Merge upstream version 2.99+3.0.beta6, import Debian version 2.99+3.0.beta6-1

Docs/.svn/README.txt

@@ -1,2 +0,0 @@
-This is a Subversion working copy administrative directory.
-Visit http://subversion.tigris.org/ for more information.

Docs/.svn/dir-wcprops

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 48
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs
-END

Docs/.svn/entries

@@ -1,104 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<wc-entries
-   xmlns="svn:">
-<entry
-   committed-rev="767"
-   name=""
-   committed-date="2004-10-06T12:48:49.445445Z"
-   url="https://www.synfin.net:444/svn/tcpreplay/branches/stable/Docs"
-   last-author="aturner"
-   kind="dir"
-   uuid="0192c630-c6e5-0310-95d6-b430f9ea3712"
-   revision="877"/>
-<entry
-   committed-rev="622"
-   name="flowreplay.lyx"
-   text-time="2004-10-26T17:15:35.000000Z"
-   committed-date="2004-03-25T02:31:50.000000Z"
-   checksum="a786d7d9d39dc58eb5444edc98a79cc4"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:35.000000Z"/>
-<entry
-   committed-rev="578"
-   name="LICENSE"
-   text-time="2004-10-26T17:15:35.000000Z"
-   committed-date="2004-01-31T23:42:15.000000Z"
-   checksum="7dbc88d059f05dedbfa01da04edf1254"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:35.000000Z"/>
-<entry
-   committed-rev="753"
-   name="FAQ.lyx"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2004-09-20T21:32:36.000000Z"
-   checksum="5b69933de891d4e94273f89d17d66581"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-<entry
-   committed-rev="479"
-   name="flowheader.fig"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2003-10-24T03:30:25.000000Z"
-   checksum="8e5e0f5a5ef76f6e7b22d912e0a8e2e8"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-<entry
-   committed-rev="767"
-   name="HACKING"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2004-10-06T12:48:49.445445Z"
-   checksum="dbf38d3bfd5808e3a8bb4ca8e50ce87a"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-<entry
-   committed-rev="720"
-   name="TODO"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2004-07-25T23:35:20.000000Z"
-   checksum="cc1965bd0bbd4a23532428611757c82c"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-<entry
-   committed-rev="767"
-   name="INSTALL"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2004-10-06T12:48:49.445445Z"
-   checksum="ade780bbb32233787211dfd888359228"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-<entry
-   committed-rev="1133"
-   name="CHANGELOG"
-   text-time="2005-02-09T01:31:17.000000Z"
-   committed-date="2005-02-09T01:31:16.732097Z"
-   checksum="ef930af2dd1ba2034447acbc50d47b18"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"
-   revision="1133"/>
-<entry
-   committed-rev="767"
-   name="CREDIT"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2004-10-06T12:48:49.445445Z"
-   checksum="0214c3ee73a86b847cf8e43e39481160"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-<entry
-   committed-rev="619"
-   name="Makefile"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2004-03-25T00:58:20.000000Z"
-   checksum="849ee017ce47422f81ccb0165f858541"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-</wc-entries>

Docs/.svn/format

@@ -1 +0,0 @@
-4

Docs/.svn/prop-base/CHANGELOG.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/prop-base/CREDIT.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/prop-base/FAQ.lyx.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/prop-base/HACKING.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/prop-base/INSTALL.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/prop-base/LICENSE.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/prop-base/Makefile.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/prop-base/TODO.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/prop-base/flowheader.fig.svn-base

@@ -1,5 +0,0 @@
-K 13
-svn:mime-type
-V 24
-application/octet-stream
-END

Docs/.svn/prop-base/flowreplay.lyx.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/props/CHANGELOG.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/props/CREDIT.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/props/FAQ.lyx.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/props/HACKING.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/props/INSTALL.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/props/LICENSE.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/props/Makefile.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/props/TODO.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/props/flowheader.fig.svn-work

@@ -1,5 +0,0 @@
-K 13
-svn:mime-type
-V 24
-application/octet-stream
-END

Docs/.svn/props/flowreplay.lyx.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

Docs/.svn/text-base/CHANGELOG.svn-base

@@ -1,277 +0,0 @@
-$Id$
-
-02/09/2005: Version 2.3.3
-    - Fix port rewriting feature on little-endian systems
-    - configure now properly handles --with-libnet and --with-libpcap
-
-11/08/2004: Version 2.3.2
-    - When sending via -1, report which interface the packet will exit
-    - Fix bug when caplen > packet len
-    - Allow rewriting of Layer 2 via -2 for Cisco HDLC (DLT_CHDLC)
-
-09/19/2004: Version 2.3.1
-    - Fix bug with fakepcap.c which appeared on systems using an older
-      version of libpcap (such as Red Hat 9.0)
-    - Don't die when setting STDERR to non-blocking
-
-09/05/2004: Version 2.3.0
-    - Fix longstanding endian bug in cache files on little endian systems
-      (note that this breaks compatibility w/ existing cache files created
-      on little endian systems)
-    - Add support to tcpreplay and tcpprep for DLT_CHDLC (Cisco HDLC)
-    - Clean up validate_l2() and rewrite_l2()
-    - Write a simple perl script to parse net/bpf.h of DLT values
-    - Teach everything the names of all the current DLT values
-    - Detect if libpcap supports pcap_datalink_val_to_description()
-    - Start printing datalink descriptions instead of DLT values
-    - Remove magic numbers from tcpreplay.c
-    - Add a HACKING document
-
-06/21/2004: Version 2.2.2
-    - tcpprep now supports DLT_RAW and DLT_LINUX_SLL
-    - add makefile target for website docs (FAQ.html, FAQ.pdf, CHANGELOG)
-    - Fix some sanity checks in tcpreplay for processing various DLT types
-      in validate_l2()
-    - Fix -x & -X
-    - Merge in patch from Denis which rewrites TCP/UDP ports via -4
-    - Fix rewrite of source MAC address in single interface mode (bug #975848)
-
-05/16/2004: Version 2.2.1
-    - Fix compile issue under RH9
-    - Fix compile issue when not using --with-debug
-
-05/15/2004: Version 2.2.0
-    - Fix pseudo-NAT (not evaluating all rules and an infinate loop)
-    - Start using strtok_r() in any function to prevent future bugs
-    - Minor updates to tcpprep.1 & tcpreplay.8 man pages
-    - Re-org some functions into different files for better modularity
-    - Clean up of some of the cache comment code
-    - flowreplay man page moved to section 1
-    - Update tcpprep and tcpreplay man pages and the FAQ
-    - Improve documentation regarding pseudo-NAT feature
-    - Fix one output mode which treated all packets as primary
-    - Add endpoint mode (-e) which rewrites all traffic between two IP's
-    - Fix rewrite of IP addresses in ARP requests & replies w/ pseudo-NAT
-    - Fix CIDR matching of 0.0.0.0/0 (all packets) which matched only 
-      255.255.255.255
-    - All CIDR notation now accepts IP addresses w/o requiring /32
-    - non-debug mode now uses -O3 -funroll-loops for better performance
-
-05/01/2004: Version 2.1.1
-    - Fix ntohll/htonll compile error on big endian systems
-
-04/23/2004: Version 2.1.0
-    - Add support for per output interface/file NAT tables 
-    - Add support for using dual output features w/ a single output
-    - Add support to tcpprep for splitting via destination port
-    - Now fully 64bit when tracking number of packets
-    - Fix a bug where sometimes the last few packets are not sent when using
-      a tcpprep cache file
-    - Some code refactorization/cleanup
-    - tcpprep cache files now support user comments
-    - Fix bug where regex optimization was turned always turned off
-
-03/24/2004: Version 2.0.3
-    - Add support for rewriting src mac & Linux SLL loopback frames
-    - Update FAQ
-
-02/25/2004: Version 2.0.2
-    - Fix compile issue in edit_packet.c on strict aligned archs
-
-02/03/2004: Version 2.0.1
-    - Re-organize FAQ and add more content
-    - Add support for "pseudo NAT" (-N) for ARP and IPv4
-    - Code optimization to only run the checksum fixer once per packet
-    - Clean up help (-h) a little
-
-02/01/2004: Version 2.0.0
-    - Remove libpcapnav requirement
-    - Now support libpcapnav >= 0.4
-    - Add -1 to replay one packet at a time (user must hit <ENTER>)
-    - Add tcpdump packet parsing to print packets as sent (-v)
-    - Place flowreplay manpage in correct location
-    - More FAQ updates
-    - Rename 1.5.x as 2.0
-    - Fix/standardize all licensing info.  Still BSD of course.
-    - -T now forces -F
-    - tcpprep now actually accepts -n (client|server)
-    - Update the INSTALL doc
-    - Remove the Docs/README... the FAQ has replaced it.
-
-12/10/2003: Version 1.5.alpha6
-    - Add BPF filter support to tcpprep and tcpreplay (-x F:"filter")
-    - Update the FAQ
-    - Add two new auto modes to tcpprep (client and server)
-    - Make clean no longer wipes out the compiled documentation in Docs
-    - Add support for replaying live traffic
-    - Add bridge mode
-    - Add -L to limit the total number of packets to send
-
-11/03/2003: Version 1.5.alpha5
-    - Add -T to truncate packets > MTU so they can be sent
-    - Now fixes ICMP checksums as appropriate
-    - Updated FAQ
-    - Updated flowreplay design doc
-    - Merge packetrate code from 1.4.5
-    - Fix compile issues under Libnet 1.1.1
-    - --with-debug now enables debuging during 'make test'
-    - Fix various Solaris compatibility bugs
-    - Add data dump mode which dumps layer 7 data to the file (-D)
-    - Now requires libpcapnav
-    - Allow to jump X bytes into the pcap and start replaying packets (-o)
-    - Can now split traffic/data into files (-w & -W)
-
-07/16/2003: Version 1.5.alpha4
-    - Split do_packets.c & do_packets() -> edit_packet.c & rewrite_l2()
-    - Don't die when packet > MTU, just skip
-    - Fix a ptr bug in do_packets() w/ the ethernet header
-    - Merge Ctrl-C fix from 1.4.4 for libnet_adv_write_link() 
-        in do_packets.c
-    - Rewrite flowreplay design document
-    - Fix an integer overflow in packet_stats() in tcpreplay.c
-    - tcpreplay's -2 now accepts a hex string rather then a filename
-    - tcpreplay now can output to a file (-w <file>)
-    - fix bug in checksum fixer
-    - Add support for files > 2GB
-
-06/06/2003: Version 1.5.alpha3
-    - Add support for Linux Cooked Sockets (SLL) format rewriting
-    - Added a flowreplay design doc in Docs/
-    - A lot more work on flowreplay
-    - Start work on read-ahead buffering of packets in flowreplay        
-    - Add support for specifying MTU.
-    - Update tcpreplay man page
-    - Fix compile of do_packets() under OpenBSD
-    - configure now checks for libpcap >= 0.6 (required for SLL)
-
-
-05/29/2003: Version 1.5.alpha2
-    - Add -F to force checksum fixing
-    - Fix packet corruption when not using -2
-    - Improve timerdiv() code
-    - Port from libredblack to OpenBSD RB_*
-    - Add flowreplay application
-    - Fix a bunch of compiler warnings about miss-matched sign
-    - IP & layer 4 checksums now work when IP options exist (tcpreplay)
-    - Updated FAQ
-    - Fix spec file
-
-05/07/2003: Version 1.5.alpha1
-    - Add layer2 rewriting
-
-05/07/2002: Branch 1.4.x tree
-
-05/04/2003: Version 1.4.beta5
-    - Fixed a one-off bug when replaying tcpprep cache files
-    - Fixed a small reporting bug in tcpprep
-
-05/02/2003: Version 1.4.beta4
-    - significantly improved timing accuracy between packets
-    - fix bug with writing only about 1/2 of cache data which caused
-        tcpreplay to bitch
-    - updated 'make test' standard cache files
-    - improved alignment of cache header (20bytes vs 17bytes)
-
-04/30/2003: Version 1.4.beta3
-    - Specifying a list of packets to include/exclude now works (-x/X P:)
-    - Minor code cleanups (better error messages, etc)
-    - Add -p option to pause a given number of sec/usec between each packet
-    - Ported tcpprep to libpcap
-    - Increase final report resolution to two sig digits
-    - Switch to err.h that we ship rather then system provided err.h
-    - Don't reset timer each time we open a file for reading
-    - fix --mandir option for ./configure
-    - fix SIGSEGV in tcpprep
-    - Add SIGUSR1 and SIGCONT signal support to tcpreplay
-    - Updated tcpreplay man pages
-    - Remove need for math.h/libm
-
-01/07/2003: Version 1.4.beta2
-    - Major updates to configure script
-    - Remove unneeded memcpy() for non-strict aligned architectures
-        for added performance boost
-    - Switch to libpcap for reading packets
-    - Fix portability issues with tcpprep cache files
-
-12/23/2002: Version 1.4.beta1
-    - Remove libnet 1.0 support
-    - Start a quality FAQ for all programs
-    - Add support for detecting libpcap in autoconf
-    - Add pcapmerge to makefile and port to non-BSD OS's
-    - Write pcapmerge manpage
-    - Variety of small configure/makefile improvements
-
-12/13/2002: Version 1.3.0
-    - Re-release 1.3.beta6 as 1.3.0
-
-11/22/2002: Version 1.3.beta6
-    - Improve cross platform compatibility of test subsystem
-    - Fix bug in Makefile which caused possible failures of clean/distclean
-    - Fix bug with CCFLAGS when using --with-debug
-    - Fix bug with -x/-X which would drop/send all packets in certain 
-        conditions
-    - Update libredblack to 1.2 (latest)
-    - Add support for OSX
-    - Add --with-testnic and --with-testnic2 to allow end user to specify
-        specific network cards to be used for 'make test'
-    - Fixes SIGBUS errors on SPARC
-
-11/08/2002: Version 1.3-beta5
-    - Add testing subsystem
-    - Fix segfault when we don't send a packet
-    - Improve debug output support in dbg()
-
-10/21/2002: Version 1.3-beta4
-    - Updated tcpprep man page with -x and -X options
-    - Now supports (again) the include/exclude options in the config file
-    - Fixed -x|-X sanity check in tcpprep/tcpreplay
-
-10/13/2002: Version 1.3-beta3
-    - Fix compile of list.c under FreeBSD 4.7 and others
-    - Add -x|-X to tcpprep
-    - Modify cache file format to be 2 bits/packet to allow caching of
-        -x|-X args (dropping packets)
-    - Modularize some more code
-
-10/08/2002: Version 1.3-beta2
-    - Fix ./configure bug w/ INET_ATON and INET_ADDR
-    - Add support for filtering packets to send based on
-        IP address or packet number (-x & -X)
-    - Move a lot of code from tcpreplay.c to do_packets.c
-    - Update tcpreplay man page
-
-10/03/2002: Version 1.3-beta1
-    - Add support for randomizing IP addresses (-s)
-    - Update tcpreplay man page
-    - Fix problem with checksums after untruncate
-
-08/21/2002: Version 1.2a
-    - Fix compile bug in tree.c w/ libnet 1.1
-    - Sync tcpprep version to tcpreplay
-
-08/19/2002: Version 1.2
-    - Configuration files specified via -f
-    - Now requires a recent version of AutoConf (2.53)
-    - Added support for Libnet 1.1.x (requires beta8 or better)
-    - Added -V switch to print version info (tcpprep & tcpreplay)
-    - Added CIDR dual-nic support to tcpreplay. 
-    - Fix for -I in tcpreplay when only using a single NIC.
-    - Remove requirement for libpcap in tcpprep.  We're now
-        100% libpcap independant.
-    - tcpprep now supports snoop files.
-    - Added -u flag to untruncate IP packets (pad/trunc)
-    - Fixed --with-debug configure option
-    - Added RPM .spec file
-    - Added -M flag to ignore martian IP packets
-    - Now auto-detects snoop/pcap files.  Remove -S flag from tcpprep and
-        tcpreplay
-    - tcpprep now detects servers via ICMP port unreachable
-    - Improve usefulness of -h
-    - Rename -I to -v in tcpprep
-
-06/17/2002: Version 1.1
-    - Major rewrite
-    - Support multiple nics
-    - Better control over packet rates
-    - Added support for snoop capture files
-    - Includes tcpprep and capinfo commands

Docs/.svn/text-base/CREDIT.svn-base

@@ -1,33 +0,0 @@
-$Id$ 
-
-Here's a list of people in no particular order who have kindly submitted
-patches or code snippets for me to use in tcpreplay.
-
-Branden Moore <bmoore-at-cse.nd.edu>
-	- Patch to pad truncated packets
-	- Patch to allow specifying a destination MAC w/ only a single NIC
-
-Scott Mace <smace@intt.org>
-	- Patch for tcpreplay to support CIDR mode
-	- Patch for ignoring martian IP packets 
-
-Jeffrey Guttenfelder <guttenfelder@sourceforge.net>
-        - Code for pausing/restarting tcpreplay via signals.
-
-John Carlson
-        - Patch for improved timerdiv() accuracy
-
-Frey Kuo <kero@3sheep.com>
-        - Patch to replace pause option with packets/sec
-
-Seth Robertson (seth at sysd dot com)
-        - Patch to allow replaying of live traffic
-
-Nick Mathewson <nickm@freehaven.net>
-	- Kindly giving me his BSD licensed implimentation of poll()
-	  using select() so I don't have to worry about cross platform
-	  issues.
-          
-Denis McLaughlin <denism@cyberus.ca>
-        - Patch to allow TCP/UDP port translation
-

Docs/.svn/text-base/HACKING.svn-base

@@ -1,122 +0,0 @@
-$Id$
-
-                          Guide to Hacking Tcpreplay
-
-[Note: Pay attention to the last update date at the top of this file.  If it
-was significantly long ago, this document may be out of date.]
-
-0. Contributing Code
-
-If you contribute code the following will happen:
-    a) You will be given credit in the CREDITS file
-    b) Your code will be licensed under the same license as that of tcpreplay
-    c) You will be assigning your copyright to me
-
-I do this for a simple reason: keep things simple for me.
-
-1. Introduction
-
-If you're reading this to find out how to add a new feature or fix a bug in
-tcpreplay or tcpprep, then you've come to the right place.  This isn't the
-place to find answers regarding how to use tcpreplay, the meaning of life,
-etc.
-
-2. File Layout
-
-The file layout is pretty simple:
-
-/       - Code, header files, autoconf stuff
-/Docs   - Where to find documentation
-/test   - Test scripts and stuff which is used during 'make test'
-/man    - Unix man pages which get copied to $MANPATH
-
-3. Adding support for additional DLTs (Data Link Types)
-
-There are a number of files/functions that need to be touched to add support
-for a new DLT to tcpreplay and tcpprep.  Note that for a patch to be
-accepted, BOTH tcpreplay and tcpprep need to be updated to support the new
-DLT.
-
-3a) dlt.h
-Two things need to be added here:
-    - A structure defining the header
-    - A #define for the length of the header
-
-    example for DLT_CHDLC (Cisco HDLC):
-    
-/* Cisco HDLC has a simple 32 bit header */
-#define CISCO_HDLC_LEN 4
-struct cisco_hdlc_header {
-    u_int16_t address;
-    u_int16_t protocol;
-}
-
-3b) tcpreplay.c
-You will need to edit validate_l2() to process the DLT type as defined by
-pcap-bpf.h which is included with libpcap.  The key here is that tcpreplay
-needs to be able to generate a valid 802.3 ethernet frame.  Basically
-validate_l2() has to make sure that between the existing Layer 2 header (if
-any) and the user supplied arguments (-2, -I, -J, -K and -k) that enough
-information is available.  Generally this means one of:
-    - The DLT already has a valid header
-    - User specified their own complete header via -2
-    - The existing header + user specified MAC addresses are enough
-
-validate_l2() also calcuates the 'maxpacket' which is the maximum size of a
-packet that we can send out of the interface.  Generally this is the length
-of the Layer 2 header + MTU.  You shouldn't need to change anything here.
-
-3c) edit_packet.c
-Next, you'll have to edit rewrite_l2() to add support for rewriting the
-Layer 2 header from your DLT to a standard 802.3 header.  Note that
-do_packets.c will automatically fill out the source/destination MAC address
-if the appropriate flag is used (-I, -J, -K and -k) so there is no need to
-copy those values over here.
-
-3d) tcpprep.c
-Look at process_raw_packets().  Should be painfully obvious what do do here.
-
-3e) dlt_names.h
-Look in dlt_names.h and make sure your DLT type is listed here.  Note that
-this file is generated by scripts/dlt2name.pl.  If it's not listed here,
-your best bet is to edit scripts/dlt2name.pl and list it in the %known hash
-and then run:
-    make dlt_names
-
-Note that editing dlt_names.h is NOT going to work, since it will get 
-overwritten the next time it is regenerated.
-
-4. Hacking tcprewrite
-
-tcprewrite order of execution:
-
-Figure out if input file's DLT is supported
-
-foreach (packet) {
-	Update packet timestamp based on modifier
-	
-	Decide packet path via cache or CIDR lookup
-	
-	if (a Layer 2 header is specified) {
-	    if (existing Layer 2 header) {
-	        strip existing Layer 2 header
-	    }
-	    prepend specified Layer 2 header
-	}
-	
-	if (primary path or single path) {
-	    re-write MAC addresses
-	    re-write IP addresses
-	    re-write Ports
-	} else if (secondary path) {
-	    re-write MAC addresses
-	    re-write IP addresses
-	    re-write Ports
-	}
-	
-	pad or truncate packet
-	
-	fix checksums
-	
-	write packet to outfile
-}

Docs/.svn/text-base/INSTALL.svn-base

@@ -1,24 +0,0 @@
-$Id$
-
-You'll need:
-
-- libnet 1.1.x (1.1.1 or greater is recommended)
-http://www.packetfactory.net/Projects/libnet/
-
-- libpcap >= 0.6 (0.7 or greater is recommended)
-http://www.tcpdump.org/
-
-- libpcapnav >= 0.4 (Optional. If you want the jump to byte offset feature)
-http://netdude.sf.net/
-
-- tcpdump (Also optional. If you want packet decoding of sent packets)
-http://www.tcpdump.org/
-
-Run:
-./configure ; make
-
-Run as root:
-make test -i    (optional)
-make install
-
-For more detailed information, see the FAQ.

Docs/.svn/text-base/LICENSE.svn-base

@@ -1,32 +0,0 @@
-Copyright (c) 2001-2004 Aaron Turner, Matt Bing.  All rights reserved.
-
-Some portions of code are:
-Copyright(c) 1999 Anzen Computing. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. Neither the names of the copyright owners nor the names of its
-   contributors may be used to endorse or promote products derived from
-   this software without specific prior written permission.
-4. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-       This product includes software developed by Anzen Computing, Inc.
-
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
-WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Docs/.svn/text-base/Makefile.svn-base

@@ -1,40 +0,0 @@
-MAKEFLAGS=-s
-
-all: images pdf txt ps rmtemp html
-
-images:
-	fig2dev -L eps flowheader.fig flowheader.eps
-
-tex: images
-	lyx -e latex FAQ.lyx
-	lyx -e latex flowreplay.lyx
-
-dvi: tex 
-	texi2dvi FAQ.tex
-	texi2dvi flowreplay.tex
-
-html: tex 
-	latex2html -nonavigation -no_subdir -split 0 -show_section_numbers FAQ.tex
-	latex2html -nonavigation -no_subdir -split 0 -show_section_numbers flowreplay.tex
-
-
-pdf: dvi
-	dvipdfm FAQ.dvi
-	dvipdfm flowreplay.dvi
-
-txt:
-	lyx -e text FAQ.lyx
-	lyx -e text flowreplay.lyx
-
-ps: dvi
-	dvips -o FAQ.ps FAQ.dvi
-	dvips -o flowreplay.ps flowreplay.dvi
-
-rmtemp:
-	rm -f labels.pl *.log *.toc WARNINGS *.aux index.html 
-
-clean: rmtemp
-	rm -f *~
-
-distclean: rmtemp clean
-	rm -f *.html *.pdf *.txt *.ps *.dvi *.tex  *.css images.pl img1.png *.eps

Docs/.svn/text-base/TODO.svn-base

@@ -1,47 +0,0 @@
-This is a general list of things which should/could/may be done.
-If any of these features interest you let me know- especially if you're
-willing and able to help code it.
-
-- Look at VLAN packets
-    - others non-vanilla types?
-    - Add tags?  Remove tags?  Change tags?
-
-- Add support for setting the ethernet protocol field so we can use
-    -I, -K to fill out an entire ethernet header w/o using -2
-
-- Add a secondary interface full layer two rewrite option
-
-- Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
-
-- Add support for more linktypes (Prism Monitor, 802.11, etc)
-    - Make it easier for others to add support for others
-
-- Rip out packet munger from tcpreplay and put it into another tool so
-  that tcpreplay can be more optimized
-    - perhaps use libnetdude?
-    - make into a library?
-    - definately put it into a seperate binary
-
-- Improve config file format
-  - better variable names
-  - use "var: value" format
-  - have tcpreplay, tcpprep, tcprewrite sections
-
-- Add support for dual-nic send on one intf, wait for packet, send next.
-  would be really useful for testing the effectiveness of how well an IPS
-  detects and blocks attacks.
-
-- Support fragrouter like features 
-    - basic IP fragmenation
-    - TCP fudging 
-    - then more advanced stuff
-
-- Support connection tracking and generating 3way handshake for connections
-  missing them.
-
-- Bump Syn/Ack numbers by a random or given value so that running 
-  the same pcap will behave as different streams.
-
-- Improve flowreplay so it actually works
-
-- IPv6 support?

Docs/.svn/text-base/flowheader.fig.svn-base

@@ -1,92 +0,0 @@
-#FIG 3.2
-Landscape
-Center
-Inches
-Letter  
-100.00
-Single
--2
-1200 2
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 6000 3150 6000 3450
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 6000 3450 6000 3750
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 2850 8400 2850
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 3150 8400 3150
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 3450 8400 3450
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 3750 8400 3750
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 3600 2550 8400 2550 8400 4350 3600 4350 3600 2550
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 7200 3150 7200 3450
-2 1 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 2
-	 3600 4050 8400 4050
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 3600 4950 8400 4950 8400 5250 3600 5250 3600 4950
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 4800 5250 4800 5550
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 5550 8400 5550
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 3600 5250 8400 5250 8400 6150 3600 6150 3600 5250
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 3600 1350 8400 1350 8400 1950 3600 1950 3600 1350
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 1650 8400 1650
-2 2 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 5
-	 3600 6750 8400 6750 8400 7950 3600 7950 3600 6750
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 3600 6150 8400 6150 8400 6750 3600 6750 3600 6150
-2 1 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 2
-	 3600 6450 8400 6450
-2 1 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 2
-	 3600 5850 8400 5850
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 450 8400 450
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 3600 150 8400 150 8400 750 3600 750 3600 150
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 4800 150 4800 450
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 6000 150 6000 450
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 7200 150 7200 450
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 6000 5250 6000 5550
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 6000 1650 6000 1950
-4 0 0 50 0 0 12 0.0000 4 135 840 4350 3375 IP Protocol\001
-4 0 0 50 0 0 12 0.0000 4 180 1380 5250 2775 Client (Source) IP\001
-4 0 0 50 0 0 12 0.0000 4 180 1785 5100 3075 Server (Destination) IP\001
-4 0 0 50 0 0 12 0.0000 4 180 1725 3900 3675 Client Port/ICMP Type\001
-4 0 0 50 0 0 12 0.0000 4 135 1785 6375 3675 Server Port/ICMP Code\001
-4 0 0 50 0 0 12 0.0000 4 180 420 6375 3375 Flags\001
-4 0 0 50 0 0 12 0.0000 4 135 660 7350 3375 Instance\001
-4 0 0 50 0 0 12 0.0000 4 180 1260 8625 5100 Flag 1: Direction\001
-4 0 0 50 0 0 12 0.0000 4 180 1365 8625 2775 Flag 1: Last Index\001
-4 0 0 50 0 0 12 0.0000 4 180 1035 8625 3000 Flag 2: Ignore\001
-4 0 0 50 0 0 12 0.0000 4 180 1620 8625 3225 Flag 3: Server Socket\001
-4 0 0 50 0 0 12 0.0000 4 180 1035 8625 5325 Flag 2: Ignore\001
-4 0 0 50 0 0 12 0.0000 4 180 2100 4950 5175 Data Length of This Stream\001
-4 0 0 50 0 0 12 0.0000 4 180 420 3675 5475 Flags\001
-4 0 0 50 0 0 12 0.0000 4 135 2100 4875 3975 Offset to First Data Stream\001
-4 0 0 50 0 0 12 0.0000 4 180 2040 8625 5775 Flag 4: Urgent Data Exists\001
-4 0 0 50 0 0 12 0.0000 4 180 1125 5400 1575 Magic Number\001
-4 0 0 50 0 0 12 0.0000 4 135 960 5475 7350 Data Stream\001
-4 0 0 50 0 0 12 0.0000 4 180 2235 4950 6375 Offset to Next Data Segment\001
-4 0 0 50 0 0 12 0.0000 4 135 915 5475 675 32 Bit Word\001
-4 0 0 50 0 0 12 0.0000 4 135 450 3975 375 8 Bits\001
-4 0 0 50 0 0 12 0.0000 4 180 705 5100 5475 Urg Data\001
-4 0 0 50 0 0 12 0.0000 4 135 720 6825 5475 Reserved\001
-4 0 0 50 0 0 12 0.0000 4 180 840 5625 5775 Timestamp\001
-4 0 0 50 0 0 12 0.0000 4 135 945 5475 6675 In This Flow\001
-4 0 0 50 0 0 12 0.0000 4 180 1305 5325 2475 Flow Index Entry\001
-4 0 0 50 0 0 12 0.0000 4 135 1560 5250 4875 Data Stream Header\001
-4 0 0 50 0 0 12 0.0000 4 180 1635 5250 1275 Flowprep File Header\001
-4 0 0 50 0 0 12 0.0000 4 180 2055 8625 5550 Flag 3: More Data Streams\001
-4 0 0 50 0 0 12 0.0000 4 135 720 6900 1875 Reserved\001
-4 0 0 50 0 0 12 0.0000 4 135 600 4575 1875 Version\001

Docs/.svn/wcprops/CHANGELOG.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 59
-/svn/!svn/ver/1133/tcpreplay/branches/stable/Docs/CHANGELOG
-END

Docs/.svn/wcprops/CREDIT.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 55
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/CREDIT
-END

Docs/.svn/wcprops/FAQ.lyx.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 56
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/FAQ.lyx
-END

Docs/.svn/wcprops/HACKING.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 56
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/HACKING
-END

Docs/.svn/wcprops/INSTALL.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 56
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/INSTALL
-END

Docs/.svn/wcprops/LICENSE.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 56
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/LICENSE
-END

Docs/.svn/wcprops/Makefile.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 57
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/Makefile
-END

Docs/.svn/wcprops/TODO.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 53
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/TODO
-END

Docs/.svn/wcprops/flowheader.fig.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 63
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/flowheader.fig
-END

Docs/.svn/wcprops/flowreplay.lyx.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 63
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/flowreplay.lyx
-END

Docs/CHANGELOG

@@ -1,277 +0,0 @@
-$Id: CHANGELOG 1133 2005-02-09 01:31:16Z aturner $
-
-02/09/2005: Version 2.3.3
-    - Fix port rewriting feature on little-endian systems
-    - configure now properly handles --with-libnet and --with-libpcap
-
-11/08/2004: Version 2.3.2
-    - When sending via -1, report which interface the packet will exit
-    - Fix bug when caplen > packet len
-    - Allow rewriting of Layer 2 via -2 for Cisco HDLC (DLT_CHDLC)
-
-09/19/2004: Version 2.3.1
-    - Fix bug with fakepcap.c which appeared on systems using an older
-      version of libpcap (such as Red Hat 9.0)
-    - Don't die when setting STDERR to non-blocking
-
-09/05/2004: Version 2.3.0
-    - Fix longstanding endian bug in cache files on little endian systems
-      (note that this breaks compatibility w/ existing cache files created
-      on little endian systems)
-    - Add support to tcpreplay and tcpprep for DLT_CHDLC (Cisco HDLC)
-    - Clean up validate_l2() and rewrite_l2()
-    - Write a simple perl script to parse net/bpf.h of DLT values
-    - Teach everything the names of all the current DLT values
-    - Detect if libpcap supports pcap_datalink_val_to_description()
-    - Start printing datalink descriptions instead of DLT values
-    - Remove magic numbers from tcpreplay.c
-    - Add a HACKING document
-
-06/21/2004: Version 2.2.2
-    - tcpprep now supports DLT_RAW and DLT_LINUX_SLL
-    - add makefile target for website docs (FAQ.html, FAQ.pdf, CHANGELOG)
-    - Fix some sanity checks in tcpreplay for processing various DLT types
-      in validate_l2()
-    - Fix -x & -X
-    - Merge in patch from Denis which rewrites TCP/UDP ports via -4
-    - Fix rewrite of source MAC address in single interface mode (bug #975848)
-
-05/16/2004: Version 2.2.1
-    - Fix compile issue under RH9
-    - Fix compile issue when not using --with-debug
-
-05/15/2004: Version 2.2.0
-    - Fix pseudo-NAT (not evaluating all rules and an infinate loop)
-    - Start using strtok_r() in any function to prevent future bugs
-    - Minor updates to tcpprep.1 & tcpreplay.8 man pages
-    - Re-org some functions into different files for better modularity
-    - Clean up of some of the cache comment code
-    - flowreplay man page moved to section 1
-    - Update tcpprep and tcpreplay man pages and the FAQ
-    - Improve documentation regarding pseudo-NAT feature
-    - Fix one output mode which treated all packets as primary
-    - Add endpoint mode (-e) which rewrites all traffic between two IP's
-    - Fix rewrite of IP addresses in ARP requests & replies w/ pseudo-NAT
-    - Fix CIDR matching of 0.0.0.0/0 (all packets) which matched only 
-      255.255.255.255
-    - All CIDR notation now accepts IP addresses w/o requiring /32
-    - non-debug mode now uses -O3 -funroll-loops for better performance
-
-05/01/2004: Version 2.1.1
-    - Fix ntohll/htonll compile error on big endian systems
-
-04/23/2004: Version 2.1.0
-    - Add support for per output interface/file NAT tables 
-    - Add support for using dual output features w/ a single output
-    - Add support to tcpprep for splitting via destination port
-    - Now fully 64bit when tracking number of packets
-    - Fix a bug where sometimes the last few packets are not sent when using
-      a tcpprep cache file
-    - Some code refactorization/cleanup
-    - tcpprep cache files now support user comments
-    - Fix bug where regex optimization was turned always turned off
-
-03/24/2004: Version 2.0.3
-    - Add support for rewriting src mac & Linux SLL loopback frames
-    - Update FAQ
-
-02/25/2004: Version 2.0.2
-    - Fix compile issue in edit_packet.c on strict aligned archs
-
-02/03/2004: Version 2.0.1
-    - Re-organize FAQ and add more content
-    - Add support for "pseudo NAT" (-N) for ARP and IPv4
-    - Code optimization to only run the checksum fixer once per packet
-    - Clean up help (-h) a little
-
-02/01/2004: Version 2.0.0
-    - Remove libpcapnav requirement
-    - Now support libpcapnav >= 0.4
-    - Add -1 to replay one packet at a time (user must hit <ENTER>)
-    - Add tcpdump packet parsing to print packets as sent (-v)
-    - Place flowreplay manpage in correct location
-    - More FAQ updates
-    - Rename 1.5.x as 2.0
-    - Fix/standardize all licensing info.  Still BSD of course.
-    - -T now forces -F
-    - tcpprep now actually accepts -n (client|server)
-    - Update the INSTALL doc
-    - Remove the Docs/README... the FAQ has replaced it.
-
-12/10/2003: Version 1.5.alpha6
-    - Add BPF filter support to tcpprep and tcpreplay (-x F:"filter")
-    - Update the FAQ
-    - Add two new auto modes to tcpprep (client and server)
-    - Make clean no longer wipes out the compiled documentation in Docs
-    - Add support for replaying live traffic
-    - Add bridge mode
-    - Add -L to limit the total number of packets to send
-
-11/03/2003: Version 1.5.alpha5
-    - Add -T to truncate packets > MTU so they can be sent
-    - Now fixes ICMP checksums as appropriate
-    - Updated FAQ
-    - Updated flowreplay design doc
-    - Merge packetrate code from 1.4.5
-    - Fix compile issues under Libnet 1.1.1
-    - --with-debug now enables debuging during 'make test'
-    - Fix various Solaris compatibility bugs
-    - Add data dump mode which dumps layer 7 data to the file (-D)
-    - Now requires libpcapnav
-    - Allow to jump X bytes into the pcap and start replaying packets (-o)
-    - Can now split traffic/data into files (-w & -W)
-
-07/16/2003: Version 1.5.alpha4
-    - Split do_packets.c & do_packets() -> edit_packet.c & rewrite_l2()
-    - Don't die when packet > MTU, just skip
-    - Fix a ptr bug in do_packets() w/ the ethernet header
-    - Merge Ctrl-C fix from 1.4.4 for libnet_adv_write_link() 
-        in do_packets.c
-    - Rewrite flowreplay design document
-    - Fix an integer overflow in packet_stats() in tcpreplay.c
-    - tcpreplay's -2 now accepts a hex string rather then a filename
-    - tcpreplay now can output to a file (-w <file>)
-    - fix bug in checksum fixer
-    - Add support for files > 2GB
-
-06/06/2003: Version 1.5.alpha3
-    - Add support for Linux Cooked Sockets (SLL) format rewriting
-    - Added a flowreplay design doc in Docs/
-    - A lot more work on flowreplay
-    - Start work on read-ahead buffering of packets in flowreplay        
-    - Add support for specifying MTU.
-    - Update tcpreplay man page
-    - Fix compile of do_packets() under OpenBSD
-    - configure now checks for libpcap >= 0.6 (required for SLL)
-
-
-05/29/2003: Version 1.5.alpha2
-    - Add -F to force checksum fixing
-    - Fix packet corruption when not using -2
-    - Improve timerdiv() code
-    - Port from libredblack to OpenBSD RB_*
-    - Add flowreplay application
-    - Fix a bunch of compiler warnings about miss-matched sign
-    - IP & layer 4 checksums now work when IP options exist (tcpreplay)
-    - Updated FAQ
-    - Fix spec file
-
-05/07/2003: Version 1.5.alpha1
-    - Add layer2 rewriting
-
-05/07/2002: Branch 1.4.x tree
-
-05/04/2003: Version 1.4.beta5
-    - Fixed a one-off bug when replaying tcpprep cache files
-    - Fixed a small reporting bug in tcpprep
-
-05/02/2003: Version 1.4.beta4
-    - significantly improved timing accuracy between packets
-    - fix bug with writing only about 1/2 of cache data which caused
-        tcpreplay to bitch
-    - updated 'make test' standard cache files
-    - improved alignment of cache header (20bytes vs 17bytes)
-
-04/30/2003: Version 1.4.beta3
-    - Specifying a list of packets to include/exclude now works (-x/X P:)
-    - Minor code cleanups (better error messages, etc)
-    - Add -p option to pause a given number of sec/usec between each packet
-    - Ported tcpprep to libpcap
-    - Increase final report resolution to two sig digits
-    - Switch to err.h that we ship rather then system provided err.h
-    - Don't reset timer each time we open a file for reading
-    - fix --mandir option for ./configure
-    - fix SIGSEGV in tcpprep
-    - Add SIGUSR1 and SIGCONT signal support to tcpreplay
-    - Updated tcpreplay man pages
-    - Remove need for math.h/libm
-
-01/07/2003: Version 1.4.beta2
-    - Major updates to configure script
-    - Remove unneeded memcpy() for non-strict aligned architectures
-        for added performance boost
-    - Switch to libpcap for reading packets
-    - Fix portability issues with tcpprep cache files
-
-12/23/2002: Version 1.4.beta1
-    - Remove libnet 1.0 support
-    - Start a quality FAQ for all programs
-    - Add support for detecting libpcap in autoconf
-    - Add pcapmerge to makefile and port to non-BSD OS's
-    - Write pcapmerge manpage
-    - Variety of small configure/makefile improvements
-
-12/13/2002: Version 1.3.0
-    - Re-release 1.3.beta6 as 1.3.0
-
-11/22/2002: Version 1.3.beta6
-    - Improve cross platform compatibility of test subsystem
-    - Fix bug in Makefile which caused possible failures of clean/distclean
-    - Fix bug with CCFLAGS when using --with-debug
-    - Fix bug with -x/-X which would drop/send all packets in certain 
-        conditions
-    - Update libredblack to 1.2 (latest)
-    - Add support for OSX
-    - Add --with-testnic and --with-testnic2 to allow end user to specify
-        specific network cards to be used for 'make test'
-    - Fixes SIGBUS errors on SPARC
-
-11/08/2002: Version 1.3-beta5
-    - Add testing subsystem
-    - Fix segfault when we don't send a packet
-    - Improve debug output support in dbg()
-
-10/21/2002: Version 1.3-beta4
-    - Updated tcpprep man page with -x and -X options
-    - Now supports (again) the include/exclude options in the config file
-    - Fixed -x|-X sanity check in tcpprep/tcpreplay
-
-10/13/2002: Version 1.3-beta3
-    - Fix compile of list.c under FreeBSD 4.7 and others
-    - Add -x|-X to tcpprep
-    - Modify cache file format to be 2 bits/packet to allow caching of
-        -x|-X args (dropping packets)
-    - Modularize some more code
-
-10/08/2002: Version 1.3-beta2
-    - Fix ./configure bug w/ INET_ATON and INET_ADDR
-    - Add support for filtering packets to send based on
-        IP address or packet number (-x & -X)
-    - Move a lot of code from tcpreplay.c to do_packets.c
-    - Update tcpreplay man page
-
-10/03/2002: Version 1.3-beta1
-    - Add support for randomizing IP addresses (-s)
-    - Update tcpreplay man page
-    - Fix problem with checksums after untruncate
-
-08/21/2002: Version 1.2a
-    - Fix compile bug in tree.c w/ libnet 1.1
-    - Sync tcpprep version to tcpreplay
-
-08/19/2002: Version 1.2
-    - Configuration files specified via -f
-    - Now requires a recent version of AutoConf (2.53)
-    - Added support for Libnet 1.1.x (requires beta8 or better)
-    - Added -V switch to print version info (tcpprep & tcpreplay)
-    - Added CIDR dual-nic support to tcpreplay. 
-    - Fix for -I in tcpreplay when only using a single NIC.
-    - Remove requirement for libpcap in tcpprep.  We're now
-        100% libpcap independant.
-    - tcpprep now supports snoop files.
-    - Added -u flag to untruncate IP packets (pad/trunc)
-    - Fixed --with-debug configure option
-    - Added RPM .spec file
-    - Added -M flag to ignore martian IP packets
-    - Now auto-detects snoop/pcap files.  Remove -S flag from tcpprep and
-        tcpreplay
-    - tcpprep now detects servers via ICMP port unreachable
-    - Improve usefulness of -h
-    - Rename -I to -v in tcpprep
-
-06/17/2002: Version 1.1
-    - Major rewrite
-    - Support multiple nics
-    - Better control over packet rates
-    - Added support for snoop capture files
-    - Includes tcpprep and capinfo commands

Docs/CREDIT

@@ -1,33 +0,0 @@
-$Id: CREDIT 767 2004-10-06 12:48:49Z aturner $ 
-
-Here's a list of people in no particular order who have kindly submitted
-patches or code snippets for me to use in tcpreplay.
-
-Branden Moore <bmoore-at-cse.nd.edu>
-	- Patch to pad truncated packets
-	- Patch to allow specifying a destination MAC w/ only a single NIC
-
-Scott Mace <smace@intt.org>
-	- Patch for tcpreplay to support CIDR mode
-	- Patch for ignoring martian IP packets 
-
-Jeffrey Guttenfelder <guttenfelder@sourceforge.net>
-        - Code for pausing/restarting tcpreplay via signals.
-
-John Carlson
-        - Patch for improved timerdiv() accuracy
-
-Frey Kuo <kero@3sheep.com>
-        - Patch to replace pause option with packets/sec
-
-Seth Robertson (seth at sysd dot com)
-        - Patch to allow replaying of live traffic
-
-Nick Mathewson <nickm@freehaven.net>
-	- Kindly giving me his BSD licensed implimentation of poll()
-	  using select() so I don't have to worry about cross platform
-	  issues.
-          
-Denis McLaughlin <denism@cyberus.ca>
-        - Patch to allow TCP/UDP port translation
-

Docs/INSTALL

@@ -1,24 +0,0 @@
-$Id: INSTALL 767 2004-10-06 12:48:49Z aturner $
-
-You'll need:
-
-- libnet 1.1.x (1.1.1 or greater is recommended)
-http://www.packetfactory.net/Projects/libnet/
-
-- libpcap >= 0.6 (0.7 or greater is recommended)
-http://www.tcpdump.org/
-
-- libpcapnav >= 0.4 (Optional. If you want the jump to byte offset feature)
-http://netdude.sf.net/
-
-- tcpdump (Also optional. If you want packet decoding of sent packets)
-http://www.tcpdump.org/
-
-Run:
-./configure ; make
-
-Run as root:
-make test -i    (optional)
-make install
-
-For more detailed information, see the FAQ.

Docs/Makefile

@@ -1,40 +0,0 @@
-MAKEFLAGS=-s
-
-all: images pdf txt ps rmtemp html
-
-images:
-	fig2dev -L eps flowheader.fig flowheader.eps
-
-tex: images
-	lyx -e latex FAQ.lyx
-	lyx -e latex flowreplay.lyx
-
-dvi: tex 
-	texi2dvi FAQ.tex
-	texi2dvi flowreplay.tex
-
-html: tex 
-	latex2html -nonavigation -no_subdir -split 0 -show_section_numbers FAQ.tex
-	latex2html -nonavigation -no_subdir -split 0 -show_section_numbers flowreplay.tex
-
-
-pdf: dvi
-	dvipdfm FAQ.dvi
-	dvipdfm flowreplay.dvi
-
-txt:
-	lyx -e text FAQ.lyx
-	lyx -e text flowreplay.lyx
-
-ps: dvi
-	dvips -o FAQ.ps FAQ.dvi
-	dvips -o flowreplay.ps flowreplay.dvi
-
-rmtemp:
-	rm -f labels.pl *.log *.toc WARNINGS *.aux index.html 
-
-clean: rmtemp
-	rm -f *~
-
-distclean: rmtemp clean
-	rm -f *.html *.pdf *.txt *.ps *.dvi *.tex  *.css images.pl img1.png *.eps

Docs/TODO

@@ -1,47 +0,0 @@
-This is a general list of things which should/could/may be done.
-If any of these features interest you let me know- especially if you're
-willing and able to help code it.
-
-- Look at VLAN packets
-    - others non-vanilla types?
-    - Add tags?  Remove tags?  Change tags?
-
-- Add support for setting the ethernet protocol field so we can use
-    -I, -K to fill out an entire ethernet header w/o using -2
-
-- Add a secondary interface full layer two rewrite option
-
-- Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
-
-- Add support for more linktypes (Prism Monitor, 802.11, etc)
-    - Make it easier for others to add support for others
-
-- Rip out packet munger from tcpreplay and put it into another tool so
-  that tcpreplay can be more optimized
-    - perhaps use libnetdude?
-    - make into a library?
-    - definately put it into a seperate binary
-
-- Improve config file format
-  - better variable names
-  - use "var: value" format
-  - have tcpreplay, tcpprep, tcprewrite sections
-
-- Add support for dual-nic send on one intf, wait for packet, send next.
-  would be really useful for testing the effectiveness of how well an IPS
-  detects and blocks attacks.
-
-- Support fragrouter like features 
-    - basic IP fragmenation
-    - TCP fudging 
-    - then more advanced stuff
-
-- Support connection tracking and generating 3way handshake for connections
-  missing them.
-
-- Bump Syn/Ack numbers by a random or given value so that running 
-  the same pcap will behave as different streams.
-
-- Improve flowreplay so it actually works
-
-- IPv6 support?

Docs/flowheader.eps

@@ -1,278 +0,0 @@
-%!PS-Adobe-2.0 EPSF-2.0
-%%Title: flowheader.fig
-%%Creator: fig2dev Version 3.2 Patchlevel 5-alpha5
-%%CreationDate: Thu Feb 10 12:32:01 2005
-%%For: aturner@vodka (Aaron Turner,,,)
-%%BoundingBox: 0 0 430 470
-%Magnification: 1.0000
-%%EndComments
-/$F2psDict 200 dict def
-$F2psDict begin
-$F2psDict /mtrx matrix put
-/col-1 {0 setgray} bind def
-/col0 {0.000 0.000 0.000 srgb} bind def
-/col1 {0.000 0.000 1.000 srgb} bind def
-/col2 {0.000 1.000 0.000 srgb} bind def
-/col3 {0.000 1.000 1.000 srgb} bind def
-/col4 {1.000 0.000 0.000 srgb} bind def
-/col5 {1.000 0.000 1.000 srgb} bind def
-/col6 {1.000 1.000 0.000 srgb} bind def
-/col7 {1.000 1.000 1.000 srgb} bind def
-/col8 {0.000 0.000 0.560 srgb} bind def
-/col9 {0.000 0.000 0.690 srgb} bind def
-/col10 {0.000 0.000 0.820 srgb} bind def
-/col11 {0.530 0.810 1.000 srgb} bind def
-/col12 {0.000 0.560 0.000 srgb} bind def
-/col13 {0.000 0.690 0.000 srgb} bind def
-/col14 {0.000 0.820 0.000 srgb} bind def
-/col15 {0.000 0.560 0.560 srgb} bind def
-/col16 {0.000 0.690 0.690 srgb} bind def
-/col17 {0.000 0.820 0.820 srgb} bind def
-/col18 {0.560 0.000 0.000 srgb} bind def
-/col19 {0.690 0.000 0.000 srgb} bind def
-/col20 {0.820 0.000 0.000 srgb} bind def
-/col21 {0.560 0.000 0.560 srgb} bind def
-/col22 {0.690 0.000 0.690 srgb} bind def
-/col23 {0.820 0.000 0.820 srgb} bind def
-/col24 {0.500 0.190 0.000 srgb} bind def
-/col25 {0.630 0.250 0.000 srgb} bind def
-/col26 {0.750 0.380 0.000 srgb} bind def
-/col27 {1.000 0.500 0.500 srgb} bind def
-/col28 {1.000 0.630 0.630 srgb} bind def
-/col29 {1.000 0.750 0.750 srgb} bind def
-/col30 {1.000 0.880 0.880 srgb} bind def
-/col31 {1.000 0.840 0.000 srgb} bind def
-
-end
-save
-newpath 0 470 moveto 0 0 lineto 430 0 lineto 430 470 lineto closepath clip newpath
--215.3 477.7 translate
-1 -1 scale
-
-/cp {closepath} bind def
-/ef {eofill} bind def
-/gr {grestore} bind def
-/gs {gsave} bind def
-/sa {save} bind def
-/rs {restore} bind def
-/l {lineto} bind def
-/m {moveto} bind def
-/rm {rmoveto} bind def
-/n {newpath} bind def
-/s {stroke} bind def
-/sh {show} bind def
-/slc {setlinecap} bind def
-/slj {setlinejoin} bind def
-/slw {setlinewidth} bind def
-/srgb {setrgbcolor} bind def
-/rot {rotate} bind def
-/sc {scale} bind def
-/sd {setdash} bind def
-/ff {findfont} bind def
-/sf {setfont} bind def
-/scf {scalefont} bind def
-/sw {stringwidth} bind def
-/tr {translate} bind def
-/tnt {dup dup currentrgbcolor
-  4 -2 roll dup 1 exch sub 3 -1 roll mul add
-  4 -2 roll dup 1 exch sub 3 -1 roll mul add
-  4 -2 roll dup 1 exch sub 3 -1 roll mul add srgb}
-  bind def
-/shd {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
-  4 -2 roll mul srgb} bind def
-/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
-/$F2psEnd {$F2psEnteredState restore end} def
-
-$F2psBegin
-10 setmiterlimit
-0 slj 0 slc
- 0.06000 0.06000 sc
-%
-% Fig objects follow
-%
-% 
-% here starts figure with depth 50
-% Polyline
-0 slj
-0 slc
-7.500 slw
-n 6000 3150 m
- 6000 3450 l gs col0 s gr 
-% Polyline
-n 6000 3450 m
- 6000 3750 l gs col0 s gr 
-% Polyline
-n 3600 2850 m
- 8400 2850 l gs col0 s gr 
-% Polyline
-n 3600 3150 m
- 8400 3150 l gs col0 s gr 
-% Polyline
-n 3600 3450 m
- 8400 3450 l gs col0 s gr 
-% Polyline
-n 3600 3750 m
- 8400 3750 l gs col0 s gr 
-% Polyline
-n 3600 2550 m 8400 2550 l 8400 4350 l 3600 4350 l
- cp gs col0 s gr 
-% Polyline
-n 7200 3150 m
- 7200 3450 l gs col0 s gr 
-% Polyline
- [15 45] 45 sd
-n 3600 4050 m
- 8400 4050 l gs col0 s gr  [] 0 sd
-% Polyline
-n 3600 4950 m 8400 4950 l 8400 5250 l 3600 5250 l
- cp gs col0 s gr 
-% Polyline
-n 4800 5250 m
- 4800 5550 l gs col0 s gr 
-% Polyline
-n 3600 5550 m
- 8400 5550 l gs col0 s gr 
-% Polyline
-n 3600 5250 m 8400 5250 l 8400 6150 l 3600 6150 l
- cp gs col0 s gr 
-% Polyline
-n 3600 1350 m 8400 1350 l 8400 1950 l 3600 1950 l
- cp gs col0 s gr 
-% Polyline
-n 3600 1650 m
- 8400 1650 l gs col0 s gr 
-% Polyline
- [15 45] 45 sd
-n 3600 6750 m 8400 6750 l 8400 7950 l 3600 7950 l
- cp gs col0 s gr  [] 0 sd
-% Polyline
-n 3600 6150 m 8400 6150 l 8400 6750 l 3600 6750 l
- cp gs col0 s gr 
-% Polyline
- [15 45] 45 sd
-n 3600 6450 m
- 8400 6450 l gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 3600 5850 m
- 8400 5850 l gs col0 s gr  [] 0 sd
-% Polyline
-n 3600 450 m
- 8400 450 l gs col0 s gr 
-% Polyline
-n 3600 150 m 8400 150 l 8400 750 l 3600 750 l
- cp gs col0 s gr 
-% Polyline
-n 4800 150 m
- 4800 450 l gs col0 s gr 
-% Polyline
-n 6000 150 m
- 6000 450 l gs col0 s gr 
-% Polyline
-n 7200 150 m
- 7200 450 l gs col0 s gr 
-% Polyline
-n 6000 5250 m
- 6000 5550 l gs col0 s gr 
-% Polyline
-n 6000 1650 m
- 6000 1950 l gs col0 s gr 
-/Times-Roman ff 180.00 scf sf
-4350 3375 m
-gs 1 -1 sc (IP Protocol) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5250 2775 m
-gs 1 -1 sc (Client \(Source\) IP) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5100 3075 m
-gs 1 -1 sc (Server \(Destination\) IP) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-3900 3675 m
-gs 1 -1 sc (Client Port/ICMP Type) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-6375 3675 m
-gs 1 -1 sc (Server Port/ICMP Code) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-6375 3375 m
-gs 1 -1 sc (Flags) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-7350 3375 m
-gs 1 -1 sc (Instance) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 5100 m
-gs 1 -1 sc (Flag 1: Direction) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 2775 m
-gs 1 -1 sc (Flag 1: Last Index) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 3000 m
-gs 1 -1 sc (Flag 2: Ignore) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 3225 m
-gs 1 -1 sc (Flag 3: Server Socket) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 5325 m
-gs 1 -1 sc (Flag 2: Ignore) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-4950 5175 m
-gs 1 -1 sc (Data Length of This Stream) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-3675 5475 m
-gs 1 -1 sc (Flags) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-4875 3975 m
-gs 1 -1 sc (Offset to First Data Stream) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 5775 m
-gs 1 -1 sc (Flag 4: Urgent Data Exists) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5400 1575 m
-gs 1 -1 sc (Magic Number) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5475 7350 m
-gs 1 -1 sc (Data Stream) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-4950 6375 m
-gs 1 -1 sc (Offset to Next Data Segment) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5475 675 m
-gs 1 -1 sc (32 Bit Word) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-3975 375 m
-gs 1 -1 sc (8 Bits) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5100 5475 m
-gs 1 -1 sc (Urg Data) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-6825 5475 m
-gs 1 -1 sc (Reserved) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5625 5775 m
-gs 1 -1 sc (Timestamp) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5475 6675 m
-gs 1 -1 sc (In This Flow) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5325 2475 m
-gs 1 -1 sc (Flow Index Entry) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5250 4875 m
-gs 1 -1 sc (Data Stream Header) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5250 1275 m
-gs 1 -1 sc (Flowprep File Header) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 5550 m
-gs 1 -1 sc (Flag 3: More Data Streams) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-6900 1875 m
-gs 1 -1 sc (Reserved) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-4575 1875 m
-gs 1 -1 sc (Version) col0 sh gr
-% here ends figure;
-$F2psEnd
-rs
-showpage
-%%Trailer
-%EOF

Docs/flowreplay.html

@@ -1,664 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
-original version by:  Nikos Drakos, CBLU, University of Leeds
-* revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
-* with significant contributions from:
-  Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
-<HTML>
-<HEAD>
-<TITLE>Flowreplay Design Notes</TITLE>
-<META NAME="description" CONTENT="Flowreplay Design Notes">
-<META NAME="keywords" CONTENT="flowreplay">
-<META NAME="resource-type" CONTENT="document">
-<META NAME="distribution" CONTENT="global">
-
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
-<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
-
-<LINK REL="STYLESHEET" HREF="flowreplay.css">
-
-</HEAD>
-
-<BODY >
-
-<P>
-
-<P>
-
-<P>
-
-<P>
-<H1 ALIGN="CENTER"><SPAN ID="hue33">Flowreplay Design Notes</SPAN></H1>
-<DIV CLASS="author_info">
-
-<P ALIGN="CENTER"><STRONG><SPAN ID="hue35">Aaron Turner </SPAN></STRONG></P>
-<P ALIGN="CENTER"><I><SPAN ID="hue37">http://synfin.net/</SPAN></I></P>
-<P ALIGN="CENTER"><STRONG><SPAN ID="hue39">Last Edited:</SPAN>
-<BR><SPAN ID="hue41">October 23, 2003</SPAN></STRONG></P>
-</DIV>
-
-<P>
-
-<H1><A NAME="SECTION00010000000000000000">
-<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue43">Overview</SPAN></A>
-</H1>
-
-<P>
-<SPAN ID="hue45">Tcpreplay</SPAN><A NAME="tex2html1"
-  HREF="#foot362"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A> <SPAN ID="hue49">was designed to replay traffic previously captured
-in the pcap format back onto the wire for testing NIDS and other passive
-devices. Over time, it was enhanced to be able to test in-line network
-devices. However, a re-occurring feature request for tcpreplay is
-to connect to a server in order to test applications and host TCP/IP
-stacks. It was determined early on, that adding this feature to tcpreplay
-was far too complex, so I decided to create a new tool specifically
-designed for this.</SPAN>
-<P>
-<SPAN ID="hue51">Flowreplay is designed to replay traffic at Layer
-4 or 7 depending on the protocol rather then at Layer 2 like tcpreplay
-does. This allows flowreplay to connect to one or more servers using
-a pcap savefile as the basis of the connections. Hence, flowreplay
-allows the testing of applications running on real servers rather
-then passive devices. </SPAN>
-<P>
-
-<H1><A NAME="SECTION00020000000000000000">
-<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue53">Features</SPAN></A>
-</H1>
-
-<P>
-
-<H2><A NAME="SECTION00021000000000000000">
-<SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue55">Requirements</SPAN></A>
-</H2>
-
-<P>
-
-<OL>
-<LI><SPAN ID="hue58">Full TCP/IP support, including IP fragments and
-TCP stream reassembly.</SPAN>
-</LI>
-<LI><SPAN ID="hue60">Support replaying TCP and UDP flows.</SPAN>
-</LI>
-<LI><SPAN ID="hue62">Code should handle each flow/service independently.</SPAN>
-</LI>
-<LI><SPAN ID="hue64">Should be able to connect to the server(s) in the
-pcap file or to a user specified IP address.</SPAN>
-</LI>
-<LI><SPAN ID="hue66">Support a plug-in architecture to allow adding application
-layer intelligence.</SPAN>
-</LI>
-<LI><SPAN ID="hue68">Plug-ins must be able to support multi-flow protocols
-like FTP.</SPAN>
-</LI>
-<LI><SPAN ID="hue365">Ship with a default plug-in which will work ``well
-enough'' for simple single-flow protocols like HTTP and telnet.</SPAN>
-</LI>
-<LI><SPAN ID="hue366">Flows being replayed ``correctly'' is more important
-then performance (Mbps).</SPAN>
-</LI>
-<LI><SPAN ID="hue74">Portable to run on common flavors of Unix and Unix-like
-systems.</SPAN>
-</LI>
-</OL>
-
-<P>
-
-<H2><A NAME="SECTION00022000000000000000">
-<SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue77">Wishes</SPAN></A>
-</H2>
-
-<P>
-
-<OL>
-<LI><SPAN ID="hue80">Support clients connecting to flowreplay on a limited
-basis. Flowreplay would replay the server side of the connection.</SPAN>
-</LI>
-<LI><SPAN ID="hue82">Support other IP based traffic (ICMP, VRRP, OSPF,
-etc) via plug-ins.</SPAN>
-</LI>
-<LI><SPAN ID="hue84">Support non-IP traffic (ARP, STP, CDP, etc) via
-plug-ins.</SPAN>
-</LI>
-<LI><SPAN ID="hue86">Limit which flows are replayed using user defined
-filters. (bpf filter syntax?)</SPAN>
-</LI>
-<LI><SPAN ID="hue88">Process pcap files directly with no intermediary
-file conversions.</SPAN>
-</LI>
-<LI><SPAN ID="hue90">Should be able to scale to pcap files in the 100's
-of MB in size and 100+ simultaneous flows on a P3 500MHz w/ 256MB
-of RAM.</SPAN>
-</LI>
-</OL>
-
-<P>
-
-<H1><A NAME="SECTION00030000000000000000">
-<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue93">Design Thoughts</SPAN></A>
-</H1>
-
-<P>
-
-<H2><A NAME="SECTION00031000000000000000">
-<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue95">Sending and Receiving traffic</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue97">Flowreplay must be able to process multiple connections
-to one or more devices. There are two options:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue100">Use sockets</SPAN><A NAME="tex2html2"
-  HREF="#foot370"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A> <SPAN ID="hue104">to send and receive data</SPAN>
-</LI>
-<LI><SPAN ID="hue106">Use libpcap</SPAN><A NAME="tex2html3"
-  HREF="#foot371"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> <SPAN ID="hue110">to receive packets and libnet</SPAN><A NAME="tex2html4"
-  HREF="#foot372"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A> <SPAN ID="hue114">to send packets</SPAN>
-</LI>
-</OL>
-<SPAN ID="hue117">Although using libpcap/libnet would allow more simultaneous
-connections and greater flexibility, there would be a very high complexity
-cost associated with it. With that in mind, I've decided to use sockets
-to send and receive data.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00032000000000000000">
-<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue119">Handling Multiple Connections</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue121">Because a pcap file can contain multiple simultaneous
-flows, we need to be able to support that too. The biggest problem
-with this is reading packet data in a different order then stored
-in the pcap file. </SPAN>
-<P>
-<SPAN ID="hue123">Reading and writing to multiple sockets is easy
-with select() or poll(), however a pcap file has it's data stored
-serially, but we need to access it randomly. There are a number of
-possible solutions for this such as caching packets in RAM where they
-can be accessed more randomly, creating an index of the packets in
-the pcap file, or converting the pcap file to another format altogether.
-Alternatively, I've started looking at libpcapnav</SPAN><A NAME="tex2html5"
-  HREF="#foot124"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A> <SPAN ID="hue126">as an alternate means to navigate a pcap file and
-process packets out of order.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00033000000000000000">
-<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue128">Data Synchronization</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue375">Knowing when to start sending client traffic in
-response to the server will be &#34;tricky&#34;. Without
-understanding the actual protocol involved, probably the best general
-solution is waiting for a given period of time after no more data
-from the server has been received. Not sure what to do if the client
-traffic doesn't elicit a response from the server (implement some
-kind of timeout?). This will be the basis for the default plug-in.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00034000000000000000">
-<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">4</SPAN> <SPAN ID="hue133">TCP/IP</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue135">Dealing with IP fragmentation and TCP stream reassembly
-will be another really complex problem. We're basically talking about
-implementing a significant portion of a TCP/IP stack. One thought
-is to use libnids</SPAN><A NAME="tex2html6"
-  HREF="#foot403"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A> <SPAN ID="hue139">which basically implements a Linux 2.0.37 TCP/IP
-stack in user-space. Other solutions include porting a TCP/IP stack
-from Open/Net/FreeBSD or writing our own custom stack from scratch.</SPAN>
-<P>
-
-<H1><A NAME="SECTION00040000000000000000">
-<SPAN CLASS="arabic">4</SPAN> <SPAN ID="hue141">Multiple Independent Flows</SPAN></A>
-</H1>
-
-<P>
-<SPAN ID="hue143">The biggest asynchronous problem, that pcap files
-are serial, has to be solved in a scaleable manner. Not much can be
-assumed about the network traffic contained in a pcap savefile other
-then Murphy's Law will be in effect. This means we'll have to deal
-with:</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue146">Thousands of small simultaneous flows (captured
-on a busy network)</SPAN>
-</LI>
-<LI><SPAN ID="hue379">Flows which ``hang'' mid-stream (an exploit
-against a server causes it to crash)</SPAN>
-</LI>
-<LI><SPAN ID="hue150">Flows which contain large quantities of data (FTP
-transfers of ISO's for example)</SPAN>
-</LI>
-</UL>
-<SPAN ID="hue153">How we implement parallel processing of the pcap
-savefile will dramatically effect how well we can scale. A few considerations:</SPAN>
-<P>
-
-<UL>
-<LI>Most Unix systems limit the maximum number of open file descriptors
-a single process can have. Generally speaking this shouldn't be a
-problem except for highly parallel pcap's.
-</LI>
-<LI>While RAM isn't limitless, we can use mmap() to get around this.
-</LI>
-<LI>Many Unix systems have enhanced solutions to poll() which will improve
-flow management.
-</LI>
-</UL>
-
-<P>
-
-<H2><A NAME="SECTION00041000000000000000">
-<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue157">IP Fragments and TCP Streams</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue159">There are five major complications with flowreplay:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue162">The IP datagrams may be fragmented- we won't be
-able to use the standard 5-tuple (src/dst IP, src/dst port, protocol)
-to lookup which flow a packet belongs to.</SPAN>
-</LI>
-<LI><SPAN ID="hue164">IP fragments may arrive out of order which will
-complicate ordering of data to be sent.</SPAN>
-</LI>
-<LI><SPAN ID="hue166">The TCP segments may arrive out of order which will
-complicate ordering of data to be sent.</SPAN>
-</LI>
-<LI><SPAN ID="hue168">Packets may be missing in the pcap file because
-they were dropped during capture.</SPAN>
-</LI>
-<LI><SPAN ID="hue170">There are tools like fragrouter which intentionally
-create non-deterministic situations.</SPAN>
-</LI>
-</OL>
-<SPAN ID="hue173">First off, I've decided, that I'm not going to worry
-about fragrouter or it's cousins. I'll handle non-deterministic situations
-one and only one way, so that the way flowreplay handles the traffic
-will be deterministic. Perhaps, I'll make it easy for others to write
-a plug-in which will change it, but that's not something I'm going
-to concern myself with now.</SPAN>
-<P>
-<SPAN ID="hue175">Missing packets in the pcap file will probably make
-that flow unplayable. There are proabably certain situation where
-we can make an educated guess, but this is far too complex to worry
-about for the first stable release.</SPAN>
-<P>
-<SPAN ID="hue177">That still leaves creating a basic TCP/IP stack
-in user space. The good news it that there is already a library which
-does this called libnids. As of version 1.17, libnids can process
-packets from a pcap savefile (it's not documented in the man page,
-but the code is there).</SPAN>
-<P>
-<SPAN ID="hue179">A potential problem with libnids though is that
-it has to maintain it's own state/cache system. This not only means
-additional overhead, but jumping around in the pcap file as I'm planning
-on doing to handle multiple simultaneous flows is likely to really
-confuse libnids' state engine. Also, libnids is licensed under the
-GPL, but I want flowreplay released under a BSD-like license; I need
-to research if the two are compatible in this way.</SPAN>
-<P>
-<SPAN ID="hue181">Possible solutions:</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue184">Developing a custom wedge between the capture file
-and libnids which will cause each packet to only be processed a single
-time.</SPAN>
-</LI>
-<LI><SPAN ID="hue186">Use libnids to process the pcap file into a new
-flow-based format, effectively putting the TCP/IP stack into a dedicated
-utility.</SPAN>
-</LI>
-<LI><SPAN ID="hue188">Develop a custom user-space TCP/IP stack, perhaps
-based on a BSD TCP/IP stack, much like libnids is based on Linux 2.0.37.</SPAN>
-</LI>
-<LI><SPAN ID="hue190">Screw it and say that IP fragmentation and out of
-order IP packets/TCP segments are not supported. Not sure if this
-will meet the needs of potential users.</SPAN>
-</LI>
-</UL>
-
-<P>
-
-<H2><A NAME="SECTION00042000000000000000">
-<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue193">Blocking</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue195">As earlier stated, one of the main goals of this
-project is to keep things single threaded to make coding plugins easier.
-One caveat of that is that any function which blocks will cause serious
-problems.</SPAN>
-<P>
-<SPAN ID="hue197">There are three major cases where blocking is likely
-to occur:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue200">Opening a socket</SPAN>
-</LI>
-<LI><SPAN ID="hue202">Reading from a socket</SPAN>
-</LI>
-<LI><SPAN ID="hue204">Writing to a socket</SPAN>
-</LI>
-</OL>
-<SPAN ID="hue207">Reading from sockets in a non-blocking manner is
-easy to solve for using poll() or select(). Writing to a socket, or
-merely opening a TCP socket via connect() however requires a different
-method:</SPAN>
-<P>
-<BLOCKQUOTE>
-<SPAN ID="hue210">It is possible to do non-blocking IO on sockets
-by setting the O_NONBLOCK flag on a socket file descriptor using
-fcntl(2). Then all operations that would block will (usually) return
-with EAGAIN (operation should be retried later); connect(2) will return
-EINPROGRESS error. The user can then wait for various events via poll(2)
-or select(2).</SPAN><A NAME="tex2html7"
-  HREF="#foot382"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A>
-</BLOCKQUOTE>
-<SPAN ID="hue215">If connect() returns EINPROGRESS, then we'll just
-have to do something like this:</SPAN>
-<P>
-
-<DL COMPACT>
-<DT>
-<DD><SPAN ID="hue218">int&nbsp;e,&nbsp;len=sizeof(e);</SPAN>
-<P>
-<SPAN ID="hue220">if&nbsp;(getsockopt(conn-&gt;s,&nbsp;SOL_SOCKET,&nbsp;SO_ERROR,&nbsp;&amp;e,&nbsp;&amp;len)&nbsp;&lt;&nbsp;0)&nbsp;{&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue383">&nbsp;&nbsp;&nbsp;/*&nbsp;not&nbsp;yet&nbsp;*/</SPAN>
-<P>
-&nbsp;<SPAN ID="hue384">&nbsp;&nbsp;&nbsp;if(errno&nbsp;!=&nbsp;EINPROGRESS){&nbsp;&nbsp;/*&nbsp;yuck.&nbsp;kill&nbsp;it.&nbsp;*/&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue385">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;log_fn(LOG_DEBUG,&#34;in-progress&nbsp;connect&nbsp;failed.&nbsp;Removing.&#34;);&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue231">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;-1;&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue233">&nbsp;&nbsp;&nbsp;}&nbsp;else&nbsp;{&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue386">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;0;&nbsp;/*&nbsp;no&nbsp;change,&nbsp;see&nbsp;if&nbsp;next&nbsp;time&nbsp;is&nbsp;better&nbsp;*/&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue238">&nbsp;&nbsp;&nbsp;}&nbsp;</SPAN>
-<P>
-<SPAN ID="hue240">}&nbsp;</SPAN>
-<P>
-<SPAN ID="hue387">/*&nbsp;the&nbsp;connect&nbsp;has&nbsp;finished.&nbsp;*/&nbsp;</SPAN>
-</DD>
-</DL><BLOCKQUOTE>
-<SPAN ID="hue247">Note: It may not be totally right, but it works
-ok. (that chunk of code gets called after poll returns the socket
-as writable. if poll returns it as readable, then it's probably because
-of eof, connect fails. You must poll for both.</SPAN>
-</BLOCKQUOTE>
-
-<P>
-
-<H1><A NAME="SECTION00050000000000000000">
-<SPAN CLASS="arabic">5</SPAN> <SPAN ID="hue250">pcap vs flow File Format</SPAN></A>
-</H1>
-
-<P>
-<SPAN ID="hue252">As stated before, the pcap file format really isn't
-well suited for flowreplay because it uses the raw packet as a container
-for data. Flowreplay however isn't interested in packets, it's interested
-in data streams</SPAN><A NAME="tex2html8"
-  HREF="#foot404"><SUP><SPAN CLASS="arabic">8</SPAN></SUP></A> <SPAN ID="hue256">which may span one or more TCP/UDP segments, each
-comprised of an IP datagram which may be comprised of multiple IP
-fragments. Handling all this additional complexity requires a full
-TCP/IP stack in user space which would have additional feature requirements
-specific to flowreplay.</SPAN>
-<P>
-<SPAN ID="hue258">Rather then trying to do that, I've decided to create
-a pcap preprocessor for flowreplay called: flowprep. Flowprep will
-handle all the TCP/IP defragmentation/reassembly and write out a file
-containing the data streams for each flow.</SPAN>
-<P>
-<SPAN ID="hue260">A flow file will contain three sections:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue263">A header which identifies this as a flowprep file
-and the file version</SPAN>
-</LI>
-<LI><SPAN ID="hue265">An index of all the flows contained in the file</SPAN>
-</LI>
-<LI><SPAN ID="hue267">The data streams themselves</SPAN>
-</LI>
-</OL>
-<DIV ALIGN="CENTER">
-<SPAN ID="hue390"><IMG
- WIDTH="668" HEIGHT="748" ALIGN="BOTTOM" BORDER="0"
- SRC="img1.png"
- ALT="\includegraphics{flowheader.eps}"></SPAN>
-</DIV>
-
-<P>
-<SPAN ID="hue274">At startup, the file header is validated and the
-data stream indexes are loaded into memory. Then the first data stream
-header from each flow is read. Then each flow and subsequent data
-stream is processed based upon the timestamps and plug-ins.</SPAN>
-<P>
-
-<H1><A NAME="SECTION00060000000000000000">
-<SPAN CLASS="arabic">6</SPAN> <SPAN ID="hue276">Plug-ins</SPAN></A>
-</H1>
-
-<P>
-<SPAN ID="hue392">Plug-ins will provide the ``intelligence'' in
-flowreplay. Flowreplay is designed to be a mere framework for connecting
-captured flows in a flow file with socket file handles. How data is
-processed and what should be done with it will be done via plug-ins.</SPAN>
-<P>
-<SPAN ID="hue280">Plug-ins will allow proper handling of a variety
-of protocols while hopefully keeping things simple. Another part of
-the consideration will be making it easy for others to contribute
-to flowreplay. I don't want to have to write all the protocol logic
-myself.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00061000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue282">Plug-in Basics</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue284">Each plug-in provides the logic for handling one
-or more services. The main purpose of a plug-in is to decide when
-flowreplay should send data via one or more sockets. The plug-in can
-use any</SPAN> <SPAN ID="hue394"><SPAN  CLASS="textit">non-blocking</SPAN></SPAN> <SPAN ID="hue288">method
-of determining if it appropriate to send data or wait for data to
-received. If necessary, a plug-in can also modify the data sent.</SPAN>
-<P>
-<SPAN ID="hue290">Each time poll() returns, flowreplay calls the plug-ins
-for the flows which either have data waiting or in the case of a timeout,
-those flows which timed out. Afterwords, all the flows are processed
-and poll() is called on those flows which have their state set to
-POLL. And the process repeats until there are no more nodes in the
-tree.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00062000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue292">The Default Plug-in</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue396">Initially, flowreplay will ship with one basic plug-in
-called ``default''. Any flow which doesn't have a specific plug-in
-defined, will use default. The goal of the default plug-in is to work
-``good enough'' for a majority of single-flow protocols such as
-SMTP, HTTP, and Telnet. Protocols which use encryption (SSL, SSH,
-etc) or multiple flows (FTP, RPC, etc) will never work with the default
-plug-in. Furthermore, the default plug-in will only support connections</SPAN><SPAN ID="hue397"><SPAN  CLASS="textit">to</SPAN></SPAN> <SPAN ID="hue299">a server, it will not
-support accepting connections from clients.</SPAN>
-<P>
-<SPAN ID="hue398">The default plug-in will provide no data level manipulation
-and only a simple method for detecting when it is time to send data
-to the server. Detecting when to send data will be done by a ``no
-more data'' timeout value. Basically, by using the pcap file as a
-means to determine the order of the exchange, anytime it is the servers
-turn to send data, flowreplay will wait for the first byte of data
-and then start the ``no more data'' timer. Every time more data
-is received, the timer is reset. If the timer reaches zero, then flowreplay
-sends the next portion of the client side of the connection. This
-is repeated until the the flow has been completely replayed or a ``server
-hung'' timeout is reached. The server hung timeout is used to detect
-a server which crashed and never starts sending any data which would
-start the ``no more data'' timer.</SPAN>
-<P>
-<SPAN ID="hue399">Both the ``no more data'' and ``server hung''
-timers will be user defined values and global to all flows using the
-default plug-in.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00063000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue309">Plug-in Details</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue311">Each plug-in will be comprised of the following:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue314">An optional global data structure, for intra-flow
-communication</SPAN>
-</LI>
-<LI><SPAN ID="hue316">Per-flow data structure, for tracking flow state
-information</SPAN>
-</LI>
-<LI><SPAN ID="hue318">A list of functions which flow replay will call
-when certain well-defined conditions are met.</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue321">Required functions:</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue324">initialize_node() - called when a node in the tree
-created using this plug-in</SPAN>
-</LI>
-<LI><SPAN ID="hue326">post_poll_timeout() - called when the poll() returned
-due to a timeout for this node</SPAN>
-</LI>
-<LI><SPAN ID="hue328">post_poll_read() - called when the poll() returned
-due to the socket being ready</SPAN>
-</LI>
-<LI><SPAN ID="hue330">buffer_full() - called when a the packet buffer
-for this flow is full</SPAN>
-</LI>
-<LI><SPAN ID="hue332">delete_node() - called just prior to the node being
-free()'d</SPAN>
-</LI>
-</UL>
-</LI>
-<LI><SPAN ID="hue335">Optional functions:</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue338">pre_send_data() - called before data is sent</SPAN>
-</LI>
-<LI><SPAN ID="hue340">post_send_data() - called after data is sent</SPAN>
-</LI>
-<LI><SPAN ID="hue342">pre_poll() - called prior to poll()</SPAN>
-</LI>
-<LI><SPAN ID="hue344">post_poll_default() - called when poll() returns
-and neither the socket was ready or the node timed out </SPAN>
-</LI>
-<LI><SPAN ID="hue346">open_socket() - called after the socket is opened</SPAN>
-</LI>
-<LI><SPAN ID="hue348">close_socket() - called after the socket is closed</SPAN>
-</LI>
-</UL>
-</LI>
-</UL>
-</LI>
-</OL>
-
-<DL COMPACT>
-<DT>
-<DD><P>
-</DD>
-</DL>
-<P>
-
-<H1><A NAME="SECTION00070000000000000000">
-About this document ...</A>
-</H1>
- <STRONG><SPAN ID="hue33">Flowreplay Design Notes</SPAN></STRONG><P>
-This document was generated using the
-<A HREF="http://www.latex2html.org/"><STRONG>LaTeX</STRONG>2<tt>HTML</tt></A> translator Version 2002-2-1 (1.70)
-<P>
-Copyright &#169; 1993, 1994, 1995, 1996,
-<A HREF="http://cbl.leeds.ac.uk/nikos/personal.html">Nikos Drakos</A>, 
-Computer Based Learning Unit, University of Leeds.
-<BR>
-Copyright &#169; 1997, 1998, 1999,
-<A HREF="http://www.maths.mq.edu.au/~ross/">Ross Moore</A>, 
-Mathematics Department, Macquarie University, Sydney.
-<P>
-The command line arguments were: <BR>
- <STRONG>latex2html</STRONG> <TT>-nonavigation -no_subdir -split 0 -show_section_numbers flowreplay.tex</TT>
-<P>
-The translation was initiated by Aaron Turner on 2005-02-10
-<BR><HR><H4>Footnotes</H4>
-<DL>
-<DT><A NAME="foot362">...Tcpreplay</A><A
- HREF="flowreplay.html#tex2html1"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue47">http://tcpreplay.sourceforge.net/</SPAN>
-
-</DD>
-<DT><A NAME="foot370">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html2"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue102">socket(2)</SPAN>
-
-</DD>
-<DT><A NAME="foot371">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html3"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue108">http://www.tcpdump.org/</SPAN>
-
-</DD>
-<DT><A NAME="foot372">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html4"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue112">http://www.packetfactory.net/projects/libnet/</SPAN>
-
-</DD>
-<DT><A NAME="foot124">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html5"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A></DT>
-<DD>http://netdude.sourceforge.net/
-
-</DD>
-<DT><A NAME="foot403">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html6"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue377">http://www.avet.com.pl/~nergal/libnids/</SPAN>
-
-</DD>
-<DT><A NAME="foot382">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html7"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue212">socket(7)</SPAN>
-
-</DD>
-<DT><A NAME="foot404">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html8"><SUP><SPAN CLASS="arabic">8</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue389">A ``data stream'' as I call it is a simplex
-communication from the client or server which is a complete query,
-response or message.</SPAN>
-
-</DD>
-</DL>
-<BR><HR>
-<ADDRESS>
-Aaron Turner
-2005-02-10
-</ADDRESS>
-</BODY>
-</HTML>

Docs/flowreplay.tex

@@ -1,520 +0,0 @@
-%% LyX 1.3 created this file.  For more info, see http://www.lyx.org/.
-%% Do not edit unless you really know what you are doing.
-\documentclass[english]{article}
-\usepackage{pslatex}
-\usepackage[T1]{fontenc}
-\usepackage[latin1]{inputenc}
-\usepackage{geometry}
-\geometry{verbose,letterpaper,tmargin=10mm,bmargin=15mm,lmargin=10mm,rmargin=10mm}
-\setcounter{secnumdepth}{4}
-\setlength\parskip{\medskipamount}
-\setlength\parindent{0pt}
-\usepackage{color}
-\usepackage{graphicx}
-
-\makeatletter
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Textclass specific LaTeX commands.
- \usepackage{verbatim}
- \newenvironment{lyxcode}
-   {\begin{list}{}{
-     \setlength{\rightmargin}{\leftmargin}
-     \setlength{\listparindent}{0pt}% needed for AMS classes
-     \raggedright
-     \setlength{\itemsep}{0pt}
-     \setlength{\parsep}{0pt}
-     \normalfont\ttfamily}%
-    \item[]}
-   {\end{list}}
-
-\AtBeginDocument{
-  \renewcommand{\labelitemii}{\(\ast\)}
-  \renewcommand{\labelitemiii}{\normalfont\bfseries{--}}
-}
-
-\usepackage{babel}
-\makeatother
-\begin{document}
-
-\title{\textcolor{black}{Flowreplay Design Notes}}
-
-
-\author{\textcolor{black}{Aaron Turner }\\
-\textcolor{black}{http://synfin.net/}}
-
-
-\date{\textcolor{black}{Last Edited:}\\
-\textcolor{black}{October 23, 2003}}
-
-\maketitle
-
-\newpage
-\section{\textcolor{black}{Overview}}
-
-\textcolor{black}{Tcpreplay}%
-\footnote{\textcolor{black}{http://tcpreplay.sourceforge.net/}%
-} \textcolor{black}{was designed to replay traffic previously captured
-in the pcap format back onto the wire for testing NIDS and other passive
-devices. Over time, it was enhanced to be able to test in-line network
-devices. However, a re-occurring feature request for tcpreplay is
-to connect to a server in order to test applications and host TCP/IP
-stacks. It was determined early on, that adding this feature to tcpreplay
-was far too complex, so I decided to create a new tool specifically
-designed for this.}
-
-\textcolor{black}{Flowreplay is designed to replay traffic at Layer
-4 or 7 depending on the protocol rather then at Layer 2 like tcpreplay
-does. This allows flowreplay to connect to one or more servers using
-a pcap savefile as the basis of the connections. Hence, flowreplay
-allows the testing of applications running on real servers rather
-then passive devices. }
-
-
-\section{\textcolor{black}{Features}}
-
-
-\subsection{\textcolor{black}{Requirements}}
-
-\begin{enumerate}
-\item \textcolor{black}{Full TCP/IP support, including IP fragments and
-TCP stream reassembly.}
-\item \textcolor{black}{Support replaying TCP and UDP flows.}
-\item \textcolor{black}{Code should handle each flow/service independently.}
-\item \textcolor{black}{Should be able to connect to the server(s) in the
-pcap file or to a user specified IP address.}
-\item \textcolor{black}{Support a plug-in architecture to allow adding application
-layer intelligence.}
-\item \textcolor{black}{Plug-ins must be able to support multi-flow protocols
-like FTP.}
-\item \textcolor{black}{Ship with a default plug-in which will work {}``well
-enough'' for simple single-flow protocols like HTTP and telnet.}
-\item \textcolor{black}{Flows being replayed {}``correctly'' is more important
-then performance (Mbps).}
-\item \textcolor{black}{Portable to run on common flavors of Unix and Unix-like
-systems.}
-\end{enumerate}
-
-\subsection{\textcolor{black}{Wishes}}
-
-\begin{enumerate}
-\item \textcolor{black}{Support clients connecting to flowreplay on a limited
-basis. Flowreplay would replay the server side of the connection.}
-\item \textcolor{black}{Support other IP based traffic (ICMP, VRRP, OSPF,
-etc) via plug-ins.}
-\item \textcolor{black}{Support non-IP traffic (ARP, STP, CDP, etc) via
-plug-ins.}
-\item \textcolor{black}{Limit which flows are replayed using user defined
-filters. (bpf filter syntax?)}
-\item \textcolor{black}{Process pcap files directly with no intermediary
-file conversions.}
-\item \textcolor{black}{Should be able to scale to pcap files in the 100's
-of MB in size and 100+ simultaneous flows on a P3 500MHz w/ 256MB
-of RAM.}
-\end{enumerate}
-
-\section{\textcolor{black}{Design Thoughts}}
-
-
-\subsection{\textcolor{black}{Sending and Receiving traffic}}
-
-\textcolor{black}{Flowreplay must be able to process multiple connections
-to one or more devices. There are two options:}
-
-\begin{enumerate}
-\item \textcolor{black}{Use sockets}%
-\footnote{\textcolor{black}{socket(2)}%
-} \textcolor{black}{to send and receive data}
-\item \textcolor{black}{Use libpcap}%
-\footnote{\textcolor{black}{http://www.tcpdump.org/}%
-} \textcolor{black}{to receive packets and libnet}%
-\footnote{\textcolor{black}{http://www.packetfactory.net/projects/libnet/}%
-} \textcolor{black}{to send packets}
-\end{enumerate}
-\textcolor{black}{Although using libpcap/libnet would allow more simultaneous
-connections and greater flexibility, there would be a very high complexity
-cost associated with it. With that in mind, I've decided to use sockets
-to send and receive data.}
-
-
-\subsection{\textcolor{black}{Handling Multiple Connections}}
-
-\textcolor{black}{Because a pcap file can contain multiple simultaneous
-flows, we need to be able to support that too. The biggest problem
-with this is reading packet data in a different order then stored
-in the pcap file. }
-
-\textcolor{black}{Reading and writing to multiple sockets is easy
-with select() or poll(), however a pcap file has it's data stored
-serially, but we need to access it randomly. There are a number of
-possible solutions for this such as caching packets in RAM where they
-can be accessed more randomly, creating an index of the packets in
-the pcap file, or converting the pcap file to another format altogether.
-Alternatively, I've started looking at libpcapnav}%
-\footnote{http://netdude.sourceforge.net/%
-} \textcolor{black}{as an alternate means to navigate a pcap file and
-process packets out of order.}
-
-
-\subsection{\textcolor{black}{Data Synchronization}}
-
-\textcolor{black}{Knowing when to start sending client traffic in
-response to the server will be \char`\"{}tricky\char`\"{}. Without
-understanding the actual protocol involved, probably the best general
-solution is waiting for a given period of time after no more data
-from the server has been received. Not sure what to do if the client
-traffic doesn't elicit a response from the server (implement some
-kind of timeout?). This will be the basis for the default plug-in.}
-
-
-\subsection{\textcolor{black}{TCP/IP}}
-
-\textcolor{black}{Dealing with IP fragmentation and TCP stream reassembly
-will be another really complex problem. We're basically talking about
-implementing a significant portion of a TCP/IP stack. One thought
-is to use libnids}%
-\footnote{\textcolor{black}{http://www.avet.com.pl/\textasciitilde{}nergal/libnids/}%
-} \textcolor{black}{which basically implements a Linux 2.0.37 TCP/IP
-stack in user-space. Other solutions include porting a TCP/IP stack
-from Open/Net/FreeBSD or writing our own custom stack from scratch.}
-
-
-\section{\textcolor{black}{Multiple Independent Flows}}
-
-\textcolor{black}{The biggest asynchronous problem, that pcap files
-are serial, has to be solved in a scaleable manner. Not much can be
-assumed about the network traffic contained in a pcap savefile other
-then Murphy's Law will be in effect. This means we'll have to deal
-with:}
-
-\begin{itemize}
-\item \textcolor{black}{Thousands of small simultaneous flows (captured
-on a busy network)}
-\item \textcolor{black}{Flows which {}``hang'' mid-stream (an exploit
-against a server causes it to crash)}
-\item \textcolor{black}{Flows which contain large quantities of data (FTP
-transfers of ISO's for example)}
-\end{itemize}
-\textcolor{black}{How we implement parallel processing of the pcap
-savefile will dramatically effect how well we can scale. A few considerations:}
-
-\begin{itemize}
-\item Most Unix systems limit the maximum number of open file descriptors
-a single process can have. Generally speaking this shouldn't be a
-problem except for highly parallel pcap's.
-\item While RAM isn't limitless, we can use mmap() to get around this.
-\item Many Unix systems have enhanced solutions to poll() which will improve
-flow management.
-\end{itemize}
-\begin{comment}
-\textcolor{black}{Unix systems implement a maximum limit on the number
-of file descriptors a single process can open. My Linux box for example
-craps out at 1021 (it's really 1024, but 3 are reserved for STDIN,
-STDOUT, STDERR), which seems to be pretty standard for recent Unix's.
-This means we're limited to at most 1020 simultaneous flows if the
-pcap savefile is opened once and half that (510 flows) if the savefile
-is re-opened for each flow.}%
-\footnote{\textcolor{black}{It appears that most Unix-like OS's allow root to
-increase the {}``hard-limit'' beyond 1024. Compiling a list of methods
-to do this for common OS's should be added to the flowreplay documentation.}%
-}
-
-\textcolor{black}{RAM isn't limitless. Caching packets in memory may
-cause problems when one or more flows with a lot of data {}``hang''
-and their packets have to be cached so that other flows can be processed.
-If you work with large pcaps containing malicious traffic (say packet
-captures from DefCon), this sort of thing may be a real problem. Dealing
-with this situation would require complicated buffer limits and error
-handling.}
-
-\textcolor{black}{Jumping around in the pcap file via fgetpos() and
-fsetpos() is probably the most disk I/O intensive solution and may
-effect performance. However, on systems with enough free memory, one
-would hope the system disk cache will provide a dramatic speedup.
-The {}``bookmarks'' used by fgetpos/fsetpos are just 64 bit integers
-which are relatively space efficent compared to other solutions.}
-
-\textcolor{black}{The other typical asynchronous issue is dealing
-with multiple sockets, which we will solve via poll()}%
-\footnote{\textcolor{black}{poll(2)}%
-}\textcolor{black}{. Each flow will define a} \textcolor{black}{\emph{struct
-pollfd}} \textcolor{black}{and the amount of time in ms to timeout.
-Then prior to calling poll() we walk the list of flows and create
-the array of pollfd's and determine the flow(s) with the smallest
-timeout. A list of these flows is saved for when poll() returns. Finally,
-the current time is tucked away and the timeout and array of pollfd's
-is passed to poll().}
-
-\textcolor{black}{When poll() returns, the sockets that returned ready
-have their plug-in called. If no sockets are ready, then the flows
-saved prior to calling poll() are processed.}
-
-\textcolor{black}{Once all flows are processed, all the flows not
-processed have their timeout decremented by the time difference of
-the current time and when poll was last called and we start again.}
-\end{comment}
-
-\subsection{\textcolor{black}{IP Fragments and TCP Streams}}
-
-\textcolor{black}{There are five major complications with flowreplay:}
-
-\begin{enumerate}
-\item \textcolor{black}{The IP datagrams may be fragmented- we won't be
-able to use the standard 5-tuple (src/dst IP, src/dst port, protocol)
-to lookup which flow a packet belongs to.}
-\item \textcolor{black}{IP fragments may arrive out of order which will
-complicate ordering of data to be sent.}
-\item \textcolor{black}{The TCP segments may arrive out of order which will
-complicate ordering of data to be sent.}
-\item \textcolor{black}{Packets may be missing in the pcap file because
-they were dropped during capture.}
-\item \textcolor{black}{There are tools like fragrouter which intentionally
-create non-deterministic situations.}
-\end{enumerate}
-\textcolor{black}{First off, I've decided, that I'm not going to worry
-about fragrouter or it's cousins. I'll handle non-deterministic situations
-one and only one way, so that the way flowreplay handles the traffic
-will be deterministic. Perhaps, I'll make it easy for others to write
-a plug-in which will change it, but that's not something I'm going
-to concern myself with now.}
-
-\textcolor{black}{Missing packets in the pcap file will probably make
-that flow unplayable. There are proabably certain situation where
-we can make an educated guess, but this is far too complex to worry
-about for the first stable release.}
-
-\textcolor{black}{That still leaves creating a basic TCP/IP stack
-in user space. The good news it that there is already a library which
-does this called libnids. As of version 1.17, libnids can process
-packets from a pcap savefile (it's not documented in the man page,
-but the code is there).}
-
-\textcolor{black}{A potential problem with libnids though is that
-it has to maintain it's own state/cache system. This not only means
-additional overhead, but jumping around in the pcap file as I'm planning
-on doing to handle multiple simultaneous flows is likely to really
-confuse libnids' state engine. Also, libnids is licensed under the
-GPL, but I want flowreplay released under a BSD-like license; I need
-to research if the two are compatible in this way.}
-
-\textcolor{black}{Possible solutions:}
-
-\begin{itemize}
-\item \textcolor{black}{Developing a custom wedge between the capture file
-and libnids which will cause each packet to only be processed a single
-time.}
-\item \textcolor{black}{Use libnids to process the pcap file into a new
-flow-based format, effectively putting the TCP/IP stack into a dedicated
-utility.}
-\item \textcolor{black}{Develop a custom user-space TCP/IP stack, perhaps
-based on a BSD TCP/IP stack, much like libnids is based on Linux 2.0.37.}
-\item \textcolor{black}{Screw it and say that IP fragmentation and out of
-order IP packets/TCP segments are not supported. Not sure if this
-will meet the needs of potential users.}
-\end{itemize}
-
-\subsection{\textcolor{black}{Blocking}}
-
-\textcolor{black}{As earlier stated, one of the main goals of this
-project is to keep things single threaded to make coding plugins easier.
-One caveat of that is that any function which blocks will cause serious
-problems.}
-
-\textcolor{black}{There are three major cases where blocking is likely
-to occur:}
-
-\begin{enumerate}
-\item \textcolor{black}{Opening a socket}
-\item \textcolor{black}{Reading from a socket}
-\item \textcolor{black}{Writing to a socket}
-\end{enumerate}
-\textcolor{black}{Reading from sockets in a non-blocking manner is
-easy to solve for using poll() or select(). Writing to a socket, or
-merely opening a TCP socket via connect() however requires a different
-method:}
-
-\begin{quotation}
-\textcolor{black}{It is possible to do non-blocking IO on sockets
-by setting the O\_NONBLOCK flag on a socket file descriptor using
-fcntl(2). Then all operations that would block will (usually) return
-with EAGAIN (operation should be retried later); connect(2) will return
-EINPROGRESS error. The user can then wait for various events via poll(2)
-or select(2).}%
-\footnote{\textcolor{black}{socket(7)}%
-}
-\end{quotation}
-\textcolor{black}{If connect() returns EINPROGRESS, then we'll just
-have to do something like this:}
-
-\begin{lyxcode}
-\textcolor{black}{int~e,~len=sizeof(e);}
-
-\textcolor{black}{if~(getsockopt(conn->s,~SOL\_SOCKET,~SO\_ERROR,~\&e,~\&len)~<~0)~\{~}
-
-~\textcolor{black}{~~~/{*}~not~yet~{*}/}
-
-~\textcolor{black}{~~~if(errno~!=~EINPROGRESS)\{~~/{*}~yuck.~kill~it.~{*}/~}
-
-~\textcolor{black}{~~~~~~log\_fn(LOG\_DEBUG,\char`\"{}in-progress~connect~failed.~Removing.\char`\"{});~}
-
-~\textcolor{black}{~~~~~~return~-1;~}
-
-~\textcolor{black}{~~~\}~else~\{~}
-
-~\textcolor{black}{~~~~~~return~0;~/{*}~no~change,~see~if~next~time~is~better~{*}/~}
-
-~\textcolor{black}{~~~\}~}
-
-\textcolor{black}{\}~}
-
-\textcolor{black}{/{*}~the~connect~has~finished.~{*}/~}
-\end{lyxcode}
-\begin{quote}
-\textcolor{black}{Note: It may not be totally right, but it works
-ok. (that chunk of code gets called after poll returns the socket
-as writable. if poll returns it as readable, then it's probably because
-of eof, connect fails. You must poll for both.}
-\end{quote}
-
-\section{\textcolor{black}{pcap vs flow File Format}}
-
-\textcolor{black}{As stated before, the pcap file format really isn't
-well suited for flowreplay because it uses the raw packet as a container
-for data. Flowreplay however isn't interested in packets, it's interested
-in data streams}%
-\footnote{\textcolor{black}{A {}``data stream'' as I call it is a simplex
-communication from the client or server which is a complete query,
-response or message.}%
-} \textcolor{black}{which may span one or more TCP/UDP segments, each
-comprised of an IP datagram which may be comprised of multiple IP
-fragments. Handling all this additional complexity requires a full
-TCP/IP stack in user space which would have additional feature requirements
-specific to flowreplay.}
-
-\textcolor{black}{Rather then trying to do that, I've decided to create
-a pcap preprocessor for flowreplay called: flowprep. Flowprep will
-handle all the TCP/IP defragmentation/reassembly and write out a file
-containing the data streams for each flow.}
-
-\textcolor{black}{A flow file will contain three sections:}
-
-\begin{enumerate}
-\item \textcolor{black}{A header which identifies this as a flowprep file
-and the file version}
-\item \textcolor{black}{An index of all the flows contained in the file}
-\item \textcolor{black}{The data streams themselves}
-\end{enumerate}
-\begin{center}\textcolor{black}{\includegraphics{flowheader.eps}}\end{center}
-
-\textcolor{black}{At startup, the file header is validated and the
-data stream indexes are loaded into memory. Then the first data stream
-header from each flow is read. Then each flow and subsequent data
-stream is processed based upon the timestamps and plug-ins.}
-
-
-\section{\textcolor{black}{Plug-ins}}
-
-\textcolor{black}{Plug-ins will provide the {}``intelligence'' in
-flowreplay. Flowreplay is designed to be a mere framework for connecting
-captured flows in a flow file with socket file handles. How data is
-processed and what should be done with it will be done via plug-ins.}
-
-\textcolor{black}{Plug-ins will allow proper handling of a variety
-of protocols while hopefully keeping things simple. Another part of
-the consideration will be making it easy for others to contribute
-to flowreplay. I don't want to have to write all the protocol logic
-myself.}
-
-
-\subsection{\textcolor{black}{Plug-in Basics}}
-
-\textcolor{black}{Each plug-in provides the logic for handling one
-or more services. The main purpose of a plug-in is to decide when
-flowreplay should send data via one or more sockets. The plug-in can
-use any} \textcolor{black}{\emph{non-blocking}} \textcolor{black}{method
-of determining if it appropriate to send data or wait for data to
-received. If necessary, a plug-in can also modify the data sent.}
-
-\textcolor{black}{Each time poll() returns, flowreplay calls the plug-ins
-for the flows which either have data waiting or in the case of a timeout,
-those flows which timed out. Afterwords, all the flows are processed
-and poll() is called on those flows which have their state set to
-POLL. And the process repeats until there are no more nodes in the
-tree.}
-
-
-\subsection{\textcolor{black}{The Default Plug-in}}
-
-\textcolor{black}{Initially, flowreplay will ship with one basic plug-in
-called {}``default''. Any flow which doesn't have a specific plug-in
-defined, will use default. The goal of the default plug-in is to work
-{}``good enough'' for a majority of single-flow protocols such as
-SMTP, HTTP, and Telnet. Protocols which use encryption (SSL, SSH,
-etc) or multiple flows (FTP, RPC, etc) will never work with the default
-plug-in. Furthermore, the default plug-in will only support connections}
-\textcolor{black}{\emph{to}} \textcolor{black}{a server, it will not
-support accepting connections from clients.}
-
-\textcolor{black}{The default plug-in will provide no data level manipulation
-and only a simple method for detecting when it is time to send data
-to the server. Detecting when to send data will be done by a {}``no
-more data'' timeout value. Basically, by using the pcap file as a
-means to determine the order of the exchange, anytime it is the servers
-turn to send data, flowreplay will wait for the first byte of data
-and then start the {}``no more data'' timer. Every time more data
-is received, the timer is reset. If the timer reaches zero, then flowreplay
-sends the next portion of the client side of the connection. This
-is repeated until the the flow has been completely replayed or a {}``server
-hung'' timeout is reached. The server hung timeout is used to detect
-a server which crashed and never starts sending any data which would
-start the {}``no more data'' timer.}
-
-\textcolor{black}{Both the {}``no more data'' and {}``server hung''
-timers will be user defined values and global to all flows using the
-default plug-in.}
-
-
-\subsection{\textcolor{black}{Plug-in Details}}
-
-\textcolor{black}{Each plug-in will be comprised of the following:}
-
-\begin{enumerate}
-\item \textcolor{black}{An optional global data structure, for intra-flow
-communication}
-\item \textcolor{black}{Per-flow data structure, for tracking flow state
-information}
-\item \textcolor{black}{A list of functions which flow replay will call
-when certain well-defined conditions are met.}
-
-\begin{itemize}
-\item \textcolor{black}{Required functions:}
-
-\begin{itemize}
-\item \textcolor{black}{initialize\_node() - called when a node in the tree
-created using this plug-in}
-\item \textcolor{black}{post\_poll\_timeout() - called when the poll() returned
-due to a timeout for this node}
-\item \textcolor{black}{post\_poll\_read() - called when the poll() returned
-due to the socket being ready}
-\item \textcolor{black}{buffer\_full() - called when a the packet buffer
-for this flow is full}
-\item \textcolor{black}{delete\_node() - called just prior to the node being
-free()'d}
-\end{itemize}
-\item \textcolor{black}{Optional functions:}
-
-\begin{itemize}
-\item \textcolor{black}{pre\_send\_data() - called before data is sent}
-\item \textcolor{black}{post\_send\_data() - called after data is sent}
-\item \textcolor{black}{pre\_poll() - called prior to poll()}
-\item \textcolor{black}{post\_poll\_default() - called when poll() returns
-and neither the socket was ready or the node timed out }
-\item \textcolor{black}{open\_socket() - called after the socket is opened}
-\item \textcolor{black}{close\_socket() - called after the socket is closed}
-\end{itemize}
-\end{itemize}
-\end{enumerate}
-\begin{lyxcode}
-
-
-\end{lyxcode}
-
-\end{document}

Docs/flowreplay.txt

@@ -1,498 +0,0 @@
-Flowreplay Design Notes
-
-Aaron Turner 
-http://synfin.net/
-
-Last Edited:
-October 23, 2003
-
- Overview
-
-Tcpreplayhttp://tcpreplay.sourceforge.net/ was designed to replay traffic previously 
-captured in the pcap format back onto the wire for 
-testing NIDS and other passive devices. Over time, it 
-was enhanced to be able to test in-line network 
-devices. However, a re-occurring feature request for 
-tcpreplay is to connect to a server in order to test 
-applications and host TCP/IP stacks. It was determined 
-early on, that adding this feature to tcpreplay was far 
-too complex, so I decided to create a new tool 
-specifically designed for this.
-
-Flowreplay is designed to replay traffic at Layer 4 or 
-7 depending on the protocol rather then at Layer 2 like 
-tcpreplay does. This allows flowreplay to connect to 
-one or more servers using a pcap savefile as the basis 
-of the connections. Hence, flowreplay allows the 
-testing of applications running on real servers rather 
-then passive devices. 
-
- Features
-
- Requirements
-
- Full TCP/IP support, including IP fragments and TCP 
-  stream reassembly.
-
- Support replaying TCP and UDP flows.
-
- Code should handle each flow/service independently.
-
- Should be able to connect to the server(s) in the pcap 
-  file or to a user specified IP address.
-
- Support a plug-in architecture to allow adding 
-  application layer intelligence.
-
- Plug-ins must be able to support multi-flow protocols 
-  like FTP.
-
- Ship with a default plug-in which will work "well enough"
-   for simple single-flow protocols like HTTP and telnet.
-
- Flows being replayed "correctly" is more important then 
-  performance (Mbps).
-
- Portable to run on common flavors of Unix and 
-  Unix-like systems.
-
- Wishes
-
- Support clients connecting to flowreplay on a limited 
-  basis. Flowreplay would replay the server side of the 
-  connection.
-
- Support other IP based traffic (ICMP, VRRP, OSPF, etc) 
-  via plug-ins.
-
- Support non-IP traffic (ARP, STP, CDP, etc) via plug-ins.
-
- Limit which flows are replayed using user defined 
-  filters. (bpf filter syntax?)
-
- Process pcap files directly with no intermediary file 
-  conversions.
-
- Should be able to scale to pcap files in the 100's of 
-  MB in size and 100+ simultaneous flows on a P3 500MHz 
-  w/ 256MB of RAM.
-
- Design Thoughts
-
- Sending and Receiving traffic
-
-Flowreplay must be able to process multiple connections 
-to one or more devices. There are two options:
-
- Use socketssocket(2) to send and receive data
-
- Use libpcaphttp://www.tcpdump.org/ to receive packets and libnethttp://www.packetfactory.net/projects/libnet/ to send packets
-
-Although using libpcap/libnet would allow more 
-simultaneous connections and greater flexibility, there 
-would be a very high complexity cost associated with 
-it. With that in mind, I've decided to use sockets to 
-send and receive data.
-
- Handling Multiple Connections
-
-Because a pcap file can contain multiple simultaneous 
-flows, we need to be able to support that too. The 
-biggest problem with this is reading packet data in a 
-different order then stored in the pcap file. 
-
-Reading and writing to multiple sockets is easy with 
-select() or poll(), however a pcap file has it's data 
-stored serially, but we need to access it randomly. 
-There are a number of possible solutions for this such 
-as caching packets in RAM where they can be accessed 
-more randomly, creating an index of the packets in the 
-pcap file, or converting the pcap file to another 
-format altogether. Alternatively, I've started looking 
-at libpcapnavhttp://netdude.sourceforge.net/ as an alternate means to navigate a pcap 
-file and process packets out of order.
-
- Data Synchronization
-
-Knowing when to start sending client traffic in 
-response to the server will be "tricky". Without 
-understanding the actual protocol involved, probably 
-the best general solution is waiting for a given period 
-of time after no more data from the server has been 
-received. Not sure what to do if the client traffic 
-doesn't elicit a response from the server (implement 
-some kind of timeout?). This will be the basis for the 
-default plug-in.
-
- TCP/IP
-
-Dealing with IP fragmentation and TCP stream reassembly 
-will be another really complex problem. We're basically 
-talking about implementing a significant portion of a 
-TCP/IP stack. One thought is to use libnidshttp://www.avet.com.pl/~nergal/libnids/ which 
-basically implements a Linux 2.0.37 TCP/IP stack in 
-user-space. Other solutions include porting a TCP/IP 
-stack from Open/Net/FreeBSD or writing our own custom 
-stack from scratch.
-
- Multiple Independent Flows
-
-The biggest asynchronous problem, that pcap files are 
-serial, has to be solved in a scaleable manner. Not 
-much can be assumed about the network traffic contained 
-in a pcap savefile other then Murphy's Law will be in 
-effect. This means we'll have to deal with:
-
- Thousands of small simultaneous flows (captured on a 
-  busy network)
-
- Flows which "hang" mid-stream (an exploit against a 
-  server causes it to crash)
-
- Flows which contain large quantities of data (FTP 
-  transfers of ISO's for example)
-
-How we implement parallel processing of the pcap 
-savefile will dramatically effect how well we can 
-scale. A few considerations:
-
- Most Unix systems limit the maximum number of open 
-  file descriptors a single process can have. Generally 
-  speaking this shouldn't be a problem except for 
-  highly parallel pcap's.
-
- While RAM isn't limitless, we can use mmap() to get 
-  around this.
-
- Many Unix systems have enhanced solutions to poll() 
-  which will improve flow management.
-
-Unix systems implement a maximum limit on the number of 
-file descriptors a single process can open. My Linux 
-box for example craps out at 1021 (it's really 1024, 
-but 3 are reserved for STDIN, STDOUT, STDERR), which 
-seems to be pretty standard for recent Unix's. This 
-means we're limited to at most 1020 simultaneous flows 
-if the pcap savefile is opened once and half that (510 
-flows) if the savefile is re-opened for each flow.It appears that most Unix-like OS's allow root to 
-increase the "hard-limit" beyond 1024. Compiling a list 
-of methods to do this for common OS's should be added 
-to the flowreplay documentation.
-
-RAM isn't limitless. Caching packets in memory may 
-cause problems when one or more flows with a lot of 
-data "hang" and their packets have to be cached so that 
-other flows can be processed. If you work with large 
-pcaps containing malicious traffic (say packet captures 
-from DefCon), this sort of thing may be a real problem. 
-Dealing with this situation would require complicated 
-buffer limits and error handling.
-
-Jumping around in the pcap file via fgetpos() and 
-fsetpos() is probably the most disk I/O intensive 
-solution and may effect performance. However, on 
-systems with enough free memory, one would hope the 
-system disk cache will provide a dramatic speedup. The "bookmarks"
- used by fgetpos/fsetpos are just 64 bit integers which 
-are relatively space efficent compared to other solutions.
-
-The other typical asynchronous issue is dealing with 
-multiple sockets, which we will solve via poll()poll(2). Each 
-flow will define a struct pollfd and the amount of time 
-in ms to timeout. Then prior to calling poll() we walk 
-the list of flows and create the array of pollfd's and 
-determine the flow(s) with the smallest timeout. A list 
-of these flows is saved for when poll() returns. 
-Finally, the current time is tucked away and the 
-timeout and array of pollfd's is passed to poll().
-
-When poll() returns, the sockets that returned ready 
-have their plug-in called. If no sockets are ready, 
-then the flows saved prior to calling poll() are processed.
-
-Once all flows are processed, all the flows not 
-processed have their timeout decremented by the time 
-difference of the current time and when poll was last 
-called and we start again.
-
- IP Fragments and TCP Streams
-
-There are five major complications with flowreplay:
-
- The IP datagrams may be fragmented- we won't be able 
-  to use the standard 5-tuple (src/dst IP, src/dst 
-  port, protocol) to lookup which flow a packet belongs to.
-
- IP fragments may arrive out of order which will 
-  complicate ordering of data to be sent.
-
- The TCP segments may arrive out of order which will 
-  complicate ordering of data to be sent.
-
- Packets may be missing in the pcap file because they 
-  were dropped during capture.
-
- There are tools like fragrouter which intentionally 
-  create non-deterministic situations.
-
-First off, I've decided, that I'm not going to worry 
-about fragrouter or it's cousins. I'll handle 
-non-deterministic situations one and only one way, so 
-that the way flowreplay handles the traffic will be 
-deterministic. Perhaps, I'll make it easy for others to 
-write a plug-in which will change it, but that's not 
-something I'm going to concern myself with now.
-
-Missing packets in the pcap file will probably make 
-that flow unplayable. There are proabably certain 
-situation where we can make an educated guess, but this 
-is far too complex to worry about for the first stable release.
-
-That still leaves creating a basic TCP/IP stack in user 
-space. The good news it that there is already a library 
-which does this called libnids. As of version 1.17, 
-libnids can process packets from a pcap savefile (it's 
-not documented in the man page, but the code is there).
-
-A potential problem with libnids though is that it has 
-to maintain it's own state/cache system. This not only 
-means additional overhead, but jumping around in the 
-pcap file as I'm planning on doing to handle multiple 
-simultaneous flows is likely to really confuse libnids' 
-state engine. Also, libnids is licensed under the GPL, 
-but I want flowreplay released under a BSD-like 
-license; I need to research if the two are compatible 
-in this way.
-
-Possible solutions:
-
- Developing a custom wedge between the capture file and 
-  libnids which will cause each packet to only be 
-  processed a single time.
-
- Use libnids to process the pcap file into a new 
-  flow-based format, effectively putting the TCP/IP 
-  stack into a dedicated utility.
-
- Develop a custom user-space TCP/IP stack, perhaps 
-  based on a BSD TCP/IP stack, much like libnids is 
-  based on Linux 2.0.37.
-
- Screw it and say that IP fragmentation and out of 
-  order IP packets/TCP segments are not supported. Not 
-  sure if this will meet the needs of potential users.
-
- Blocking
-
-As earlier stated, one of the main goals of this 
-project is to keep things single threaded to make 
-coding plugins easier. One caveat of that is that any 
-function which blocks will cause serious problems.
-
-There are three major cases where blocking is likely to occur:
-
- Opening a socket
-
- Reading from a socket
-
- Writing to a socket
-
-Reading from sockets in a non-blocking manner is easy 
-to solve for using poll() or select(). Writing to a 
-socket, or merely opening a TCP socket via connect() 
-however requires a different method:
-
-It is possible to do non-blocking IO on sockets by 
-setting the O_NONBLOCK flag on a socket file descriptor 
-using fcntl(2). Then all operations that would block 
-will (usually) return with EAGAIN (operation should be 
-retried later); connect(2) will return EINPROGRESS 
-error. The user can then wait for various events via 
-poll(2) or select(2).socket(7)
-
-If connect() returns EINPROGRESS, then we'll just have 
-to do something like this:
-
-int e, len=sizeof(e);
-
-if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, &e, &len) 
-< 0) { 
-
-    /* not yet */
-
-    if(errno != EINPROGRESS){  /* yuck. kill it. */ 
-
-       log_fn(LOG_DEBUG,"in-progress connect failed. 
-Removing."); 
-
-       return -1; 
-
-    } else { 
-
-       return 0; /* no change, see if next time is 
-better */ 
-
-    } 
-
-} 
-
-/* the connect has finished. */ 
-
-Note: It may not be totally right, but it works ok. 
-(that chunk of code gets called after poll returns the 
-socket as writable. if poll returns it as readable, 
-then it's probably because of eof, connect fails. You 
-must poll for both.
-
- pcap vs flow File Format
-
-As stated before, the pcap file format really isn't 
-well suited for flowreplay because it uses the raw 
-packet as a container for data. Flowreplay however 
-isn't interested in packets, it's interested in data streamsA "data stream" as I call it is a simplex communication 
-from the client or server which is a complete query, 
-response or message.
- which may span one or more TCP/UDP segments, each 
-comprised of an IP datagram which may be comprised of 
-multiple IP fragments. Handling all this additional 
-complexity requires a full TCP/IP stack in user space 
-which would have additional feature requirements 
-specific to flowreplay.
-
-Rather then trying to do that, I've decided to create a 
-pcap preprocessor for flowreplay called: flowprep. 
-Flowprep will handle all the TCP/IP 
-defragmentation/reassembly and write out a file 
-containing the data streams for each flow.
-
-A flow file will contain three sections:
-
- A header which identifies this as a flowprep file and 
-  the file version
-
- An index of all the flows contained in the file
-
- The data streams themselves
-
-<Graphics file: flowheader.eps>
-
-
-At startup, the file header is validated and the data 
-stream indexes are loaded into memory. Then the first 
-data stream header from each flow is read. Then each 
-flow and subsequent data stream is processed based upon 
-the timestamps and plug-ins.
-
- Plug-ins
-
-Plug-ins will provide the "intelligence" in flowreplay. 
-Flowreplay is designed to be a mere framework for 
-connecting captured flows in a flow file with socket 
-file handles. How data is processed and what should be 
-done with it will be done via plug-ins.
-
-Plug-ins will allow proper handling of a variety of 
-protocols while hopefully keeping things simple. 
-Another part of the consideration will be making it 
-easy for others to contribute to flowreplay. I don't 
-want to have to write all the protocol logic myself.
-
- Plug-in Basics
-
-Each plug-in provides the logic for handling one or 
-more services. The main purpose of a plug-in is to 
-decide when flowreplay should send data via one or more 
-sockets. The plug-in can use any non-blocking method of 
-determining if it appropriate to send data or wait for 
-data to received. If necessary, a plug-in can also 
-modify the data sent.
-
-Each time poll() returns, flowreplay calls the plug-ins 
-for the flows which either have data waiting or in the 
-case of a timeout, those flows which timed out. 
-Afterwords, all the flows are processed and poll() is 
-called on those flows which have their state set to 
-POLL. And the process repeats until there are no more 
-nodes in the tree.
-
- The Default Plug-in
-
-Initially, flowreplay will ship with one basic plug-in 
-called "default". Any flow which doesn't have a specific 
-plug-in defined, will use default. The goal of the 
-default plug-in is to work "good enough" for a majority 
-of single-flow protocols such as SMTP, HTTP, and 
-Telnet. Protocols which use encryption (SSL, SSH, etc) 
-or multiple flows (FTP, RPC, etc) will never work with 
-the default plug-in. Furthermore, the default plug-in 
-will only support connections to a server, it will not 
-support accepting connections from clients.
-
-The default plug-in will provide no data level 
-manipulation and only a simple method for detecting 
-when it is time to send data to the server. Detecting 
-when to send data will be done by a "no more data" 
-timeout value. Basically, by using the pcap file as a 
-means to determine the order of the exchange, anytime 
-it is the servers turn to send data, flowreplay will 
-wait for the first byte of data and then start the "no 
-more data" timer. Every time more data is received, the 
-timer is reset. If the timer reaches zero, then 
-flowreplay sends the next portion of the client side of 
-the connection. This is repeated until the the flow has 
-been completely replayed or a "server hung" timeout is 
-reached. The server hung timeout is used to detect a 
-server which crashed and never starts sending any data 
-which would start the "no more data" timer.
-
-Both the "no more data" and "server hung" timers will be 
-user defined values and global to all flows using the 
-default plug-in.
-
- Plug-in Details
-
-Each plug-in will be comprised of the following:
-
- An optional global data structure, for intra-flow communication
-
- Per-flow data structure, for tracking flow state information
-
- A list of functions which flow replay will call when 
-  certain well-defined conditions are met.
-
-   Required functions:
-
-     initialize_node() - called when a node in the tree 
-      created using this plug-in
-
-     post_poll_timeout() - called when the poll() 
-      returned due to a timeout for this node
-
-     post_poll_read() - called when the poll() returned 
-      due to the socket being ready
-
-     buffer_full() - called when a the packet buffer 
-      for this flow is full
-
-     delete_node() - called just prior to the node 
-      being free()'d
-
-   Optional functions:
-
-     pre_send_data() - called before data is sent
-
-     post_send_data() - called after data is sent
-
-     pre_poll() - called prior to poll()
-
-     post_poll_default() - called when poll() returns 
-      and neither the socket was ready or the node 
-      timed out 
-
-     open_socket() - called after the socket is opened
-
-     close_socket() - called after the socket is closed
-
-
-
-

Docs/index.html

@@ -1,664 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
-original version by:  Nikos Drakos, CBLU, University of Leeds
-* revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
-* with significant contributions from:
-  Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
-<HTML>
-<HEAD>
-<TITLE>Flowreplay Design Notes</TITLE>
-<META NAME="description" CONTENT="Flowreplay Design Notes">
-<META NAME="keywords" CONTENT="flowreplay">
-<META NAME="resource-type" CONTENT="document">
-<META NAME="distribution" CONTENT="global">
-
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
-<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
-
-<LINK REL="STYLESHEET" HREF="flowreplay.css">
-
-</HEAD>
-
-<BODY >
-
-<P>
-
-<P>
-
-<P>
-
-<P>
-<H1 ALIGN="CENTER"><SPAN ID="hue33">Flowreplay Design Notes</SPAN></H1>
-<DIV CLASS="author_info">
-
-<P ALIGN="CENTER"><STRONG><SPAN ID="hue35">Aaron Turner </SPAN></STRONG></P>
-<P ALIGN="CENTER"><I><SPAN ID="hue37">http://synfin.net/</SPAN></I></P>
-<P ALIGN="CENTER"><STRONG><SPAN ID="hue39">Last Edited:</SPAN>
-<BR><SPAN ID="hue41">October 23, 2003</SPAN></STRONG></P>
-</DIV>
-
-<P>
-
-<H1><A NAME="SECTION00010000000000000000">
-<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue43">Overview</SPAN></A>
-</H1>
-
-<P>
-<SPAN ID="hue45">Tcpreplay</SPAN><A NAME="tex2html1"
-  HREF="#foot362"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A> <SPAN ID="hue49">was designed to replay traffic previously captured
-in the pcap format back onto the wire for testing NIDS and other passive
-devices. Over time, it was enhanced to be able to test in-line network
-devices. However, a re-occurring feature request for tcpreplay is
-to connect to a server in order to test applications and host TCP/IP
-stacks. It was determined early on, that adding this feature to tcpreplay
-was far too complex, so I decided to create a new tool specifically
-designed for this.</SPAN>
-<P>
-<SPAN ID="hue51">Flowreplay is designed to replay traffic at Layer
-4 or 7 depending on the protocol rather then at Layer 2 like tcpreplay
-does. This allows flowreplay to connect to one or more servers using
-a pcap savefile as the basis of the connections. Hence, flowreplay
-allows the testing of applications running on real servers rather
-then passive devices. </SPAN>
-<P>
-
-<H1><A NAME="SECTION00020000000000000000">
-<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue53">Features</SPAN></A>
-</H1>
-
-<P>
-
-<H2><A NAME="SECTION00021000000000000000">
-<SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue55">Requirements</SPAN></A>
-</H2>
-
-<P>
-
-<OL>
-<LI><SPAN ID="hue58">Full TCP/IP support, including IP fragments and
-TCP stream reassembly.</SPAN>
-</LI>
-<LI><SPAN ID="hue60">Support replaying TCP and UDP flows.</SPAN>
-</LI>
-<LI><SPAN ID="hue62">Code should handle each flow/service independently.</SPAN>
-</LI>
-<LI><SPAN ID="hue64">Should be able to connect to the server(s) in the
-pcap file or to a user specified IP address.</SPAN>
-</LI>
-<LI><SPAN ID="hue66">Support a plug-in architecture to allow adding application
-layer intelligence.</SPAN>
-</LI>
-<LI><SPAN ID="hue68">Plug-ins must be able to support multi-flow protocols
-like FTP.</SPAN>
-</LI>
-<LI><SPAN ID="hue365">Ship with a default plug-in which will work ``well
-enough'' for simple single-flow protocols like HTTP and telnet.</SPAN>
-</LI>
-<LI><SPAN ID="hue366">Flows being replayed ``correctly'' is more important
-then performance (Mbps).</SPAN>
-</LI>
-<LI><SPAN ID="hue74">Portable to run on common flavors of Unix and Unix-like
-systems.</SPAN>
-</LI>
-</OL>
-
-<P>
-
-<H2><A NAME="SECTION00022000000000000000">
-<SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue77">Wishes</SPAN></A>
-</H2>
-
-<P>
-
-<OL>
-<LI><SPAN ID="hue80">Support clients connecting to flowreplay on a limited
-basis. Flowreplay would replay the server side of the connection.</SPAN>
-</LI>
-<LI><SPAN ID="hue82">Support other IP based traffic (ICMP, VRRP, OSPF,
-etc) via plug-ins.</SPAN>
-</LI>
-<LI><SPAN ID="hue84">Support non-IP traffic (ARP, STP, CDP, etc) via
-plug-ins.</SPAN>
-</LI>
-<LI><SPAN ID="hue86">Limit which flows are replayed using user defined
-filters. (bpf filter syntax?)</SPAN>
-</LI>
-<LI><SPAN ID="hue88">Process pcap files directly with no intermediary
-file conversions.</SPAN>
-</LI>
-<LI><SPAN ID="hue90">Should be able to scale to pcap files in the 100's
-of MB in size and 100+ simultaneous flows on a P3 500MHz w/ 256MB
-of RAM.</SPAN>
-</LI>
-</OL>
-
-<P>
-
-<H1><A NAME="SECTION00030000000000000000">
-<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue93">Design Thoughts</SPAN></A>
-</H1>
-
-<P>
-
-<H2><A NAME="SECTION00031000000000000000">
-<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue95">Sending and Receiving traffic</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue97">Flowreplay must be able to process multiple connections
-to one or more devices. There are two options:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue100">Use sockets</SPAN><A NAME="tex2html2"
-  HREF="#foot370"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A> <SPAN ID="hue104">to send and receive data</SPAN>
-</LI>
-<LI><SPAN ID="hue106">Use libpcap</SPAN><A NAME="tex2html3"
-  HREF="#foot371"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> <SPAN ID="hue110">to receive packets and libnet</SPAN><A NAME="tex2html4"
-  HREF="#foot372"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A> <SPAN ID="hue114">to send packets</SPAN>
-</LI>
-</OL>
-<SPAN ID="hue117">Although using libpcap/libnet would allow more simultaneous
-connections and greater flexibility, there would be a very high complexity
-cost associated with it. With that in mind, I've decided to use sockets
-to send and receive data.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00032000000000000000">
-<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue119">Handling Multiple Connections</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue121">Because a pcap file can contain multiple simultaneous
-flows, we need to be able to support that too. The biggest problem
-with this is reading packet data in a different order then stored
-in the pcap file. </SPAN>
-<P>
-<SPAN ID="hue123">Reading and writing to multiple sockets is easy
-with select() or poll(), however a pcap file has it's data stored
-serially, but we need to access it randomly. There are a number of
-possible solutions for this such as caching packets in RAM where they
-can be accessed more randomly, creating an index of the packets in
-the pcap file, or converting the pcap file to another format altogether.
-Alternatively, I've started looking at libpcapnav</SPAN><A NAME="tex2html5"
-  HREF="#foot124"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A> <SPAN ID="hue126">as an alternate means to navigate a pcap file and
-process packets out of order.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00033000000000000000">
-<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue128">Data Synchronization</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue375">Knowing when to start sending client traffic in
-response to the server will be &#34;tricky&#34;. Without
-understanding the actual protocol involved, probably the best general
-solution is waiting for a given period of time after no more data
-from the server has been received. Not sure what to do if the client
-traffic doesn't elicit a response from the server (implement some
-kind of timeout?). This will be the basis for the default plug-in.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00034000000000000000">
-<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">4</SPAN> <SPAN ID="hue133">TCP/IP</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue135">Dealing with IP fragmentation and TCP stream reassembly
-will be another really complex problem. We're basically talking about
-implementing a significant portion of a TCP/IP stack. One thought
-is to use libnids</SPAN><A NAME="tex2html6"
-  HREF="#foot403"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A> <SPAN ID="hue139">which basically implements a Linux 2.0.37 TCP/IP
-stack in user-space. Other solutions include porting a TCP/IP stack
-from Open/Net/FreeBSD or writing our own custom stack from scratch.</SPAN>
-<P>
-
-<H1><A NAME="SECTION00040000000000000000">
-<SPAN CLASS="arabic">4</SPAN> <SPAN ID="hue141">Multiple Independent Flows</SPAN></A>
-</H1>
-
-<P>
-<SPAN ID="hue143">The biggest asynchronous problem, that pcap files
-are serial, has to be solved in a scaleable manner. Not much can be
-assumed about the network traffic contained in a pcap savefile other
-then Murphy's Law will be in effect. This means we'll have to deal
-with:</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue146">Thousands of small simultaneous flows (captured
-on a busy network)</SPAN>
-</LI>
-<LI><SPAN ID="hue379">Flows which ``hang'' mid-stream (an exploit
-against a server causes it to crash)</SPAN>
-</LI>
-<LI><SPAN ID="hue150">Flows which contain large quantities of data (FTP
-transfers of ISO's for example)</SPAN>
-</LI>
-</UL>
-<SPAN ID="hue153">How we implement parallel processing of the pcap
-savefile will dramatically effect how well we can scale. A few considerations:</SPAN>
-<P>
-
-<UL>
-<LI>Most Unix systems limit the maximum number of open file descriptors
-a single process can have. Generally speaking this shouldn't be a
-problem except for highly parallel pcap's.
-</LI>
-<LI>While RAM isn't limitless, we can use mmap() to get around this.
-</LI>
-<LI>Many Unix systems have enhanced solutions to poll() which will improve
-flow management.
-</LI>
-</UL>
-
-<P>
-
-<H2><A NAME="SECTION00041000000000000000">
-<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue157">IP Fragments and TCP Streams</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue159">There are five major complications with flowreplay:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue162">The IP datagrams may be fragmented- we won't be
-able to use the standard 5-tuple (src/dst IP, src/dst port, protocol)
-to lookup which flow a packet belongs to.</SPAN>
-</LI>
-<LI><SPAN ID="hue164">IP fragments may arrive out of order which will
-complicate ordering of data to be sent.</SPAN>
-</LI>
-<LI><SPAN ID="hue166">The TCP segments may arrive out of order which will
-complicate ordering of data to be sent.</SPAN>
-</LI>
-<LI><SPAN ID="hue168">Packets may be missing in the pcap file because
-they were dropped during capture.</SPAN>
-</LI>
-<LI><SPAN ID="hue170">There are tools like fragrouter which intentionally
-create non-deterministic situations.</SPAN>
-</LI>
-</OL>
-<SPAN ID="hue173">First off, I've decided, that I'm not going to worry
-about fragrouter or it's cousins. I'll handle non-deterministic situations
-one and only one way, so that the way flowreplay handles the traffic
-will be deterministic. Perhaps, I'll make it easy for others to write
-a plug-in which will change it, but that's not something I'm going
-to concern myself with now.</SPAN>
-<P>
-<SPAN ID="hue175">Missing packets in the pcap file will probably make
-that flow unplayable. There are proabably certain situation where
-we can make an educated guess, but this is far too complex to worry
-about for the first stable release.</SPAN>
-<P>
-<SPAN ID="hue177">That still leaves creating a basic TCP/IP stack
-in user space. The good news it that there is already a library which
-does this called libnids. As of version 1.17, libnids can process
-packets from a pcap savefile (it's not documented in the man page,
-but the code is there).</SPAN>
-<P>
-<SPAN ID="hue179">A potential problem with libnids though is that
-it has to maintain it's own state/cache system. This not only means
-additional overhead, but jumping around in the pcap file as I'm planning
-on doing to handle multiple simultaneous flows is likely to really
-confuse libnids' state engine. Also, libnids is licensed under the
-GPL, but I want flowreplay released under a BSD-like license; I need
-to research if the two are compatible in this way.</SPAN>
-<P>
-<SPAN ID="hue181">Possible solutions:</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue184">Developing a custom wedge between the capture file
-and libnids which will cause each packet to only be processed a single
-time.</SPAN>
-</LI>
-<LI><SPAN ID="hue186">Use libnids to process the pcap file into a new
-flow-based format, effectively putting the TCP/IP stack into a dedicated
-utility.</SPAN>
-</LI>
-<LI><SPAN ID="hue188">Develop a custom user-space TCP/IP stack, perhaps
-based on a BSD TCP/IP stack, much like libnids is based on Linux 2.0.37.</SPAN>
-</LI>
-<LI><SPAN ID="hue190">Screw it and say that IP fragmentation and out of
-order IP packets/TCP segments are not supported. Not sure if this
-will meet the needs of potential users.</SPAN>
-</LI>
-</UL>
-
-<P>
-
-<H2><A NAME="SECTION00042000000000000000">
-<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue193">Blocking</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue195">As earlier stated, one of the main goals of this
-project is to keep things single threaded to make coding plugins easier.
-One caveat of that is that any function which blocks will cause serious
-problems.</SPAN>
-<P>
-<SPAN ID="hue197">There are three major cases where blocking is likely
-to occur:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue200">Opening a socket</SPAN>
-</LI>
-<LI><SPAN ID="hue202">Reading from a socket</SPAN>
-</LI>
-<LI><SPAN ID="hue204">Writing to a socket</SPAN>
-</LI>
-</OL>
-<SPAN ID="hue207">Reading from sockets in a non-blocking manner is
-easy to solve for using poll() or select(). Writing to a socket, or
-merely opening a TCP socket via connect() however requires a different
-method:</SPAN>
-<P>
-<BLOCKQUOTE>
-<SPAN ID="hue210">It is possible to do non-blocking IO on sockets
-by setting the O_NONBLOCK flag on a socket file descriptor using
-fcntl(2). Then all operations that would block will (usually) return
-with EAGAIN (operation should be retried later); connect(2) will return
-EINPROGRESS error. The user can then wait for various events via poll(2)
-or select(2).</SPAN><A NAME="tex2html7"
-  HREF="#foot382"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A>
-</BLOCKQUOTE>
-<SPAN ID="hue215">If connect() returns EINPROGRESS, then we'll just
-have to do something like this:</SPAN>
-<P>
-
-<DL COMPACT>
-<DT>
-<DD><SPAN ID="hue218">int&nbsp;e,&nbsp;len=sizeof(e);</SPAN>
-<P>
-<SPAN ID="hue220">if&nbsp;(getsockopt(conn-&gt;s,&nbsp;SOL_SOCKET,&nbsp;SO_ERROR,&nbsp;&amp;e,&nbsp;&amp;len)&nbsp;&lt;&nbsp;0)&nbsp;{&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue383">&nbsp;&nbsp;&nbsp;/*&nbsp;not&nbsp;yet&nbsp;*/</SPAN>
-<P>
-&nbsp;<SPAN ID="hue384">&nbsp;&nbsp;&nbsp;if(errno&nbsp;!=&nbsp;EINPROGRESS){&nbsp;&nbsp;/*&nbsp;yuck.&nbsp;kill&nbsp;it.&nbsp;*/&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue385">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;log_fn(LOG_DEBUG,&#34;in-progress&nbsp;connect&nbsp;failed.&nbsp;Removing.&#34;);&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue231">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;-1;&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue233">&nbsp;&nbsp;&nbsp;}&nbsp;else&nbsp;{&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue386">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;0;&nbsp;/*&nbsp;no&nbsp;change,&nbsp;see&nbsp;if&nbsp;next&nbsp;time&nbsp;is&nbsp;better&nbsp;*/&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue238">&nbsp;&nbsp;&nbsp;}&nbsp;</SPAN>
-<P>
-<SPAN ID="hue240">}&nbsp;</SPAN>
-<P>
-<SPAN ID="hue387">/*&nbsp;the&nbsp;connect&nbsp;has&nbsp;finished.&nbsp;*/&nbsp;</SPAN>
-</DD>
-</DL><BLOCKQUOTE>
-<SPAN ID="hue247">Note: It may not be totally right, but it works
-ok. (that chunk of code gets called after poll returns the socket
-as writable. if poll returns it as readable, then it's probably because
-of eof, connect fails. You must poll for both.</SPAN>
-</BLOCKQUOTE>
-
-<P>
-
-<H1><A NAME="SECTION00050000000000000000">
-<SPAN CLASS="arabic">5</SPAN> <SPAN ID="hue250">pcap vs flow File Format</SPAN></A>
-</H1>
-
-<P>
-<SPAN ID="hue252">As stated before, the pcap file format really isn't
-well suited for flowreplay because it uses the raw packet as a container
-for data. Flowreplay however isn't interested in packets, it's interested
-in data streams</SPAN><A NAME="tex2html8"
-  HREF="#foot404"><SUP><SPAN CLASS="arabic">8</SPAN></SUP></A> <SPAN ID="hue256">which may span one or more TCP/UDP segments, each
-comprised of an IP datagram which may be comprised of multiple IP
-fragments. Handling all this additional complexity requires a full
-TCP/IP stack in user space which would have additional feature requirements
-specific to flowreplay.</SPAN>
-<P>
-<SPAN ID="hue258">Rather then trying to do that, I've decided to create
-a pcap preprocessor for flowreplay called: flowprep. Flowprep will
-handle all the TCP/IP defragmentation/reassembly and write out a file
-containing the data streams for each flow.</SPAN>
-<P>
-<SPAN ID="hue260">A flow file will contain three sections:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue263">A header which identifies this as a flowprep file
-and the file version</SPAN>
-</LI>
-<LI><SPAN ID="hue265">An index of all the flows contained in the file</SPAN>
-</LI>
-<LI><SPAN ID="hue267">The data streams themselves</SPAN>
-</LI>
-</OL>
-<DIV ALIGN="CENTER">
-<SPAN ID="hue390"><IMG
- WIDTH="668" HEIGHT="748" ALIGN="BOTTOM" BORDER="0"
- SRC="img1.png"
- ALT="\includegraphics{flowheader.eps}"></SPAN>
-</DIV>
-
-<P>
-<SPAN ID="hue274">At startup, the file header is validated and the
-data stream indexes are loaded into memory. Then the first data stream
-header from each flow is read. Then each flow and subsequent data
-stream is processed based upon the timestamps and plug-ins.</SPAN>
-<P>
-
-<H1><A NAME="SECTION00060000000000000000">
-<SPAN CLASS="arabic">6</SPAN> <SPAN ID="hue276">Plug-ins</SPAN></A>
-</H1>
-
-<P>
-<SPAN ID="hue392">Plug-ins will provide the ``intelligence'' in
-flowreplay. Flowreplay is designed to be a mere framework for connecting
-captured flows in a flow file with socket file handles. How data is
-processed and what should be done with it will be done via plug-ins.</SPAN>
-<P>
-<SPAN ID="hue280">Plug-ins will allow proper handling of a variety
-of protocols while hopefully keeping things simple. Another part of
-the consideration will be making it easy for others to contribute
-to flowreplay. I don't want to have to write all the protocol logic
-myself.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00061000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue282">Plug-in Basics</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue284">Each plug-in provides the logic for handling one
-or more services. The main purpose of a plug-in is to decide when
-flowreplay should send data via one or more sockets. The plug-in can
-use any</SPAN> <SPAN ID="hue394"><SPAN  CLASS="textit">non-blocking</SPAN></SPAN> <SPAN ID="hue288">method
-of determining if it appropriate to send data or wait for data to
-received. If necessary, a plug-in can also modify the data sent.</SPAN>
-<P>
-<SPAN ID="hue290">Each time poll() returns, flowreplay calls the plug-ins
-for the flows which either have data waiting or in the case of a timeout,
-those flows which timed out. Afterwords, all the flows are processed
-and poll() is called on those flows which have their state set to
-POLL. And the process repeats until there are no more nodes in the
-tree.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00062000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue292">The Default Plug-in</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue396">Initially, flowreplay will ship with one basic plug-in
-called ``default''. Any flow which doesn't have a specific plug-in
-defined, will use default. The goal of the default plug-in is to work
-``good enough'' for a majority of single-flow protocols such as
-SMTP, HTTP, and Telnet. Protocols which use encryption (SSL, SSH,
-etc) or multiple flows (FTP, RPC, etc) will never work with the default
-plug-in. Furthermore, the default plug-in will only support connections</SPAN><SPAN ID="hue397"><SPAN  CLASS="textit">to</SPAN></SPAN> <SPAN ID="hue299">a server, it will not
-support accepting connections from clients.</SPAN>
-<P>
-<SPAN ID="hue398">The default plug-in will provide no data level manipulation
-and only a simple method for detecting when it is time to send data
-to the server. Detecting when to send data will be done by a ``no
-more data'' timeout value. Basically, by using the pcap file as a
-means to determine the order of the exchange, anytime it is the servers
-turn to send data, flowreplay will wait for the first byte of data
-and then start the ``no more data'' timer. Every time more data
-is received, the timer is reset. If the timer reaches zero, then flowreplay
-sends the next portion of the client side of the connection. This
-is repeated until the the flow has been completely replayed or a ``server
-hung'' timeout is reached. The server hung timeout is used to detect
-a server which crashed and never starts sending any data which would
-start the ``no more data'' timer.</SPAN>
-<P>
-<SPAN ID="hue399">Both the ``no more data'' and ``server hung''
-timers will be user defined values and global to all flows using the
-default plug-in.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00063000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue309">Plug-in Details</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue311">Each plug-in will be comprised of the following:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue314">An optional global data structure, for intra-flow
-communication</SPAN>
-</LI>
-<LI><SPAN ID="hue316">Per-flow data structure, for tracking flow state
-information</SPAN>
-</LI>
-<LI><SPAN ID="hue318">A list of functions which flow replay will call
-when certain well-defined conditions are met.</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue321">Required functions:</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue324">initialize_node() - called when a node in the tree
-created using this plug-in</SPAN>
-</LI>
-<LI><SPAN ID="hue326">post_poll_timeout() - called when the poll() returned
-due to a timeout for this node</SPAN>
-</LI>
-<LI><SPAN ID="hue328">post_poll_read() - called when the poll() returned
-due to the socket being ready</SPAN>
-</LI>
-<LI><SPAN ID="hue330">buffer_full() - called when a the packet buffer
-for this flow is full</SPAN>
-</LI>
-<LI><SPAN ID="hue332">delete_node() - called just prior to the node being
-free()'d</SPAN>
-</LI>
-</UL>
-</LI>
-<LI><SPAN ID="hue335">Optional functions:</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue338">pre_send_data() - called before data is sent</SPAN>
-</LI>
-<LI><SPAN ID="hue340">post_send_data() - called after data is sent</SPAN>
-</LI>
-<LI><SPAN ID="hue342">pre_poll() - called prior to poll()</SPAN>
-</LI>
-<LI><SPAN ID="hue344">post_poll_default() - called when poll() returns
-and neither the socket was ready or the node timed out </SPAN>
-</LI>
-<LI><SPAN ID="hue346">open_socket() - called after the socket is opened</SPAN>
-</LI>
-<LI><SPAN ID="hue348">close_socket() - called after the socket is closed</SPAN>
-</LI>
-</UL>
-</LI>
-</UL>
-</LI>
-</OL>
-
-<DL COMPACT>
-<DT>
-<DD><P>
-</DD>
-</DL>
-<P>
-
-<H1><A NAME="SECTION00070000000000000000">
-About this document ...</A>
-</H1>
- <STRONG><SPAN ID="hue33">Flowreplay Design Notes</SPAN></STRONG><P>
-This document was generated using the
-<A HREF="http://www.latex2html.org/"><STRONG>LaTeX</STRONG>2<tt>HTML</tt></A> translator Version 2002-2-1 (1.70)
-<P>
-Copyright &#169; 1993, 1994, 1995, 1996,
-<A HREF="http://cbl.leeds.ac.uk/nikos/personal.html">Nikos Drakos</A>, 
-Computer Based Learning Unit, University of Leeds.
-<BR>
-Copyright &#169; 1997, 1998, 1999,
-<A HREF="http://www.maths.mq.edu.au/~ross/">Ross Moore</A>, 
-Mathematics Department, Macquarie University, Sydney.
-<P>
-The command line arguments were: <BR>
- <STRONG>latex2html</STRONG> <TT>-nonavigation -no_subdir -split 0 -show_section_numbers flowreplay.tex</TT>
-<P>
-The translation was initiated by Aaron Turner on 2005-02-10
-<BR><HR><H4>Footnotes</H4>
-<DL>
-<DT><A NAME="foot362">...Tcpreplay</A><A
- HREF="flowreplay.html#tex2html1"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue47">http://tcpreplay.sourceforge.net/</SPAN>
-
-</DD>
-<DT><A NAME="foot370">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html2"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue102">socket(2)</SPAN>
-
-</DD>
-<DT><A NAME="foot371">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html3"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue108">http://www.tcpdump.org/</SPAN>
-
-</DD>
-<DT><A NAME="foot372">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html4"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue112">http://www.packetfactory.net/projects/libnet/</SPAN>
-
-</DD>
-<DT><A NAME="foot124">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html5"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A></DT>
-<DD>http://netdude.sourceforge.net/
-
-</DD>
-<DT><A NAME="foot403">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html6"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue377">http://www.avet.com.pl/~nergal/libnids/</SPAN>
-
-</DD>
-<DT><A NAME="foot382">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html7"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue212">socket(7)</SPAN>
-
-</DD>
-<DT><A NAME="foot404">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html8"><SUP><SPAN CLASS="arabic">8</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue389">A ``data stream'' as I call it is a simplex
-communication from the client or server which is a complete query,
-response or message.</SPAN>
-
-</DD>
-</DL>
-<BR><HR>
-<ADDRESS>
-Aaron Turner
-2005-02-10
-</ADDRESS>
-</BODY>
-</HTML>

Makefile.am

@@ -0,0 +1,56 @@
+AUTOMAKE_OPTIONS = foreign
+
+include $(top_srcdir)/libopts/MakeDefs.inc
+
+SUBDIRS = scripts lib $(LIBOPTS_DIR) src
+DIST_SUBDIRS = scripts lib libopts src docs test
+.PHONY: manpages docs test man2html
+
+dist-hook: version manpages
+
+
+DOCS_DIR = $(top_builddir)/docs
+
+man2html:
+	cd scripts && make man2html
+
+docs: manpages
+	echo Making docs in $(DOCS_DIR)
+	cd $(DOCS_DIR) && make docs
+
+clean-docs:
+	cd $(DOCS_DIR) && make clean-docs
+
+postweb: manpages
+	cd $(DOCS_DIR) && make postweb
+
+postwebsf: manpages
+	cd $(DOCS_DIR) && make postwebsf
+
+manpages: man2html
+	cd src && make manpages
+
+TEST_DIR = $(top_builddir)/test
+
+test:
+	echo Making test in $(TEST_DIR)
+	cd $(TEST_DIR) && make test
+
+dlt_names:
+	cat @SAVEFILE_C@ | $(top_builddir)/scripts/dlt2name.pl src/dlt_names.h
+
+version:
+	-rm -f src/common/svn_version.c
+	cd src/common && make svn_version.c
+
+distclean-local:
+	-rm -rf autom4te.cache doxygen
+
+doxygen: version
+	doxygen doxygen.cfg
+
+MOSTLYCLEANFILES = tcpreplay.spec *~
+
+DISTCLEANFILES = .tm_project.cache stamp-h1 *.tar.*
+
+MAINTAINERCLEANFILES = Makefile.in configure *.bak

Makefile.in

@@ -1,149 +1,689 @@
-# $Id: Makefile.in 767 2004-10-06 12:48:49Z aturner $
+# Makefile.in generated by automake 1.9.5 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = .
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+target_triplet = @target@
+DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
+	$(srcdir)/Makefile.in $(srcdir)/tcpreplay.spec.in \
+	$(top_srcdir)/configure $(top_srcdir)/libopts/MakeDefs.inc \
+	config/compile config/config.guess config/config.sub \
+	config/depcomp config/install-sh config/ltmain.sh \
+	config/missing config/mkinstalldirs
+subdir = .
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno configure.status.lineno
+mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/src/config.h
+CONFIG_CLEAN_FILES = tcpreplay.spec
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-exec-recursive install-info-recursive \
+	install-recursive installcheck-recursive installdirs-recursive \
+	pdf-recursive ps-recursive uninstall-info-recursive \
+	uninstall-recursive
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d $(distdir) \
+    || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr $(distdir); }; }
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOGEN = @AUTOGEN@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DVIPDFM = @DVIPDFM@
+DVIPS = @DVIPS@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FIG2DEV = @FIG2DEV@
+HAVE_DOCTOOLS_FALSE = @HAVE_DOCTOOLS_FALSE@
+HAVE_DOCTOOLS_TRUE = @HAVE_DOCTOOLS_TRUE@
+HAVE_LIBNIDS_FALSE = @HAVE_LIBNIDS_FALSE@
+HAVE_LIBNIDS_TRUE = @HAVE_LIBNIDS_TRUE@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LATEX2HTML = @LATEX2HTML@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@
+LIBOPTS_LDADD = @LIBOPTS_LDADD@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LNAVLIB = @LNAVLIB@
+LNAV_CFLAGS = @LNAV_CFLAGS@
+LNETINC = @LNETINC@
+LNETLIB = @LNETLIB@
+LNIDSINC = @LNIDSINC@
+LNIDSLIB = @LNIDSLIB@
+LN_S = @LN_S@
+LPCAPINC = @LPCAPINC@
+LPCAPLIB = @LPCAPLIB@
+LTLIBOBJS = @LTLIBOBJS@
+LYX = @LYX@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+NEED_LIBOPTS_FALSE = @NEED_LIBOPTS_FALSE@
+NEED_LIBOPTS_TRUE = @NEED_LIBOPTS_TRUE@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PCAP_BPF_H_FILE = @PCAP_BPF_H_FILE@
+PRINTF = @PRINTF@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+SYSTEM_STRLCPY_FALSE = @SYSTEM_STRLCPY_FALSE@
+SYSTEM_STRLCPY_TRUE = @SYSTEM_STRLCPY_TRUE@
+TCPREPLAY_RELEASE = @TCPREPLAY_RELEASE@
+TCPREPLAY_VERSION = @TCPREPLAY_VERSION@
+TEXI2DVI = @TEXI2DVI@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+debug_flag = @debug_flag@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nic1 = @nic1@
+nic2 = @nic2@
+oldincludedir = @oldincludedir@
+pcncfg = @pcncfg@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target = @target@
+target_alias = @target_alias@
+target_cpu = @target_cpu@
+target_os = @target_os@
+target_vendor = @target_vendor@
+td = @td@
+AUTOMAKE_OPTIONS = foreign
+@NEED_LIBOPTS_FALSE@LIBOPTS_DIR = 
+@NEED_LIBOPTS_TRUE@LIBOPTS_DIR = libopts
+SUBDIRS = scripts lib $(LIBOPTS_DIR) src
+DIST_SUBDIRS = scripts lib libopts src docs test
+DOCS_DIR = $(top_builddir)/docs
+TEST_DIR = $(top_builddir)/test
+MOSTLYCLEANFILES = tcpreplay.spec *~
+DISTCLEANFILES = .tm_project.cache stamp-h1 *.tar.*
+MAINTAINERCLEANFILES = Makefile.in configure *.bak
+all: all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/libopts/MakeDefs.inc $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --foreign '; \
+	      cd $(srcdir) && $(AUTOMAKE) --foreign  \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign  Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+tcpreplay.spec: $(top_builddir)/config.status $(srcdir)/tcpreplay.spec.in
+	cd $(top_builddir) && $(SHELL) ./config.status $@
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+	-rm -f libtool
+uninstall-info-am:
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+mostlyclean-recursive clean-recursive distclean-recursive \
+maintainer-clean-recursive:
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	mkdir $(distdir)
+	$(mkdir_p) $(distdir)/. $(distdir)/config $(distdir)/libopts $(distdir)/src $(distdir)/test
+	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+	list='$(DISTFILES)'; for file in $$list; do \
+	  case $$file in \
+	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+	  esac; \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+	    dir="/$$dir"; \
+	    $(mkdir_p) "$(distdir)$$dir"; \
+	  else \
+	    dir=''; \
+	  fi; \
+	  if test -d $$d/$$file; then \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(mkdir_p) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	    distdir=`$(am__cd) $(distdir) && pwd`; \
+	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+	    (cd $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$top_distdir" \
+	        distdir="$$distdir/$$subdir" \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	$(MAKE) $(AM_MAKEFLAGS) \
+	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
+	  dist-hook
+	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r $(distdir)
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && cd $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e '1{h;s/./=/g;p;x;}' -e '$${p;x;}'
+distuninstallcheck:
+	@cd $(distuninstallcheck_dir) \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+	-test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES)
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-libtool \
+	distclean-local distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-recursive
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
 
-prefix		= @prefix@
-BINDIR		= ${prefix}/bin
-SBINDIR		= ${prefix}/sbin
-MAN8DIR		= @mandir@/man8
-MAN1DIR		= @mandir@/man1
-VERSION		= @TCPREPLAY_VERSION@
-RELEASEDIR	= tcpreplay-$(VERSION)
+ps: ps-recursive
 
-CC		= @CC@
-CFLAGS		= @CFLAGS@
-LDFLAGS		= @LDFLAGS@
-DEFS		= @DEFS@
-INCS		= -I. @LNETINC@ @LPCAPINC@
-LIBS		= @LIBS@ @LNETLIB@ @LPCAPLIB@
-LNAVLIB		= @LNAVLIB@
-LNAV_CFLAGS	= @LNAV_CFLAGS@
+ps-am:
 
-INSTALL		= @INSTALL@
+uninstall-am: uninstall-info-am
 
-BINARIES	= tcpreplay capinfo pcapmerge tcpprep flowreplay
+uninstall-info: uninstall-info-recursive
 
+.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am am--refresh check \
+	check-am clean clean-generic clean-libtool clean-recursive \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-hook dist-shar dist-tarZ dist-zip distcheck distclean \
+	distclean-generic distclean-libtool distclean-local \
+	distclean-recursive distclean-tags distcleancheck distdir \
+	distuninstallcheck dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-exec \
+	install-exec-am install-info install-info-am install-man \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	maintainer-clean-recursive mostlyclean mostlyclean-generic \
+	mostlyclean-libtool mostlyclean-recursive pdf pdf-am ps ps-am \
+	tags tags-recursive uninstall uninstall-am uninstall-info-am
 
-TSRCS		= tcpreplay.c timer.c cache.c cidr.c do_packets.c list.c xX.c err.c signal_handler.c edit_packet.c replay_live.c fakepoll.c utils.c fakepcapnav.c tcpdump.c portmap.c fakepcap.c
-TOBJS		= $(TSRCS:.c=.o)
+.PHONY: manpages docs test man2html
 
-CSRCS		= capinfo.c libpcap.c snoop.c timer.c err.c fakepcap.c
-COBJS		= $(CSRCS:.c=.o)
+dist-hook: version manpages
 
-PSRCS		= tcpprep.c cidr.c tree.c cache.c list.c xX.c err.c utils.c services.c fakepcap.c
-POBJS		= $(PSRCS:.c=.o)
+man2html:
+	cd scripts && make man2html
 
-MSRCS		= pcapmerge.c err.c
-MOBJS		= $(MSRCS:.c=.o)
+docs: manpages
+	echo Making docs in $(DOCS_DIR)
+	cd $(DOCS_DIR) && make docs
 
-FSRCS		= flowreplay.c flowkey.c flownode.c flowstate.c flowbuff.c cidr.c timer.c err.c utils.c
-FOBJS		= $(FSRCS:.c=.o)
+clean-docs:
+	cd $(DOCS_DIR) && make clean-docs
 
-.c.o:
-	$(CC) $(CFLAGS) $(DEFS) $(INCS) -c $*.c
+postweb: manpages
+	cd $(DOCS_DIR) && make postweb
 
-.PHONY: test
+postwebsf: manpages
+	cd $(DOCS_DIR) && make postwebsf
 
-all: $(BINARIES) 
+manpages: man2html
+	cd src && make manpages
 
-tags:
-	etags *.h *.c
-
-tcpprep: $(POBJS)
-	$(CC) $(CFLAGS) $(DEFS) $(INCS) -o $@ $(POBJS) $(LDFLAGS) $(LIBS)
-
-tcpreplay: $(TOBJS)
-	$(CC) $(CFLAGS) $(LNAV_CFLAGS) $(DEFS) $(INCS) -o $@ $(TOBJS) $(LDFLAGS) $(LIBS) $(LNAVLIB)
-
-capinfo: $(COBJS)
-	$(CC) $(CFLAGS) $(DEFS) $(INCS) -o $@ $(COBJS) $(LDFLAGS) $(LIBS)
+test:
+	echo Making test in $(TEST_DIR)
+	cd $(TEST_DIR) && make test
 
-pcapmerge: $(MOBJS)
-	$(CC) $(CFLAGS) $(DEFS) -o $@ $(MOBJS) $(LDFLAGS) $(LIBS)
+dlt_names:
+	cat @SAVEFILE_C@ | $(top_builddir)/scripts/dlt2name.pl src/dlt_names.h
 
-flowreplay: $(FOBJS)
-	$(CC) $(CFLAGS) $(DEFS) -o $@ $(FOBJS) $(LDFLAGS) $(LIBS)
+version:
+	-rm -f src/common/svn_version.c
+	cd src/common && make svn_version.c
 
-dlt_names:
-	cat /usr/include/net/bpf.h | ./scripts/dlt2name.pl
-
-clean:
-	-rm -f *.o *core $(BINARIES)
-	-cd test && make clean
-	-cd Docs && make clean
-
-distclean: clean
-	-rm -rf autom4te-2.??.cache autom4te.cache TAGS
-	-rm -f Makefile config.h config.status config.cache config.log *~
-	-rm -f tcpreplay.spec confdefs.h man/*~ scripts/*~
-	-cd test && make distclean
-	-cd Docs && make distclean
-
-install: 
-	test -d $(SBINDIR) || $(INSTALL) -d $(SBINDIR)
-	test -d $(BINDIR) || $(INSTALL) -d $(BINDIR)
-	test -d $(MAN8DIR) || $(INSTALL) -d $(MAN8DIR)
-	test -d $(MAN1DIR) || $(INSTALL) -d $(MAN1DIR)
-	$(INSTALL) -m 755 tcpreplay $(SBINDIR)
-	$(INSTALL) -m 755 capinfo $(BINDIR)
-	$(INSTALL) -m 755 tcpprep $(BINDIR)
-	$(INSTALL) -m 755 pcapmerge $(BINDIR)
-	$(INSTALL) -m 755 flowreplay $(BINDIR)
-	$(INSTALL) -m 644 man/tcpreplay.8 $(MAN8DIR)
-	$(INSTALL) -m 644 man/capinfo.1 $(MAN1DIR)
-	$(INSTALL) -m 644 man/tcpprep.1 $(MAN1DIR)
-	$(INSTALL) -m 644 man/pcapmerge.1 $(MAN1DIR)
-	$(INSTALL) -m 644 man/flowreplay.1 $(MAN1DIR)
-
-uninstall:
-	rm -f $(SBINDIR)/tcpreplay
-	rm -f $(MAN8DIR)/tcpreplay.8
-	rm -f $(BINDIR)/capinfo
-	rm -f $(MAN1DIR)/capinfo.1
-	rm -f $(BINDIR)/tcpprep
-	rm -f $(MAN1DIR)/tcpprep.1
-	rm -f $(BINDIR)/pcapmerge
-	rm -f $(MAN1DIR)/pcapmerge.1
-	rm -f $(BINDIR)/flowreplay
-	rm -f $(MAN8DIR)/flowreplay.8
-
-pretty:
-	indent -br -brs -ts4 -ncdw -nce -ncs -npcs -nprs -l80 -lc80 -lp -psl -i4 -nut *.c *.h
+distclean-local:
+	-rm -rf autom4te.cache doxygen
 
-test:
-	cd test && make
-
-docs:
-	cd Docs && make
-
-webdocs:
-	scp Docs/FAQ.html Docs/FAQ.pdf Docs/CHANGELOG shell.sf.net:htdocs/
-
-release:
-	mkdir ../$(RELEASEDIR)
-	cp -r * ../$(RELEASEDIR)/
-	cd ../$(RELEASEDIR) && make distclean
-	-cd ../$(RELEASEDIR)/Docs && make
-	rm -rf ../$(RELEASEDIR)/CVS ../$(RELEASEDIR)/test/CVS 
-	rm -rf ../$(RELEASEDIR)/Docs/CVS ../$(RELEASEDIR)/man/CVS
-	cd .. && tar zcvf $(RELEASEDIR).tar.gz $(RELEASEDIR)/*
-
-
-rerelease:
-	-rm -rf ../$(RELEASEDIR)  ../$(RELEASEDIR).tar.gz
-	mkdir ../$(RELEASEDIR)
-	cp -r * ../$(RELEASEDIR)/
-	cd ../$(RELEASEDIR) && make distclean
-	-cd ../$(RELEASEDIR)/Docs && make
-	rm -rf ../$(RELEASEDIR)/CVS ../$(RELEASEDIR)/test/CVS
-	rm -rf ../$(RELEASEDIR)/Docs/CVS ../$(RELEASEDIR)/man/CVS
-	cd .. && tar zcvf $(RELEASEDIR).tar.gz $(RELEASEDIR)/*
-
-srpm:
-	-rm -rf ../$(RELEASEDIR)  ../$(RELEASEDIR).tar.gz
-	mkdir ../$(RELEASEDIR)
-	cp -r * ../$(RELEASEDIR)/
-	cd ../$(RELEASEDIR) && mv tcpreplay.spec tcpreplay.SPEC
-	cd ../$(RELEASEDIR) && make distclean
-	cd ../$(RELEASEDIR) && mv tcpreplay.SPEC tcpreplay.spec
-	-cd ../$(RELEASEDIR)/Docs && make
-	cd .. && tar zcvf $(RELEASEDIR).tar.gz $(RELEASEDIR)/*
-	rpm -ts ../$(RELEASEDIR).tar.gz  --nodeps
+doxygen: version
+	doxygen doxygen.cfg
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:

README

@@ -1 +1 @@
-All the documentation, licensing information, etc is now in the Docs directory
+All the documentation, licensing information, etc is now in the docs directory

capinfo.c

@@ -1,152 +0,0 @@
-/* $Id: capinfo.c 767 2004-10-06 12:48:49Z aturner $ */
-
-/*
- * Copyright (c) 2001-2004 Aaron Turner, Matt Bing.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the names of the copyright owners nor the names of its
- *    contributors may be used to endorse or promote products derived from
- *    this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
- * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
- * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#include "config.h"
-#include "err.h"
-#include "capinfo.h"
-#include "libpcap.h"
-#include "snoop.h"
-
-void print_pcap(struct pcap_info *);
-void print_snoop(struct snoop_info *);
-void usage();
-
-#ifdef DEBUG
-int debug = 0;
-#endif
-
-int
-main(int argc, char *argv[])
-{
-    struct pcap_info p;
-    struct snoop_info s;
-    int i, fd, flag;
-
-    if (argc == 0)
-        usage();
-
-    for (i = 1; i < argc; i++) {
-        flag = 0;
-
-        if ((fd = open(argv[i], O_RDONLY, 0)) < 0) {
-            warn("could not open");
-            continue;
-        }
-
-        if (is_pcap(fd)) {
-            stat_pcap(fd, &p);
-            flag = 1;
-            printf("%s pcap file\n", argv[1]);
-            print_pcap(&p);
-            return 0;
-        }
-
-        /* rewind */
-        if (lseek(fd, 0, SEEK_SET) != 0)
-            err(1, "lseek");
-
-        if (is_snoop(fd)) {
-            stat_snoop(fd, &s);
-            printf("%s snoop file\n", argv[1]);
-            print_snoop(&s);
-            return 0;
-        }
-
-        warnx("unknown format");
-        (void)printf("\n");
-    }
-
-    return 0;
-}
-
-void
-print_pcap(struct pcap_info *p)
-{
-    char *start, *finish;
-
-    printf("\tpcap (%s%s)\n", (p->modified ? "modified, " : ""), p->swapped);
-
-    (void)printf("\tversion: %d.%d\n", p->phdr.version_major,
-                 p->phdr.version_minor);
-    (void)printf("\tzone: %d\n", p->phdr.thiszone);
-    (void)printf("\tsig figs: %d\n", p->phdr.sigfigs);
-    (void)printf("\tsnaplen: %d\n", p->phdr.snaplen);
-
-    (void)printf("\tlinktype: %s\n", p->linktype);
-    (void)printf("\t%d packets, %d bytes\n", p->cnt, p->bytes);
-    if (p->trunc > 0)
-        (void)printf("\t%d packets truncated (larger than snaplen)\n",
-                     p->trunc);
-
-    if (p->cnt > 0) {
-        start = ctime(&p->start_tm.tv_sec);
-        (void)printf("\tfirst packet: %s", start);
-        finish = ctime(&p->finish_tm.tv_sec);
-        (void)printf("\tlast  packet: %s", finish);
-    }
-
-}
-
-void
-print_snoop(struct snoop_info *s)
-{
-    char *start, *finish;
-
-    (void)printf("\tversion: %d\n", s->version);
-    (void)printf("\tlinktype: %s\n", s->linktype);
-    (void)printf("\t%d packets, %d bytes\n", s->cnt, s->bytes);
-    if (s->trunc > 0)
-        (void)printf("\t%d packets truncated (larger than snaplen)\n",
-                     s->trunc);
-
-    if (s->cnt > 0) {
-        start = ctime(&s->start_tm.tv_sec);
-        (void)printf("\tfirst packet: %s", start);
-        finish = ctime(&s->finish_tm.tv_sec);
-        (void)printf("\tlast  packet: %s", finish);
-    }
-
-}
-
-void
-usage()
-{
-    (void)fprintf(stderr, "capinfo <files>\n");
-    exit(1);
-}

config.guess

@@ -1,9 +1,9 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
 
-timestamp='2004-11-12'
+timestamp='2005-04-22'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -53,7 +53,7 @@ version="\
 GNU config.guess ($timestamp)
 
 Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
@@ -804,6 +804,9 @@ EOF
     i*:UWIN*:*)
 	echo ${UNAME_MACHINE}-pc-uwin
 	exit 0 ;;
+    amd64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit 0 ;;
     p*:CYGWIN*:*)
 	echo powerpcle-unknown-cygwin
 	exit 0 ;;
@@ -1137,6 +1140,10 @@ EOF
 	# From seanf@swdc.stratus.com.
 	echo i860-stratus-sysv4
 	exit 0 ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit 0 ;;
     *:VOS:*:*)
 	# From Paul.Green@stratus.com.
 	echo hppa1.1-stratus-vos
@@ -1197,6 +1204,9 @@ EOF
     *:QNX:*:4*)
 	echo i386-pc-qnx
 	exit 0 ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit 0 ;;
     NSR-?:NONSTOP_KERNEL:*:*)
 	echo nsr-tandem-nsk${UNAME_RELEASE}
 	exit 0 ;;
@@ -1413,7 +1423,9 @@ This script, last modified $timestamp, has failed to recognize
 the operating system you are using. It is advised that you
 download the most up to date version of the config scripts from
 
-    ftp://ftp.gnu.org/pub/gnu/config/
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
 
 If the version you run ($0) is already up to date, please
 send the following data and any information you think might be

config.h.in

@@ -1,67 +0,0 @@
-#ifndef __CONFIG_H__
-#define __CONFIG_H__
-
-/* Our code version */
-#undef VERSION
-
-/* Version of libpcapnav we were compiled against */
-#undef PCAPNAV_VERSION
-
-/* Are we big endian? */
-#undef WORDS_BIGENDIAN
-
-/* Define to 'uint8_t' if <sys/types.h> doesn't define. */
-#undef u_int8_t
-
-/* Define to 'uint16_t' if <sys/types.h> doesn't define. */
-#undef u_int16_t
-
-/* Define to 'uint32_t' if <sys/types.h> doesn't define. */
-#undef u_int32_t
-
-/* Define to 'uint64_t' if <sys/types.h> doesn't define. */
-#undef u_int64_t
-
-/* Define to enable debugging code and -d flag */
-#undef DEBUG
-
-/* Do we have the new inet_aton ? */
-#undef INET_ATON
-
-/* do we have the old inet_addr ? */
-#undef INET_ADDR
-
-/* do we have to force strict byte alignment? */
-#undef FORCE_ALIGN
-
-/* Large file support */
-#ifndef _FILE_OFFSET_BITS
-#undef _FILE_OFFSET_BITS
-#endif
-#undef _LARGE_FILES
-#undef _LARGEFILE_SOURCE
-
-/* Various functions */
-#undef HAVE_FSEEKO
-#undef HAVE_STRNCPY
-
-/* We need fakepoll if poll.h and sys/poll.h don't exist */
-#undef HAVE_POLL_H
-#undef HAVE_SYS_POLL_H
-
-#undef HAVE_UNISTD_H
-#undef HAVE_STRING_H
-
-/* Is libpcapnav available? */
-#undef HAVE_PCAPNAV
-
-/* Is tcpdump available? */
-#undef HAVE_TCPDUMP
-
-/* if so, where is it located? */
-#undef TCPDUMP_BINARY
-
-/* does libpcap come with pcap_datalink_val_to_description() */
-#undef HAVE_DLT_VAL_TO_DESC
-
-#endif /* __CONFIG_H__ */

config.sub

@@ -1,9 +1,9 @@
 #! /bin/sh
 # Configuration validation subroutine script.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
 
-timestamp='2004-11-30'
+timestamp='2005-04-22'
 
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
@@ -70,7 +70,7 @@ Report bugs and patches to <config-patches@gnu.org>."
 version="\
 GNU config.sub ($timestamp)
 
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
@@ -231,13 +231,14 @@ case $basic_machine in
 	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
 	| am33_2.0 \
 	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+	| bfin \
 	| c4x | clipper \
 	| d10v | d30v | dlx | dsp16xx \
 	| fr30 | frv \
 	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
 	| i370 | i860 | i960 | ia64 \
 	| ip2k | iq2000 \
-	| m32r | m32rle | m68000 | m68k | m88k | mcore \
+	| m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
 	| mips | mipsbe | mipseb | mipsel | mipsle \
 	| mips16 \
 	| mips64 | mips64el \
@@ -262,7 +263,8 @@ case $basic_machine in
 	| pyramid \
 	| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
 	| sh64 | sh64le \
-	| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv8 | sparcv9 | sparcv9b \
+	| sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b \
 	| strongarm \
 	| tahoe | thumb | tic4x | tic80 | tron \
 	| v850 | v850e \
@@ -298,7 +300,7 @@ case $basic_machine in
 	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
 	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
 	| avr-* \
-	| bs2000-* \
+	| bfin-* | bs2000-* \
 	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
 	| clipper-* | craynv-* | cydra-* \
 	| d10v-* | d30v-* | dlx-* \
@@ -310,7 +312,7 @@ case $basic_machine in
 	| ip2k-* | iq2000-* \
 	| m32r-* | m32rle-* \
 	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
-	| m88110-* | m88k-* | mcore-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* \
 	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
 	| mips16-* \
 	| mips64-* | mips64el-* \
@@ -336,7 +338,8 @@ case $basic_machine in
 	| romp-* | rs6000-* \
 	| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
 	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
-	| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
 	| sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
 	| tahoe-* | thumb-* \
 	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \

config/compile

@@ -0,0 +1,136 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand `-c -o'.
+
+scriptversion=2003-11-09.00
+
+# Copyright (C) 1999, 2000, 2003 Free Software Foundation, Inc.
+# Written by Tom Tromey <tromey@cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand `-c -o'.
+Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file `INSTALL'.
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit 0
+    ;;
+  -v | --v*)
+    echo "compile $scriptversion"
+    exit 0
+    ;;
+esac
+
+
+prog=$1
+shift
+
+ofile=
+cfile=
+args=
+while test $# -gt 0; do
+  case "$1" in
+    -o)
+      # configure might choose to run compile as `compile cc -o foo foo.c'.
+      # So we do something ugly here.
+      ofile=$2
+      shift
+      case "$ofile" in
+	*.o | *.obj)
+	  ;;
+	*)
+	  args="$args -o $ofile"
+	  ofile=
+	  ;;
+      esac
+       ;;
+    *.c)
+      cfile=$1
+      args="$args $1"
+      ;;
+    *)
+      args="$args $1"
+      ;;
+  esac
+  shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+  # If no `-o' option was seen then we might have been invoked from a
+  # pattern rule where we don't need one.  That is ok -- this is a
+  # normal compilation that the losing compiler can handle.  If no
+  # `.c' file was seen then we are probably linking.  That is also
+  # ok.
+  exec "$prog" $args
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo $cfile | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use `[/.-]' here to ensure that we don't use the same name
+# that we are using for the .o file.  Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo $cofile | sed -e 's|[/.-]|_|g'`.d
+while true; do
+  if mkdir $lockdir > /dev/null 2>&1; then
+    break
+  fi
+  sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir $lockdir; exit 1" 1 2 15
+
+# Run the compile.
+"$prog" $args
+status=$?
+
+if test -f "$cofile"; then
+  mv "$cofile" "$ofile"
+fi
+
+rmdir $lockdir
+exit $status
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:

config/depcomp

@@ -0,0 +1,526 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2004-04-25.13
+
+# Copyright (C) 1999, 2000, 2003, 2004 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+# 02111-1307, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+  depmode     Dependency tracking mode.
+  source      Source file read by `PROGRAMS ARGS'.
+  object      Object file output by `PROGRAMS ARGS'.
+  depfile     Dependency file to output.
+  tmpdepfile  Temporary file to use when outputing dependencies.
+  libtool     Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit 0
+    ;;
+  -v | --v*)
+    echo "depcomp $scriptversion"
+    exit 0
+    ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+  echo "depcomp: Variables source, object and depmode must be set" 1>&2
+  exit 1
+fi
+# `libtool' can also be set to `yes' or `no'.
+
+if test -z "$depfile"; then
+   base=`echo "$object" | sed -e 's,^.*/,,' -e 's,\.\([^.]*\)$,.P\1,'`
+   dir=`echo "$object" | sed 's,/.*$,/,'`
+   if test "$dir" = "$object"; then
+      dir=
+   fi
+   # FIXME: should be _deps on DOS.
+   depfile="$dir.deps/$base"
+fi
+
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags.  We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write.  Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+  # HP compiler uses -M and no extra arg.
+  gccflag=-M
+  depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+   # This is just like dashmstdout with a different argument.
+   dashmflag=-xM
+   depmode=dashmstdout
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want.  Yay!  Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff.  Hmm.
+  "$@" -MT "$object" -MD -MP -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  mv "$tmpdepfile" "$depfile"
+  ;;
+
+gcc)
+## There are various ways to get dependency output from gcc.  Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+##   up in a subdir.  Having to rename by hand is ugly.
+##   (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+##   -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+##   than renaming).
+  if test -z "$gccflag"; then
+    gccflag=-MD,
+  fi
+  "$@" -Wp,"$gccflag$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+  sed -e 's/^[^:]*: / /' \
+      -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header).  We avoid this by adding
+## dummy dependencies for each header file.  Too bad gcc doesn't do
+## this for us directly.
+  tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'.  On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+sgi)
+  if test "$libtool" = yes; then
+    "$@" "-Wp,-MDupdate,$tmpdepfile"
+  else
+    "$@" -MDupdate "$tmpdepfile"
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+
+  if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
+    echo "$object : \\" > "$depfile"
+
+    # Clip off the initial element (the dependent).  Don't try to be
+    # clever and replace this with sed code, as IRIX sed won't handle
+    # lines with more than a fixed number of characters (4096 in
+    # IRIX 6.2 sed, 8192 in IRIX 6.5).  We also remove comment lines;
+    # the IRIX cc adds comments like `#:fec' to the end of the
+    # dependency line.
+    tr ' ' '
+' < "$tmpdepfile" \
+    | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+    tr '
+' ' ' >> $depfile
+    echo >> $depfile
+
+    # The second pass generates a dummy entry for each header file.
+    tr ' ' '
+' < "$tmpdepfile" \
+   | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+   >> $depfile
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+aix)
+  # The C for AIX Compiler uses -M and outputs the dependencies
+  # in a .u file.  In older versions, this file always lives in the
+  # current directory.  Also, the AIX compiler puts `$object:' at the
+  # start of each line; $object doesn't have directory information.
+  # Version 6 uses the directory in both cases.
+  stripped=`echo "$object" | sed 's/\(.*\)\..*$/\1/'`
+  tmpdepfile="$stripped.u"
+  if test "$libtool" = yes; then
+    "$@" -Wc,-M
+  else
+    "$@" -M
+  fi
+  stat=$?
+
+  if test -f "$tmpdepfile"; then :
+  else
+    stripped=`echo "$stripped" | sed 's,^.*/,,'`
+    tmpdepfile="$stripped.u"
+  fi
+
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+
+  if test -f "$tmpdepfile"; then
+    outname="$stripped.o"
+    # Each line is of the form `foo.o: dependent.h'.
+    # Do two passes, one to just change these to
+    # `$object: dependent.h' and one to simply `dependent.h:'.
+    sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile"
+    sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+icc)
+  # Intel's C compiler understands `-MD -MF file'.  However on
+  #    icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+  # ICC 7.0 will fill foo.d with something like
+  #    foo.o: sub/foo.c
+  #    foo.o: sub/foo.h
+  # which is wrong.  We want:
+  #    sub/foo.o: sub/foo.c
+  #    sub/foo.o: sub/foo.h
+  #    sub/foo.c:
+  #    sub/foo.h:
+  # ICC 7.1 will output
+  #    foo.o: sub/foo.c sub/foo.h
+  # and will wrap long lines using \ :
+  #    foo.o: sub/foo.c ... \
+  #     sub/foo.h ... \
+  #     ...
+
+  "$@" -MD -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  # Each line is of the form `foo.o: dependent.h',
+  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+  # Do two passes, one to just change these to
+  # `$object: dependent.h' and one to simply `dependent.h:'.
+  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+    sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+tru64)
+   # The Tru64 compiler uses -MD to generate dependencies as a side
+   # effect.  `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+   # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+   # dependencies in `foo.d' instead, so we check for that too.
+   # Subdirectories are respected.
+   dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+   test "x$dir" = "x$object" && dir=
+   base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+   if test "$libtool" = yes; then
+      # Dependencies are output in .lo.d with libtool 1.4.
+      # They are output in .o.d with libtool 1.5.
+      tmpdepfile1="$dir.libs/$base.lo.d"
+      tmpdepfile2="$dir.libs/$base.o.d"
+      tmpdepfile3="$dir.libs/$base.d"
+      "$@" -Wc,-MD
+   else
+      tmpdepfile1="$dir$base.o.d"
+      tmpdepfile2="$dir$base.d"
+      tmpdepfile3="$dir$base.d"
+      "$@" -MD
+   fi
+
+   stat=$?
+   if test $stat -eq 0; then :
+   else
+      rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+      exit $stat
+   fi
+
+   if test -f "$tmpdepfile1"; then
+      tmpdepfile="$tmpdepfile1"
+   elif test -f "$tmpdepfile2"; then
+      tmpdepfile="$tmpdepfile2"
+   else
+      tmpdepfile="$tmpdepfile3"
+   fi
+   if test -f "$tmpdepfile"; then
+      sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+      # That's a tab and a space in the [].
+      sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+   else
+      echo "#dummy" > "$depfile"
+   fi
+   rm -f "$tmpdepfile"
+   ;;
+
+#nosideeffect)
+  # This comment above is used by automake to tell side-effect
+  # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test $1 != '--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  test -z "$dashmflag" && dashmflag=-M
+  # Require at least two characters before searching for `:'
+  # in the target name.  This is to cope with DOS-style filenames:
+  # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+  "$@" $dashmflag |
+    sed 's:^[  ]*[^: ][^:][^:]*\:[    ]*:'"$object"'\: :' > "$tmpdepfile"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+dashXmstdout)
+  # This case only exists to satisfy depend.m4.  It is never actually
+  # run, as this mode is specially recognized in the preamble.
+  exit 1
+  ;;
+
+makedepend)
+  "$@" || exit $?
+  # Remove any Libtool call
+  if test "$libtool" = yes; then
+    while test $1 != '--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+  # X makedepend
+  shift
+  cleared=no
+  for arg in "$@"; do
+    case $cleared in
+    no)
+      set ""; shift
+      cleared=yes ;;
+    esac
+    case "$arg" in
+    -D*|-I*)
+      set fnord "$@" "$arg"; shift ;;
+    # Strip any option that makedepend may not understand.  Remove
+    # the object too, otherwise makedepend will parse it as a source file.
+    -*|$object)
+      ;;
+    *)
+      set fnord "$@" "$arg"; shift ;;
+    esac
+  done
+  obj_suffix="`echo $object | sed 's/^.*\././'`"
+  touch "$tmpdepfile"
+  ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile" "$tmpdepfile".bak
+  ;;
+
+cpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test $1 != '--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  "$@" -E |
+    sed -n '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+    sed '$ s: \\$::' > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  cat < "$tmpdepfile" >> "$depfile"
+  sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvisualcpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o,
+  # because we must use -o when running libtool.
+  "$@" || exit $?
+  IFS=" "
+  for arg
+  do
+    case "$arg" in
+    "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+	set fnord "$@"
+	shift
+	shift
+	;;
+    *)
+	set fnord "$@" "$arg"
+	shift
+	shift
+	;;
+    esac
+  done
+  "$@" -E |
+  sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::	\1 \\:p' >> "$depfile"
+  echo "	" >> "$depfile"
+  . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+none)
+  exec "$@"
+  ;;
+
+*)
+  echo "Unknown depmode $depmode" 1>&2
+  exit 1
+  ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:

config/install-sh

@@ -0,0 +1,325 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2004-04-01.17
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.  It can only install one file at a time, a restriction
+# shared with many OS's install programs.
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+transformbasename=
+transform_arg=
+instcmd="$mvprog"
+chmodcmd="$chmodprog 0755"
+chowncmd=
+chgrpcmd=
+stripcmd=
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=
+dst=
+dir_arg=
+
+usage="Usage: $0 [OPTION]... SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 -d DIRECTORIES...
+
+In the first form, install SRCFILE to DSTFILE, removing SRCFILE by default.
+In the second, create the directory path DIR.
+
+Options:
+-b=TRANSFORMBASENAME
+-c         copy source (using $cpprog) instead of moving (using $mvprog).
+-d         create directories instead of installing files.
+-g GROUP   $chgrp installed files to GROUP.
+-m MODE    $chmod installed files to MODE.
+-o USER    $chown installed files to USER.
+-s         strip installed files (using $stripprog).
+-t=TRANSFORM
+--help     display this help and exit.
+--version  display version info and exit.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG
+"
+
+while test -n "$1"; do
+  case $1 in
+    -b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+        shift
+        continue;;
+
+    -c) instcmd=$cpprog
+        shift
+        continue;;
+
+    -d) dir_arg=true
+        shift
+        continue;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+        shift
+        shift
+        continue;;
+
+    --help) echo "$usage"; exit 0;;
+
+    -m) chmodcmd="$chmodprog $2"
+        shift
+        shift
+        continue;;
+
+    -o) chowncmd="$chownprog $2"
+        shift
+        shift
+        continue;;
+
+    -s) stripcmd=$stripprog
+        shift
+        continue;;
+
+    -t=*) transformarg=`echo $1 | sed 's/-t=//'`
+        shift
+        continue;;
+
+    --version) echo "$0 $scriptversion"; exit 0;;
+
+    *)  # When -d is used, all remaining arguments are directories to create.
+	test -n "$dir_arg" && break
+        # Otherwise, the last argument is the destination.  Remove it from $@.
+	for arg
+	do
+          if test -n "$dstarg"; then
+	    # $@ is not empty: it contains at least $arg.
+	    set fnord "$@" "$dstarg"
+	    shift # fnord
+	  fi
+	  shift # arg
+	  dstarg=$arg
+	done
+	break;;
+  esac
+done
+
+if test -z "$1"; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src ;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    src=
+
+    if test -d "$dst"; then
+      instcmd=:
+      chmodcmd=
+    else
+      instcmd=$mkdirprog
+    fi
+  else
+    # Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dstarg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dstarg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst ;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      dst=$dst/`basename "$src"`
+    fi
+  fi
+
+  # This sed command emulates the dirname command.
+  dstdir=`echo "$dst" | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+
+  # Make sure that the destination directory exists.
+
+  # Skip lots of stat calls in the usual case.
+  if test ! -d "$dstdir"; then
+    defaultIFS='
+	 '
+    IFS="${IFS-$defaultIFS}"
+
+    oIFS=$IFS
+    # Some sh's can't handle IFS=/ for some reason.
+    IFS='%'
+    set - `echo "$dstdir" | sed -e 's@/@%@g' -e 's@^%@/@'`
+    IFS=$oIFS
+
+    pathcomp=
+
+    while test $# -ne 0 ; do
+      pathcomp=$pathcomp$1
+      shift
+      if test ! -d "$pathcomp"; then
+        $mkdirprog "$pathcomp" || lasterr=$?
+	# mkdir can fail with a `File exist' error in case several
+	# install-sh are creating the directory concurrently.  This
+	# is OK.
+	test ! -d "$pathcomp" && { (exit ${lasterr-1}); exit; }
+      fi
+      pathcomp=$pathcomp/
+    done
+  fi
+
+  if test -n "$dir_arg"; then
+    $doit $instcmd "$dst" \
+      && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \
+      && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \
+      && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \
+      && { test -z "$chmodcmd" || $doit $chmodcmd "$dst"; }
+
+  else
+    # If we're going to rename the final executable, determine the name now.
+    if test -z "$transformarg"; then
+      dstfile=`basename "$dst"`
+    else
+      dstfile=`basename "$dst" $transformbasename \
+               | sed $transformarg`$transformbasename
+    fi
+
+    # don't allow the sed command to completely eliminate the filename.
+    test -z "$dstfile" && dstfile=`basename "$dst"`
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'status=$?; rm -f "$dsttmp" "$rmtmp" && exit $status' 0
+    trap '(exit $?); exit' 1 2 13 15
+
+    # Move or copy the file name to the temp name
+    $doit $instcmd "$src" "$dsttmp" &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $instcmd $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \
+      && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \
+      && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \
+      && { test -z "$chmodcmd" || $doit $chmodcmd "$dsttmp"; } &&
+
+    # Now rename the file to the real destination.
+    { $doit $mvcmd -f "$dsttmp" "$dstdir/$dstfile" 2>/dev/null \
+      || {
+	   # The rename failed, perhaps because mv can't rename something else
+	   # to itself, or perhaps because mv is so ancient that it does not
+	   # support -f.
+
+	   # Now remove or move aside any old file at destination location.
+	   # We try this two ways since rm can't unlink itself on some
+	   # systems and the destination file might be busy for other
+	   # reasons.  In this case, the final cleanup might fail but the new
+	   # file should still install successfully.
+	   {
+	     if test -f "$dstdir/$dstfile"; then
+	       $doit $rmcmd -f "$dstdir/$dstfile" 2>/dev/null \
+	       || $doit $mvcmd -f "$dstdir/$dstfile" "$rmtmp" 2>/dev/null \
+	       || {
+		 echo "$0: cannot unlink or rename $dstdir/$dstfile" >&2
+		 (exit 1); exit
+	       }
+	     else
+	       :
+	     fi
+	   } &&
+
+	   # Now rename the file to the real destination.
+	   $doit $mvcmd "$dsttmp" "$dstdir/$dstfile"
+	 }
+    }
+  fi || { (exit 1); exit; }
+done
+
+# The final little trick to "correctly" pass the exit status to the exit trap.
+{
+  (exit 0); exit
+}
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:

config/missing

@@ -0,0 +1,360 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2003-09-02.23
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003 
+#   Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+# 02111-1307, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try \`$0 --help' for more information"
+  exit 1
+fi
+
+run=:
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+  configure_ac=configure.ac
+else
+  configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case "$1" in
+--run)
+  # Try to run requested program, and just exit if it succeeds.
+  run=
+  shift
+  "$@" && exit 0
+  # Exit code 63 means version mismatch.  This often happens
+  # when the user try to use an ancient version of a tool on
+  # a file that requires a minimum version.  In this case we
+  # we should proceed has if the program had been absent, or
+  # if --run hadn't been passed.
+  if test $? = 63; then
+    run=:
+    msg="probably too old"
+  fi
+  ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case "$1" in
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+  --run           try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+  aclocal      touch file \`aclocal.m4'
+  autoconf     touch file \`configure'
+  autoheader   touch file \`config.h.in'
+  automake     touch all \`Makefile.in' files
+  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
+  flex         create \`lex.yy.c', if possible, from existing .c
+  help2man     touch the output file
+  lex          create \`lex.yy.c', if possible, from existing .c
+  makeinfo     touch the output file
+  tar          try tar, gnutar, gtar, then tar without non-portable flags
+  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Send bug reports to <bug-automake@gnu.org>."
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    ;;
+
+  -*)
+    echo 1>&2 "$0: Unknown \`$1' option"
+    echo 1>&2 "Try \`$0 --help' for more information"
+    exit 1
+    ;;
+
+  aclocal*)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    fi
+
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
+         to install the \`Automake' and \`Perl' packages.  Grab them from
+         any GNU archive site."
+    touch aclocal.m4
+    ;;
+
+  autoconf)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    fi
+
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`${configure_ac}'.  You might want to install the
+         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
+         archive site."
+    touch configure
+    ;;
+
+  autoheader)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    fi
+
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
+         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
+         from any GNU archive site."
+    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+    test -z "$files" && files="config.h"
+    touch_files=
+    for f in $files; do
+      case "$f" in
+      *:*) touch_files="$touch_files "`echo "$f" |
+				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+      *) touch_files="$touch_files $f.in";;
+      esac
+    done
+    touch $touch_files
+    ;;
+
+  automake*)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    fi
+
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+         You might want to install the \`Automake' and \`Perl' packages.
+         Grab them from any GNU archive site."
+    find . -type f -name Makefile.am -print |
+	   sed 's/\.am$/.in/' |
+	   while read f; do touch "$f"; done
+    ;;
+
+  autom4te)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    fi
+
+    echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.
+         You can get \`$1' as part of \`Autoconf' from any GNU
+         archive site."
+
+    file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'`
+    test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo "#! /bin/sh"
+	echo "# Created by GNU Automake missing as a replacement of"
+	echo "#  $ $@"
+	echo "exit 0"
+	chmod +x $file
+	exit 1
+    fi
+    ;;
+
+  bison|yacc)
+    echo 1>&2 "\
+WARNING: \`$1' $msg.  You should only need it if
+         you modified a \`.y' file.  You may need the \`Bison' package
+         in order for those modifications to take effect.  You can get
+         \`Bison' from any GNU archive site."
+    rm -f y.tab.c y.tab.h
+    if [ $# -ne 1 ]; then
+        eval LASTARG="\${$#}"
+	case "$LASTARG" in
+	*.y)
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+	    if [ -f "$SRCFILE" ]; then
+	         cp "$SRCFILE" y.tab.c
+	    fi
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+	    if [ -f "$SRCFILE" ]; then
+	         cp "$SRCFILE" y.tab.h
+	    fi
+	  ;;
+	esac
+    fi
+    if [ ! -f y.tab.h ]; then
+	echo >y.tab.h
+    fi
+    if [ ! -f y.tab.c ]; then
+	echo 'main() { return 0; }' >y.tab.c
+    fi
+    ;;
+
+  lex|flex)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.l' file.  You may need the \`Flex' package
+         in order for those modifications to take effect.  You can get
+         \`Flex' from any GNU archive site."
+    rm -f lex.yy.c
+    if [ $# -ne 1 ]; then
+        eval LASTARG="\${$#}"
+	case "$LASTARG" in
+	*.l)
+	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+	    if [ -f "$SRCFILE" ]; then
+	         cp "$SRCFILE" lex.yy.c
+	    fi
+	  ;;
+	esac
+    fi
+    if [ ! -f lex.yy.c ]; then
+	echo 'main() { return 0; }' >lex.yy.c
+    fi
+    ;;
+
+  help2man)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    fi
+
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+	 you modified a dependency of a manual page.  You may need the
+	 \`Help2man' package in order for those modifications to take
+	 effect.  You can get \`Help2man' from any GNU archive site."
+
+    file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
+    if test -z "$file"; then
+	file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'`
+    fi
+    if [ -f "$file" ]; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo ".ab help2man is required to generate this page"
+	exit 1
+    fi
+    ;;
+
+  makeinfo)
+    if test -z "$run" && (makeinfo --version) > /dev/null 2>&1; then
+       # We have makeinfo, but it failed.
+       exit 1
+    fi
+
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.texi' or \`.texinfo' file, or any other file
+         indirectly affecting the aspect of the manual.  The spurious
+         call might also be the consequence of using a buggy \`make' (AIX,
+         DU, IRIX).  You might want to install the \`Texinfo' package or
+         the \`GNU make' package.  Grab either from any GNU archive site."
+    file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
+    if test -z "$file"; then
+      file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+      file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file`
+    fi
+    touch $file
+    ;;
+
+  tar)
+    shift
+    if test -n "$run"; then
+      echo 1>&2 "ERROR: \`tar' requires --run"
+      exit 1
+    fi
+
+    # We have already tried tar in the generic part.
+    # Look for gnutar/gtar before invocation to avoid ugly error
+    # messages.
+    if (gnutar --version > /dev/null 2>&1); then
+       gnutar "$@" && exit 0
+    fi
+    if (gtar --version > /dev/null 2>&1); then
+       gtar "$@" && exit 0
+    fi
+    firstarg="$1"
+    if shift; then
+	case "$firstarg" in
+	*o*)
+	    firstarg=`echo "$firstarg" | sed s/o//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+	case "$firstarg" in
+	*h*)
+	    firstarg=`echo "$firstarg" | sed s/h//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+    fi
+
+    echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+         You may want to install GNU tar or Free paxutils, or check the
+         command line arguments."
+    exit 1
+    ;;
+
+  *)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.  Check the \`README' file,
+         it often tells you about the needed prerequisites for installing
+         this package.  You may also peek at any GNU archive site, in case
+         some other package would contain this missing \`$1' program."
+    exit 1
+    ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:

config/mkinstalldirs

@@ -0,0 +1,150 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+
+scriptversion=2004-02-15.20
+
+# Original author: Noah Friedman <friedman@prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain.
+#
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+errstatus=0
+dirmode=""
+
+usage="\
+Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ...
+
+Create each directory DIR (with mode MODE, if specified), including all
+leading file name components.
+
+Report bugs to <bug-automake@gnu.org>."
+
+# process command line arguments
+while test $# -gt 0 ; do
+  case $1 in
+    -h | --help | --h*)         # -h for help
+      echo "$usage"
+      exit 0
+      ;;
+    -m)                         # -m PERM arg
+      shift
+      test $# -eq 0 && { echo "$usage" 1>&2; exit 1; }
+      dirmode=$1
+      shift
+      ;;
+    --version)
+      echo "$0 $scriptversion"
+      exit 0
+      ;;
+    --)                         # stop option processing
+      shift
+      break
+      ;;
+    -*)                         # unknown option
+      echo "$usage" 1>&2
+      exit 1
+      ;;
+    *)                          # first non-opt arg
+      break
+      ;;
+  esac
+done
+
+for file
+do
+  if test -d "$file"; then
+    shift
+  else
+    break
+  fi
+done
+
+case $# in
+  0) exit 0 ;;
+esac
+
+# Solaris 8's mkdir -p isn't thread-safe.  If you mkdir -p a/b and
+# mkdir -p a/c at the same time, both will detect that a is missing,
+# one will create a, then the other will try to create a and die with
+# a "File exists" error.  This is a problem when calling mkinstalldirs
+# from a parallel make.  We use --version in the probe to restrict
+# ourselves to GNU mkdir, which is thread-safe.
+case $dirmode in
+  '')
+    if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
+      echo "mkdir -p -- $*"
+      exec mkdir -p -- "$@"
+    else
+      # On NextStep and OpenStep, the `mkdir' command does not
+      # recognize any option.  It will interpret all options as
+      # directories to create, and then abort because `.' already
+      # exists.
+      test -d ./-p && rmdir ./-p
+      test -d ./--version && rmdir ./--version
+    fi
+    ;;
+  *)
+    if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 &&
+       test ! -d ./--version; then
+      echo "mkdir -m $dirmode -p -- $*"
+      exec mkdir -m "$dirmode" -p -- "$@"
+    else
+      # Clean up after NextStep and OpenStep mkdir.
+      for d in ./-m ./-p ./--version "./$dirmode";
+      do
+        test -d $d && rmdir $d
+      done
+    fi
+    ;;
+esac
+
+for file
+do
+  set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
+  shift
+
+  pathcomp=
+  for d
+  do
+    pathcomp="$pathcomp$d"
+    case $pathcomp in
+      -*) pathcomp=./$pathcomp ;;
+    esac
+
+    if test ! -d "$pathcomp"; then
+      echo "mkdir $pathcomp"
+
+      mkdir "$pathcomp" || lasterr=$?
+
+      if test ! -d "$pathcomp"; then
+	errstatus=$lasterr
+      else
+	if test ! -z "$dirmode"; then
+	  echo "chmod $dirmode $pathcomp"
+	  lasterr=""
+	  chmod "$dirmode" "$pathcomp" || lasterr=$?
+
+	  if test ! -z "$lasterr"; then
+	    errstatus=$lasterr
+	  fi
+	fi
+      fi
+    fi
+
+    pathcomp="$pathcomp/"
+  done
+done
+
+exit $errstatus
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:

configure.in

@@ -1,26 +1,29 @@
-dnl $Id: configure.in 1037 2004-12-03 23:51:38Z aturner $
-AC_INIT(tcpreplay.c)
-AC_CONFIG_HEADER(config.h)
+
+dnl $Id: configure.in 1362 2005-06-19 22:11:50Z aturner $
+
+AC_INIT(tcpreplay)
+AC_CONFIG_SRCDIR(src/tcpreplay.c)
+AM_CONFIG_HEADER(src/config.h)
+AC_CONFIG_AUX_DIR(config)
+AM_MAINTAINER_MODE
+AM_WITH_DMALLOC
+AC_PROG_LIBTOOL
 
 dnl Set version info here!
-MAJOR_VERSION=2
-MINOR_VERSION=3
-MICRO_VERSION=3
+MAJOR_VERSION=3
+MINOR_VERSION=0
+MICRO_VERSION=beta6
 TCPREPLAY_VERSION=$MAJOR_VERSION.$MINOR_VERSION.$MICRO_VERSION
 
 dnl Release is only used for the RPM spec file
 TCPREPLAY_RELEASE=1
 
-
-AC_DEFINE_UNQUOTED(VERSION, "$TCPREPLAY_VERSION")
+AC_DEFINE(PACKAGE, [tcpreplay], [This is our package name])
+AC_DEFINE_UNQUOTED(VERSION, "$TCPREPLAY_VERSION", [What is our version?])
 AC_SUBST(TCPREPLAY_VERSION)
 AC_SUBST(TCPREPLAY_RELEASE)
 
-
-dnl Initialize prefix.
-if test "$prefix" = "NONE"; then
-	prefix="/usr/local"
-fi
+CFLAGS="$CFLAGS -Wall -O2 -funroll-loops" # -std=c99 -Wno-variadic-macros"
 
 dnl Determine OS
 AC_CANONICAL_BUILD
@@ -29,19 +32,63 @@ AC_CANONICAL_TARGET
 AC_SUBST(host)
 AC_SUBST(build)
 AC_SUBST(target)
-AC_C_BIGENDIAN
+
+AM_INIT_AUTOMAKE(tcpreplay, $TCPREPLAY_VERSION, nodefine)
 
 dnl Checks for programs.
+AC_PROG_INSTALL
+AC_PROG_LIBTOOL
 AC_PROG_CC
+AC_PROG_CC_STDC
 AC_PROG_CXX
 AC_PROG_CPP
 AC_PROG_LN_S
 AC_PROG_RANLIB
 AC_PROG_AWK
-AC_PROG_INSTALL
 AC_PROG_MAKE_SET
+AC_EXEEXT
 AC_PATH_PROG(PRINTF, printf)
-AC_SUBST(PRINTF)
+AC_PATH_PROG(FIG2DEV, fig2dev)
+
+dnl Look for lyx in the normal locations
+dnl The OS X installer puts Lyx at /Applications/Lyx.app/Contents/MacOS/LyX
+
+AC_ARG_WITH(lyx,
+    AC_HELP_STRING([--with-lyx=FILE], [Path to Lyx binary]),
+    [ AC_MSG_CHECKING(for lyx)
+    if test -x $withval ; then
+          td=$withval
+          AC_MSG_RESULT($td)
+      else
+          AC_MSG_RESULT([Error: $withval does not exist or is not executable])
+      fi ],
+    [ 
+    case $host in
+        powerpc-apple-darwin*)
+        lyx=/Applications/Lyx.app/Contents/MacOS/LyX
+        if test -x $lyx ; then
+            AC_MSG_CHECKING(for lyx)
+            AC_SUBST(LYX, $lyx)
+            AC_MSG_RESULT($lyx) 
+        else
+	    AC_PATH_PROG(LYX, lyx)
+	fi
+        ;;
+
+        *)
+        AC_PATH_PROG(LYX, lyx)
+        ;;
+        esac
+    ])
+
+AC_PATH_PROG(DVIPS, dvips)
+AC_PATH_PROG(TEXI2DVI, texi2dvi)
+AC_PATH_PROG(LATEX2HTML, latex2html)
+AC_PATH_PROG(DVIPDFM, dvipdfm)
+AC_PATH_PROG(AUTOGEN, autogen)
+
+AC_HEADER_STDC
+AC_HEADER_MAJOR
 
 dnl Checks for typedefs, structures, and compiler characteristics.
 AC_TYPE_SIZE_T
@@ -53,75 +100,6 @@ AC_SYS_LARGEFILE
 dnl Check for functions
 AC_FUNC_FSEEKO
 
-dnl Enable debugging in code/compiler options
-debug=no
-AC_MSG_CHECKING(for debug enabled)
-AC_ARG_WITH(debug,
-[  --with-debug            Enable debugging code and support for the -d option],
-[ debug=yes
- AC_DEFINE(DEBUG) 
- AC_MSG_RESULT(yes)], 
-AC_MSG_RESULT(no))
-
-dnl Use a debug flag during make test if debug is enabled
-if test $debug = yes ; then
-	debug_flag="-d 3"
-	AC_SUBST(debug_flag)
-fi
-
-dnl Enable Efense
-efence=no
-AC_MSG_CHECKING(for efence enabled)
-AC_ARG_WITH(efence,
-[  --with-efence           Enable Electric Fence memory debugger],
-[ efence=yes
-  AC_DEFINE(EFENCE)
-  AC_MSG_RESULT(yes)],
-  AC_MSG_RESULT(no)
-  )
-
-dnl Enable Gprof
-gprof=no
-AC_MSG_CHECKING(for gprof enabled)
-AC_ARG_WITH(gprof,
-[  --with-gprof            Enable GNU Profiler],
-[ gprof=yes
-  AC_DEFINE(GPROF)
-  AC_MSG_RESULT(yes)],
-  AC_MSG_RESULT(no)
-  )
-
-
-dnl Use these compiler flags if we have gcc.
-if test $ac_cv_prog_gcc = yes -a $debug = no ; then
-    CCOPTS="-pipe -Wall -O3 -funroll-loops"
-    CFLAGS="$CCOPTS"
-else
-	CCOPTS="-pipe -Wall -ggdb -pedantic"
-	CFLAGS="$CCOPTS"
-fi
-
-dnl Gprof requires -ggdb
-if test $gprof = yes -a $debug = yes ; then
-	CCOPTS="$CCOPTS -pg" 
-	CFLAGS="$CCOPTS"
-elif test $gprof = yes -a $debug = no ; then
-	CCOPTS="-pipe -Wall -pg -ggdb"
-	CFLAGS="$CCOPTS"
-fi
-
-dnl Electric Fence
-if test $efence = yes ; then
-	CCOPTS="$CCOPTS -lefence"
-	CFLAGS="$CCOPTS"
-fi
-
-dnl gprof
-if test $gprof = yes ; then
-        CCOPTS="$CCOPTS -fprofile-arcs"
-        CFLAGS="$CCOPTS"
-fi
-
 dnl Check for types.
 AC_CHECK_TYPE(u_int8_t, uint8_t)
 AC_CHECK_TYPE(u_int16_t, uint16_t)
@@ -141,46 +119,133 @@ AC_FUNC_MALLOC
 AC_FUNC_MEMCMP
 AC_TYPE_SIGNAL
 AC_FUNC_VPRINTF
-AC_CHECK_FUNCS([gettimeofday ctime memset regcomp strdup strerror strtol strncpy strtoull poll])
+AC_CHECK_FUNCS([gettimeofday ctime memset regcomp strdup strerror strtol strncpy strtoull poll ntohll mmap])
+
+dnl Look for strlcpy since some BSD's have it
+AC_CHECK_FUNCS([strlcpy],have_strlcpy=true,have_strlcpy=false)
+AM_CONDITIONAL(SYSTEM_STRLCPY, [test x$have_strlcpy = xtrue])
+
+AC_CHECK_MEMBERS([struct timeval.tv_sec])
+
+AC_C_BIGENDIAN
+
+doctools=no
+if test -n "$FIG2DEV" -a -n "$LYX" -a -n "$DVIPS" -a -n "$TEXI2DVI" \
+	 -a -n "$LATEX2HTML" -a -n "$DVIPDFM" ; then
+    doctools=yes
+fi
+AM_CONDITIONAL(HAVE_DOCTOOLS, test $doctools = yes)
+
+
+
+dnl Enable debugging in code/compiler options
+debug=no
+AC_ARG_ENABLE(debug,
+    AC_HELP_STRING([--enable-debug], [Enable debugging code and support for the -d option]),
+    [ if test x$enableval = xyes; then
+         debug=yes
+         CFLAGS="-ggdb -Wall -pedantic"
+         AC_SUBST(debug_flag)
+         AC_DEFINE([DEBUG], [], [Enable debuggin code and support for the -d option]) 
+      fi])
+
+
+dnl Enable Efense
+AC_ARG_ENABLE(efence,
+    AC_HELP_STRING([--enable-efence], [Enable Electric Fence memory debugger]),
+    [ if test x$enableval = xyes; then
+          CFLAGS="$CFLAGS -lefence"
+          AC_DEFINE([EFENCE], [], [Enable Electric Fence memory debugger])
+      fi])
+
+dnl Enable Gprof
+AC_ARG_ENABLE(gprof,
+    AC_HELP_STRING([--enable-gprof], [Enable GNU Profiler]),
+    [ if test x$enableval = xyes; then
+          if test $debug = yes; then
+              CFLAGS="$CFLAGS -pg"
+          else 
+              # GPROF requires gdb
+              CFLAGS="$CFLAGS -ggdb -pg -fprofile-arcs"
+          fi
+          AC_DEFINE([GPROF], [], [Enable GNU Profiler])
+      fi])
+
+dnl Use 64bits for packet counters
+AC_ARG_ENABLE(64bits,
+    AC_HELP_STRING([--enable-64bits], [Use 64bit packet counters]),
+    [ if test x$enableval = xyes; then
+         AC_DEFINE([ENABLE_64BITS], [], [Use 64bit packet counters])
+         AC_MSG_NOTICE([Using u_int64_t for packet counters])
+      else
+         AC_MSG_NOTICE([Using u_int32_t for packet counters])
+      fi
+    ])
+
+dnl Dynamic link libraries
+dynamic_link=no
+AC_ARG_ENABLE(dynamic-link,
+    AC_HELP_STRING([--enable-dynamic-link], [Dynamically link libraries]),
+    [ if test x$enableval = xyes; then
+        AC_DEFINE([ENABLE_DYNAMIC_LINK], [], [Enable dynamically linking libs])
+        dynamic_link=yes
+      fi
+    ])
 
 dnl Check for inet_aton and inet_addr
-AC_CHECK_FUNC(inet_aton, AC_DEFINE(INET_ATON) inet_aton=yes, inet_aton=no)
-AC_CHECK_FUNC(inet_addr, AC_DEFINE(INET_ADDR) inet_addr=yes, inet_addr=no)
+AC_CHECK_FUNC(inet_aton, 
+    AC_DEFINE([INET_ATON], [], [Do we have inet_aton?]) 
+    inet_aton=yes, 
+    inet_aton=no)
+AC_CHECK_FUNC(inet_addr, 
+    AC_DEFINE([INET_ADDR], [], [Do we have inet_addr?]) 
+    inet_addr=yes, 
+    inet_addr=no)
 
 if test $inet_aton = no -a $inet_addr = no ; then
 	AC_MSG_ERROR("We need either inet_aton or inet_addr")
 fi
+
+
 dnl ##################################################
 dnl Checks for libnet (shamelessly horked from dsniff)
 dnl ##################################################
 foundnet=no
 trynetdir=/usr/local
 AC_MSG_CHECKING(for libnet)
-AC_ARG_WITH([libnet],
+AC_ARG_WITH(libnet,
     AC_HELP_STRING([--with-libnet=DIR], [Use libnet in DIR]),
     [trynetdir=$withval])
 
 for testdir in $trynetdir /usr/local /usr ; do
     if test -f "${testdir}/include/libnet.h" -a $foundnet = no ; then
-        LNETINC="-I${testdir}/include"
-        LNETINCDIR="$testdir/include"
-        LNETLIB="-L${testdir}/lib -lnet"
-        foundnet=$testdir
+     LNETINC="${testdir}/include/libnet.h"
+     LNETINCDIR="$testdir/include"
+     if test $dynamic_link = yes; then
+         LNETLIB="-L${testdir}/lib -lnet"
+     elif test -f "${testdir}/lib64/libnet.a" ; then
+         LNETLIB="${testdir}/lib64/libnet.a"
+     else
+         LNETLIB="${testdir}/lib/libnet.a"
+     fi
+     foundnet=$testdir
     fi
 done
 
 if test $foundnet = no ; then
-    AC_MSG_RESULT(no)
-    AC_ERROR(libnet not found)
-else
-    AC_MSG_RESULT($foundnet)
+     AC_MSG_RESULT(no)
+     AC_ERROR(libnet not found)
+else 
+     AC_MSG_RESULT($foundnet) 
 fi
 
 AC_SUBST(LNETINC)
 AC_SUBST(LNETLIB)
 
 OLDLIBS="$LIBS"
+OLDCFLAGS="$CFLAGS"
 LIBS="$LNETLIB"
+CFLAGS="$CFLAGS -I$LNETINCDIR"
 
 dnl Check to see what version of libnet
 dnl this code has been reduced a lot, but probably still could be
@@ -190,7 +255,7 @@ AC_MSG_CHECKING(for libnet version)
 AC_TRY_RUN([
 #include <string.h>
 #define LIBNET_LIL_ENDIAN 1
-#include "$LNETINCDIR/libnet.h"
+#include "$LNETINC"
 #define LIB_TEST "1.0"
 /* 
  * simple proggy to test the version of libnet
@@ -200,19 +265,19 @@ AC_TRY_RUN([
 int
 main (int argc, char *argv[])
 {
-	if (strncmp(LIB_TEST, LIBNET_VERSION, 3) == 0)
-		exit(0);
-	exit(1);
+        if (strncmp(LIB_TEST, LIBNET_VERSION, 3) == 0)
+                exit(0);
+        exit(1);
 }],
-	libnet_ver_10=yes
-	AC_MSG_RESULT(1.0.x), 
-	libnet_ver_10=no,
-	libnet_ver_10=no
-	)
+        libnet_ver_10=yes
+        AC_MSG_RESULT(1.0.x), 
+        libnet_ver_10=no,
+        libnet_ver_10=no
+        )
 
 AC_TRY_RUN([
 #include <string.h>
-#include "$LNETINCDIR/libnet.h"
+#include "$LNETINC"
 #define LIB_TEST "1.1"
 /* 
  * simple proggy to test the version of libnet
@@ -222,28 +287,60 @@ AC_TRY_RUN([
 int
 main (int argc, char *argv[])
 {
-	if (strncmp(LIB_TEST, LIBNET_VERSION, 3) == 0)
-		exit(0);
-	exit(1);
+        if (strncmp(LIB_TEST, LIBNET_VERSION, 3) == 0)
+                exit(0);
+        exit(1);
 }],
-	libnet_ver_11=yes
-	AC_MSG_RESULT(1.1.x), 
-	libnet_ver_11=no,
-	libnet_ver_11=no
-	)
+        libnet_ver_11=yes
+        AC_MSG_RESULT(1.1.x), 
+        libnet_ver_11=no,
+        libnet_ver_11=no
+        )
 
 
 if test $libnet_ver_10 = no -a $libnet_ver_11 = no ; then
-	AC_MSG_RESULT(unknown)
-	AC_MSG_ERROR(Unable to determine version of libnet)
+        AC_MSG_RESULT(unknown)
+        AC_MSG_ERROR(Unable to determine version of libnet)
 fi
 
 if test $libnet_ver_10 = yes ; then
-	  AC_MSG_ERROR(Libnet version 1.0.x is no longer supported.
-		Please upgrade to 1.1.0 or better)
+          AC_MSG_ERROR(Libnet version 1.0.x is no longer supported.
+                Please upgrade to 1.1.0 or better)
+fi
+
+AC_MSG_CHECKING([for working libnet_checksum()])
+AC_TRY_RUN([
+#include <string.h>
+#include "$LNETINC"
+#define LIB_TEST "1.1.3"
+/* 
+ * simple proggy to test the version of libnet
+ * returns zero if it's < 1.1.3 which has the checksum fix
+ * or one otherwise
+ */
+int
+main (int argc, char *argv[])
+{
+        if (strncmp(LIB_TEST, LIBNET_VERSION, 5) <= 0)
+                exit(0);
+        exit(1);
+}],
+        libnet_ver_113=yes,
+        libnet_ver_113=no,
+        libnet_ver_113=no
+        )
+
+if test $libnet_ver_113 = no ; then
+    AC_MSG_RESULT(no)
+    AC_MSG_WARN([You should upgrade to libnet 1.1.3 or better if you
+    want to modify packets])
+else
+    AC_MSG_RESULT(yes)
 fi
-dnl restore LIBS
+
+dnl restore LIBS & CFLAGS
 LIBS="$OLDLIBS"
+CFLAGS="$OLDCFLAGS"
 
 dnl #####################################################
 dnl Checks for libpcap
@@ -251,33 +348,41 @@ dnl #####################################################
 foundpcap=no
 trypcapdir=/usr/local
 AC_MSG_CHECKING(for libpcap)
-AC_ARG_WITH([libpcap],
+AC_ARG_WITH(libpcap,
     AC_HELP_STRING([--with-libpcap=DIR], [Use libpcap in DIR]),
     [trypcapdir=$withval])
 
-for testdir in $trypcapdir /usr/local /usr ; do
-    if test -f "${testdir}/include/pcap.h" -a $foundpcap = no ; then
-       LPCAPINC="-I${testdir}/include"
-       LPCAPINCDIR="${testdir}/include"
-       LPCAPLIB="-L${testdir}/lib -lpcap"
-       foundpcap=$testdir
-    fi
-done
-
-if test $foundpcap = no ; then
-   AC_MSG_RESULT(no)
-   AC_ERROR(libpcap not found) 
-else
-   AC_MSG_RESULT($foundpcap)
-fi
-
+    for testdir in $trypcapdir /usr/local /usr ; do 
+ 
+     if test -f "${testdir}/include/pcap.h" -a $foundpcap = no ; then
+         LPCAPINC="${testdir}/include/pcap.h"
+         LPCAPINCDIR="${testdir}/include"
+         if test $dynamic_link = yes; then
+             LPCAPLIB="-L${testdir}/lib -lpcap"
+         elif test -f "${testdir}/lib64/libpcap.a" ; then
+             LPCAPLIB="${testdir}/lib64/libpcap.a"
+         else
+             LPCAPLIB="${testdir}/lib/libpcap.a"
+         fi
+        foundpcap=$testdir
+     fi
+   done
+
+   if test $foundpcap = no ; then
+     AC_MSG_RESULT(no)
+     AC_ERROR(libpcap not found)
+   else
+     AC_MSG_RESULT($foundpcap)
+   fi
 
 AC_SUBST(LPCAPINC)
 AC_SUBST(LPCAPLIB)
 
 dnl Checks to see what version of libpcap we've got
 OLDLIBS="$LIBS"
+OLDCFLAGS="$CFLAGS"
 LIBS="$LPCAPLIB"
+CFLAGS="$CFLAGS -I$LPCAPINCDIR"
 
 dnl Check to see what version of libpcap
 dnl this code has been reduced a lot, but probably still could be
@@ -286,43 +391,46 @@ AC_MSG_CHECKING(for libpcap version)
 
 AC_TRY_RUN([
 #include <string.h>
-#include "$LPCAPINCDIR/pcap.h"
-#define PCAP_TEST "0.6"
+#include <stdlib.h>
+#include <stdio.h>
+#include "$LPCAPINC"
+#define PCAP_TEST "0.5"
 /* 
  * simple proggy to test the version of libpcap
- * returns zero if version >= 0.6
+ * returns zero if version >= 0.5
  * or one otherwise
  */
 extern char pcap_version[];
 int
 main (int argc, char *argv[])
 {
-	if (strncmp(pcap_version, PCAP_TEST, 3) >= 0)
-		exit(0);
-	exit(1);
+        if (strncmp(pcap_version, PCAP_TEST, 3) >= 0)
+                exit(0);
+        exit(1);
 }],
-	libpcap_ver=yes
-	AC_MSG_RESULT(>= 0.6),
-	libpcap_ver=no
-	AC_MSG_RESULT(< 0.6),
-	libpcap_ver=no
-	)
+        libpcap_ver=yes
+        AC_MSG_RESULT(>= 0.5),
+        libpcap_ver=no
+        AC_MSG_RESULT(< 0.5),
+        libpcap_ver=no
+        )
 
 
 if test $libpcap_ver = no ; then
-	AC_MSG_ERROR(Libpcap versions < 0.6 are no longer supported.
-	Please upgrade to version 0.6 or better)
+        AC_MSG_ERROR(Libpcap versions < 0.5 are not supported.
+        Please upgrade to version 0.5 or better)
 fi
 
 dnl Check to see if we've got pcap_datalink_val_to_name()
 AC_MSG_CHECKING(for pcap_datalink_val_to_description)
 AC_TRY_RUN([
 #include <stdio.h>
-#include "$LPCAPINCDIR/pcap.h"
+#include <stdlib.h>
+#include <string.h>
+#include "$LPCAPINC"
 int 
 main(int argc, char *argv[]) {
-    char name[100];
-    strncpy(name, pcap_datalink_val_to_description(1), 99);
+    pcap_datalink_val_to_description(1);
     exit(0);
 } 
 ],
@@ -334,12 +442,52 @@ main(int argc, char *argv[]) {
     )
 
 if test $have_dlt_to_desc = yes ; then
-    AC_DEFINE(HAVE_DLT_VAL_TO_DESC)
+    AC_DEFINE([HAVE_DLT_VAL_TO_DESC], [], 
+              [Does libpcap have dlt_val_to_desc?])
 fi
 
-dnl restore LIBS
+dnl Older versions of libpcap are missing some DLT types
+dnl If doesn't exist, we'll define them in src/common/fakepcap.h
+AC_MSG_CHECKING(for DLT_LINUX_SLL in libpcap)
+AC_TRY_COMPILE([#include "$LPCAPINC"], 
+               [ int foo;
+                 foo = DLT_LINUX_SLL ],
+                [ AC_DEFINE([HAVE_DLT_LINUX_SLL],
+                    [], [Does pcap.h include a header with DLT_LINUX_SLL?])
+                  AC_MSG_RESULT(yes)
+                ], 
+                AC_MSG_RESULT(no)
+               )
+AC_MSG_CHECKING(for DLT_C_HDLC in libpcap)
+AC_TRY_COMPILE([#include "$LPCAPINC"],
+               [ int foo;
+                 foo = DLT_C_HDLC ],
+                [ AC_DEFINE([HAVE_DLT_C_HDLC],
+                    [], [Does pcap.h include a header with DLT_C_HDLC?])
+                  AC_MSG_RESULT(yes)
+                ],
+                AC_MSG_RESULT(no)   
+               )
+
+PCAP_BPF_H_FILE="$LPCAPINCDIR/pcap-bpf.h"
+AC_MSG_CHECKING(for $PCAP_BPF_H_FILE)
+AC_TRY_COMPILE([#include <sys/types.h>
+                #include <sys/time.h>
+                #include "$PCAP_BPF_H_FILE"],
+               [ int foo;
+                 foo = BPF_MAJOR_VERSION; ],
+               [ AC_DEFINE([INCLUDE_PCAP_BPF_HEADER], [],
+                           [What is the path (if any) to the pcap-bpf.h
+                            header?])
+                 AC_MSG_RESULT(yes)
+                 AC_SUBST(PCAP_BPF_H_FILE)
+               ],
+               AC_MSG_RESULT(no)
+               )
+
+dnl restore LIBS & CFLAGS
 LIBS="$OLDLIBS"
-
+CFLAGS="$OLDCFLAGS"
 
 
 dnl ##################################################
@@ -349,20 +497,24 @@ pcapnav_ver=no
 pcncfg=no
 AC_ARG_WITH(pcapnav-config,
     AC_HELP_STRING([--with-pcapnav-config=FILE], [Use given pcapnav-config]),
-    [pcncfg=$withval],
-    [ AC_PATH_PROG(pcncfg,[pcapnav-config], [] ) ])
-
-
-if test $pcncfg = no ; then
-    AC_MSG_RESULT(Cannot find pcapnav-config: Disabling offset jump feature.)
-else
-    AC_MSG_RESULT($pcncfg)
+    [ AC_MSG_CHECKING(for pcapnav-config)
+    if test -x $withval ; then
+	pcncfg=$withval
+	AC_MSG_RESULT($pcncfg)
+    else
+	AC_MSG_RESULT([Can't find pcapnav-config: disabling offset jump feature])
+    fi ],
+    [ AC_PATH_PROG(pcncfg,[pcapnav-config], [no] ) ]
+)
+
+if test $pcncfg != no ; then
     LNAVLIB=`$pcncfg --libs`
     LNAV_CFLAGS=`$pcncfg --cflags`
     PCAPNAV_VERSION=`$pcncfg --version`
     AC_SUBST(LNAVLIB)
     AC_SUBST(LNAV_CFLAGS)
-    AC_DEFINE_UNQUOTED(PCAPNAV_VERSION, "$PCAPNAV_VERSION")
+    AC_DEFINE_UNQUOTED(PCAPNAV_VERSION, "$PCAPNAV_VERSION", 
+                       [libpcapnav's version?])
 
 dnl Check to see what version of libpcapnav
 dnl this code has been reduced a lot, but probably still could be
@@ -392,16 +544,52 @@ main (int argc, char *argv[])
        	)
 
 
-if test $libpcapnav_ver = no ; then
+if test x$libpcapnav_ver = xno ; then
      	AC_MSG_WARN([Libpcapnav versions < 0.4 are not supported.
     Please upgrade to version 0.4 or better.
     Disabling offset jump feature.])
 else
-    AC_DEFINE(HAVE_PCAPNAV)
+    AC_DEFINE([HAVE_PCAPNAV], [], [Do we have libpcapnav?])
 fi
 
 fi # checking pcapnav version
 
+
+dnl #####################################################
+dnl Checks for libnids
+dnl #####################################################
+foundnids=no
+trynidsdir=/usr/local
+AC_MSG_CHECKING(for libnids)
+AC_ARG_WITH(libnids,
+    AC_HELP_STRING([--with-libnids=DIR], [Use libnids in DIR]),
+    [trynidsdir=$withval])
+
+    for testdir in $trynidsdir /usr/local /usr ; do 
+ 
+     if test -f "${testdir}/include/nids.h" -a $foundnids = no ; then
+         LNIDSINC="${testdir}/include/nids.h"
+         LNIDSINCDIR="${testdir}/include"
+dnl Libnids by default doesn't build a dynamic library and due to a 
+dnl bug, won't build one for OS X, so we link to the static
+dnl         LNIDSLIB="${testdir}/lib -lnids"
+         LNIDSLIB="${testdir}/lib/libnids.a"
+        foundnids=$testdir
+     fi
+   done
+
+   if test $foundnids = no ; then
+     AC_MSG_RESULT(no)
+     AC_MSG_WARN(libnids not found.  We won't build flowreplay.)
+   else
+     AC_MSG_RESULT($foundnids)
+     AC_DEFINE([HAVE_LIBNIDS], [], [Do we have libnids?])
+   fi
+
+AC_SUBST(LNIDSINC)
+AC_SUBST(LNIDSLIB)
+AM_CONDITIONAL([HAVE_LIBNIDS], [ test ${foundnids} != no ])
+
 dnl (shamelessly ripped off from libpcap)
 dnl Checks to see if unaligned memory accesses fail
 dnl
@@ -461,25 +649,30 @@ EOF
         esac])
     AC_MSG_RESULT($unaligned_fail)
     if test $unaligned_fail = yes ; then
-            AC_DEFINE(FORCE_ALIGN,1,[if unaligned access fails])
+            AC_DEFINE([FORCE_ALIGN],1,[Are we strictly aligned?])
     fi
 
 dnl ##################################################
 dnl # Check for tcpdump.
 dnl ##################################################
 
+td=no
 AC_ARG_WITH(tcpdump,
-   AC_HELP_STRING([--with-tcpdump=FILE],[Path to tcpdump binary]),
-   [td=$withval],
-   [td=no])
-
-AC_PATH_PROG(td, tcpdump, "no",[$PATH:/usr/sbin:/sbin:/usr/local/sbin])
-if test $td = no ; then
+    AC_HELP_STRING([--with-tcpdump=FILE], [Path to tcpdump binary]),
+    [ if test -x $withval ; then
+          td=$withval
+          AC_MSG_RESULT([Using tcpdump in $td])
+      else
+          AC_MSG_RESULT([Error: $withval does not exist or is not executable])
+      fi ],
+    [ AC_PATH_PROG(td, tcpdump, "no", [$PATH:/usr/sbin:/sbin:/usr/local/sbin]) ])
+           
+
+if test "$td" = "no"; then
     AC_MSG_WARN([Unable to find tcpdump.  Please specify --with-tcpdump.
                  Disabling verbose reporting.])
 else
-    AC_MSG_RESULT([Using tcpdump in $td.])
-    AC_DEFINE(HAVE_TCPDUMP)
+    AC_DEFINE([HAVE_TCPDUMP], [], [Do we have tcpdump?])
     AC_DEFINE_UNQUOTED(TCPDUMP_BINARY, "$td", [The tcpdump binary initially used])
 fi
 
@@ -493,9 +686,9 @@ fi
 dnl Allows user to choose which nic to use for testing purposes
 AC_ARG_WITH(testnic,
     AC_HELP_STRING([--with-testnic=NIC], [Select which network card to use for testing]),
-    [nic1=$withval
-     nic2=$withval
-    AC_MSG_RESULT([Using --with-testnic=$withval])],
+    [ nic1=$withval
+      nic2=$withval
+      AC_MSG_RESULT([Using --with-testnic=$withval])],
     [
 dnl these need to be dynamic based on OS
 case $host in
@@ -520,14 +713,14 @@ case $host in
 	powerpc-apple-darwin*)
 	nic1=en0
 	nic2=en0
-	AC_MSG_RESULT(Apple OSX)
+	AC_MSG_RESULT(Apple OS X)
 	;;
 
-    *-*-openbsd*)
-    nic1=xl0
-    nic2=xl0
-    AC_MSG_RESULT(OpenBSD)
-    ;;
+        *-*-openbsd*)
+        nic1=xl0
+        nic2=xl0
+        AC_MSG_RESULT(OpenBSD)
+        ;;
 
 	*)
 	AC_MSG_RESULT([$host is unknown!  
@@ -538,14 +731,22 @@ esac])
 
 AC_ARG_WITH(testnic2,
     AC_HELP_STRING([--with-testnic2=NIC2], [Select an optional 2nd network card to use for testing]),
-    [nic2=$withval])
+    [ nic2=$withval ])
 
-AC_MSG_NOTICE(Using $nic1 for 1st test network interface card)
-AC_MSG_NOTICE(Using $nic2 for 2nd test network interface card)
+AC_MSG_NOTICE([Using $nic1 for 1st test network interface card])
+AC_MSG_NOTICE([Using $nic2 for 2nd test network interface card])
 AC_SUBST(nic1)
 AC_SUBST(nic2)
 
-AC_OUTPUT(Makefile)
-AC_OUTPUT(test/Makefile)
-AC_OUTPUT(test/config)
-AC_OUTPUT(tcpreplay.spec)
+LIBOPTS_CHECK
+
+AC_OUTPUT([Makefile
+            lib/Makefile
+            docs/Makefile
+            src/Makefile
+            src/common/Makefile
+            src/defines.h
+            test/Makefile
+            test/config
+            scripts/Makefile
+            tcpreplay.spec])

debian/control

@@ -2,8 +2,8 @@ Source: tcpreplay
 Section: net
 Priority: optional
 Maintainer: Noèl Köthe <noel@debian.org>
-Build-Depends: debhelper (>> 3.0.0), libnet1-dev, libpcap0.8-dev, tcpdump
-Standards-Version: 3.6.1
+Build-Depends: debhelper (>> 3.0.0), libnet1-dev, libpcap0.9-dev, tcpdump
+Standards-Version: 3.6.2
 
 Package: tcpreplay
 Architecture: any

debian/docs

@@ -1,2 +1,4 @@
-Docs/FAQ.lyx
-Docs/TODO
+docs/FAQ.pdf
+docs/flowreplay.pdf
+docs/manual.pdf
+docs/TODO

debian/rules

@@ -88,7 +88,7 @@ binary-arch: build install
 	dh_installman
 #	dh_installinfo
 #	dh_undocumented
-	dh_installchangelogs Docs/CHANGELOG
+	dh_installchangelogs docs/CHANGELOG
 	dh_link
 	dh_strip
 	dh_compress

debian/watch

@@ -0,0 +1,3 @@
+version=2
+http://prdownloads.sourceforge.net/t/tc/tcpreplay/tcpreplay-(.*)\.tar\.gz
+debian uupdate

do_packets.c

@@ -1,676 +0,0 @@
-/* $Id: do_packets.c 882 2004-11-07 04:16:26Z aturner $ */
-
-/*
- * Copyright (c) 2001-2004 Aaron Turner, Matt Bing.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the names of the copyright owners nor the names of its
- *    contributors may be used to endorse or promote products derived from
- *    this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
- * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
- * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-
-#include "config.h"
-#include <libnet.h>
-#ifdef HAVE_PCAPNAV
-#include <pcapnav.h>
-#else
-#include "fakepcapnav.h"
-#endif
-#include <sys/time.h>
-#include <sys/types.h>
-#include <signal.h>
-#include <string.h>
-#include <netinet/in.h>
-#include <time.h>
-
-#ifdef HAVE_SYS_POLL_H
-#include <sys/poll.h>
-#elif HAVE_POLL_H
-#include <poll.h>
-#else
-#include "fakepoll.h"
-#endif
-
-#include "tcpreplay.h"
-#include "tcpdump.h"
-#include "cidr.h"
-#include "portmap.h"
-#include "cache.h"
-#include "err.h"
-#include "do_packets.h"
-#include "edit_packet.h"
-#include "timer.h"
-#include "list.h"
-#include "xX.h"
-
-
-extern struct options options;
-extern char *cachedata, *intf, *intf2;
-extern CIDR *cidrdata;
-extern PORTMAP *portmap_data;
-extern struct timeval begin, end;
-extern u_int64_t bytes_sent, failed, pkts_sent;
-extern u_int64_t cache_packets;
-extern volatile int didsig;
-extern int l2len, maxpacket;
-
-extern int include_exclude_mode;
-extern CIDR *xX_cidr;
-extern LIST *xX_list;
-
-extern tcpdump_t tcpdump;
-
-
-
-#ifdef DEBUG
-extern int debug;
-#endif
-
-
-void packet_stats();            /* from tcpreplay.c */
-
-
-/*
- * we've got a race condition, this is our workaround
- */
-void
-catcher(int signo)
-{
-    /* stdio in signal handlers cause a race, instead we set a flag */
-    if (signo == SIGINT)
-        didsig = 1;
-}
-
-/*
- * when we're sending only one packet at a time via <ENTER>
- * then there's no race and we can quit now
- * also called when didsig is set
- */
-void
-break_now(int signo)
-{
-
-    if (signo == SIGINT || didsig) {
-        printf("\n");
-
-        /* kill tcpdump child if required */
-        if (tcpdump.pid)
-            if (kill(tcpdump.pid, SIGTERM) != 0)
-                kill(tcpdump.pid, SIGKILL);
-
-        packet_stats();
-        exit(1);
-    }
-}
-
-/*
- * the main loop function.  This is where we figure out
- * what to do with each packet
- */
-
-void
-do_packets(pcapnav_t * pcapnav, pcap_t * pcap, u_int32_t linktype,
-           int l2enabled, char *l2data, int l2len)
-{
-    eth_hdr_t *eth_hdr = NULL;
-    ip_hdr_t *ip_hdr = NULL;
-    arp_hdr_t *arp_hdr = NULL;
-    libnet_t *l = NULL;
-    struct pcap_pkthdr pkthdr;  /* libpcap packet info */
-    const u_char *nextpkt = NULL;   /* packet buffer from libpcap */
-    u_char *pktdata = NULL;     /* full packet buffer */
-#ifdef FORCE_ALIGN
-    u_char *ipbuff = NULL;      /* IP header and above buffer */
-#endif
-    struct timeval last;
-    static int firsttime = 1;
-    int ret, newl2len;
-    u_int64_t packetnum = 0;
-#ifdef HAVE_PCAPNAV
-    pcapnav_result_t pcapnav_result = 0;
-#endif
-    char datadumpbuff[MAXPACKET];   /* data dumper buffer */
-    int datalen = 0;                /* data dumper length */
-    int newchar = 0;
-    int needtorecalc = 0;           /* did the packet change? if so, checksum */
-    struct pollfd poller[1];        /* use poll to read from the keyboard */
-
-    /* create packet buffers */
-    if ((pktdata = (u_char *) malloc(maxpacket)) == NULL)
-        errx(1, "Unable to malloc pktdata buffer");
-
-#ifdef FORCE_ALIGN
-    if ((ipbuff = (u_char *) malloc(maxpacket)) == NULL)
-        errx(1, "Unable to malloc ipbuff buffer");
-#endif
-
-    /* register signals */
-    didsig = 0;
-    if (!options.one_at_a_time) {
-        (void)signal(SIGINT, catcher);
-    }
-    else {
-        (void)signal(SIGINT, break_now);
-    }
-
-    if (firsttime) {
-        timerclear(&last);
-        firsttime = 0;
-    }
-
-#ifdef HAVE_PCAPNAV
-    /* only support jumping w/ files */
-    if ((pcapnav != NULL) && (options.offset)) {
-        /* jump to the next packet >= the offset */
-        if (pcapnav_goto_offset(pcapnav, (off_t)options.offset, PCAPNAV_CMP_GEQ)
-            != PCAPNAV_DEFINITELY)
-            warnx("Unable to get a definate jump offset "
-                  "pcapnav_goto_offset(): %d\n", pcapnav_result);
-    }
-#endif
-
-    /* get the pcap handler for the main loop */
-    pcap = pcapnav_pcap(pcapnav);
-
-    /* MAIN LOOP 
-     * Keep sending while we have packets or until
-     * we've sent enough packets
-     */
-    while (((nextpkt = pcap_next(pcap, &pkthdr)) != NULL) &&
-           (options.limit_send != pkts_sent)) {
-
-        /* die? */
-        if (didsig)
-            break_now(0);
-
-        dbg(2, "packets sent %llu", pkts_sent);
-
-        packetnum++;
-        dbg(2, "packet %llu caplen %d", packetnum, pkthdr.caplen);
-
-        /* zero out the old packet info */
-        memset(pktdata, '\0', maxpacket);
-        needtorecalc = 0;
-
-        /* Rewrite any Layer 2 data */
-        if ((newl2len = rewrite_l2(&pkthdr, pktdata, nextpkt,
-                                   linktype, l2enabled, l2data, l2len)) == 0)
-            continue;
-
-        l2len = newl2len;
-
-        /* look for include or exclude LIST match */
-        if (xX_list != NULL) {
-            if (include_exclude_mode < xXExclude) {
-                if (!check_list(xX_list, (packetnum))) {
-                    continue;
-                }
-            }
-            else if (check_list(xX_list, (packetnum))) {
-                continue;
-            }
-        }
-
-
-        eth_hdr = (eth_hdr_t *) pktdata;
-
-        /* does packet have an IP header?  if so set our pointer to it */
-        if (ntohs(eth_hdr->ether_type) == ETHERTYPE_IP) {
-#ifdef FORCE_ALIGN
-            /* 
-             * copy layer 3 and up to our temp packet buffer
-             * for now on, we have to edit the packetbuff because
-             * just before we send the packet, we copy the packetbuff 
-             * back onto the pkt.data + l2len buffer
-             * we do all this work to prevent byte alignment issues
-             */
-            ip_hdr = (ip_hdr_t *) ipbuff;
-            memcpy(ip_hdr, (&pktdata[l2len]), pkthdr.caplen - l2len);
-#else
-            /*
-             * on non-strict byte align systems, don't need to memcpy(), 
-             * just point to 14 bytes into the existing buffer
-             */
-            ip_hdr = (ip_hdr_t *) (&pktdata[l2len]);
-#endif
-
-            /* look for include or exclude CIDR match */
-            if (xX_cidr != NULL) {
-                if (!process_xX_by_cidr(include_exclude_mode, xX_cidr, ip_hdr)) {
-                    continue;
-                }
-            }
-
-        }
-        else {
-            /* non-IP packets have a NULL ip_hdr struct */
-            ip_hdr = NULL;
-        }
-
-        /* check for martians? */
-        if (options.no_martians && (ip_hdr != NULL)) {
-            switch ((ntohl(ip_hdr->ip_dst.s_addr) & 0xff000000) >> 24) {
-            case 0:
-            case 127:
-            case 255:
-
-                dbg(1, "Skipping martian.  Packet #%llu", packetnum);
-
-
-                /* then skip the packet */
-                continue;
-
-            default:
-                /* continue processing */
-                break;
-            }
-        }
-
-
-        /* Dual nic processing */
-        if (options.intf2 != NULL) {
-
-            if (cachedata != NULL) {
-                l = (LIBNET *) cache_mode(cachedata, packetnum, eth_hdr);
-            }
-            else if (options.cidr) {
-                l = (LIBNET *) cidr_mode(eth_hdr, ip_hdr);
-            }
-            else {
-                errx(1, "do_packets(): Strange, we should of never of gotten here");
-            }
-        }
-        else {
-            /* normal single nic operation */
-            l = options.intf1;
-            /* check for destination MAC rewriting */
-            if (memcmp(options.intf1_mac, NULL_MAC, ETHER_ADDR_LEN) != 0) {
-                memcpy(eth_hdr->ether_dhost, options.intf1_mac, ETHER_ADDR_LEN);
-            }
-            if (memcmp(options.intf1_smac, NULL_MAC, ETHER_ADDR_LEN) != 0) {
-                memcpy(eth_hdr->ether_shost, options.intf1_smac, ETHER_ADDR_LEN);
-            }
-        }
-
-        /* sometimes we should not send the packet */
-        if (l == CACHE_NOSEND)
-            continue;
-
-        /* rewrite IP addresses */
-        if (options.rewriteip) {
-            /* IP packets */
-            if (ip_hdr != NULL) {
-                needtorecalc += rewrite_ipl3(ip_hdr, l);
-            }
-
-            /* ARP packets */
-            else if (ntohs(eth_hdr->ether_type) == ETHERTYPE_ARP) {
-                arp_hdr = (arp_hdr_t *)(&pktdata[l2len]);
-                /* unlike, rewrite_ipl3, we don't care if the packet changed
-                 * because we never need to recalc the checksums for an ARP
-                 * packet.  So ignore the return value
-                 */
-                rewrite_iparp(arp_hdr, l);
-            }
-        }
-
-        /* rewrite ports */
-        if (options.rewriteports && (ip_hdr != NULL)) {
-            needtorecalc += rewrite_ports(portmap_data, &ip_hdr);
-        }
-
-        /* Untruncate packet? Only for IP packets */
-        if ((options.trunc) && (ip_hdr != NULL)) {
-            needtorecalc += untrunc_packet(&pkthdr, pktdata, ip_hdr, l, l2len);
-        }
-
-
-        /* do we need to spoof the src/dst IP address? */
-        if ((options.seed) && (ip_hdr != NULL)) {
-            needtorecalc += randomize_ips(&pkthdr, pktdata, ip_hdr, l, l2len);
-        }
-
-        /* do we need to force fixing checksums? */
-        if ((options.fixchecksums || needtorecalc) && (ip_hdr != NULL)) {
-            fix_checksums(&pkthdr, ip_hdr, l);
-        }
-
-
-#ifdef STRICT_ALIGN
-        /* 
-         * put back the layer 3 and above back in the pkt.data buffer 
-         * we can't edit the packet at layer 3 or above beyond this point
-         */
-        memcpy(&pktdata[l2len], ip_hdr, pkthdr.caplen - l2len);
-#endif
-
-        /* do we need to print the packet via tcpdump? */
-        if (options.verbose)
-            tcpdump_print(&tcpdump, &pkthdr, pktdata);
-
-        if ((!options.topspeed) && (!options.one_at_a_time)) {
-            /* we have to cast the ts, since OpenBSD sucks
-             * had to be special and use bpf_timeval 
-             */
-            do_sleep((struct timeval *)&pkthdr.ts, &last, pkthdr.caplen);
-        }
-        else if (options.one_at_a_time) {
-            printf("**** Press <ENTER> to send the next packet out %s\n",
-                    l == options.intf1 ? intf : intf2);
-            poller[0].fd = STDIN_FILENO;
-            poller[0].events = POLLIN;
-            poller[0].revents = 0;
-
-            /* wait for the input */
-            if (poll(poller, 1, -1) < 0)
-                errx(1, "do_packets(): Error reading from stdin: %s", strerror(errno));
-
-            /* read to the end of the line */
-            do {
-                newchar = getc(stdin);
-            } while (newchar != '\n');
-
-        }
-
-        /* in one output mode always use primary nic/file */
-        if (options.one_output)
-            l = options.intf1;
-
-        /* Physically send the packet or write to file */
-        if (options.savepcap != NULL || options.datadump_mode) {
-
-            /* figure out the correct offsets/data len */
-            if (options.datadump_mode) {
-                memset(datadumpbuff, '\0', MAXPACKET);
-                datalen =
-                    extract_data(pktdata, pkthdr.caplen, l2len, &datadumpbuff);
-            }
-
-            /* interface 1 */
-            if (l == options.intf1) {
-                if (options.datadump_mode) {    /* data only? */
-                    if (datalen) {
-                        if (write(options.datadumpfile, datadumpbuff, datalen)
-                            == -1)
-                            warnx("error writing data to primary dump file: %s",
-                                  strerror(errno));
-                    }
-                }
-                else {          /* full packet */
-                    pcap_dump((u_char *) options.savedumper, &pkthdr, pktdata);
-                }
-
-            }
-
-            /* interface 2 */
-            else {
-                if (options.datadump_mode) {    /* data only? */
-                    if (datalen) {
-                        if (write(options.datadumpfile2, datadumpbuff, datalen)
-                            == -1)
-                            warnx
-                                ("error writing data to secondary dump file: %s",
-                                 strerror(errno));
-                    }
-                }
-                else {          /* full packet */
-                    pcap_dump((u_char *) options.savedumper2, &pkthdr, pktdata);
-                }
-            }
-        }
-        else {
-            /* write packet out on network */
-            do {
-                ret = libnet_adv_write_link(l, pktdata, pkthdr.caplen);
-                if (ret == -1) {
-                    /* Make note of failed writes due to full buffers */
-                    if (errno == ENOBUFS) {
-                        failed++;
-                    }
-                    else {
-                        errx(1, "libnet_adv_write_link(): %s", strerror(errno));
-                    }
-                }
-                /* keep trying if fail, unless user Ctrl-C's */
-            } while (ret == -1 && !didsig);
-        }
-
-        bytes_sent += pkthdr.caplen;
-        pkts_sent++;
-
-        /* again, OpenBSD is special, so use memcpy() rather then a
-         * straight assignment 
-         */
-        memcpy(&last, &pkthdr.ts, sizeof(struct timeval));
-
-    }                           /* while() */
-
-    /* free buffers */
-    free(pktdata);
-#ifdef FORCE_ALIGN
-    free(ipbuff);
-#endif
-
-    /* 
-     * if we exited our while() loop, we need to exit 
-     * gracefully
-     */
-    if (options.limit_send == pkts_sent) {
-        packet_stats();
-        exit(1);
-    }
-
-}
-
-
-/*
- * determines based upon the cachedata which interface the given packet 
- * should go out.  Also rewrites any layer 2 data we might need to adjust.
- * Returns a void cased pointer to the options.intfX of the corresponding 
- * interface.
- */
-
-void *
-cache_mode(char *cachedata, u_int64_t packet_num, eth_hdr_t * eth_hdr)
-{
-    void *l = NULL;
-    int result;
-
-    if (packet_num > cache_packets)
-        errx(1, "Exceeded number of packets in cache file.");
-
-    result = check_cache(cachedata, packet_num);
-    if (result == CACHE_NOSEND) {
-        dbg(2, "Cache: Not sending packet %d.", packet_num);
-        return NULL;
-    }
-    else if (result == CACHE_PRIMARY) {
-        dbg(2, "Cache: Sending packet %d out primary interface.", packet_num);
-        l = options.intf1;
-
-        /* check for dest/src MAC rewriting */
-        if (memcmp(options.intf1_mac, NULL_MAC, ETHER_ADDR_LEN) != 0) {
-            memcpy(eth_hdr->ether_dhost, options.intf1_mac, ETHER_ADDR_LEN);
-        }
-        if (memcmp(options.intf1_smac, NULL_MAC, ETHER_ADDR_LEN) != 0) {
-            memcpy(eth_hdr->ether_shost, options.intf1_smac, ETHER_ADDR_LEN);
-        }
-    }
-    else if (result == CACHE_SECONDARY) {
-        dbg(2, "Cache: Sending packet %d out secondary interface.", packet_num);
-        l = options.intf2;
-
-        /* check for dest/src MAC rewriting */
-        if (memcmp(options.intf2_mac, NULL_MAC, ETHER_ADDR_LEN) != 0) {
-            memcpy(eth_hdr->ether_dhost, options.intf2_mac, ETHER_ADDR_LEN);
-        }
-        if (memcmp(options.intf2_smac, NULL_MAC, ETHER_ADDR_LEN) != 0) {
-            memcpy(eth_hdr->ether_shost, options.intf2_smac, ETHER_ADDR_LEN);
-        }                    
-
-    }
-    else {
-        errx(1, "check_cache() returned an error.  Aborting...");
-    }
-
-    return l;
-}
-
-
-/*
- * determines based upon the cidrdata which interface the given packet 
- * should go out.  Also rewrites any layer 2 data we might need to adjust.
- * Returns a void cased pointer to the options.intfX of the corresponding
- * interface.
- */
-
-void *
-cidr_mode(eth_hdr_t * eth_hdr, ip_hdr_t * ip_hdr)
-{
-    void *l = NULL;
-
-    if (ip_hdr == NULL) {
-        /* non IP packets go out intf1 */
-        l = options.intf1;
-
-        /* check for dest/src MAC rewriting */
-        if (memcmp(options.intf1_mac, NULL_MAC, ETHER_ADDR_LEN) != 0) {
-            memcpy(eth_hdr->ether_dhost, options.intf1_mac, ETHER_ADDR_LEN);
-        }
-        if (memcmp(options.intf1_smac, NULL_MAC, ETHER_ADDR_LEN) != 0) {
-            memcpy(eth_hdr->ether_shost, options.intf1_smac, ETHER_ADDR_LEN);
-        }
-    }
-    else if (check_ip_CIDR(cidrdata, ip_hdr->ip_src.s_addr)) {
-        /* set interface to send out packet */
-        l = options.intf1;
-
-
-        /* check for dest/src MAC rewriting */
-        if (memcmp(options.intf1_mac, NULL_MAC, ETHER_ADDR_LEN) != 0) {
-            memcpy(eth_hdr->ether_dhost, options.intf1_mac, ETHER_ADDR_LEN);
-        }
-        if (memcmp(options.intf1_smac, NULL_MAC, ETHER_ADDR_LEN) != 0) {
-            memcpy(eth_hdr->ether_shost, options.intf1_smac, ETHER_ADDR_LEN);
-        }
-    }
-    else {
-        /* override interface to send out packet */
-        l = options.intf2;
-
-        /* check for dest/src MAC rewriting */
-        if (memcmp(options.intf2_mac, NULL_MAC, ETHER_ADDR_LEN) != 0) {
-            memcpy(eth_hdr->ether_dhost, options.intf2_mac, ETHER_ADDR_LEN);
-        }
-        if (memcmp(options.intf2_smac, NULL_MAC, ETHER_ADDR_LEN) != 0) {
-            memcpy(eth_hdr->ether_shost, options.intf2_smac, ETHER_ADDR_LEN);
-        }        
-    }
-
-    return l;
-}
-
-
-/*
- * Given the timestamp on the current packet and the last packet sent,
- * calculate the appropriate amount of time to sleep and do so.
- */
-void
-do_sleep(struct timeval *time, struct timeval *last, int len)
-{
-    static struct timeval didsleep = { 0, 0 };
-    static struct timeval start = { 0, 0 };
-    struct timeval nap, now, delta;
-    struct timespec ignore, sleep;
-    float n;
-
-    if (gettimeofday(&now, NULL) < 0) {
-        err(1, "gettimeofday");
-    }
-
-    /* First time through for this file */
-    if (!timerisset(last)) {
-        start = now;
-        timerclear(&delta);
-        timerclear(&didsleep);
-    }
-    else {
-        timersub(&now, &start, &delta);
-    }
-
-    if (options.mult) {
-        /* 
-         * Replay packets a factor of the time they were originally sent.
-         */
-        if (timerisset(last) && timercmp(time, last, >)) {
-            timersub(time, last, &nap);
-        }
-        else {
-            /* 
-             * Don't sleep if this is our first packet, or if the
-             * this packet appears to have been sent before the 
-             * last packet.
-             */
-            timerclear(&nap);
-        }
-        timerdiv(&nap, options.mult);
-
-    }
-    else if (options.rate) {
-        /* 
-         * Ignore the time supplied by the capture file and send data at
-         * a constant 'rate' (bytes per second).
-         */
-        if (timerisset(last)) {
-            n = (float)len / (float)options.rate;
-            nap.tv_sec = n;
-            nap.tv_usec = (n - nap.tv_sec) * 1000000;
-        }
-        else {
-            timerclear(&nap);
-        }
-    }
-    else if (options.packetrate) {
-        float pr;
-        pr = 1 / options.packetrate;
-        nap.tv_sec = pr;
-        pr -= nap.tv_sec;
-        nap.tv_usec = pr * 1000000;
-    }
-
-    timeradd(&didsleep, &nap, &didsleep);
-
-    if (timercmp(&didsleep, &delta, >)) {
-        timersub(&didsleep, &delta, &nap);
-
-        sleep.tv_sec = nap.tv_sec;
-        sleep.tv_nsec = nap.tv_usec * 1000; /* convert ms to ns */
-
-        if (nanosleep(&sleep, &ignore) == -1) {
-            warnx("nanosleep error: %s", strerror(errno));
-        }
-
-    }
-}

do_packets.h

@@ -1,42 +0,0 @@
-/* $Id: do_packets.h 767 2004-10-06 12:48:49Z aturner $ */
-
-/*
- * Copyright (c) 2001-2004 Aaron Turner, Matt Bing.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the names of the copyright owners nor the names of its
- *    contributors may be used to endorse or promote products derived from
- *    this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
- * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
- * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef _DO_PACKETS_H_
-#define _DO_PACKETS_H_
-
-void catcher(int);
-void do_packets(pcapnav_t *, pcap_t *, u_int32_t, int, char *, int);
-void do_sleep(struct timeval *, struct timeval *, int);
-void *cache_mode(char *, u_int64_t, eth_hdr_t *);
-void *cidr_mode(eth_hdr_t *, ip_hdr_t *);
-
-#endif

docs/CHANGELOG

@@ -0,0 +1,92 @@
+$Id: CHANGELOG 1373 2005-06-28 17:13:30Z aturner $
+
+06/28/2005: Version 3.0.beta6
+    - Fix rpm .spec file which was still based on tcpreplay 2.x (untested)
+    - Detect and manually include pcap-bpf.h which fixes compile problem
+    - Fix tcprewrite -S crash with only one MAC
+    - Fix tcpreplay using 2nd NIC split mode
+    - Fix tcpreplay packet counter initialization
+    - Fix tcpprep to properly handle missing -i and -c with -I and -P
+
+06/14/2005: Version 3.0.beta5
+    - Fix --decode flag
+    - Fix compile under AMD64/RHEL4 where libraries are in /usr/lib64
+    - tarball now ships with a full test subdir
+    - Fix compile of src/common/get.c under strictly aligned architectures
+    - Fix ./configure --enable-64bits flag
+    - Fix bug on little endian systems which prevented tcprewrite from
+      editing packets
+    - Fix tcprewrite linktype checks
+    - Add --pktlen for when the pcap snaplen lies to us
+    - Add --enable-dynamic-link for those who want to dynamically link their
+      libs
+
+06/05/2005: Version 3.0.beta4
+    - Really fix compile problems with dlt2desc with old versions of libpcap
+    - All libraries are now statically linked and full-path #includes.  This
+      should fix problems with people who have different versions of
+      libraries installed in different locations.
+    - Fix problems compiling on systems with libpcapnav
+    - Add support for libpcap 0.5 such as on OpenBSD
+    - Fix tcpprep --verbose
+    - Close STDIN prior to re-opening it for certain OS's
+
+05/04/2005: Version 3.0.beta3
+    - Fix autoconf problems with --with-libnet
+    - Fix compile problems with dlt2desc with old versions of libpcap
+    - Fix compile problem due to not shipping flowreplay_opts.h and
+      tcpbridge_opts.h
+
+04/19/2005: Version 3.0.beta2
+    - Significant improvements to FAQ and manual
+    - Use autoopts for flowreplay
+    - Be more cautious about memcpy's
+    - Fix numerous warnings during compile
+    - Allow overriding L2 protocol field for DLT_RAW
+    - tcpprep -I & -P now take the cache filename
+    - Lots of cleanup
+    - Added tcpbridge utility
+    - Fix tcpreplay --mbps which was being interpreted as bps
+    - Add --no-arg-comment feature for tcpprep
+    - Improve auto-tests and fix old broken ones
+    - Fix Makefile errors in the docs directory
+    - Upgrade libopts tear off to v5.7pre12 which fixes problems with
+      loading config files
+    - Add support for forcing the use of the local libopts tearoff code
+
+02/27/2005: Version 3.0.beta1
+    - Major code cleanups and rewriting
+      - Rip out all edit functions from tcpreplay and put into tcprewrite
+      - Improve tcpreplay performance by about 5% for raw sending
+      - Move around utility functions for greater code-reuse
+      - Move MAC Address funcs into mac.c
+      - Move global defines into defines.h
+      - Standardize use of structs and typedefs
+      - Start passing const's when we don't need to modify
+    - Start using GNU AutoOpts for arg/config file processing
+    - Start using automake and autoheader
+    - Major rewrite of configure.in
+    - Add support for printing which interface packets go out
+    - 64bit counters are optional via --enable-64bits
+    - Can now rewrite L2 data per outbound interface
+    - Add support for additional DLT types
+
+    - Non-Code changes
+      - I now own the full copyright for tcpreplay
+      - Removed the evil 4th clause from the BSD license
+      - Start updating the FAQ and split some content to make a manual
+      - Automatically generate man pages based via autogen
+
+    - New Applications:
+      - tcprewrite
+
+    - Removed Applications: (Ethereal has better utilities)
+      - capinfo 
+      - pcapmerge 
+
+    - Merge fixes from 2.x/stable branch:
+      - portmap.c endian bugs
+      - edit_packet.c handle corrupted pcap's where caplen < len
+      - configure now properly uses --with-libnet and --with-libpcap
+
+*** Fork 3.x Branch from v2.3.1 ***

docs/CREDIT

@@ -0,0 +1,39 @@
+$Id: CREDIT 1164 2005-02-27 00:44:16Z aturner $ 
+
+tcpreplay and it's associated utilities (tcpprep, tcprewrite and flowreplay)
+were designed and written by Aaron Turner <aturner@pobox.com>.
+
+The following is a list of people in no particular order who have kindly
+submitted patches or code snippets for me to use in tcpreplay.
+
+Matt Bing <matt@mutedwarf.com>
+    - Matt helped write a lot of the 1.x code
+
+Branden Moore <bmoore-at-cse.nd.edu>
+   - Patch to pad truncated packets
+   - Patch to allow specifying a destination MAC w/ only a single NIC
+
+Scott Mace <smace@intt.org>
+   - Patch for tcpreplay to support CIDR mode
+   - Patch for ignoring martian IP packets 
+
+Jeffrey Guttenfelder <guttenfelder@sourceforge.net>
+   - Code for pausing/restarting tcpreplay via signals.
+
+John Carlson
+   - Patch for improved timerdiv() accuracy
+
+Frey Kuo <kero@3sheep.com>
+   - Patch to replace pause option with packets/sec
+
+Seth Robertson (seth at sysd dot com)
+   - Patch to allow replaying of live traffic
+
+Nick Mathewson <nickm@freehaven.net>
+    - Kindly giving me his BSD licensed implimentation of poll()
+      using select() so I don't have to worry about cross platform
+      issues.
+          
+Denis McLaughlin <denism@cyberus.ca>
+    - Patch to allow TCP/UDP port translation
+

docs/FAQ.lyx

@@ -0,0 +1,952 @@
+#LyX 1.3 created this file. For more info see http://www.lyx.org/
+\lyxformat 221
+\textclass article
+\language english
+\inputencoding latin1
+\fontscheme times
+\graphics default
+\paperfontsize default
+\spacing single 
+\papersize letterpaper
+\paperpackage a4
+\use_geometry 1
+\use_amsmath 0
+\use_natbib 0
+\use_numerical_citations 0
+\paperorientation portrait
+\leftmargin 10mm
+\topmargin 10mm
+\rightmargin 10mm
+\bottommargin 15mm
+\secnumdepth 4
+\tocdepth 3
+\paragraph_separation skip
+\defskip medskip
+\quotes_language english
+\quotes_times 2
+\papercolumns 1
+\papersides 1
+\paperpagestyle default
+
+\layout Title
+
+Tcpreplay 3.x FAQ
+\layout Author
+
+Aaron Turner
+\newline 
+http://tcpreplay.sourceforge.net/
+\layout Standard
+\pagebreak_top \pagebreak_bottom 
+
+\begin_inset LatexCommand \tableofcontents{}
+
+\end_inset 
+
+
+\layout Section
+
+General Info
+\layout Subsection
+
+What is this FAQ for?
+\layout Standard
+
+Tcpreplay is a suite of powerful tools, but with that power comes complexity.
+ While I have done my best to write good man pages for tcpreplay and it's
+ associated utilities, I understand that many people may want more information
+ then I can provide in the man pages.
+ Additionally, this FAQ attempts to cover material which I feel will be
+ of use to people using tcpreplay, as well as common questions that occur
+ on the Tcpreplay-Users <tcpreplay-users@lists.sourceforge.net> mailing list.
+\layout Subsection
+
+What tools come with tcpreplay?
+\layout Itemize
+
+tcpreplay - replay ethernet packets stored in a pcap file as they were captured
+ 
+\layout Itemize
+
+tcprewrite - edit packets stored in a pcap file
+\layout Itemize
+
+tcpprep - a pcap pre-processor for tcpreplay
+\layout Itemize
+
+flowreplay
+\begin_inset Foot
+collapsed true
+
+\layout Standard
+
+Flowreplay is still 
+\begin_inset Quotes eld
+\end_inset 
+
+alpha
+\begin_inset Quotes erd
+\end_inset 
+
+ quality and is not usable for most situations.
+ Anyone interested in helping me develop flowreplay is encouraged to contact
+ me.
+\end_inset 
+
+ - connects to a server(s) and replays the client side of the connection
+ stored in a pcap file
+\layout Subsection
+
+What tools no longer come with Tcpreplay?
+\layout Standard
+
+Recently, other people and projects have developed better versions of two
+ applications that ship with tcpreplay 2.x:
+\layout Itemize
+
+pcapmerge - merges two or more pcap files into one.
+ Ethereal now ships with a more powerful appliation called 'mergecap'.
+\layout Itemize
+
+capinfo - displays basic information about a pcap file.
+ Ethereal now ships with a more powerful application of the same name.
+\layout Subsection
+
+How can I get tcpreplay's source?
+\layout Standard
+
+The source code is available in tarball format on the tcpreplay homepage:
+ 
+\begin_inset LatexCommand \htmlurl{http://tcpreplay.sourceforge.net/}
+
+\end_inset 
+
+ I also encourage users familiar with Subversion to try checking out the
+ latest code as it often has additional features and bugfixes not found
+ in the tarballs.
+\layout Standard
+
+svn checkout https://www.synfin.net:444/svn/tcpreplay/trunk tcpreplay
+\layout Subsection
+
+What requirements does tcpreplay have?
+\layout Enumerate
+
+You'll need recent versions of the libnet
+\begin_inset Foot
+collapsed true
+
+\layout Standard
+
+http://www.packetfactory.net/libnet/
+\end_inset 
+
+ and libpcap
+\begin_inset Foot
+collapsed true
+
+\layout Standard
+
+http://www.tcpdump.org/
+\end_inset 
+
+ libraries.
+\layout Enumerate
+
+To support the packet decoding feature you'll need tcpdump
+\begin_inset Foot
+collapsed true
+
+\layout Standard
+
+http://www.tcpdump.org/
+\end_inset 
+
+ installed.
+\layout Enumerate
+
+You'll also need a compatible operating system.
+ Basically, any UNIX-like or UNIX-based operating system should work.
+ Linux, *BSD, Solaris, OS X and others should all work.
+ If you find any compatibility issues with any UNIX-like/based OS, please
+ let me know.
+\layout Subsection
+
+Are there binaries available?
+\layout Standard
+
+The tcpreplay project does not maintain binaries for any platforms.
+ However some operating systems such as Debian GNU/Linux (apt-get) and OS
+ X (fink) have packages available.
+ Try searching on Google.
+\layout Subsection
+
+Is there a Microsoft Windows port?
+\layout Standard
+
+Not really.
+ We had one user port the code over for an old version of tcpreplay to Windows.
+ Now we're looking for someone to help merge and maintain the code in to
+ the main development tree.
+ If you're interested in helping with this please contact Aaron Turner or
+ the tcpreplay-users list.
+ Other then that, you can download the tcpreplay-win32.zip file from the
+ website and give it a go.
+ Please understand that the Win32 port of tcpreplay comes with no support
+ whatsoever, so if you run into a problem you're on your own.
+\layout Subsection
+
+How is tcpreplay licensed?
+\layout Standard
+
+Tcpreplay is licensed under a three clause BSD-style license.
+ For details see the docs/LICENSE file included with the source code.
+\layout Subsection
+
+What is tcpreplay?
+\layout Standard
+
+In the simplest terms, tcpreplay is a tool to send network traffic stored
+ in pcap format back onto the network; basically the exact opposite of tcpdump.
+ Just to make things more confusing, tcpreplay is also a suite of tools:
+ tcpreplay, tcpprep, tcprewrite and flowreplay.
+\layout Comment
+
+What isn't tcpreplay?
+\layout Comment
+
+Tcpreplay is 
+\emph on 
+not
+\emph default 
+ a tool to replay captured traffic to a server or client.
+ Specifically, tcpreplay does not have the ability to rewrite IP addresses
+ to a user-specified value or synchronize TCP sequence and acknowledgment
+ numbers.
+ In other words, tcpreplay can't 
+\begin_inset Quotes eld
+\end_inset 
+
+connect
+\begin_inset Quotes erd
+\end_inset 
+
+ to a server or be used to emulate a server and have clients connect to
+ it.
+ If you're looking for that, check out flowreplay.
+\layout Subsection
+
+What are some uses for tcpreplay?
+\layout Standard
+
+Originally, tcpreplay was written to test network intrusion detection systems
+ (NIDS), however tcpreplay has been used to test firewalls, routers, and
+ other network devices.
+ With the addition of flowreplay, most
+\begin_inset Foot
+collapsed true
+
+\layout Standard
+
+Note the flowreplay does not support protocols such as ftp which use multiple
+ connections.
+\end_inset 
+
+ any udp or tcp service on a server can be tested as well.
+\layout Subsection
+
+What are some uses for flowreplay?
+\layout Standard
+
+A lot of people wanted a tool like tcpreplay, but wanted to be able to replay
+ traffic 
+\emph on 
+to
+\emph default 
+ a server.
+ Since tcpreplay was unable to do this, I developed flowreplay which replays
+ the data portion of the flow, but recreates the connection to the specified
+ server(s).
+ This makes flowreplay an ideal tool to test host intrusion detection systems
+ (HIDS) as well as captured exploits and security patches when the actual
+ exploit code is not available.
+ Please note that flowreplay is still alpha quality code which means it
+ doesn't work very well (some would argue it doesn't work at all) and is
+ currently missing some important features.
+\layout Subsection
+
+What is the history of tcpreplay?
+\layout Standard
+
+Tcpreplay has had quite a few authors over the past five or so years.
+ One of the advantages of the BSD and GPL licenses is that if someone becomes
+ unable or unwilling to continue development, anyone else can take over.
+\layout Standard
+
+Originally, Matt Undy of Anzen Computing wrote tcpreplay.
+ Matt released version 1.0.1 sometime in 1999.
+ Sometime after that, Anzen Computing was (at least partially) purchased
+ by NFR and development ceased.
+\layout Standard
+
+Then in 2001, two people independently started work on tcpreplay: Matt Bing
+ of NFR and Aaron Turner.
+ After developing a series of patches (the -adt branch), Aaron attempted
+ to send the patches in to be included in the main development tree.
+\layout Standard
+
+After some discussion between Aaron and Matt Bing, they decided to continue
+ development together.
+ Since then, two major rewrites have occured, and more then thirty new features
+ have been added, including the addition of a number of accessory tools.
+\layout Standard
+
+Today, Aaron continues active development of the code.
+\layout Section
+
+Bugs, Feature Requests, and Patches
+\layout Subsection
+
+Where can I get help, report bugs or contact the developers?
+\layout Standard
+
+The best place to get help or report a bug is the Tcpreplay-Users mailing
+ list: 
+\newline 
+
+\begin_inset LatexCommand \htmlurl{http://lists.sourceforge.net/lists/listinfo/tcpreplay-users}
+
+\end_inset 
+
+
+\layout Subsection
+
+What information should I provide when I report a bug?
+\layout Standard
+
+One of the most frustrating things for any developer trying to help a user
+ with a problem is not enough information.
+ Please be sure to include 
+\emph on 
+at minimum
+\emph default 
+ the following information, however any additional information you feel
+ may be helpful will be appreciated.
+\layout Itemize
+
+Version information (output of -V)
+\layout Itemize
+
+Command line used (options and arguments)
+\layout Itemize
+
+Platform (Red Hat Linux 9 on Intel, Solaris 7 on SPARC, etc)
+\layout Itemize
+
+Error message (if available) and/or description of problem
+\layout Itemize
+
+If possible, attach the pcap file used (compressed with bzip2 or gzip preferred)
+\layout Itemize
+
+The core dump or backtrace if available
+\layout Subsection
+
+I have a feature request, what should I do?
+\layout Standard
+
+Let us know! Many of the features exist today because users like you asked
+ for them.
+ To make a feature request, you can either email the tcpreplay-users mailing
+ list (see above) or fill out the feature request form on the tcpreplay
+ SourceForge website.
+\layout Subsection
+
+I've written a patch for tcpreplay, how can I submit it?
+\layout Standard
+
+I'm always willing to include new features or bug fixes submitted by users.
+ You may email me directly or the tcpreplay-users mailing list.
+ Please 
+\emph on 
+do not
+\emph default 
+ use the Patch Tracker on the tcpreplay SourceForge web site.
+ But before you start working on adding a feature or fixing a bug in tcpreplay,
+ please make sure you checkout the latest source code from the Subversion
+ repository.
+ Patches against released versions are almost surely not going to apply
+ cleanly if at all.
+\layout Subsection
+
+Patch requirements
+\layout Itemize
+
+Be aware that submitting a patch, 
+\emph on 
+you are assigning your copyright to me.
+
+\emph default 
+ If this is not acceptable to you, then 
+\emph on 
+do not
+\emph default 
+ send me the patch! I have people assign their copyright to me to help prevent
+ licensing issues that may crop up in the future.
+\layout Itemize
+
+Please provide a description of what your patch does!
+\layout Itemize
+
+Comment your code! I won't use code I can't understand.
+\layout Itemize
+
+Make sure you are patching a branch that is still being maintained.
+ Generally that means that most recent stable and development branches (2.0
+ and 3.0 at the time of this writing).
+\layout Itemize
+
+Make sure you are patching against the most recent release for that branch.
+\layout Itemize
+
+Please submit your patch in the unified diff format so I can better understand
+ what you're changing.
+\layout Itemize
+
+Please provide any relevant personal information you'd like listed in the
+ CREDITS file.
+\layout Standard
+
+Please note that while I'm always interested in patches, I may rewrite some
+ or all of your submission to maintain a consistent coding style.
+\layout Section
+
+Understanding tcpprep
+\layout Subsection
+
+What is tcpprep?
+\layout Standard
+
+Tcpreplay can send traffic out two network cards, however it requires the
+ calculations be done in real-time.
+ These calculations can be expensive and can significantly reduce the throughput
+ of tcpreplay.
+\layout Standard
+
+Tcpprep is a libpcap pre-processor for tcpreplay which enables using two
+ network cards to send traffic without the performance hit of doing the
+ calculations in real-time.
+\layout Subsection
+
+How does tcpprep work? 
+\layout Standard
+
+Tcpprep reads in a libpcap (tcpdump) formatted capture file and does some
+ processing to generate a tcpreplay cache file.
+ This cache file tells tcpreplay which interface a given packet should be
+ sent out of.
+ 
+\layout Subsection
+
+Does tcpprep modify my libpcap file?
+\layout Standard
+
+No.
+ 
+\layout Subsection
+
+Why use tcpprep?
+\layout Standard
+
+There are three major reasons to use tcpprep:
+\layout Enumerate
+
+Tcpprep can split traffic based upon more methods and criteria then tcpreplay.
+\layout Enumerate
+
+By pre-processing the pcap, tcpreplay has a higher theoretical maximum throughpu
+t.
+\layout Enumerate
+
+By pre-processing the pcap, tcpreplay can be more accurate in timing when
+ replaying traffic at normal speed.
+\layout Subsection
+
+Can a cache file be used for multiple (different) libpcap files? 
+\layout Standard
+
+Cache files have nothing linking them to a given libpcap file, so there
+ is nothing to stop you from doing this.
+ However running tcpreplay with a cache file from a different libpcap source
+ file is likely to cause a lot of problems and is not supported.
+ 
+\layout Subsection
+
+Why would I want to use tcpreplay with two network cards? 
+\layout Standard
+
+Tcpreplay traditionally is good for putting traffic on a given network,
+ often used to test a network intrusion detection system (NIDS).
+ However, there are cases where putting traffic onto a subnet in this manner
+ is not good enough- you have to be able to send traffic *through* a device
+ such as a router, firewall, or bridge.
+\layout Standard
+
+In these cases, being able to use a single source file (libpcap) for both
+ ends of the connection solves this problem.
+\layout Subsection
+
+How big are the cache files?
+\layout Standard
+
+Very small.
+ Actual size depends on the number of packets in the dump file.
+ Two bits of data is stored for each packet.
+ On a test using a 900MB dump file containing over 500,000 packets, the
+ cache file was only 150K.
+ 
+\layout Section
+
+Common Error and Warning Messages
+\layout Subsection
+
+Can't open eth0: libnet_select_device(): Can't find interface eth0
+\layout Standard
+
+Generally this occurs when the interface (eth0 in this example) is not up
+ or doesn't have an IP address assigned to it.
+ 
+\layout Subsection
+
+Can't open lo: libnet_select_device(): Can't find interface lo
+\layout Standard
+
+Version 1.1.0 of Libnet is unable to send traffic on the loopback device.
+ Upgrade to a later release of the Libnet library to solve this problem.
+\layout Subsection
+
+Can't open eth0: UID != 0
+\layout Standard
+
+Tcpreplay requires that you run it as root.
+\layout Subsection
+
+100000 write attempts failed from full buffers and were repeated
+\layout Standard
+
+When tcpreplay displays a message like "100000 write attempts failed from
+ full buffers and were repeated", this usually means the kernel buffers
+ were full and it had to wait until memory was available.
+ This is quite common when replaying files as fast as possible with the
+ "-R" option.
+ See the tuning OS section in this document for suggestions on solving this
+ problem.
+\layout Subsection
+
+Invalid mac address: 00:00:00:00:00:00
+\layout Standard
+
+Currently tcpreplay reserves the MAC address of 00:00:00:00:00:00 as reserved
+ for internal use.
+ Hence you can't rewrite the MAC address of packets to be all zeros.
+ While we intend to fix this someday it's not currently high on our priority
+ list, so let us know if we should re-prioritize things.
+\layout Subsection
+
+Unable to process test.cache: cache file version missmatch
+\layout Standard
+
+Cache files generated by tcpprep and read by tcpreplay are versioned to
+ allow enhancements to the cache file format.
+ Anytime the cache file format changes, the version is incremented.
+ Since this occurs on a very rare basis, this is generally not an issue;
+ however anytime there is a change, it breaks compatibility with previously
+ created cache files.
+ The solution for this problem is to use the same version of tcpreplay and
+ tcpprep to read/write the cache files.
+ Cache file versions match the following versions of tcpprep/tcpreplay:
+\layout Itemize
+
+Version 1:
+\newline 
+Prior to 1.3.beta1
+\layout Itemize
+
+Version 2:
+\newline 
+1.3.beta2 to 1.3.1/1.4.beta1
+\layout Itemize
+
+Version 3:
+\newline 
+1.3.2/1.4.beta2 to 2.0.3
+\layout Itemize
+
+Version 4:
+\newline 
+2.1.0 and above.
+ Note that prior to version 2.3.0, tcpprep had a bug which broke cache file
+ compatibility between big and little endian systems.
+\layout Subsection
+
+Skipping SLL loopback packet.
+\layout Standard
+
+Your capture file was created on Linux with the 'any' parameter which then
+ captured a packet on the loopback interface.
+ However, tcpreplay doesn't have enough information to actual send the packet,
+ so it skips it.
+ Specifying a destination and source MAC address (-D and -S) will allow
+ tcpreplay to send these packets.
+\layout Subsection
+
+Packet length (8892) is greater then MTU; skipping packet.
+\layout Standard
+
+The packet length (in this case 8892 bytes) is greater then the maximum
+ transmition unit (MTU) on the outgoing interface.
+ Tcpreplay must skip the packet.
+ Alternatively, you can specify the -T option and tcpreplay will truncate
+ the packet to the MTU size, fix the checksums and send it.
+\layout Section
+
+Common Questions from Users
+\layout Subsection
+
+Why is tcpreplay not sending all the packets?
+\layout Standard
+
+Every now and then, someone emails the tcpreplay-users list, asking if there
+ is a bug in tcpreplay which causes it not to send all the packets.
+ This usually happens when the user uses the -t flag or is replaying a high-spee
+d pcap file (> 50Mbps, although this number is dependant on the hardware
+ in use).
+\layout Standard
+
+The short version of the answer is: no, we are not aware of any bugs which
+ might cause a few packets to not be sent.
+\layout Standard
+
+The longer version goes something like this:
+\layout Standard
+
+If you are running tcpreplay multiple times and are using tcpdump or other
+ packet sniffer to count the number packets sent and are getting different
+ numbers, it's not tcpreplay's fault.
+ The problem lies in one of two places:
+\layout Enumerate
+
+It is well known that tcpdump and other sniffers have a problem keeping
+ up with high-speed traffic.
+ Furthermore, the OS in many cases 
+\emph on 
+lies
+\emph default 
+ about how many packets were dropped.
+ Tcpdump will repeat this lie to you.
+ In other words, tcpdump isn't seeing all the packets.
+ Usually this is a problem with the network card, driver or OS kernel which
+ may or may not be fixable.
+ Try another network card/driver.
+\layout Enumerate
+
+When tcpreplay sends a packet, it actually gets copied to a send buffer
+ in the kernel.
+ If this buffer is full, the kernel is supposed to tell tcpreplay that it
+ didn't copy the packet to this buffer.
+ If the kernel has a bug which squelches this error, tcpreplay will not
+ keep trying to send the packet and will move on to the next one.
+ Currently I am not aware of any OS kernels with this bug, but it is possible
+ that it exists.
+ If you find out that your OS has this problem, please let me know so I
+ can list it here.
+\layout Standard
+
+If for some reason, you still think its a bug in tcpreplay, by all means
+ read the code and tell me how stupid I am.
+ The do_packets() function in do_packets.c is where tcpreplay processes the
+ pcap file and sends all of the packets.
+\layout Subsection
+
+Can tcpreplay read gzip/bzip2 compressed files?
+\layout Standard
+
+Yes, but not directly.
+ Since tcpreplay can read data via STDIN, you can decompress the file on
+ the fly like this:
+\layout Standard
+
+
+\emph on 
+gzcat myfile.pcap.gz | tcpreplay -i eth0 -
+\layout Standard
+
+Note that decompressing on the fly will require additional CPU time and
+ will likely reduce the overall performance of tcpreplay.
+\layout Subsection
+
+How fast can tcpreplay send packets?
+\layout Standard
+
+First, if performance is important to you, then upgrading to tcpreplay 3.x
+ is worthwhile since it is more optimized then the 2.x series.
+ After that, there are a number of variables which effect performance, including
+ on how you measure it (packets/sec or bytes/sec).
+ 100Mbps and 120K pps are quite doable.
+ Generally speaking here are some points to consider:
+\layout Itemize
+
+Profiling tcpreplay has shown that a significant amount of time is spent
+ writing packets to the network.
+ Hence, your OS kernel implimentation of writing to raw sockets is one of
+ the most important aspects since that is where tcpreplay spends most of
+ it's time.
+\layout Itemize
+
+Like most network based I/O, it is faster to send the same amount of data
+ in a few large packets then many small packets.
+\layout Itemize
+
+Most operating systems will cache disk reads in RAM; hence making subsequent
+ access to the file faster the second time.
+\layout Itemize
+
+Re-opening small files repeatly will reduce performance.
+ Consider using mergecap to generate a single large file.
+\layout Itemize
+
+Network cards and drivers, disk speed (RPM is more important then seek),
+ amount of RAM and system bus speed are all important.
+\layout Section
+
+Required Libraries and Tools
+\layout Subsection
+
+Libpcap
+\layout Standard
+
+As of tcpreplay v1.4, you'll need to have libpcap installed on your system.
+ As of v2.0, you'll need at least version 0.6.0 or better, but I only test
+ our code with the latest version.
+ Libpcap can be obtained on the tcpdump homepage
+\begin_inset Foot
+collapsed true
+
+\layout Standard
+
+
+\begin_inset LatexCommand \htmlurl{http://www.tcpdump.org/}
+
+\end_inset 
+
+
+\end_inset 
+
+.
+ 
+\layout Subsection
+
+Libnet
+\layout Standard
+
+Tcpreplay v1.3 is the last version to support the old libnet API (everything
+ before 1.1.x).
+ As of v1.4 you will need to use Libnet 1.1.0 or better which can be obtained
+ from the Libnet homepage
+\begin_inset Foot
+collapsed true
+
+\layout Standard
+
+
+\begin_inset LatexCommand \htmlurl{http://www.packetfactory.net/Projects/Libnet/}
+
+\end_inset 
+
+
+\end_inset 
+
+.
+ 
+\layout Subsection
+
+Libpcapnav
+\layout Standard
+
+Starting with v2.0, tcpreplay can use libpcapnav to support the jump offset
+ feature.
+ If libpcapnav is not found on the system, that feature will be disabled.
+ Libpcapnav can be found on the NetDude homepage
+\begin_inset Foot
+collapsed true
+
+\layout Standard
+
+
+\begin_inset LatexCommand \htmlurl{http://netdude.sourceforge.net/}
+
+\end_inset 
+
+
+\end_inset 
+
+.
+ 
+\layout Subsection
+
+Tcpdump
+\layout Standard
+
+As of 2.0, tcpreplay uses tcpdump (the binary, not code) to decode packets
+ to STDOUT in a human readable (with practice) format as it sends them.
+ If you would like this feature, tcpdump must be installed on your system.
+\layout Standard
+
+
+\noun on 
+Note:
+\noun default 
+ The location of the tcpdump binary is hardcoded in tcpreplay at compile
+ time.
+ If tcpdump gets renamed or moved, the feature will become disabled.
+\layout Section
+
+Other pcap tools available
+\layout Subsection
+
+Tools to capture network traffic or decode pcap files
+\layout Itemize
+
+tcpdump
+\newline 
+
+\begin_inset LatexCommand \htmlurl{http://www.tcpdump.org/}
+
+\end_inset 
+
+
+\layout Itemize
+
+ethereal
+\newline 
+
+\begin_inset LatexCommand \htmlurl{http://www.ethereal.com/}
+
+\end_inset 
+
+
+\layout Itemize
+
+ettercap
+\newline 
+
+\begin_inset LatexCommand \htmlurl{http://ettercap.sourceforge.net/}
+
+\end_inset 
+
+
+\layout Subsection
+
+Tools to edit pcap files
+\layout Itemize
+
+tcpslice
+\newline 
+Splits pcap files into smaller files
+\newline 
+
+\begin_inset LatexCommand \htmlurl{http://www.tcpdump.org/}
+
+\end_inset 
+
+
+\layout Itemize
+
+mergecap
+\newline 
+Merges two pcap capture files into one
+\newline 
+
+\begin_inset LatexCommand \htmlurl{http://www.ethreal.com/}
+
+\end_inset 
+
+
+\layout Itemize
+
+pcapmerge
+\newline 
+Merges two or more pcap capture files into one
+\newline 
+
+\begin_inset LatexCommand \htmlurl{http://tcpreplay.sourceforge.net/}
+
+\end_inset 
+
+
+\layout Itemize
+
+editcap
+\newline 
+Converts capture file formats (pcap, snoop, etc)
+\newline 
+
+\begin_inset LatexCommand \htmlurl{http://www.ethreal.com/}
+
+\end_inset 
+
+
+\layout Itemize
+
+netdude
+\newline 
+GTK based pcap capture file editor.
+ Allows editing most anything in the packet.
+\newline 
+
+\begin_inset LatexCommand \htmlurl{http://netdude.sourceforge.net/}
+
+\end_inset 
+
+
+\layout Subsection
+
+Other useful tools
+\layout Itemize
+
+capinfo
+\newline 
+Prints statistics and basic information about a pcap file
+\newline 
+
+\begin_inset LatexCommand \htmlurl{http://tcpreplay.sourceforge.net/}
+
+\end_inset 
+
+
+\layout Itemize
+
+text2pcap
+\newline 
+Generates a pcap capture file from a hex dump
+\newline 
+
+\begin_inset LatexCommand \htmlurl{http://www.ethreal.com/}
+
+\end_inset 
+
+
+\layout Itemize
+
+tcpflow
+\newline 
+Extracts and reassembles the data portion on a per-flow basis on live traffic
+ or pcap capture files
+\newline 
+
+\begin_inset LatexCommand \htmlurl{http://www.circlemud.org/~jelson/software/tcpflow/}
+
+\end_inset 
+
+
+\the_end

Docs/HACKING

@@ -1,4 +1,4 @@
-$Id: HACKING 767 2004-10-06 12:48:49Z aturner $
+$Id: HACKING 1348 2005-06-13 06:22:17Z aturner $
 
                           Guide to Hacking Tcpreplay
 
@@ -12,7 +12,9 @@ If you contribute code the following will happen:
     b) Your code will be licensed under the same license as that of tcpreplay
     c) You will be assigning your copyright to me
 
-I do this for a simple reason: keep things simple for me.
+If you have any questions regarding any of the three above stipulations,
+feel free to email me: aturner@pobox.com
+
 
 1. Introduction
 
@@ -25,19 +27,34 @@ etc.
 
 The file layout is pretty simple:
 
-/       - Code, header files, autoconf stuff
-/Docs   - Where to find documentation
-/test   - Test scripts and stuff which is used during 'make test'
-/man    - Unix man pages which get copied to $MANPATH
+/           - Base directory
+/lib        - 3rd party libraries stolen verbatim
+/libopts    - GNU AutoOpts code
+/src        - Main code routines
+/src/common - Common routines for all binaries
+/docs       - Where to find documentation
+/test       - Test scripts and stuff which is used during 'make test'
+/man        - Unix man pages which get copied to $MANPATH
+
+3. Coding Standards
+1) Indent 4 spaces using spaces, not tabs
+2) Opening braces for control blocks (if, while, etc) should be on the same line
+3) Opening braces for functions should be on next line
+4) Use provided warnx, dbg, and errx functions provided in err.h
+5) Use provided safe_strdup, safe_malloc and safe_realloc functions provided
+    in common/utils.h
+6) Use provided strl* functions in lib/strlcat.c and lib/strlcpy.c
+
+[NOTE: Everything below this point is currently inaccurate.]
 
-3. Adding support for additional DLTs (Data Link Types)
+4. Adding support for additional DLTs (Data Link Types)
 
 There are a number of files/functions that need to be touched to add support
 for a new DLT to tcpreplay and tcpprep.  Note that for a patch to be
 accepted, BOTH tcpreplay and tcpprep need to be updated to support the new
 DLT.
 
-3a) dlt.h
+4a) dlt.h
 Two things need to be added here:
     - A structure defining the header
     - A #define for the length of the header
@@ -51,7 +68,7 @@ struct cisco_hdlc_header {
     u_int16_t protocol;
 }
 
-3b) tcpreplay.c
+4b) tcpreplay.c
 You will need to edit validate_l2() to process the DLT type as defined by
 pcap-bpf.h which is included with libpcap.  The key here is that tcpreplay
 needs to be able to generate a valid 802.3 ethernet frame.  Basically
@@ -66,17 +83,17 @@ validate_l2() also calcuates the 'maxpacket' which is the maximum size of a
 packet that we can send out of the interface.  Generally this is the length
 of the Layer 2 header + MTU.  You shouldn't need to change anything here.
 
-3c) edit_packet.c
+4c) edit_packet.c
 Next, you'll have to edit rewrite_l2() to add support for rewriting the
 Layer 2 header from your DLT to a standard 802.3 header.  Note that
 do_packets.c will automatically fill out the source/destination MAC address
 if the appropriate flag is used (-I, -J, -K and -k) so there is no need to
 copy those values over here.
 
-3d) tcpprep.c
+4d) tcpprep.c
 Look at process_raw_packets().  Should be painfully obvious what do do here.
 
-3e) dlt_names.h
+4e) dlt_names.h
 Look in dlt_names.h and make sure your DLT type is listed here.  Note that
 this file is generated by scripts/dlt2name.pl.  If it's not listed here,
 your best bet is to edit scripts/dlt2name.pl and list it in the %known hash
@@ -86,7 +103,7 @@ and then run:
 Note that editing dlt_names.h is NOT going to work, since it will get 
 overwritten the next time it is regenerated.
 
-4. Hacking tcprewrite
+5. Hacking tcprewrite
 
 tcprewrite order of execution:
 

docs/INSTALL

@@ -0,0 +1,38 @@
+$Id: INSTALL 1313 2005-05-28 23:19:40Z aturner $
+
+You'll need:
+
+- libnet 1.1.x (1.1.1 or greater is recommended)
+http://www.packetfactory.net/Projects/libnet/
+
+Note: Version 1.1.3-RC has a bug in one of the header files.  If you get
+an error during compilation:
+
+/usr/local/include/./libnet/libnet-types.h:36:23: error: ../config.h: No
+such file or directory 
+
+Then you should edit /usr/local/include/libnet/libnet-types.h (or wherever
+it is installed) and comment out or delete the three lines (should be lines
+35-38):
+
+#ifdef HAVE_CONFIG_H
+#include "../config.h"
+#endif
+
+Feel free to bitch to libnet@securityfocus.com since they seem to be
+ignoring me.
+
+- libpcap >= 0.5 (0.8 or greater is recommended)
+http://www.tcpdump.org/
+
+- tcpdump (Optional. If you want packet decoding of sent packets)
+http://www.tcpdump.org/
+
+Run:
+./configure ; make
+
+Run as root:
+make test -i    (optional)
+make install
+
+For more detailed information, see the FAQ.

Docs/LICENSE

@@ -1,7 +1,5 @@
-Copyright (c) 2001-2004 Aaron Turner, Matt Bing.  All rights reserved.
-
-Some portions of code are:
-Copyright(c) 1999 Anzen Computing. All rights reserved.
+Copyright (c) 2001-2005 Aaron Turner <aturner@pobox.com>.
+All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
@@ -15,9 +13,6 @@ are met:
 3. Neither the names of the copyright owners nor the names of its
    contributors may be used to endorse or promote products derived from
    this software without specific prior written permission.
-4. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-       This product includes software developed by Anzen Computing, Inc.
 
 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

docs/Makefile.am

@@ -0,0 +1,100 @@
+MAKEFLAGS=-s
+
+if HAVE_DOCTOOLS
+
+.PHONY: docs webfiles manpages
+
+MAN2HTML = ../scripts/man2html
+
+L2HFLAGS = -show_section_numbers -no_footnode -split +1 -info 0 \
+	-auto_navigation -local_icons -mkdir -html_version 4.0
+
+webfiles: web/FAQ/FAQ.html web/manual/manual.html web/flowreplay/flowreplay.html
+
+docs: FAQ.pdf flowreplay.pdf manual.pdf webfiles manpages
+
+latex:
+	@LYX@ -e latex FAQ.lyx
+	@LYX@ -e latex manual.lyx
+	@LYX@ -e latex flowreplay.lyx
+
+FAQ.pdf: latex
+	@TEXI2DVI@ FAQ.tex
+	@DVIPDFM@ FAQ.dvi
+
+web/FAQ/FAQ.html: latex
+	@LATEX2HTML@ $(L2HFLAGS) -dir web/FAQ FAQ.tex
+
+flowreplay.pdf: latex
+	@FIG2DEV@ -L eps flowheader.fig flowheader.eps
+	@TEXI2DVI@ flowreplay.tex
+	@DVIPDFM@ flowreplay.dvi
+
+web/flowreplay/flowreplay.html: latex
+	@LATEX2HTML@ $(L2HFLAGS) -dir web/flowreplay flowreplay.tex
+
+manual.pdf: latex
+	@FIG2DEV@ -L eps router-mode1.fig router-mode1.eps
+	@FIG2DEV@ -L eps router-mode2.fig router-mode2.eps
+	@FIG2DEV@ -L eps router-mode3.fig router-mode3.eps
+	@TEXI2DVI@ manual.tex
+	@DVIPDFM@ manual.dvi
+
+web/manual/manual.html: latex
+	@LATEX2HTML@ $(L2HFLAGS) -dir web/manual manual.tex
+
+web/man/tcpreplay.html:
+	$(MAN2HTML) < ../src/tcpreplay.1 > web/man/tcpreplay.html
+
+web/man/tcpprep.html:
+	$(MAN2HTML) < ../src/tcpprep.1 > web/man/tcpprep.html
+
+web/man/flowreplay.html:
+	$(MAN2HTML) < ../src/flowreplay.1 > web/man/flowreplay.html
+
+web/man/tcprewrite.html:
+	$(MAN2HTML) < ../src/tcprewrite.1 > web/man/tcprewrite.html
+
+web/man/tcpbridge.html:
+	$(MAN2HTML) < ../src/tcpbridge.1 > web/man/tcpbridge.html
+
+manpages: web/man/tcpreplay.html web/man/tcpprep.html web/man/flowreplay.html \
+	web/man/tcprewrite.html web/man/tcpbridge.html
+
+postweb: webfiles manpages
+	rsync -e ssh --exclude '/**/.svn/' --exclude '/**~' --exclude '*~' \
+		-avz web/ aturner@tequila.synfin.net:/var/www-vhosts/tcpreplay/
+	scp CHANGELOG aturner@tequila.synfin.net:/var/www-vhosts/tcpreplay/
+
+postwebsf: webfiles manpages
+	-rsync -e ssh --exclude '/**/.svn/' --exclude '/**~' --exclude '*~' \
+		-avz web/ aturner@shell.sf.net:htdocs/
+	scp CHANGELOG aturner@shell.sf.net:htdocs/
+
+endif
+
+EXTRA_DIST = CHANGELOG CREDIT HACKING INSTALL LICENSE TODO \
+	FAQ.lyx FAQ.pdf web/FAQ/FAQ.html web/FAQ \
+	flowreplay.lyx flowreplay.pdf web/flowreplay/flowreplay.html web/flowreplay \
+	flowheader.fig router-mode1.fig router-mode2.fig router-mode3.fig \
+	manual.lyx manual.pdf web/manual/manual.html web/manual \
+	web/index.html web/web.css \
+	web/man/tcpreplay.html  web/man/tcpprep.html web/man/flowreplay.html \
+	web/man/tcprewrite.html web/tcpreplay-2-faq.html web/tcpreplay-2-faq.css
+
+MOSTLYCLEANFILES = FAQ.aux FAQ.log FAQ.toc FAQ.dvi FAQ.tex \
+	manual.aux manual.log manual.dvi manual.tex manual.toc \
+	flowreplay.aux flowreplay.log flowheader.eps flowreplay.tex \
+	flowreplay.log flowreplay.toc flowreplay.dvi \
+	images.aux images.log images.pl images.tex img1.png labels.pl \
+	router-mode1.eps router-mode2.eps router-mode3.eps \
+	*~ web/*~
+
+clean-docs: clean
+	-rm -rf *.pdf web/manual web/FAQ web/flowreplay web/man/*
+
+maintainer-clean-local: clean-docs
+	-rm -rf web/flowreplay web/FAQ web/manual web/man/*.html
+
+MAINTAINERCLEANFILES = FAQ.pdf flowreplay.pdf manual.pdf Makefile.in 
+

docs/Makefile.in

@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.9.5 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+target_triplet = @target@
+subdir = docs
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in INSTALL TODO
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/src/config.h
+CONFIG_CLEAN_FILES =
+SOURCES =
+DIST_SOURCES =
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOGEN = @AUTOGEN@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DVIPDFM = @DVIPDFM@
+DVIPS = @DVIPS@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FIG2DEV = @FIG2DEV@
+HAVE_DOCTOOLS_FALSE = @HAVE_DOCTOOLS_FALSE@
+HAVE_DOCTOOLS_TRUE = @HAVE_DOCTOOLS_TRUE@
+HAVE_LIBNIDS_FALSE = @HAVE_LIBNIDS_FALSE@
+HAVE_LIBNIDS_TRUE = @HAVE_LIBNIDS_TRUE@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LATEX2HTML = @LATEX2HTML@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@
+LIBOPTS_LDADD = @LIBOPTS_LDADD@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LNAVLIB = @LNAVLIB@
+LNAV_CFLAGS = @LNAV_CFLAGS@
+LNETINC = @LNETINC@
+LNETLIB = @LNETLIB@
+LNIDSINC = @LNIDSINC@
+LNIDSLIB = @LNIDSLIB@
+LN_S = @LN_S@
+LPCAPINC = @LPCAPINC@
+LPCAPLIB = @LPCAPLIB@
+LTLIBOBJS = @LTLIBOBJS@
+LYX = @LYX@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+NEED_LIBOPTS_FALSE = @NEED_LIBOPTS_FALSE@
+NEED_LIBOPTS_TRUE = @NEED_LIBOPTS_TRUE@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PCAP_BPF_H_FILE = @PCAP_BPF_H_FILE@
+PRINTF = @PRINTF@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+SYSTEM_STRLCPY_FALSE = @SYSTEM_STRLCPY_FALSE@
+SYSTEM_STRLCPY_TRUE = @SYSTEM_STRLCPY_TRUE@
+TCPREPLAY_RELEASE = @TCPREPLAY_RELEASE@
+TCPREPLAY_VERSION = @TCPREPLAY_VERSION@
+TEXI2DVI = @TEXI2DVI@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+debug_flag = @debug_flag@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nic1 = @nic1@
+nic2 = @nic2@
+oldincludedir = @oldincludedir@
+pcncfg = @pcncfg@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target = @target@
+target_alias = @target_alias@
+target_cpu = @target_cpu@
+target_os = @target_os@
+target_vendor = @target_vendor@
+td = @td@
+MAKEFLAGS = -s
+@HAVE_DOCTOOLS_TRUE@MAN2HTML = ../scripts/man2html
+@HAVE_DOCTOOLS_TRUE@L2HFLAGS = -show_section_numbers -no_footnode -split +1 -info 0 \
+@HAVE_DOCTOOLS_TRUE@	-auto_navigation -local_icons -mkdir -html_version 4.0
+
+EXTRA_DIST = CHANGELOG CREDIT HACKING INSTALL LICENSE TODO \
+	FAQ.lyx FAQ.pdf web/FAQ/FAQ.html web/FAQ \
+	flowreplay.lyx flowreplay.pdf web/flowreplay/flowreplay.html web/flowreplay \
+	flowheader.fig router-mode1.fig router-mode2.fig router-mode3.fig \
+	manual.lyx manual.pdf web/manual/manual.html web/manual \
+	web/index.html web/web.css \
+	web/man/tcpreplay.html  web/man/tcpprep.html web/man/flowreplay.html \
+	web/man/tcprewrite.html web/tcpreplay-2-faq.html web/tcpreplay-2-faq.css
+
+MOSTLYCLEANFILES = FAQ.aux FAQ.log FAQ.toc FAQ.dvi FAQ.tex \
+	manual.aux manual.log manual.dvi manual.tex manual.toc \
+	flowreplay.aux flowreplay.log flowheader.eps flowreplay.tex \
+	flowreplay.log flowreplay.toc flowreplay.dvi \
+	images.aux images.log images.pl images.tex img1.png labels.pl \
+	router-mode1.eps router-mode2.eps router-mode3.eps \
+	*~ web/*~
+
+MAINTAINERCLEANFILES = FAQ.pdf flowreplay.pdf manual.pdf Makefile.in 
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu  docs/Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu  docs/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+	-rm -f libtool
+uninstall-info-am:
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	$(mkdir_p) $(distdir)/web $(distdir)/web/FAQ $(distdir)/web/flowreplay $(distdir)/web/man $(distdir)/web/manual
+	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+	list='$(DISTFILES)'; for file in $$list; do \
+	  case $$file in \
+	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+	  esac; \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+	    dir="/$$dir"; \
+	    $(mkdir_p) "$(distdir)$$dir"; \
+	  else \
+	    dir=''; \
+	  fi; \
+	  if test -d $$d/$$file; then \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+	-test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES)
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-libtool
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic \
+	maintainer-clean-local
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-info-am
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+	distclean distclean-generic distclean-libtool distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-data install-data-am install-exec install-exec-am \
+	install-info install-info-am install-man install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic maintainer-clean-local mostlyclean \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	uninstall uninstall-am uninstall-info-am
+
+
+@HAVE_DOCTOOLS_TRUE@.PHONY: docs webfiles manpages
+
+@HAVE_DOCTOOLS_TRUE@webfiles: web/FAQ/FAQ.html web/manual/manual.html web/flowreplay/flowreplay.html
+
+@HAVE_DOCTOOLS_TRUE@docs: FAQ.pdf flowreplay.pdf manual.pdf webfiles manpages
+
+@HAVE_DOCTOOLS_TRUE@latex:
+@HAVE_DOCTOOLS_TRUE@	@LYX@ -e latex FAQ.lyx
+@HAVE_DOCTOOLS_TRUE@	@LYX@ -e latex manual.lyx
+@HAVE_DOCTOOLS_TRUE@	@LYX@ -e latex flowreplay.lyx
+
+@HAVE_DOCTOOLS_TRUE@FAQ.pdf: latex
+@HAVE_DOCTOOLS_TRUE@	@TEXI2DVI@ FAQ.tex
+@HAVE_DOCTOOLS_TRUE@	@DVIPDFM@ FAQ.dvi
+
+@HAVE_DOCTOOLS_TRUE@web/FAQ/FAQ.html: latex
+@HAVE_DOCTOOLS_TRUE@	@LATEX2HTML@ $(L2HFLAGS) -dir web/FAQ FAQ.tex
+
+@HAVE_DOCTOOLS_TRUE@flowreplay.pdf: latex
+@HAVE_DOCTOOLS_TRUE@	@FIG2DEV@ -L eps flowheader.fig flowheader.eps
+@HAVE_DOCTOOLS_TRUE@	@TEXI2DVI@ flowreplay.tex
+@HAVE_DOCTOOLS_TRUE@	@DVIPDFM@ flowreplay.dvi
+
+@HAVE_DOCTOOLS_TRUE@web/flowreplay/flowreplay.html: latex
+@HAVE_DOCTOOLS_TRUE@	@LATEX2HTML@ $(L2HFLAGS) -dir web/flowreplay flowreplay.tex
+
+@HAVE_DOCTOOLS_TRUE@manual.pdf: latex
+@HAVE_DOCTOOLS_TRUE@	@FIG2DEV@ -L eps router-mode1.fig router-mode1.eps
+@HAVE_DOCTOOLS_TRUE@	@FIG2DEV@ -L eps router-mode2.fig router-mode2.eps
+@HAVE_DOCTOOLS_TRUE@	@FIG2DEV@ -L eps router-mode3.fig router-mode3.eps
+@HAVE_DOCTOOLS_TRUE@	@TEXI2DVI@ manual.tex
+@HAVE_DOCTOOLS_TRUE@	@DVIPDFM@ manual.dvi
+
+@HAVE_DOCTOOLS_TRUE@web/manual/manual.html: latex
+@HAVE_DOCTOOLS_TRUE@	@LATEX2HTML@ $(L2HFLAGS) -dir web/manual manual.tex
+
+@HAVE_DOCTOOLS_TRUE@web/man/tcpreplay.html:
+@HAVE_DOCTOOLS_TRUE@	$(MAN2HTML) < ../src/tcpreplay.1 > web/man/tcpreplay.html
+
+@HAVE_DOCTOOLS_TRUE@web/man/tcpprep.html:
+@HAVE_DOCTOOLS_TRUE@	$(MAN2HTML) < ../src/tcpprep.1 > web/man/tcpprep.html
+
+@HAVE_DOCTOOLS_TRUE@web/man/flowreplay.html:
+@HAVE_DOCTOOLS_TRUE@	$(MAN2HTML) < ../src/flowreplay.1 > web/man/flowreplay.html
+
+@HAVE_DOCTOOLS_TRUE@web/man/tcprewrite.html:
+@HAVE_DOCTOOLS_TRUE@	$(MAN2HTML) < ../src/tcprewrite.1 > web/man/tcprewrite.html
+
+@HAVE_DOCTOOLS_TRUE@web/man/tcpbridge.html:
+@HAVE_DOCTOOLS_TRUE@	$(MAN2HTML) < ../src/tcpbridge.1 > web/man/tcpbridge.html
+
+@HAVE_DOCTOOLS_TRUE@manpages: web/man/tcpreplay.html web/man/tcpprep.html web/man/flowreplay.html \
+@HAVE_DOCTOOLS_TRUE@	web/man/tcprewrite.html web/man/tcpbridge.html
+
+@HAVE_DOCTOOLS_TRUE@postweb: webfiles manpages
+@HAVE_DOCTOOLS_TRUE@	rsync -e ssh --exclude '/**/.svn/' --exclude '/**~' --exclude '*~' \
+@HAVE_DOCTOOLS_TRUE@		-avz web/ aturner@tequila.synfin.net:/var/www-vhosts/tcpreplay/
+@HAVE_DOCTOOLS_TRUE@	scp CHANGELOG aturner@tequila.synfin.net:/var/www-vhosts/tcpreplay/
+
+@HAVE_DOCTOOLS_TRUE@postwebsf: webfiles manpages
+@HAVE_DOCTOOLS_TRUE@	-rsync -e ssh --exclude '/**/.svn/' --exclude '/**~' --exclude '*~' \
+@HAVE_DOCTOOLS_TRUE@		-avz web/ aturner@shell.sf.net:htdocs/
+@HAVE_DOCTOOLS_TRUE@	scp CHANGELOG aturner@shell.sf.net:htdocs/
+
+clean-docs: clean
+	-rm -rf *.pdf web/manual web/FAQ web/flowreplay web/man/*
+
+maintainer-clean-local: clean-docs
+	-rm -rf web/flowreplay web/FAQ web/manual web/man/*.html
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:

docs/TODO

@@ -0,0 +1,119 @@
+This is a general list of things which should/could/may be done.
+If any of these features interest you let me know- especially if you're
+willing and able to help code it.
+
+Legend:
+    - = Not started
+    + = Done
+    O = Mostly done
+    o = Started work
+    . = Canceled
+    ? = To think about
+
++ Look at VLAN (802.1q) packets
+    - others non-vanilla types?
+    + Add tags?  Remove tags?  Change tags?
+    - Tag only one side of the connection
+    - Cisco's ISL trunking?
+
+- Add support for MPLS
+
+- Add support for GRE
+  http://www.linuxguruz.com/iptables/howto/2.4routing-5.html
+  Perhaps this should be done via the hardware interface rather then the GRE
+  virtual interface since libnet doesn't support the GRE virtual
+
++ Add support for setting the ethernet protocol field so we can use
+    -I, -K to fill out an entire ethernet header w/o using -2
+
++ Add a secondary interface full layer two rewrite option
+
++ Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
+
+- Add support for more linktypes (Prism Monitor, 802.11, FDDI, etc)
+    - Make it easier for others to add support for others
+
++ Rip out packet munger from tcpreplay and put it into another tool so
+  that tcpreplay can be more optimized
+    ? perhaps use libnetdude?
+    ? make into a library?
+    + definately put it into a seperate binary (tcprewrite)
+
+- Add the ability to modify packet data via regex(es) in tcprewrite
+  - Should support pcre
+  - Support (foo) and $1, etc so new data can include old
+  - Limit matching which packets via BPF filter and tcpprep cache
+        (client/server)
+  - Step through packets ala tcpreplay and provide option to edit (Y/n)
+
++ Improve config file format
+  + better variable names
+  + use "var: value" format
+  + have tcpreplay, tcpprep, tcprewrite sections
+  + Being solved using GNU AutoOpts
+
+. Add support for dual-nic send on one intf, wait for packet, send next.
+  would be really useful for testing the effectiveness of how well an IPS
+  detects and blocks attacks. (TP's tomahawk does this even better then
+  described here, so why re-invent the wheel?)
+
+- Support fragrouter like features 
+    - basic IP fragmenation
+    - TCP fudging 
+    - then more advanced stuff
+    - Can we integrate FR's code?
+
+- Support connection tracking and generating 3way handshake for connections
+  missing them.
+
+- Bump Syn/Ack numbers by a random or given value so that running 
+  the same pcap will behave as different streams.
+
+- Improve flowreplay so it actually works
+  o Use libnids to read the pcaps
+  - Allow handoff to a socket after user specified client/server exchanges
+
+- Perhaps integrate stick/snot/fpg logic into flowreplay:
+  http://www.geschke-online.de/FLoP/fpg.8.html
+  to do full 3way handshakes
+
+- IPv6 support?  People ask for this every few months, but nobody actually
+  says they "need" or "really want" it; seems more of "gee, wouldn't it be
+  nice".
+
++ When splitting traffic via tcpprep print out each packet (tcpdump style)
+  so end users know where each packet is going
+
++ Improve autoconf detection of libraries
+
++ Re-organize source tree
+
+O tcpdump decoder should print packets syncronously w/ the main process
+
+- Rewrite do_sleep() to handle sub sleep times by only nanosleep()'ing
+  once for multiple packets when the timestamps are close enough.  We
+  also need to time nanosleep, since different architectures have lower
+  minimum sleep times (Linux/Alpha is 1ms vs. 10ms for Linux/x86)
+
++ Tcpreplay should say which interface each packet is going out
+
++ Better use of GNU Autotools
+
++ Improve CLI/config file parsing
+
+- Tcprewrite should be able to remove the two byte ethernet FCS (checksums)
+  at the end of the frame.
+
+- See about removing libnet_init() from all binaries other then tcprewrite
+  so we don't have to run as root:
+  . libnet_addr2name4 (ignore, doesn't require libnet_t context)
+  + libnet_name2addr4
+  - libnet_get_hwaddr
+  - libnet_do_checksum
+
++ Support randomization of IP addresses in ARP packets
+
+- Only tcpreplay should need to run as root.
+
+- Tcpreplay should use raw sockets or BPF directly for writing rather then
+      libnet where applicable for higher performance.