still leaves creating a basic TCP/IP stack
+in user space. The good news it that there is already a library which
+does this called libnids. As of version 1.17, libnids can process
+packets from a pcap savefile (it's not documented in the man page,
+but the code is there).</SPAN>
+<P>
+<SPAN ID="hue179">A potential problem with libnids though is that
+it has to maintain it's own state/cache system. This not only means
+additional overhead, but jumping around in the pcap file as I'm planning
+on doing to handle multiple simultaneous flows is likely to really
+confuse libnids' state engine. Also, libnids is licensed under the
+GPL, but I want flowreplay released under a BSD-like license; I need
+to research if the two are compatible in this way.</SPAN>
+<P>
+<SPAN ID="hue181">Possible solutions:</SPAN>
+<P>
+
+<UL>
+<LI><SPAN ID="hue184">Developing a custom wedge between the capture file
+and libnids which will cause each packet to only be processed a single
+time.</SPAN>
+</LI>
+<LI><SPAN ID="hue186">Use libnids to process the pcap file into a new
+flow-based format, effectively putting the TCP/IP stack into a dedicated
+utility.</SPAN>
+</LI>
+<LI><SPAN ID="hue188">Develop a custom user-space TCP/IP stack, perhaps
+based on a BSD TCP/IP stack, much like libnids is based on Linux 2.0.37.</SPAN>
+</LI>
+<LI><SPAN ID="hue190">Screw it and say that IP fragmentation and out of
+order IP packets/TCP segments are not supported. Not sure if this
+will meet the needs of potential users.</SPAN>
+</LI>
+</UL>
+
+<P>
+
+<H2><A NAME="SECTION00042000000000000000">
+<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue193">Blocking</SPAN></A>
+</H2>
+
+<P>
+<SPAN ID="hue195">As earlier stated, one of the main goals of this
+project is to keep things single threaded to make coding plugins easier.
+One caveat of that is that any function which blocks will cause serious
+problems.</SPAN>
+<P>
+<SPAN ID="hue197">There are three major cases where blocking is likely
+to occur:</SPAN>
+<P>
+
+<OL>
+<LI><SPAN ID="hue200">Opening a socket</SPAN>
+</LI>
+<LI><SPAN ID="hue202">Reading from a socket</SPAN>
+</LI>
+<LI><SPAN ID="hue204">Writing to a socket</SPAN>
+</LI>
+</OL>
+<SPAN ID="hue207">Reading from sockets in a non-blocking manner is
+easy to solve for using poll() or select(). Writing to a socket, or
+merely opening a TCP socket via connect() however requires a different
+method:</SPAN>
+<P>
+<BLOCKQUOTE>
+<SPAN ID="hue210">It is possible to do non-blocking IO on sockets
+by setting the O_NONBLOCK flag on a socket file descriptor using
+fcntl(2). Then all operations that would block will (usually) return
+with EAGAIN (operation should be retried later); connect(2) will return
+EINPROGRESS error. The user can then wait for various events via poll(2)
+or select(2).</SPAN><A NAME="tex2html7"
+  HREF="#foot382"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A>
+</BLOCKQUOTE>
+<SPAN ID="hue215">If connect() returns EINPROGRESS, then we'll just
+have to do something like this:</SPAN>
+<P>
+
+<DL COMPACT>
+<DT>
+<DD><SPAN ID="hue218">int&nbsp;e,&nbsp;len=sizeof(e);</SPAN>
+<P>
+<SPAN ID="hue220">if&nbsp;(getsockopt(conn-&gt;s,&nbsp;SOL_SOCKET,&nbsp;SO_ERROR,&nbsp;&amp;e,&nbsp;&amp;len)&nbsp;&lt;&nbsp;0)&nbsp;{&nbsp;</SPAN>
+<P>
+&nbsp;<SPAN ID="hue383">&nbsp;&nbsp;&nbsp;/*&nbsp;not&nbsp;yet&nbsp;*/</SPAN>
+<P>
+&nbsp;<SPAN ID="hue384">&nbsp;&nbsp;&nbsp;if(errno&nbsp;!=&nbsp;EINPROGRESS){&nbsp;&nbsp;/*&nbsp;yuck.&nbsp;kill&nbsp;it.&nbsp;*/&nbsp;</SPAN>
+<P>
+&nbsp;<SPAN ID="hue385">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;log_fn(LOG_DEBUG,&#34;in-progress&nbsp;connect&nbsp;failed.&nbsp;Removing.&#34;);&nbsp;</SPAN>
+<P>
+&nbsp;<SPAN ID="hue231">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;-1;&nbsp;</SPAN>
+<P>
+&nbsp;<SPAN ID="hue233">&nbsp;&nbsp;&nbsp;}&nbsp;else&nbsp;{&nbsp;</SPAN>
+<P>
+&nbsp;<SPAN ID="hue386">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;0;&nbsp;/*&nbsp;no&nbsp;change,&nbsp;see&nbsp;if&nbsp;next&nbsp;time&nbsp;is&nbsp;better&nbsp;*/&nbsp;</SPAN>
+<P>
+&nbsp;<SPAN ID="hue238">&nbsp;&nbsp;&nbsp;}&nbsp;</SPAN>
+<P>
+<SPAN ID="hue240">}&nbsp;</SPAN>
+<P>
+<SPAN ID="hue387">/*&nbsp;the&nbsp;connect&nbsp;has&nbsp;finished.&nbsp;*/&nbsp;</SPAN>
+</DD>
+</DL><BLOCKQUOTE>
+<SPAN ID="hue247">Note: It may not be totally right, but it works
+ok. (that chunk of code gets called after poll returns the socket
+as writable. if poll returns it as readable, then it's probably because
+of eof, connect fails. You must poll for both.</SPAN>
+</BLOCKQUOTE>
+
+<P>
+
+<H1><A NAME="SECTION00050000000000000000">
+<SPAN CLASS="arabic">5</SPAN> <SPAN ID="hue250">pcap vs flow File Format</SPAN></A>
+</H1>
+
+<P><