Browse Source

Import upstream version 4.2.5

Fred Klassen 6 years ago
parent
commit
d2eb5d8136
58 changed files with 2174 additions and 1723 deletions
  1. 10 10
      configure
  2. 1 1
      configure.ac
  3. 11 0
      docs/CHANGELOG
  4. 21 11
      lib/tree.h
  5. 1 1
      libopts/nested.c
  6. 0 1
      libopts/numeric.c
  7. 5 0
      src/common/cache.c
  8. 1 1
      src/common/cidr.c
  9. 1 1
      src/common/cidr.h
  10. 1 1
      src/common/git_version.c
  11. 7 11
      src/common/interface.c
  12. 1 0
      src/common/mac.c
  13. 2 2
      src/common/services.c
  14. 0 11
      src/common/utils.c
  15. 0 3
      src/common/utils.h
  16. 2 0
      src/defines.h
  17. 2 0
      src/defines.h.in
  18. 7 5
      src/fragroute/mod.c
  19. 4 2
      src/fragroute/mod_drop.c
  20. 6 0
      src/fragroute/mod_dup.c
  21. 16 6
      src/fragroute/pkt.c
  22. 7 3
      src/send_packets.c
  23. 32 7
      src/tcpbridge.1
  24. 359 283
      src/tcpbridge_opts.c
  25. 57 53
      src/tcpbridge_opts.h
  26. 1 1
      src/tcpcapinfo.1
  27. 1 1
      src/tcpedit/checksum.c
  28. 11 7
      src/tcpedit/edit_packet.c
  29. 238 205
      src/tcpedit/fuzzing.c
  30. 2 2
      src/tcpedit/fuzzing.h
  31. 4 1
      src/tcpedit/parse_args.c
  32. 1 3
      src/tcpedit/plugins/dlt_en10mb/en10mb.c
  33. 1 1
      src/tcpedit/plugins/dlt_utils.c
  34. 5 2
      src/tcpedit/portmap.c
  35. 2 0
      src/tcpedit/tcpedit.c
  36. 21 6
      src/tcpedit/tcpedit_opts.def
  37. 35 31
      src/tcpedit/tcpedit_stub.h
  38. 1 0
      src/tcpedit/tcpedit_types.h
  39. 1 1
      src/tcpliveplay.1
  40. 8 2
      src/tcpliveplay.c
  41. 2 2
      src/tcpprep.1
  42. 8 6
      src/tcpprep.c
  43. 145 145
      src/tcpprep_opts.c
  44. 1 1
      src/tcpprep_opts.def
  45. 32 7
      src/tcpreplay-edit.1
  46. 32 7
      src/tcpreplay.1
  47. 1 1
      src/tcpreplay.c
  48. 515 439
      src/tcpreplay_edit_opts.c
  49. 88 84
      src/tcpreplay_edit_opts.h
  50. 32 7
      src/tcprewrite.1
  51. 1 1
      src/tcprewrite.c
  52. 331 256
      src/tcprewrite_opts.c
  53. 58 54
      src/tcprewrite_opts.h
  54. 34 33
      src/tree.c
  55. 4 2
      test/Makefile.am
  56. 4 2
      test/Makefile.in
  57. BIN
      test/test.rewrite_l7fuzzing
  58. BIN
      test/test2.rewrite_l7fuzzing

+ 10 - 10
configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for tcpreplay 4.2.4.
+# Generated by GNU Autoconf 2.69 for tcpreplay 4.2.5.
 #
 # Report bugs to <https://github.com/appneta/tcpreplay/issues>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='tcpreplay'
 PACKAGE_TARNAME='tcpreplay'
-PACKAGE_VERSION='4.2.4'
-PACKAGE_STRING='tcpreplay 4.2.4'
+PACKAGE_VERSION='4.2.5'
+PACKAGE_STRING='tcpreplay 4.2.5'
 PACKAGE_BUGREPORT='https://github.com/appneta/tcpreplay/issues'
 PACKAGE_URL='http://tcpreplay.sourceforge.net/'
 
@@ -1429,7 +1429,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures tcpreplay 4.2.4 to adapt to many kinds of systems.
+\`configure' configures tcpreplay 4.2.5 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1500,7 +1500,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of tcpreplay 4.2.4:";;
+     short | recursive ) echo "Configuration of tcpreplay 4.2.5:";;
    esac
   cat <<\_ACEOF
 
@@ -1669,7 +1669,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-tcpreplay configure 4.2.4
+tcpreplay configure 4.2.5
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2629,7 +2629,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by tcpreplay $as_me 4.2.4, which was
+It was created by tcpreplay $as_me 4.2.5, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3773,7 +3773,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='tcpreplay'
- VERSION='4.2.4'
+ VERSION='4.2.5'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -24556,7 +24556,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by tcpreplay $as_me 4.2.4, which was
+This file was extended by tcpreplay $as_me 4.2.5, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -24623,7 +24623,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-tcpreplay config.status 4.2.4
+tcpreplay config.status 4.2.5
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

+ 1 - 1
configure.ac

@@ -4,7 +4,7 @@ dnl $Id$
 AC_PREREQ([2.69])
 
 dnl Set version info here!
-AC_INIT([tcpreplay],[4.2.4],
+AC_INIT([tcpreplay],[4.2.5],
     [https://github.com/appneta/tcpreplay/issues],
     [tcpreplay],
     [http://tcpreplay.sourceforge.net/])

+ 11 - 0
docs/CHANGELOG

@@ -1,3 +1,14 @@
+05/02/2017 Version 4.2.5
+    - Fix issues found by scan-build (#384)
+    - Improve --portmap help message (#381)
+    - AFL detected security crash in fuzz feature (#380)
+    - Coverity static scan detected issues (#374)
+    - Fuzz should not be overwritting Layer 3 (#372)
+    - Add --fuzz-factor option to specify fuzz ratio (#371)
+    - Warnings when building on old distributions (#368)
+    - Fix more Lintian detected spelling errors (#365)
+    - Fuzz test failure on ARM and MIPS (#364)
+
 04/26/2017 Version 4.2.4
     - Fix Lintian detected spelling errors (#362)
 

+ 21 - 11
lib/tree.h

@@ -390,8 +390,10 @@ name##_RB_INSERT_COLOR(struct name *head, struct type *elm)		\
 {									\
 	struct type *parent, *gparent, *tmp;				\
 	while ((parent = RB_PARENT(elm, field)) &&			\
-	    RB_COLOR(parent, field) == RB_RED) {			\
+		RB_COLOR(parent, field) == RB_RED) {			\
 		gparent = RB_PARENT(parent, field);			\
+		if (!gparent)						\
+			continue;					\
 		if (parent == RB_LEFT(gparent, field)) {		\
 			tmp = RB_RIGHT(gparent, field);			\
 			if (tmp && RB_COLOR(tmp, field) == RB_RED) {	\
@@ -400,7 +402,7 @@ name##_RB_INSERT_COLOR(struct name *head, struct type *elm)		\
 				elm = gparent;				\
 				continue;				\
 			}						\
-			if (RB_RIGHT(parent, field) == elm) {		\
+			if (RB_RIGHT(parent, field) == elm) {	\
 				RB_ROTATE_LEFT(head, parent, tmp, field);\
 				tmp = parent;				\
 				parent = elm;				\
@@ -416,7 +418,7 @@ name##_RB_INSERT_COLOR(struct name *head, struct type *elm)		\
 				elm = gparent;				\
 				continue;				\
 			}						\
-			if (RB_LEFT(parent, field) == elm) {		\
+			if (RB_LEFT(parent, field) == elm) {	\
 				RB_ROTATE_RIGHT(head, parent, tmp, field);\
 				tmp = parent;				\
 				parent = elm;				\
@@ -434,24 +436,28 @@ name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm)
 {									\
 	struct type *tmp;						\
 	while ((elm == NULL || RB_COLOR(elm, field) == RB_BLACK) &&	\
-	    elm != RB_ROOT(head)) {					\
+			elm != RB_ROOT(head)) {				\
 		if (RB_LEFT(parent, field) == elm) {			\
 			tmp = RB_RIGHT(parent, field);			\
+			if (!tmp)					\
+				continue;				\
 			if (RB_COLOR(tmp, field) == RB_RED) {		\
 				RB_SET_BLACKRED(tmp, parent, field);	\
 				RB_ROTATE_LEFT(head, parent, tmp, field);\
 				tmp = RB_RIGHT(parent, field);		\
 			}						\
+			if (!tmp)					\
+				continue;				\
 			if ((RB_LEFT(tmp, field) == NULL ||		\
-			    RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\
-			    (RB_RIGHT(tmp, field) == NULL ||		\
-			    RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\
+				RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\
+				(RB_RIGHT(tmp, field) == NULL ||		\
+				RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\
 				RB_COLOR(tmp, field) = RB_RED;		\
 				elm = parent;				\
 				parent = RB_PARENT(elm, field);		\
 			} else {					\
 				if (RB_RIGHT(tmp, field) == NULL ||	\
-				    RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK) {\
+						RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK) {\
 					struct type *oleft;		\
 					if ((oleft = RB_LEFT(tmp, field)))\
 						RB_COLOR(oleft, field) = RB_BLACK;\
@@ -469,15 +475,19 @@ name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm)
 			}						\
 		} else {						\
 			tmp = RB_LEFT(parent, field);			\
+			if (!tmp)					\
+				continue;				\
 			if (RB_COLOR(tmp, field) == RB_RED) {		\
 				RB_SET_BLACKRED(tmp, parent, field);	\
 				RB_ROTATE_RIGHT(head, parent, tmp, field);\
 				tmp = RB_LEFT(parent, field);		\
 			}						\
+			if (!tmp)					\
+				continue;				\
 			if ((RB_LEFT(tmp, field) == NULL ||		\
-			    RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\
-			    (RB_RIGHT(tmp, field) == NULL ||		\
-			    RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\
+				RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\
+				(RB_RIGHT(tmp, field) == NULL ||		\
+				RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\
 				RB_COLOR(tmp, field) = RB_RED;		\
 				elm = parent;				\
 				parent = RB_PARENT(elm, field);		\

+ 1 - 1
libopts/nested.c

@@ -342,7 +342,7 @@ static char const *
 scan_name(char const * name, tOptionValue * res)
 {
     tOptionValue* new_val;
-    char const * pzScan = name+1; /* we know first char is a name char */
+    char const * pzScan;
     char const * pzVal;
     size_t       nm_len = 1;
     size_t       d_len = 0;

+ 0 - 1
libopts/numeric.c

@@ -55,7 +55,6 @@ optionShowRange(tOptions * pOpts, tOptDesc * pOD, void * rng_table, int rng_ct)
     if (pOpts != OPTPROC_EMIT_USAGE) {
         if (pOpts <= OPTPROC_EMIT_LIMIT)
             return;
-        pz_indent = ONE_TAB_STR;
 
         fprintf(option_usage_fp, zRangeErr, pOpts->pzProgName,
                 pOD->pz_Name, pOD->optArg.argInt);

+ 5 - 0
src/common/cache.c

@@ -98,6 +98,10 @@ read_cache(char **cachedata, const char *cachefile, char **comment)
 
     /* read the comment */
     header.comment_len = ntohs(header.comment_len);
+    if (header.comment_len > 65534)
+        errx(-1, "Unable to process %s: invalid comment length %u",
+                cachefile, header.comment_len);
+
     *comment = (char *)safe_malloc(header.comment_len + 1);
 
     dbgx(1, "Comment length: %d", header.comment_len);
@@ -267,6 +271,7 @@ add_cache(tcpr_cache_t ** cachedata, const int send, const tcpr_dir_t interface)
         lastcache = *cachedata;
     }
     else {
+        lastcache = *cachedata;
         /* check to see if this is the last bit in this struct */
         if ((lastcache->packets + 1) > (CACHEDATASIZE * CACHE_PACKETS_PER_BYTE)) {
             /*

+ 1 - 1
src/common/cidr.c

@@ -211,7 +211,7 @@ cidr2cidr(char *cidr)
         if (p) {
             *p = 0;
             ++p;
-            count = sscanf(p, "%d", &newcidr->masklen);
+            sscanf(p, "%d", &newcidr->masklen);
         } else {
             newcidr->masklen = 128;
         }

+ 1 - 1
src/common/cidr.h

@@ -26,7 +26,7 @@
 struct tcpr_cidr_s {
     int family;                 /* AF_INET or AF_INET6 */
     union {
-    u_int32_t network;
+        u_int32_t network;
         struct tcpr_in6_addr network6;
     } u;
     int masklen;

+ 1 - 1
src/common/git_version.c

@@ -1,4 +1,4 @@
-const char GIT_Version[] = "git:v4.2.4";
+const char GIT_Version[] = "git:v4.2.5";
 const char *git_version(void) {
     return GIT_Version;
 }

+ 7 - 11
src/common/interface.c

@@ -54,19 +54,15 @@ get_interface(interface_list_t *list, const char *alias)
 
     assert(alias);
 
-    if (list != NULL) {
-        ptr = list;
-
-        do {
-            /* check both the alias & name fields */
-            if (strcmp(alias, ptr->alias) == 0)
-                return(ptr->name);
+    ptr = list;
 
-            if (strcmp(alias, ptr->name) == 0)
-                return(ptr->name);
+    while (ptr) {
+        /* check both the alias & name fields */
+        if (strcmp(alias, ptr->alias) == 0 ||
+                strcmp(alias, ptr->name) == 0)
+            return(ptr->name);
 
-            ptr = ptr->next;
-        } while (ptr != NULL);
+        ptr = ptr->next;
     }
 
     return(NULL);

+ 1 - 0
src/common/mac.c

@@ -115,6 +115,7 @@ macinstring(const char *macstring, const u_char *mac)
     int len = 6, ret = TCPR_DIR_S2C;
     
     ourstring = safe_strdup(macstring);
+    memset(&tempmac[0], 0, sizeof(tempmac));
     
     tempstr = strtok_r(ourstring, ",", &tok);
     if (strlen(tempstr)) {

+ 2 - 2
src/common/services.c

@@ -37,7 +37,6 @@ parse_services(const char *file, tcpr_services_t *services)
     FILE *service = NULL;
     char service_line[MAXLINE], port[10], proto[10];
     regex_t preg;
-    uint16_t portc;
     size_t nmatch = 3;
     regmatch_t pmatch[3];
     static const char regex[] = "([0-9]+)/(tcp|udp)"; /* matches the port as pmatch[1], service pmatch[2] */
@@ -66,12 +65,13 @@ parse_services(const char *file, tcpr_services_t *services)
         /* zero out our vars */
         memset(port, '\0', 10);
         memset(proto, '\0', 10);
-        portc = 0;
 
         dbgx(4, "Processing: %s", service_line);
 
         /* look for format of 1234/tcp */
         if ((regexec(&preg, service_line, nmatch, pmatch, 0)) == 0) { /* matches */
+            uint16_t portc;
+
             if (nmatch < 2) {
                 err(-1, "WTF?  I matched the line, but I don't know where!");
             }

+ 0 - 11
src/common/utils.c

@@ -98,17 +98,6 @@ _our_safe_strdup(const char *str, const char *funcname, const int line, const ch
 
 }
 
-char *
-_our_safe_strndup(const char *str, size_t n, const char *funcname, const int line, const char *file)
-{
-  char *copy = strndup(str, n);
-  if (copy == NULL) {
-        fprintf(stderr, "ERROR in %s:%s() line %d: Unable to strndup() %zu bytes: %s\n", file, funcname, line, n, strerror(errno));
-        exit(-1);
-  }
-  return copy;
-}
-
 /**
  * calls free and sets to NULL.
  */

+ 0 - 3
src/common/utils.h

@@ -59,9 +59,6 @@ void *_our_safe_realloc(void *ptr, size_t len, const char *, const int, const ch
 #define safe_strdup(x) _our_safe_strdup(x, __FUNCTION__, __LINE__, __FILE__)
 char *_our_safe_strdup(const char *str, const char *, const int, const char *);
 
-#define safe_strndup(x, n) _our_safe_strndup((x), (n), __FUNCTION__, __LINE__, __FILE__)
-char *_our_safe_strndup(const char *str, size_t n, const char *, const int, const char *);
-
 #define safe_free(x) _our_safe_free(x, __FUNCTION__, __LINE__, __FILE__)
 void _our_safe_free(void *ptr, const char *, const int, const char *);
 

+ 2 - 0
src/defines.h

@@ -158,6 +158,8 @@ typedef struct tcpr_speed_s {
 #define BPF_OPTIMIZE 1          /* default is to optimize bpf program */
 #define PCAP_TIMEOUT 100        /* 100ms pcap_open_live timeout */
 
+#define DEFAULT_FUZZ_FACTOR 8
+
 /* HP-UX already defines TRUE/FALSE */
 #ifndef TRUE
 typedef enum bool_e {

+ 2 - 0
src/defines.h.in

@@ -158,6 +158,8 @@ typedef struct tcpr_speed_s {
 #define BPF_OPTIMIZE 1          /* default is to optimize bpf program */
 #define PCAP_TIMEOUT 100        /* 100ms pcap_open_live timeout */
 
+#define DEFAULT_FUZZ_FACTOR 8
+
 /* HP-UX already defines TRUE/FALSE */
 #ifndef TRUE
 typedef enum bool_e {

+ 7 - 5
src/fragroute/mod.c

@@ -19,7 +19,7 @@
 #include "argv.h"
 #include "mod.h"
 
-#define MAX_ARGS		 128	/* XXX */
+#define MAX_ARGS		 128
 
 struct rule {
 	struct mod		*mod;
@@ -28,7 +28,7 @@ struct rule {
 };
 
 /*
- * XXX - new modules must be registered here.
+ * new modules must be registered here.
  */
 extern struct mod	 mod_delay;
 extern struct mod	 mod_drop;
@@ -84,7 +84,7 @@ mod_open(const char *script, char *errbuf)
 {
 	FILE *fp;
 	struct mod **m;
-	struct rule *rule;
+	struct rule *rule = NULL;
 	char *argv[MAX_ARGS], buf[BUFSIZ];
 	int i, argc, ret = 0;
 
@@ -158,8 +158,11 @@ mod_open(const char *script, char *errbuf)
 		}
 		buf[strlen(buf) - 4] = '\0';
 		sprintf(errbuf, "wtf: %s", buf);
-        // ret = -1;
 	}
+
+	if (rule)
+	    free(rule);
+
 	return (ret);
 }
 
@@ -182,6 +185,5 @@ mod_close(void)
 		if (rule->mod->close != NULL)
 			rule->data = rule->mod->close(rule->data);
 		TAILQ_REMOVE(&rules, rule, next);
-		free(rule);
 	}
 }

+ 4 - 2
src/fragroute/mod_drop.c

@@ -82,8 +82,10 @@ drop_apply(void *d, struct pktq *pktq)
 	else
 		pkt = pktq_random(data->rnd, pktq);
 
-	TAILQ_REMOVE(pktq, pkt, pkt_next);
-	pkt_free(pkt);
+	if (pkt) {
+	    TAILQ_REMOVE(pktq, pkt, pkt_next);
+	    pkt_free(pkt);
+	}
 	
 	return (0);
 }

+ 6 - 0
src/fragroute/mod_dup.c

@@ -85,7 +85,13 @@ dup_apply(void *d, struct pktq *pktq)
 	else
 		pkt = pktq_random(data->rnd, pktq);
 	
+	if (!pkt)
+	    return -1;
+
 	new = pkt_dup(pkt);
+	if (!new)
+	    return -1;
+
 	TAILQ_INSERT_AFTER(pktq, pkt, new, pkt_next);
 	
 	return (0);

+ 16 - 6
src/fragroute/pkt.c

@@ -7,6 +7,7 @@
  */
 
 #include "config.h"
+#include "common/err.h"
 
 #include <sys/types.h>
 
@@ -292,14 +293,18 @@ pktq_shuffle(rand_t *r, struct pktq *pktq)
 	TAILQ_FOREACH(pkt, pktq, pkt_next) {
 		i++;
 	}
-	if (i > pvlen) {
+	if (i > 0 && i > pvlen) {
 		pvlen = i;
 		if (pvbase == NULL)
 			pvbase = malloc(sizeof(pkt) * pvlen);
 		else
 			pvbase = realloc(pvbase, sizeof(pkt) * pvlen);
+
 	}
-	i = 0;
+    if (!pvbase)
+        err(-1, "out of memory\n");
+
+    i = 0;
 	TAILQ_FOREACH(pkt, pktq, pkt_next) {
 		pvbase[i++] = pkt;
 	}
@@ -316,17 +321,22 @@ struct pkt *
 pktq_random(rand_t *r, struct pktq *pktq)
 {
 	struct pkt *pkt;
-	int i;
+	unsigned int i;
 	
 	i = 0;
 	TAILQ_FOREACH(pkt, pktq, pkt_next) {
 		i++;
 	}
-	i = rand_uint32(r) % (i - 1);
+
+	if (i)
+	    --i;
+
+	if (i)
+	    i = rand_uint32(r) % i;
 	pkt = TAILQ_FIRST(pktq);
 	
-	while (--i >= 0) {
-		pkt = TAILQ_NEXT(pkt, pkt_next);
+	while (pkt && ((int)--i) >= 0) {
+	    pkt = TAILQ_NEXT(pkt, pkt_next);
 	}
 	return (pkt);
 }

+ 7 - 3
src/send_packets.c

@@ -266,6 +266,10 @@ fast_edit_packet(struct pcap_pkthdr *pkthdr, u_char **pktdata,
 
         if ((packet[3] & 0x80) == 0x80) {
             l2_len = ntohs(*((uint16_t*)&packet[4]));
+            if (l2_len > 1024) {
+                warnx("L2 length too long: %u", l2_len);
+                return;
+            }
             l2_len += 6;
         } else
             l2_len = 4; /* no header extensions */
@@ -713,12 +717,12 @@ send_dual_packets(tcpreplay_t *ctx, pcap_t *pcap1, int cache_file_idx1, pcap_t *
     int cache_file_idx;
     struct pcap_pkthdr pkthdr1, pkthdr2;
     u_char *pktdata1 = NULL, *pktdata2 = NULL, *pktdata = NULL;
-    sendpacket_t *sp = ctx->intf1;
+    sendpacket_t *sp;
     COUNTER pktlen;
     packet_cache_t *cached_packet1 = NULL, *cached_packet2 = NULL;
     packet_cache_t **prev_packet1 = NULL, **prev_packet2 = NULL;
     struct pcap_pkthdr *pkthdr_ptr;
-    int datalink = options->file_cache[cache_file_idx1].dlt;
+    int datalink;
     COUNTER start_us;
     COUNTER end_us;
     COUNTER skip_length = 0;
@@ -1195,7 +1199,7 @@ static bool calc_sleep_time(tcpreplay_t *ctx, struct timeval *pkt_time_delta,
           */
          now_us = TIMSTAMP_TO_MICROSEC(sent_timestamp);
          if (now_us) {
-             COUNTER pph = ctx->options->speed.speed * (ctx->options->speed.pps_multi > 0 ? ctx->options->speed.pps_multi : (60 * 60));;
+             COUNTER pph = ctx->options->speed.speed * (ctx->options->speed.pps_multi > 0 ? ctx->options->speed.pps_multi : (60 * 60));
              COUNTER pkts_sent = ctx->stats.pkts_sent;
              /*
               * packets * 1000000 divided by pps = microseconds

+ 32 - 7
src/tcpbridge.1

@@ -10,7 +10,7 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH tcpbridge 1 "26 Apr 2017" "tcpbridge" "User Commands"
+.TH tcpbridge 1 "08 May 2017" "tcpbridge" "User Commands"
 .\"
 .\" DO NOT EDIT THIS FILE (in-mem file)
 .\"
@@ -48,7 +48,7 @@ http://tcpreplay.appneta.com
 .TP
 .NOP \f\*[B-Font]\-r\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-portmap\f[]=\f\*[I-Font]string\f[]
 Rewrite TCP/UDP ports.
-This option may appear up to \-1 times.
+This option may appear up to 9999 times.
 .sp
 Specify a list of comma delimited port mappingings consisting of
 colon delimited port number pairs.  Each colon delimited port pair
@@ -259,7 +259,7 @@ the actual packet length
 Delete the packet
 .TP
 .NOP \f\*[B-Font]\-\-fuzz\-seed\f[]=\f\*[I-Font]number\f[]
-Fuzz 1/8 packet. Edit Bytes, length, or emulate packet drop.
+Fuzz 1 in X packets. Edit bytes, length, or emulate packet drop.
 This option takes an integer number as its argument.
 The value of
 \f\*[I-Font]number\f[]
@@ -277,10 +277,10 @@ for this option is:
  0
 .sp
 This fuzzing was designed as to test layer 7 protocols such as voip protocols.
-It modifies randomly 1 out of 8 packets in order for stateful protocols to cover
-more of their code.  The random fuzzing actions focus on data start and end
-because it often is the part of the data application protocols base their
-decisions on.
+It modifies randomly 1 out of X packets (where X = \fB--fuzz-factor\fP) in order 
+for stateful protocols to cover more of their code.  The random fuzzing actions 
+focus on data start and end because it often is the part of the data application 
+protocols base their decisions on.
 .sp
 Possible fuzzing actions list:
  * drop packet
@@ -292,6 +292,31 @@ Possible fuzzing actions list:
      Replace the start, the end, or the middle of the packet with equal likelihood.
  * do nothing (7 out of 8 packets)
 .TP
+.NOP \f\*[B-Font]\-\-fuzz\-factor\f[]=\f\*[I-Font]number\f[]
+Set the Fuzz 1 in X packet ratio (default 1 in 8 packets).
+This option must appear in combination with the following options:
+fuzz-seed.
+This option takes an integer number as its argument.
+The value of
+\f\*[I-Font]number\f[]
+is constrained to being:
+.in +4
+.nf
+.na
+greater than or equal to 1
+.fi
+.in -4
+The default
+\f\*[I-Font]number\f[]
+for this option is:
+.ti +4
+ 8
+.sp
+Sets the ratio of for \fB--fuzz-seed\fP option. By default this value is 8,
+which means 1 in 8 packets are modified by fuzzing. Note that this ratio is
+based on the random number genereated by the supplied fuzz seed. Therefore by
+default you cannot expect that exactly every eighth packet will be modified. 
+.TP
 .NOP \f\*[B-Font]\-\-skipl2broadcast\f[]
 Skip rewriting broadcast/multicast Layer 2 addresses.
 .sp

File diff suppressed because it is too large
+ 359 - 283
src/tcpbridge_opts.c


+ 57 - 53
src/tcpbridge_opts.h

@@ -83,42 +83,43 @@ typedef enum {
     INDEX_OPT_FLOWLABEL                 = 15,
     INDEX_OPT_FIXLEN                    = 16,
     INDEX_OPT_FUZZ_SEED                 = 17,
-    INDEX_OPT_SKIPL2BROADCAST           = 18,
-    INDEX_OPT_DLT                       = 19,
-    INDEX_OPT_ENET_DMAC                 = 20,
-    INDEX_OPT_ENET_SMAC                 = 21,
-    INDEX_OPT_ENET_SUBSMAC              = 22,
-    INDEX_OPT_ENET_MAC_SEED             = 23,
-    INDEX_OPT_ENET_MAC_SEED_KEEP_BYTES  = 24,
-    INDEX_OPT_ENET_VLAN                 = 25,
-    INDEX_OPT_ENET_VLAN_TAG             = 26,
-    INDEX_OPT_ENET_VLAN_CFI             = 27,
-    INDEX_OPT_ENET_VLAN_PRI             = 28,
-    INDEX_OPT_HDLC_CONTROL              = 29,
-    INDEX_OPT_HDLC_ADDRESS              = 30,
-    INDEX_OPT_USER_DLT                  = 31,
-    INDEX_OPT_USER_DLINK                = 32,
-    INDEX_OPT_DBUG                      = 33,
-    INDEX_OPT_INTF1                     = 34,
-    INDEX_OPT_INTF2                     = 35,
-    INDEX_OPT_UNIDIR                    = 36,
-    INDEX_OPT_LISTNICS                  = 37,
-    INDEX_OPT_LIMIT                     = 38,
-    INDEX_OPT_MAC                       = 39,
-    INDEX_OPT_INCLUDE                   = 40,
-    INDEX_OPT_EXCLUDE                   = 41,
-    INDEX_OPT_PID                       = 42,
-    INDEX_OPT_VERBOSE                   = 43,
-    INDEX_OPT_DECODE                    = 44,
-    INDEX_OPT_VERSION                   = 45,
-    INDEX_OPT_LESS_HELP                 = 46,
-    INDEX_OPT_HELP                      = 47,
-    INDEX_OPT_MORE_HELP                 = 48,
-    INDEX_OPT_SAVE_OPTS                 = 49,
-    INDEX_OPT_LOAD_OPTS                 = 50
+    INDEX_OPT_FUZZ_FACTOR               = 18,
+    INDEX_OPT_SKIPL2BROADCAST           = 19,
+    INDEX_OPT_DLT                       = 20,
+    INDEX_OPT_ENET_DMAC                 = 21,
+    INDEX_OPT_ENET_SMAC                 = 22,
+    INDEX_OPT_ENET_SUBSMAC              = 23,
+    INDEX_OPT_ENET_MAC_SEED             = 24,
+    INDEX_OPT_ENET_MAC_SEED_KEEP_BYTES  = 25,
+    INDEX_OPT_ENET_VLAN                 = 26,
+    INDEX_OPT_ENET_VLAN_TAG             = 27,
+    INDEX_OPT_ENET_VLAN_CFI             = 28,
+    INDEX_OPT_ENET_VLAN_PRI             = 29,
+    INDEX_OPT_HDLC_CONTROL              = 30,
+    INDEX_OPT_HDLC_ADDRESS              = 31,
+    INDEX_OPT_USER_DLT                  = 32,
+    INDEX_OPT_USER_DLINK                = 33,
+    INDEX_OPT_DBUG                      = 34,
+    INDEX_OPT_INTF1                     = 35,
+    INDEX_OPT_INTF2                     = 36,
+    INDEX_OPT_UNIDIR                    = 37,
+    INDEX_OPT_LISTNICS                  = 38,
+    INDEX_OPT_LIMIT                     = 39,
+    INDEX_OPT_MAC                       = 40,
+    INDEX_OPT_INCLUDE                   = 41,
+    INDEX_OPT_EXCLUDE                   = 42,
+    INDEX_OPT_PID                       = 43,
+    INDEX_OPT_VERBOSE                   = 44,
+    INDEX_OPT_DECODE                    = 45,
+    INDEX_OPT_VERSION                   = 46,
+    INDEX_OPT_LESS_HELP                 = 47,
+    INDEX_OPT_HELP                      = 48,
+    INDEX_OPT_MORE_HELP                 = 49,
+    INDEX_OPT_SAVE_OPTS                 = 50,
+    INDEX_OPT_LOAD_OPTS                 = 51
 } teOptIndex;
 /** count of all options for tcpbridge */
-#define OPTION_CT    51
+#define OPTION_CT    52
 
 /**
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
@@ -199,37 +200,40 @@ typedef enum {
 #define VALUE_OPT_FUZZ_SEED      0x1006
 
 #define OPT_VALUE_FUZZ_SEED      (DESC(FUZZ_SEED).optArg.argInt)
-#define VALUE_OPT_SKIPL2BROADCAST 0x1007
-#define VALUE_OPT_DLT            0x1008
-#define VALUE_OPT_ENET_DMAC      0x1009
-#define VALUE_OPT_ENET_SMAC      0x100A
-#define VALUE_OPT_ENET_SUBSMAC   0x100B
-#define VALUE_OPT_ENET_MAC_SEED  0x100C
+#define VALUE_OPT_FUZZ_FACTOR    0x1007
+
+#define OPT_VALUE_FUZZ_FACTOR    (DESC(FUZZ_FACTOR).optArg.argInt)
+#define VALUE_OPT_SKIPL2BROADCAST 0x1008
+#define VALUE_OPT_DLT            0x1009
+#define VALUE_OPT_ENET_DMAC      0x100A
+#define VALUE_OPT_ENET_SMAC      0x100B
+#define VALUE_OPT_ENET_SUBSMAC   0x100C
+#define VALUE_OPT_ENET_MAC_SEED  0x100D
 
 #define OPT_VALUE_ENET_MAC_SEED  (DESC(ENET_MAC_SEED).optArg.argInt)
-#define VALUE_OPT_ENET_MAC_SEED_KEEP_BYTES 0x100D
+#define VALUE_OPT_ENET_MAC_SEED_KEEP_BYTES 0x100E
 
 #define OPT_VALUE_ENET_MAC_SEED_KEEP_BYTES (DESC(ENET_MAC_SEED_KEEP_BYTES).optArg.argInt)
-#define VALUE_OPT_ENET_VLAN      0x100E
-#define VALUE_OPT_ENET_VLAN_TAG  0x100F
+#define VALUE_OPT_ENET_VLAN      0x100F
+#define VALUE_OPT_ENET_VLAN_TAG  0x1010
 
 #define OPT_VALUE_ENET_VLAN_TAG  (DESC(ENET_VLAN_TAG).optArg.argInt)
-#define VALUE_OPT_ENET_VLAN_CFI  0x1010
+#define VALUE_OPT_ENET_VLAN_CFI  0x1011
 
 #define OPT_VALUE_ENET_VLAN_CFI  (DESC(ENET_VLAN_CFI).optArg.argInt)
-#define VALUE_OPT_ENET_VLAN_PRI  0x1011
+#define VALUE_OPT_ENET_VLAN_PRI  0x1012
 
 #define OPT_VALUE_ENET_VLAN_PRI  (DESC(ENET_VLAN_PRI).optArg.argInt)
-#define VALUE_OPT_HDLC_CONTROL   0x1012
+#define VALUE_OPT_HDLC_CONTROL   0x1013
 
 #define OPT_VALUE_HDLC_CONTROL   (DESC(HDLC_CONTROL).optArg.argInt)
-#define VALUE_OPT_HDLC_ADDRESS   0x1013
+#define VALUE_OPT_HDLC_ADDRESS   0x1014
 
 #define OPT_VALUE_HDLC_ADDRESS   (DESC(HDLC_ADDRESS).optArg.argInt)
-#define VALUE_OPT_USER_DLT       0x1014
+#define VALUE_OPT_USER_DLT       0x1015
 
 #define OPT_VALUE_USER_DLT       (DESC(USER_DLT).optArg.argInt)
-#define VALUE_OPT_USER_DLINK     0x1015
+#define VALUE_OPT_USER_DLINK     0x1016
 #define VALUE_OPT_DBUG           'd'
 #ifdef DEBUG
 #define OPT_VALUE_DBUG           (DESC(DBUG).optArg.argInt)
@@ -237,7 +241,7 @@ typedef enum {
 #define VALUE_OPT_INTF1          'i'
 #define VALUE_OPT_INTF2          'I'
 #define VALUE_OPT_UNIDIR         'u'
-#define VALUE_OPT_LISTNICS       0x1016
+#define VALUE_OPT_LISTNICS       0x1017
 #define VALUE_OPT_LIMIT          'L'
 
 #define OPT_VALUE_LIMIT          (DESC(LIMIT).optArg.argInt)
@@ -248,7 +252,7 @@ typedef enum {
 #define VALUE_OPT_VERBOSE        'v'
 #ifdef ENABLE_VERBOSE
 #define SET_OPT_VERBOSE   STMTS( \
-        DESC(VERBOSE).optActualIndex = 43; \
+        DESC(VERBOSE).optActualIndex = 44; \
         DESC(VERBOSE).optActualValue = VALUE_OPT_VERBOSE; \
         DESC(VERBOSE).fOptState &= OPTST_PERSISTENT_MASK; \
         DESC(VERBOSE).fOptState |= OPTST_SET )
@@ -261,9 +265,9 @@ typedef enum {
 /** option flag (value) for more-help-value option */
 #define VALUE_OPT_MORE_HELP     '!'
 /** option flag (value) for save-opts-value option */
-#define VALUE_OPT_SAVE_OPTS     0x1017
+#define VALUE_OPT_SAVE_OPTS     0x1018
 /** option flag (value) for load-opts-value option */
-#define VALUE_OPT_LOAD_OPTS     0x1018
+#define VALUE_OPT_LOAD_OPTS     0x1019
 #define SET_OPT_SAVE_OPTS(a)   STMTS( \
         DESC(SAVE_OPTS).fOptState &= OPTST_PERSISTENT_MASK; \
         DESC(SAVE_OPTS).fOptState |= OPTST_SET; \

+ 1 - 1
src/tcpcapinfo.1

@@ -10,7 +10,7 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH tcpcapinfo 1 "26 Apr 2017" "Tcpreplay Suite" "User Commands"
+.TH tcpcapinfo 1 "08 May 2017" "Tcpreplay Suite" "User Commands"
 .\"
 .\" DO NOT EDIT THIS FILE (in-mem file)
 .\"

+ 1 - 1
src/tcpedit/checksum.c

@@ -49,7 +49,7 @@ do_checksum(tcpedit_t *tcpedit, uint8_t *data, int proto, int len) {
     ipv6 = NULL;
     assert(data);
 
-    if (!data || len <= 0) {
+    if (!data || len <= 0 || len > 65535) {
         tcpedit_setwarn(tcpedit, "%s", "Unable to checksum packets with no L3+ data");
         return TCPEDIT_WARN;
     }

+ 11 - 7
src/tcpedit/edit_packet.c

@@ -58,7 +58,7 @@ static int ipv6_header_length(ipv6_hdr_t const * ip6_hdr, int pkt_len);
 int
 fix_ipv4_checksums(tcpedit_t *tcpedit, struct pcap_pkthdr *pkthdr, ipv4_hdr_t *ip_hdr)
 {
-    int ret1 = 0, ret2 = 0;
+    int ret1 = 0, ret2 = 0, ip_len;
     assert(tcpedit);
     assert(pkthdr);
     assert(ip_hdr);
@@ -70,14 +70,16 @@ fix_ipv4_checksums(tcpedit_t *tcpedit, struct pcap_pkthdr *pkthdr, ipv4_hdr_t *i
         if (ntohs(ip_hdr->ip_len) < (ip_hdr->ip_hl << 2))
             return TCPEDIT_WARN;
 
-        ret1 = do_checksum(tcpedit, (u_char *) ip_hdr, 
-                ip_hdr->ip_p, ntohs(ip_hdr->ip_len) - (ip_hdr->ip_hl << 2));
+        ip_len = (int)ntohs(ip_hdr->ip_len);
+        ret1 = do_checksum(tcpedit, (u_char *) ip_hdr, ip_hdr->ip_p,
+                ip_len - (ip_hdr->ip_hl << 2));
         if (ret1 < 0)
             return TCPEDIT_ERROR;
     }
     
     /* calc IP checksum */
-    ret2 = do_checksum(tcpedit, (u_char *) ip_hdr, IPPROTO_IP, ntohs(ip_hdr->ip_len));
+    ip_len = (int)ntohs(ip_hdr->ip_len);
+    ret2 = do_checksum(tcpedit, (u_char *) ip_hdr, IPPROTO_IP, ip_len);
     if (ret2 < 0)
         return TCPEDIT_ERROR;
 
@@ -240,7 +242,7 @@ static void ipv6_addr_csum_replace(ipv6_hdr_t *ip6_hdr,
     uint8_t *l4 = NULL, protocol;
     assert(ip6_hdr);
 
-      protocol = get_ipv6_l4proto(ip6_hdr, 65536);;
+    protocol = get_ipv6_l4proto(ip6_hdr, 65536);
     if (protocol == IPPROTO_TCP || protocol == IPPROTO_UDP ||
             protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMP6)
         l4 = get_layer4_v6(ip6_hdr, 65536);
@@ -509,6 +511,7 @@ extract_data(tcpedit_t *tcpedit, const u_char *pktdata, int caplen,
     tcp_hdr_t *tcp_hdr = NULL;
     u_char ipbuff[MAXPACKET];
     u_char *dataptr = NULL;
+    int ip_len;
     
     assert(tcpedit);
     assert(pktdata);
@@ -524,8 +527,9 @@ extract_data(tcpedit_t *tcpedit, const u_char *pktdata, int caplen,
      * figure out the actual datalen which might be < the caplen
      * due to ethernet padding 
      */
-    if (caplen > ntohs(ip_hdr->ip_len)) {
-        datalen = ntohs(ip_hdr->ip_len);
+    ip_len = (int)ntohs(ip_hdr->ip_len);
+    if (caplen > ip_len) {
+        datalen = ip_len;
     } else {
         datalen = caplen - tcpedit->dlt_ctx->l2len;
     }

+ 238 - 205
src/tcpedit/fuzzing.c

@@ -11,13 +11,17 @@
 #include "tcpedit/tcpedit.h"
 
 static unsigned int fuzz_seed;
+static unsigned int fuzz_factor;
 static unsigned int fuzz_running;
 
 
 void
-fuzzing_init(unsigned int _fuzz_seed)
+fuzzing_init(uint32_t _fuzz_seed, uint32_t _fuzz_factor)
 {
+    assert(_fuzz_factor);
+
     fuzz_seed = _fuzz_seed;
+    fuzz_factor = _fuzz_factor;
     fuzz_running = 1;
 }
 
@@ -25,29 +29,34 @@ fuzzing_init(unsigned int _fuzz_seed)
 static inline int
 fuzz_get_sgt_size(uint32_t r, uint32_t caplen)
 {
-    if (0 == caplen) {
+    if (0 == caplen)
         return 0;
-    }
-    if (caplen <= SGT_MAX_SIZE) {
+
+    if (caplen <= SGT_MAX_SIZE)
         /* packet too small, fuzzing only one byte */
         return 1;
-    }
+
     /* return random value between 1 and SGT_MAX_SIZE */
     return (1 + (r % (SGT_MAX_SIZE - 1)));
 }
 
 static inline int
-fuzz_reduce_packet_size(tcpedit_t * tcpedit, struct pcap_pkthdr * pkthdr,
-        COUNTER new_len)
+fuzz_reduce_packet_size(tcpedit_t *tcpedit, struct pcap_pkthdr *pkthdr,
+        uint32_t new_len)
 {
-    assert(new_len <= pkthdr->len);
-
     if (pkthdr->len < pkthdr->caplen) {
-        tcpedit_seterr(tcpedit, "%s", "Packet larger than capture len.");
+        tcpedit_seterr(tcpedit, "Packet length %u smaller than capture length %u",
+                pkthdr->len, pkthdr->caplen);
         return -1;
     }
 
-    if (new_len == pkthdr->len) {
+    if (new_len > pkthdr->caplen) {
+        tcpedit_seterr(tcpedit, "Cannot fuzz packet of capture length %u to length %u",
+                pkthdr->caplen, new_len);
+        return -1;
+    }
+
+    if (new_len == pkthdr->caplen) {
         return 0;
     }
 
@@ -60,222 +69,246 @@ fuzz_reduce_packet_size(tcpedit_t * tcpedit, struct pcap_pkthdr * pkthdr,
     return 1;
 }
 
-
-static inline int
-fuzz_get_datalen(tcpedit_t * tcpedit, struct pcap_pkthdr * pkthdr,
-        u_char ** pktdata)
+int
+fuzzing(tcpedit_t *tcpedit, struct pcap_pkthdr *pkthdr,
+        u_char **pktdata)
 {
-    int datalen;
+    int packet_changed = 0;
+    uint32_t r, s;
+    uint16_t l2proto;
     uint8_t l4proto;
-    u_char * l3data, * l4data;
+    u_char *packet, *l3data, *l4data;
+    tcpeditdlt_plugin_t *plugin;
+    int caplen, l2len, l4len;
+    tcpeditdlt_t *ctx;
 
-    datalen = pkthdr->len;
+    assert(tcpedit);
+    assert(pkthdr);
+    assert(*pktdata);
 
-    l3data = tcpedit->dlt_ctx->encoder->plugin_get_layer3(tcpedit->dlt_ctx,
-            *pktdata, pkthdr->caplen);
-    if (l3data == NULL) {
-        return -1;
-    }
-    datalen -= l3data - *pktdata;
+    if (!fuzz_running)
+        goto done;
 
-    if (datalen <= 0) {
-        return -1;
-    }
+    assert(fuzz_factor);
 
-    /* switch on layer 2 */
-    switch (ntohs(tcpedit->dlt_ctx->proto))
+    /*
+     * Determine if this is one of the packets that is going to be altered.
+     * No fuzzing for the other 7 out of 8 packets
+     */
+    r = tcpr_random(&fuzz_seed);
+    if ((r % fuzz_factor) != 0)
+        goto done;
+
+    /* initializations */
+    ctx = tcpedit->dlt_ctx;
+    packet = *pktdata;
+    caplen = pkthdr->caplen;
+    plugin = tcpedit->dlt_ctx->encoder;
+    l2len = plugin->plugin_l2len(ctx, packet, caplen);
+    l2proto = ntohs(ctx->proto);
+    if (caplen < l2len)
+        goto done;
+
+    /*
+     * Get a pointer to the network layer
+     *
+     * Note that this pointer may be in a working buffer and not on directly
+     * to '*pktdata'. All alterations are done in this buffer, which later
+     * will be copied back to '*pktdata', if necessary
+     */
+    l3data = plugin->plugin_get_layer3(ctx, packet, caplen);
+    if (!l3data)
+        goto done;
+
+    l4len = caplen - l2len;
+    switch (l2proto) {
+    case (ETHERTYPE_IP):
     {
-        /* TODO: ntohs on constants could be done at compile time */
-        case (ETHERTYPE_IP):
-            {
-                l4data = get_layer4_v4((ipv4_hdr_t*) l3data, datalen);
-                if (l4data == NULL) {
-                    return -1;
-                }
-                l4proto = ((ipv4_hdr_t *) l3data)->ip_p;
-                break;
-            }
-        case (ETHERTYPE_IP6):
-            {
-                l4data = get_layer4_v6((ipv6_hdr_t*) l3data, datalen);
-                if (l4data == NULL) {
-                    return -1;
-                }
-                l4proto = ((ipv6_hdr_t *) l3data)->ip_nh;
-                break;
-            }
-        default:
-            /* apply fuzzing on unknown packet types */
-            return datalen;
+        l4data = get_layer4_v4((ipv4_hdr_t*)l3data, caplen);
+        if (!l4data)
+            goto done;
+
+        l4proto = ((ipv4_hdr_t *)l3data)->ip_p;
+        break;
+    }
+    case (ETHERTYPE_IP6): {
+        l4data = get_layer4_v6((ipv6_hdr_t*)l3data, caplen);
+        if (!l4data)
+            goto done;
+
+        l4proto = ((ipv6_hdr_t *)l3data)->ip_nh;
+        break;
     }
+    default:
+        /* apply fuzzing on unknown packet types */
+       l4data = l3data;
+       l4proto = IPPROTO_RAW;
 
-    datalen -= (l4data - l3data);
+    }
 
-    /* switch on layer 3 */
+    /* adjust payload length based on layer 3 protocol */
     switch (l4proto) {
-        case IPPROTO_TCP:
-            datalen -= sizeof(tcp_hdr_t);
-            break;
-        case IPPROTO_UDP:
-            datalen -= sizeof(udp_hdr_t);
-            break;
+    case IPPROTO_TCP:
+        l4len -= sizeof(tcp_hdr_t);
+        break;
+    case IPPROTO_UDP:
+        l4len -= sizeof(udp_hdr_t);
+        break;
     }
 
-    return datalen;
-}
+    if (l4len < 1)
+        goto done;
 
-int
-fuzzing(tcpedit_t * tcpedit, struct pcap_pkthdr * pkthdr,
-        u_char ** _pktdata)
-{
-    int packet_changed;
-    uint32_t r;
-    unsigned int * len;
-    int datalen;
-    u_char * pktdata;
+    /* add some additional randomization */
+    r ^= r >> 16;
 
-    assert(tcpedit != NULL);
-    assert(pkthdr != NULL);
-    assert(_pktdata != NULL);
+    s = r % FUZZING_TOTAL_ACTION_NUMBER;
 
-    if (fuzz_running == 0) {
-        return 0;
+    dbgx(3, "packet fuzzed : %d", s);
+    switch (s) {
+    case FUZZING_DROP_PACKET:
+    {
+        /* simulate dropping the packet */
+        if (fuzz_reduce_packet_size(tcpedit, pkthdr, 0) < 0)
+            /* could not change packet size, so packet left unchanged */
+            goto done;
+
+        packet_changed = 1;
+        break;
+    }
+    case FUZZING_REDUCE_SIZE:
+    {
+        /* reduce packet size */
+        uint32_t new_len = (r % ((l4len) - 1)) + 1;
+        if (fuzz_reduce_packet_size(tcpedit, pkthdr, new_len) < 0)
+            /* could not change packet size, so packet left unchanged */
+            goto done;
+
+        packet_changed = 1;
+        break;
+    }
+    case FUZZING_CHANGE_START_ZERO:
+    {
+        /* fuzz random-size segment at the beginning of the packet with 0x00 */
+        uint32_t sgt_size = fuzz_get_sgt_size(r, l4len);
+        memset(l4data, 0x00, sgt_size);
+        packet_changed = 1;
+        break;
+    }
+    case FUZZING_CHANGE_START_RANDOM:
+    {
+        /*
+         * fuzz random-size segment at the beginning of the packet payload
+         * with random bytes
+         */
+        int i;
+        uint32_t sgt_size = fuzz_get_sgt_size(r, l4len);
+        if (!sgt_size)
+            goto done;
+
+        for (i = 0; i < sgt_size; i++)
+            l4data[i] = l4data[i] ^ (u_char)(r >> 4);
+
+        packet_changed = 1;
+        break;
+    }
+    case FUZZING_CHANGE_START_FF:
+    {
+        /*
+         * fuzz random-size segment at the beginning of the packet
+         * payload with 0xff
+         */
+        uint32_t sgt_size = fuzz_get_sgt_size(r, l4len);
+        if (!sgt_size)
+            goto done;
+
+        memset(l4data, 0xff, sgt_size);
+        packet_changed = 1;
+        break;
+    }
+    case FUZZING_CHANGE_MID_ZERO:
+    {
+        /* fuzz random-size segment inside the packet payload with 0x00 */
+        uint32_t offset = ((r >> 16) % (l4len - 1)) + 1;
+        uint32_t sgt_size = fuzz_get_sgt_size(r, l4len - offset);
+        if (!sgt_size)
+            goto done;
+
+        memset(l4data + offset, 0x00, sgt_size);
+        packet_changed = 1;
+        break;
     }
+    case FUZZING_CHANGE_MID_FF:
+    {
+        /* fuzz random-size segment inside the packet payload with 0xff */
+        uint32_t offset = ((r >> 16) % (l4len - 1)) + 1;
+        uint32_t sgt_size = fuzz_get_sgt_size(r, l4len - offset);
+        if (!sgt_size)
+            goto done;
+
+        memset(l4data + offset, 0xff, sgt_size);
+        packet_changed = 1;
+        break;
+    }
+    case FUZZING_CHANGE_END_ZERO:
+    {
+        /* fuzz random-sized segment at the end of the packet payload with 0x00 */
+        uint32_t sgt_size = fuzz_get_sgt_size(r, l4len);
+        if (!sgt_size)
+            goto done;
+
+        memset(l4data + l4len - sgt_size, 0x00, sgt_size);
+        packet_changed = 1;
+        break;
+    }
+    case FUZZING_CHANGE_END_RANDOM:
+    {
+        /* fuzz random-sized segment at the end of the packet with random Bytes */
+        int i;
+        uint32_t sgt_size = fuzz_get_sgt_size(r, l4len);
+        if (!sgt_size)
+            goto done;
 
-    len = &(pkthdr->caplen);
-    packet_changed = 0;
+        for (i = (l4len - sgt_size); i < l4len; i++)
+            l4data[i] = l4data[i] ^ (u_char)(r >> 4);
 
-    /* skip packets without payload */
-    datalen = fuzz_get_datalen(tcpedit, pkthdr, _pktdata);
-    if (datalen <= 0 || datalen >= *len) {
-        return 0;
+        packet_changed = 1;
+        break;
+    }
+    case FUZZING_CHANGE_END_FF:
+    {
+        /* fuzz random-sized segment at the end of the packet with 0xff00 */
+        uint32_t sgt_size = fuzz_get_sgt_size(r, l4len);
+        if (!sgt_size)
+            goto done;
+
+        memset(l4data + l4len - sgt_size, 0xff, sgt_size);
+        packet_changed = 1;
+        break;
     }
 
-    r = rand();
-    r = tcpr_random(&fuzz_seed);
-    pktdata = *_pktdata + (*len - datalen);
-
-    /* TODO sktip ip/tcp/udp headers */
-
-    /* Randomly select one out of 8 packets */
-    if (((r >> 13) & 0x7) == 0 && (*len) > 1) {
-        uint32_t s;
-
-        s = (r >> 9) & FUZZING_TOTAL_ACTION_NUMBER_MASK;
-
-        dbgx(3, "packet fuzzed : %d", s);
-        switch (s) {
-            case FUZZING_DROP_PACKET:
-                {
-                    /* simulate droping the packet */
-                    packet_changed = fuzz_reduce_packet_size(tcpedit, pkthdr, 0);
-                    if (packet_changed < 0) {
-                        /* could not change packet size, so packet left unchanged */
-                        return 0;
-                    }
-                }
-                break;
-            case FUZZING_REDUCE_SIZE:
-                {
-                    /* reduce packet size */
-                    uint32_t new_len = (r % ((*len) - 1)) + 1;
-                    packet_changed = fuzz_reduce_packet_size(tcpedit, pkthdr, new_len);
-                    if (packet_changed < 0) {
-                        /* could not change packet size, so packet left unchanged */
-                        return 0;
-                    }
-                    packet_changed = 1;
-                }
-                break;
-            case FUZZING_CHANGE_START_ZERO:
-                {
-                    /* fuzz random-size segment at the begining of the packet with 0x00 */
-                    uint32_t sgt_size = fuzz_get_sgt_size(r, datalen);
-                    memset(pktdata, 0x00, sgt_size);
-                    packet_changed = 1;
-                }
-                break;
-            case FUZZING_CHANGE_START_RANDOM:
-                {
-                    /* fuzz random-size segment at the begining of the packet with random Bytes */
-                    int i;
-                    uint32_t sgt_size = fuzz_get_sgt_size(r, datalen);
-                    for (i = 0; i < sgt_size; i++) {
-                        pktdata[i] = pktdata[i] ^ (r >> 4);
-                    }
-                    packet_changed = 1;
-                }
-                break;
-            case FUZZING_CHANGE_START_FF:
-                {
-                    /* fuzz random-size segment at the begining of the packet with 0xff */
-                    uint32_t sgt_size = fuzz_get_sgt_size(r, datalen);
-                    memset(pktdata, 0xff, sgt_size);
-                    packet_changed = 1;
-                }
-                break;
-            case FUZZING_CHANGE_MID_ZERO:
-                {
-                    /* fuzz random-size segment inside the packet with 0x00 */
-                    uint32_t offset = ((r >> 16) % ((*len) - 1)) + 1;
-                    uint32_t sgt_size = fuzz_get_sgt_size(r, datalen - offset);
-                    memset(pktdata + offset, 0x00, sgt_size);
-                    packet_changed = 1;
-                }
-                break;
-            case FUZZING_CHANGE_MID_FF:
-                {
-                    /* fuzz random-size segment inside the packet with 0xff */
-                    uint32_t offset = ((r >> 16) % ((*len) - 1)) + 1;
-                    uint32_t sgt_size = fuzz_get_sgt_size(r, datalen - offset);
-                    memset(pktdata + offset, 0xff, sgt_size);
-                    packet_changed = 1;
-                }
-                break;
-            case FUZZING_CHANGE_END_ZERO:
-                {
-                    /* fuzz random-sized segment at the end of the packet with 0x00 */
-                    uint32_t sgt_size = fuzz_get_sgt_size(r, datalen);
-                    memset(pktdata + (*len) - sgt_size, 0x00, sgt_size);
-                    packet_changed = 1;
-                }
-                break;
-            case FUZZING_CHANGE_END_RANDOM:
-                {
-                    /* fuzz random-sized segment at the end of the packet with random Bytes */
-                    int i;
-                    uint32_t sgt_size = fuzz_get_sgt_size(r, datalen);
-                    for (i = ((*len) - sgt_size); i < (*len); i++) {
-                        pktdata[i] = pktdata[i] ^ (r >> 4);
-                    }
-                    packet_changed = 1;
-                }
-                break;
-            case FUZZING_CHANGE_END_FF:
-                {
-                    /* fuzz random-sized segment at the end of the packet with 0xff00 */
-                    uint32_t sgt_size = fuzz_get_sgt_size(r, datalen);
-                    memset(pktdata + (*len) - sgt_size, 0xff, sgt_size);
-                    packet_changed = 1;
-                }
-                break;
-
-            default:
-            case FUZZING_CHANGE_MID_RANDOM:
-                {
-                    /* fuzz random-size segment inside the packet with random Bytes */
-                    int i;
-                    uint32_t offset = ((r >> 16) % ((*len) - 1)) + 1;
-                    uint32_t sgt_size = fuzz_get_sgt_size(r, datalen - offset);
-                    for (i = offset; i < offset + sgt_size; i++) {
-                        pktdata[i] = pktdata[i] ^ (r >> 4);
-                    }
-                    packet_changed = 1;
-                }
-                break;
-        }
+    case FUZZING_CHANGE_MID_RANDOM:
+    {
+        /* fuzz random-size segment inside the packet with random Bytes */
+        int i;
+        uint32_t offset = ((r >> 16) % (l4len - 1)) + 1;
+        uint32_t sgt_size = fuzz_get_sgt_size(r, l4len - offset);
+        if (!sgt_size)
+            goto done;
+
+        for (i = offset; i < offset + sgt_size; i++)
+            l4data[i] = l4data[i] ^ (u_char)(r >> 4);
+
+        packet_changed = 1;
+        break;
+    }
+    default:
+        assert(false);
     }
 
-    /* No fuzzing for the other 7 out of 8 packets */
+    /* in cases where 'l3data' is a working buffer, copy it back to '*pkthdr' */
+    plugin->plugin_merge_layer3(ctx, packet, caplen, l3data);
+
+done:
     return packet_changed;
 }

+ 2 - 2
src/tcpedit/fuzzing.h

@@ -19,14 +19,14 @@ enum {
     FUZZING_CHANGE_END_ZERO,
     FUZZING_CHANGE_END_RANDOM,
     FUZZING_CHANGE_END_FF,
+    FUZZING_TOTAL_ACTION_NUMBER /* always last */
 };
-#define FUZZING_TOTAL_ACTION_NUMBER_MASK (0xf)
 
 /**
  * init fuzz seed and allocate buffer.
  */
 void
-fuzzing_init(unsigned int fuzz_seed);
+fuzzing_init(uint32_t _fuzz_seed, uint32_t _fuzz_factor);
 
 /*
  * fuzz packet data.

+ 4 - 1
src/tcpedit/parse_args.c

@@ -210,6 +210,7 @@ tcpedit_post_args(tcpedit_t *tcpedit) {
     } else if (HAVE_OPT(FUZZ_SEED)) {
         /* --fuzz-seed */
         seed = OPT_VALUE_FUZZ_SEED;
+        tcpedit->fuzz_factor = OPT_VALUE_FUZZ_FACTOR;
     }
 
     for (i = 0; i < 5; ++i) {
@@ -220,7 +221,9 @@ tcpedit_post_args(tcpedit_t *tcpedit) {
     if (HAVE_OPT(SEED)) {
         tcpedit->rewrite_ip = true;
         tcpedit->seed = seed;
-    }  if (HAVE_OPT(FUZZ_SEED)) {
+    }
+
+    if (HAVE_OPT(FUZZ_SEED)) {
         /* --fuzz-seed */
         tcpedit->fuzz_seed = seed;
     }

+ 1 - 3
src/tcpedit/plugins/dlt_en10mb/en10mb.c

@@ -148,7 +148,7 @@ dlt_en10mb_cleanup(tcpeditdlt_t *ctx)
 int
 dlt_en10mb_parse_subsmac_entry(const char *raw, en10mb_sub_entry_t *entry)
 {
-    char  *candidate = safe_strndup(raw, SUBSMAC_ENTRY_LEN);
+    char  *candidate = safe_strdup(raw);
     int parse_result = dualmac2hex(candidate, entry->target, entry->rewrite, SUBSMAC_ENTRY_LEN);
 
     free(candidate);
@@ -728,8 +728,6 @@ dlt_en10mb_l2len(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
     assert(ctx);
     assert(packet);
 
-    
-    l2len = -1;
     eth = (struct tcpr_ethernet_hdr *)packet;
     switch (ntohs(eth->ether_type)) {
         case ETHERTYPE_VLAN:

+ 1 - 1
src/tcpedit/plugins/dlt_utils.c

@@ -192,7 +192,7 @@ tcpedit_dlt_validate(tcpeditdlt_t *ctx)
 /*
  * Utility function to extract the Layer 3 header and beyond in a single buffer
  * Since some CPU's like UltraSPARC are strictly aligned, they really don't like
- * it when you jump to an offset which isn't on a word boundry (like ethernet)
+ * it when you jump to an offset which isn't on a word boundary (like ethernet)
  */
 u_char *
 tcpedit_dlt_l3data_copy(tcpeditdlt_t *ctx, u_char *packet, int pktlen, int l2len)

+ 5 - 2
src/tcpedit/portmap.c

@@ -101,7 +101,7 @@ ports2PORT(char *ports)
      * to do it once now, rather then each time we have to do a lookup
      */
     portmap_head = new_portmap();
-    portmap = portmap_head;
+    portmap = portmap_last = portmap_head;
 
     /* process a range, setting from_begin & from_end */
     if (strchr(from_s, '-')) {
@@ -132,6 +132,7 @@ ports2PORT(char *ports)
         }
         portmap_last->next = NULL;
         free(portmap);
+        portmap = portmap_head = NULL;
     }
     /* process a list via +, filling in list[] */
     else if (strchr(from_s, '+')) {
@@ -197,8 +198,10 @@ parse_portmap(tcpedit_portmap_t ** portmap, const char *ourstr)
     /* first iteration of input */
     substr = strtok_r(ourstrcpy, ",", &token);
 
-    if ((*portmap = ports2PORT(substr)) == NULL)
+    if ((*portmap = ports2PORT(substr)) == NULL) {
+        safe_free(ourstrcpy);
         return 0;
+    }
 
     portmap_ptr = *portmap;
 

+ 2 - 0
src/tcpedit/tcpedit.c

@@ -329,6 +329,8 @@ tcpedit_init(tcpedit_t **tcpedit_ex, int dlt)
 
     tcpedit->mtu = DEFAULT_MTU; /* assume 802.3 Ethernet */
 
+    tcpedit->fuzz_factor = DEFAULT_FUZZ_FACTOR;
+
     /* disabled by default */
     tcpedit->tos = -1;
     tcpedit->tclass = -1;

+ 21 - 6
src/tcpedit/tcpedit_opts.def

@@ -26,7 +26,7 @@ flag = {
     name        = portmap;
     value       = r;
     arg-type    = string;
-    max         = -1;
+    max         = 9999;
     stack-arg;
     descrip     = "Rewrite TCP/UDP ports";
     doc         = <<- EOText
@@ -276,13 +276,13 @@ flag = {
     arg-type    = number;
     arg-default = 0;
     arg-range   = "0->";
-    descrip     = "Fuzz 1/8 packet. Edit Bytes, length, or emulate packet drop";
+    descrip     = "Fuzz 1 in X packets. Edit bytes, length, or emulate packet drop";
     doc         = <<- EOText
 This fuzzing was designed as to test layer 7 protocols such as voip protocols.
-It modifies randomly 1 out of 8 packets in order for stateful protocols to cover
-more of their code.  The random fuzzing actions focus on data start and end
-because it often is the part of the data application protocols base their
-decisions on.
+It modifies randomly 1 out of X packets (where X = @var{--fuzz-factor}) in order 
+for stateful protocols to cover more of their code.  The random fuzzing actions 
+focus on data start and end because it often is the part of the data application 
+protocols base their decisions on.
 
 Possible fuzzing actions list:
  * drop packet
@@ -297,4 +297,19 @@ Possible fuzzing actions list:
 EOText;
 };
 
+flag = {
+    name        = fuzz-factor;
+    flags-must   = fuzz-seed;
+    arg-type    = number;
+    arg-default = 8;
+    arg-range   = "1->";
+    descrip     = "Set the Fuzz 1 in X packet ratio (default 1 in 8 packets)";
+    doc         = <<- EOText
+Sets the ratio of for @var{--fuzz-seed} option. By default this value is 8,
+which means 1 in 8 packets are modified by fuzzing. Note that this ratio is
+based on the random number genereated by the supplied fuzz seed. Therefore by
+default you cannot expect that exactly every eighth packet will be modified. 
+EOText;
+};
+
 #include plugins/dlt_stub.def

+ 35 - 31
src/tcpedit/tcpedit_stub.h

@@ -47,25 +47,26 @@ typedef enum {
     INDEX_OPT_FLOWLABEL                 = 15,
     INDEX_OPT_FIXLEN                    = 16,
     INDEX_OPT_FUZZ_SEED                 = 17,
-    INDEX_OPT_SKIPL2BROADCAST           = 18,
-    INDEX_OPT_DLT                       = 19,
-    INDEX_OPT_ENET_DMAC                 = 20,
-    INDEX_OPT_ENET_SMAC                 = 21,
-    INDEX_OPT_ENET_SUBSMAC              = 22,
-    INDEX_OPT_ENET_MAC_SEED             = 23,
-    INDEX_OPT_ENET_MAC_SEED_KEEP_BYTES  = 24,
-    INDEX_OPT_ENET_VLAN                 = 25,
-    INDEX_OPT_ENET_VLAN_TAG             = 26,
-    INDEX_OPT_ENET_VLAN_CFI             = 27,
-    INDEX_OPT_ENET_VLAN_PRI             = 28,
-    INDEX_OPT_HDLC_CONTROL              = 29,
-    INDEX_OPT_HDLC_ADDRESS              = 30,
-    INDEX_OPT_USER_DLT                  = 31,
-    INDEX_OPT_USER_DLINK                = 32,
+    INDEX_OPT_FUZZ_FACTOR               = 18,
+    INDEX_OPT_SKIPL2BROADCAST           = 19,
+    INDEX_OPT_DLT                       = 20,
+    INDEX_OPT_ENET_DMAC                 = 21,
+    INDEX_OPT_ENET_SMAC                 = 22,
+    INDEX_OPT_ENET_SUBSMAC              = 23,
+    INDEX_OPT_ENET_MAC_SEED             = 24,
+    INDEX_OPT_ENET_MAC_SEED_KEEP_BYTES  = 25,
+    INDEX_OPT_ENET_VLAN                 = 26,
+    INDEX_OPT_ENET_VLAN_TAG             = 27,
+    INDEX_OPT_ENET_VLAN_CFI             = 28,
+    INDEX_OPT_ENET_VLAN_PRI             = 29,
+    INDEX_OPT_HDLC_CONTROL              = 30,
+    INDEX_OPT_HDLC_ADDRESS              = 31,
+    INDEX_OPT_USER_DLT                  = 32,
+    INDEX_OPT_USER_DLINK                = 33,
         LIBRARY_OPTION_COUNT
 } teOptIndex;
 /** count of all options for tcpedit_stub */
-#define OPTION_CT    33
+#define OPTION_CT    34
 
 /**
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
@@ -147,37 +148,40 @@ typedef enum {
 #define VALUE_OPT_FUZZ_SEED      0x1006
 
 #define OPT_VALUE_FUZZ_SEED      (DESC(FUZZ_SEED).optArg.argInt)
-#define VALUE_OPT_SKIPL2BROADCAST 0x1007
-#define VALUE_OPT_DLT            0x1008
-#define VALUE_OPT_ENET_DMAC      0x1009
-#define VALUE_OPT_ENET_SMAC      0x100A
-#define VALUE_OPT_ENET_SUBSMAC   0x100B
-#define VALUE_OPT_ENET_MAC_SEED  0x100C
+#define VALUE_OPT_FUZZ_FACTOR    0x1007
+
+#define OPT_VALUE_FUZZ_FACTOR    (DESC(FUZZ_FACTOR).optArg.argInt)
+#define VALUE_OPT_SKIPL2BROADCAST 0x1008
+#define VALUE_OPT_DLT            0x1009
+#define VALUE_OPT_ENET_DMAC      0x100A
+#define VALUE_OPT_ENET_SMAC      0x100B
+#define VALUE_OPT_ENET_SUBSMAC   0x100C
+#define VALUE_OPT_ENET_MAC_SEED  0x100D
 
 #define OPT_VALUE_ENET_MAC_SEED  (DESC(ENET_MAC_SEED).optArg.argInt)
-#define VALUE_OPT_ENET_MAC_SEED_KEEP_BYTES 0x100D
+#define VALUE_OPT_ENET_MAC_SEED_KEEP_BYTES 0x100E
 
 #define OPT_VALUE_ENET_MAC_SEED_KEEP_BYTES (DESC(ENET_MAC_SEED_KEEP_BYTES).optArg.argInt)
-#define VALUE_OPT_ENET_VLAN      0x100E
-#define VALUE_OPT_ENET_VLAN_TAG  0x100F
+#define VALUE_OPT_ENET_VLAN      0x100F
+#define VALUE_OPT_ENET_VLAN_TAG  0x1010
 
 #define OPT_VALUE_ENET_VLAN_TAG  (DESC(ENET_VLAN_TAG).optArg.argInt)
-#define VALUE_OPT_ENET_VLAN_CFI  0x1010
+#define VALUE_OPT_ENET_VLAN_CFI  0x1011
 
 #define OPT_VALUE_ENET_VLAN_CFI  (DESC(ENET_VLAN_CFI).optArg.argInt)
-#define VALUE_OPT_ENET_VLAN_PRI  0x1011
+#define VALUE_OPT_ENET_VLAN_PRI  0x1012
 
 #define OPT_VALUE_ENET_VLAN_PRI  (DESC(ENET_VLAN_PRI).optArg.argInt)
-#define VALUE_OPT_HDLC_CONTROL   0x1012
+#define VALUE_OPT_HDLC_CONTROL   0x1013
 
 #define OPT_VALUE_HDLC_CONTROL   (DESC(HDLC_CONTROL).optArg.argInt)
-#define VALUE_OPT_HDLC_ADDRESS   0x1013
+#define VALUE_OPT_HDLC_ADDRESS   0x1014
 
 #define OPT_VALUE_HDLC_ADDRESS   (DESC(HDLC_ADDRESS).optArg.argInt)
-#define VALUE_OPT_USER_DLT       0x1014
+#define VALUE_OPT_USER_DLT       0x1015
 
 #define OPT_VALUE_USER_DLT       (DESC(USER_DLT).optArg.argInt)
-#define VALUE_OPT_USER_DLINK     0x1015
+#define VALUE_OPT_USER_DLINK     0x1016
 /** option flag (value) for help-value option */
 #define VALUE_OPT_HELP          '?'
 /** option flag (value) for more-help-value option */

+ 1 - 0
src/tcpedit/tcpedit_types.h

@@ -157,6 +157,7 @@ typedef struct {
     int maxpacket;          /* L2 header + MTU */
 
     uint32_t fuzz_seed;
+    uint32_t fuzz_factor;
 } tcpedit_t;
 
 

+ 1 - 1
src/tcpliveplay.1

@@ -10,7 +10,7 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH tcpliveplay 1 "26 Apr 2017" "tcpliveplay" "User Commands"
+.TH tcpliveplay 1 "08 May 2017" "tcpliveplay" "User Commands"
 .\"
 .\" DO NOT EDIT THIS FILE (in-mem file)
 .\"

+ 8 - 2
src/tcpliveplay.c

@@ -158,6 +158,7 @@ main(int argc, char **argv)
     pcap_t *local_handle;
     char errbuf[PCAP_ERRBUF_SIZE];
     char ebuf[SENDPACKET_ERRBUF_SIZE];
+    int i;
 
     optionProcess(&tcpliveplayOptions, argc, argv); /*Process AutoOpts for manpage options*/
 
@@ -208,7 +209,7 @@ main(int argc, char **argv)
     /* Rewrites the given "*.pcap" file with all the new parameters and returns the number of packets */
     /* that need to be replayed */
     num_packets = rewrite(&new_remoteip, &new_remotemac, &myip, &mymac, argv[2], new_src_port);
-    if (num_packets < 0)
+    if (num_packets < 2)
         errx(-1, "Unable to rewrite PCAP file %s\n",argv[2]);
 
     /* create schedule & set it up */
@@ -219,6 +220,11 @@ main(int argc, char **argv)
     pkts_scheduled = setup_sched(sched);    /* Returns number of packets in schedule*/
 
     /* Set up the schedule struct to be relative numbers rather than absolute*/
+    for (i = 0; i < num_packets; i++) {
+        sched[i].exp_rseq = 0;
+        sched[i].exp_rack = 0;
+    }
+
     relative_sched(sched, sched[1].exp_rseq, num_packets);
     printf("Packets Scheduled %d\n", pkts_scheduled);
 
@@ -1182,7 +1188,7 @@ do_checksum_liveplay(u_int8_t *data, int proto, int len) {
     int ip_hl;
     volatile int sum;   // <-- volatile works around a PPC g++ bug
 
-    sum = 0;
+    sum;
     ipv4 = NULL;
 
     ipv4 = (ipv4_hdr *)data;

+ 2 - 2
src/tcpprep.1

@@ -10,7 +10,7 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH tcpprep 1 "26 Apr 2017" "tcpprep" "User Commands"
+.TH tcpprep 1 "08 May 2017" "tcpprep" "User Commands"
 .\"
 .\" DO NOT EDIT THIS FILE (in-mem file)
 .\"
@@ -167,7 +167,7 @@ features are reversed so that the flags specify clients and non-IP packets are c
 servers.
 .TP
 .NOP \f\*[B-Font]\-C\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-comment\f[]=\f\*[I-Font]string\f[]
-Embeded cache file comment.
+Embedded cache file comment.
 This option may appear up to 1 times.
 .sp
 Specify a comment to be imbedded within the output cache file and later

+ 8 - 6
src/tcpprep.c

@@ -84,18 +84,14 @@ main(int argc, char *argv[])
     int out_file;
     COUNTER totpackets = 0;
     char errbuf[PCAP_ERRBUF_SIZE];
-    int optct = 0;
     tcpprep_opt_t *options;
  
     tcpprep = tcpprep_init();
     options = tcpprep->options;
     
-    optct = optionProcess(&tcpprepOptions, argc, argv);
+    optionProcess(&tcpprepOptions, argc, argv);
     tcpprep_post_args(tcpprep, argc, argv);
 
-    argc -= optct;
-    argv += optct;
-
     /* open the cache file */
     if ((out_file = open(OPT_ARG(CACHEFILE), O_WRONLY | O_CREAT | O_TRUNC,
             S_IREAD | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH)) == -1)
@@ -177,7 +173,7 @@ main(int argc, char *argv[])
         }
 
         if (info)
-            notice("Buliding cache file...\n");
+            notice("Building cache file...\n");
         /* 
          * re-process files, but this time generate
          * cache 
@@ -598,6 +594,9 @@ print_info(const char *file)
     COUNTER count = 0, i;
 
     count = read_cache(&cachedata, file, &comment);
+    if (count > 65535)
+        exit(-1);
+
     for (i = 1; i <= count; i ++) {
         
         switch (check_cache(cachedata, i)) {
@@ -631,6 +630,9 @@ print_stats(const char *file)
     COUNTER pri = 0, sec = 0, nosend = 0;
     
     count = read_cache(&cachedata, file, &comment);
+    if (count > 65535)
+        exit(-1);
+
     for (COUNTER i = 1; i <= count; i ++) {
         int cacheval = check_cache(cachedata, i);
         switch (cacheval) {

+ 145 - 145
src/tcpprep_opts.c

@@ -75,7 +75,7 @@ extern tcpprep_t *tcpprep;
 /**
  *  static const strings for tcpprep options
  */
-static char const tcpprep_opt_strs[3077] =
+static char const tcpprep_opt_strs[3078] =
 /*     0 */ "tcpprep (tcpprep)\n"
             "Copyright (C) 2000-2017 Aaron Turner and Fred Klassen, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
@@ -112,81 +112,81 @@ static char const tcpprep_opt_strs[3077] =
 /*  1053 */ "Matches to be client instead of server\0"
 /*  1092 */ "REVERSE\0"
 /*  1100 */ "reverse\0"
-/*  1108 */ "Embeded cache file comment\0"
-/*  1135 */ "COMMENT\0"
-/*  1143 */ "comment\0"
-/*  1151 */ "Do not embed any cache file comment\0"
-/*  1187 */ "NO_ARG_COMMENT\0"
-/*  1202 */ "no-arg-comment\0"
-/*  1217 */ "Include only packets matching rule\0"
-/*  1252 */ "INCLUDE\0"
-/*  1260 */ "include\0"
-/*  1268 */ "Exclude any packet matching this rule\0"
-/*  1306 */ "EXCLUDE\0"
-/*  1314 */ "exclude\0"
-/*  1322 */ "Output cache file\0"
-/*  1340 */ "CACHEFILE\0"
-/*  1350 */ "cachefile\0"
-/*  1360 */ "Input pcap file to process\0"
-/*  1387 */ "PCAP\0"
-/*  1392 */ "pcap\0"
-/*  1397 */ "Print embedded comment in the specified cache file\0"
-/*  1448 */ "PRINT_COMMENT\0"
-/*  1462 */ "print-comment\0"
-/*  1476 */ "Print basic info from the specified cache file\0"
-/*  1523 */ "PRINT_INFO\0"
-/*  1534 */ "print-info\0"
-/*  1545 */ "Print statistical information about the specified cache file\0"
-/*  1606 */ "PRINT_STATS\0"
-/*  1618 */ "print-stats\0"
-/*  1630 */ "Load services file for server ports\0"
-/*  1666 */ "SERVICES\0"
-/*  1675 */ "services\0"
-/*  1684 */ "Send non-IP traffic out server interface\0"
-/*  1725 */ "NONIP\0"
-/*  1731 */ "nonip\0"
-/*  1737 */ "Ratio of client to server packets\0"
-/*  1771 */ "RATIO\0"
-/*  1777 */ "ratio\0"
-/*  1783 */ "2.0\0"
-/*  1787 */ "Minimum network mask length in auto mode\0"
-/*  1828 */ "MINMASK\0"
-/*  1836 */ "minmask\0"
-/*  1844 */ "Maximum network mask length in auto mode\0"
-/*  1885 */ "MAXMASK\0"
-/*  1893 */ "maxmask\0"
-/*  1901 */ "Print decoded packets via tcpdump to STDOUT\0"
-/*  1945 */ "VERBOSE\0"
-/*  1953 */ "verbose\0"
-/*  1961 */ "Arguments passed to tcpdump decoder\0"
-/*  1997 */ "DECODE\0"
-/*  2004 */ "decode\0"
-/*  2011 */ "Print version information\0"
-/*  2037 */ "VERSION\0"
-/*  2045 */ "version\0"
-/*  2053 */ "Display less usage information and exit\0"
-/*  2093 */ "LESS_HELP\0"
-/*  2103 */ "less-help\0"
-/*  2113 */ "display extended usage information and exit\0"
-/*  2157 */ "help\0"
-/*  2162 */ "extended usage information passed thru pager\0"
-/*  2207 */ "more-help\0"
-/*  2217 */ "save the option state to a config file\0"
-/*  2256 */ "save-opts\0"
-/*  2266 */ "load options from a config file\0"
-/*  2298 */ "LOAD_OPTS\0"
-/*  2308 */ "no-load-opts\0"
-/*  2321 */ "no\0"
-/*  2324 */ "TCPPREP\0"
-/*  2332 */ "tcpprep (tcpprep) - Create a tcpreplay cache cache file from a pcap file.\n"
+/*  1108 */ "Embedded cache file comment\0"
+/*  1136 */ "COMMENT\0"
+/*  1144 */ "comment\0"
+/*  1152 */ "Do not embed any cache file comment\0"
+/*  1188 */ "NO_ARG_COMMENT\0"
+/*  1203 */ "no-arg-comment\0"
+/*  1218 */ "Include only packets matching rule\0"
+/*  1253 */ "INCLUDE\0"
+/*  1261 */ "include\0"
+/*  1269 */ "Exclude any packet matching this rule\0"
+/*  1307 */ "EXCLUDE\0"
+/*  1315 */ "exclude\0"
+/*  1323 */ "Output cache file\0"
+/*  1341 */ "CACHEFILE\0"
+/*  1351 */ "cachefile\0"
+/*  1361 */ "Input pcap file to process\0"
+/*  1388 */ "PCAP\0"
+/*  1393 */ "pcap\0"
+/*  1398 */ "Print embedded comment in the specified cache file\0"
+/*  1449 */ "PRINT_COMMENT\0"
+/*  1463 */ "print-comment\0"
+/*  1477 */ "Print basic info from the specified cache file\0"
+/*  1524 */ "PRINT_INFO\0"
+/*  1535 */ "print-info\0"
+/*  1546 */ "Print statistical information about the specified cache file\0"
+/*  1607 */ "PRINT_STATS\0"
+/*  1619 */ "print-stats\0"
+/*  1631 */ "Load services file for server ports\0"
+/*  1667 */ "SERVICES\0"
+/*  1676 */ "services\0"
+/*  1685 */ "Send non-IP traffic out server interface\0"
+/*  1726 */ "NONIP\0"
+/*  1732 */ "nonip\0"
+/*  1738 */ "Ratio of client to server packets\0"
+/*  1772 */ "RATIO\0"
+/*  1778 */ "ratio\0"
+/*  1784 */ "2.0\0"
+/*  1788 */ "Minimum network mask length in auto mode\0"
+/*  1829 */ "MINMASK\0"
+/*  1837 */ "minmask\0"
+/*  1845 */ "Maximum network mask length in auto mode\0"
+/*  1886 */ "MAXMASK\0"
+/*  1894 */ "maxmask\0"
+/*  1902 */ "Print decoded packets via tcpdump to STDOUT\0"
+/*  1946 */ "VERBOSE\0"
+/*  1954 */ "verbose\0"
+/*  1962 */ "Arguments passed to tcpdump decoder\0"
+/*  1998 */ "DECODE\0"
+/*  2005 */ "decode\0"
+/*  2012 */ "Print version information\0"
+/*  2038 */ "VERSION\0"
+/*  2046 */ "version\0"
+/*  2054 */ "Display less usage information and exit\0"
+/*  2094 */ "LESS_HELP\0"
+/*  2104 */ "less-help\0"
+/*  2114 */ "display extended usage information and exit\0"
+/*  2158 */ "help\0"
+/*  2163 */ "extended usage information passed thru pager\0"
+/*  2208 */ "more-help\0"
+/*  2218 */ "save the option state to a config file\0"
+/*  2257 */ "save-opts\0"
+/*  2267 */ "load options from a config file\0"
+/*  2299 */ "LOAD_OPTS\0"
+/*  2309 */ "no-load-opts\0"
+/*  2322 */ "no\0"
+/*  2325 */ "TCPPREP\0"
+/*  2333 */ "tcpprep (tcpprep) - Create a tcpreplay cache cache file from a pcap file.\n"
             "Usage:  %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
-/*  2464 */ "$$/\0"
-/*  2468 */ ".tcppreprc\0"
-/*  2479 */ "tcpreplay-users@lists.sourceforge.net\0"
-/*  2517 */ "tcpprep is a 'pcap(3)' file pre-processor which creates a cache file which\n"
+/*  2465 */ "$$/\0"
+/*  2469 */ ".tcppreprc\0"
+/*  2480 */ "tcpreplay-users@lists.sourceforge.net\0"
+/*  2518 */ "tcpprep is a 'pcap(3)' file pre-processor which creates a cache file which\n"
             "provides \"rules\" for 'tcprewrite(1)' and 'tcpreplay(1)' on how to process\n"
             "and send packets.\n\0"
-/*  2685 */ "The basic operation of tcpreplay is to resend all packets from the input\n"
+/*  2686 */ "The basic operation of tcpreplay is to resend all packets from the input\n"
             "file(s) out a single file.  Tcpprep processes a pcap file and applies a set\n"
             "of user-specified rules to create a cache file which tells tcpreplay\n"
             "whether or not to send each packet and which interface the packet should be\n"
@@ -335,9 +335,9 @@ static int const aMacCantList[] = {
 /** Descriptive text for the comment option */
 #define COMMENT_DESC      (tcpprep_opt_strs+1108)
 /** Upper-cased name for the comment option */
-#define COMMENT_NAME      (tcpprep_opt_strs+1135)
+#define COMMENT_NAME      (tcpprep_opt_strs+1136)
 /** Name string for the comment option */
-#define COMMENT_name      (tcpprep_opt_strs+1143)
+#define COMMENT_name      (tcpprep_opt_strs+1144)
 /** Compiled in flag settings for the comment option */
 #define COMMENT_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
@@ -346,11 +346,11 @@ static int const aMacCantList[] = {
  *  no-arg-comment option description:
  */
 /** Descriptive text for the no-arg-comment option */
-#define NO_ARG_COMMENT_DESC      (tcpprep_opt_strs+1151)
+#define NO_ARG_COMMENT_DESC      (tcpprep_opt_strs+1152)
 /** Upper-cased name for the no-arg-comment option */
-#define NO_ARG_COMMENT_NAME      (tcpprep_opt_strs+1187)
+#define NO_ARG_COMMENT_NAME      (tcpprep_opt_strs+1188)
 /** Name string for the no-arg-comment option */
-#define NO_ARG_COMMENT_name      (tcpprep_opt_strs+1202)
+#define NO_ARG_COMMENT_name      (tcpprep_opt_strs+1203)
 /** Compiled in flag settings for the no-arg-comment option */
 #define NO_ARG_COMMENT_FLAGS     (OPTST_DISABLED)
 
@@ -359,11 +359,11 @@ static int const aMacCantList[] = {
  *  "Must also have options" and "Incompatible options":
  */
 /** Descriptive text for the include option */
-#define INCLUDE_DESC      (tcpprep_opt_strs+1217)
+#define INCLUDE_DESC      (tcpprep_opt_strs+1218)
 /** Upper-cased name for the include option */
-#define INCLUDE_NAME      (tcpprep_opt_strs+1252)
+#define INCLUDE_NAME      (tcpprep_opt_strs+1253)
 /** Name string for the include option */
-#define INCLUDE_name      (tcpprep_opt_strs+1260)
+#define INCLUDE_name      (tcpprep_opt_strs+1261)
 /** Other options that appear in conjunction with the include option */
 static int const aIncludeCantList[] = {
     INDEX_OPT_EXCLUDE, NO_EQUIVALENT };
@@ -376,11 +376,11 @@ static int const aIncludeCantList[] = {
  *  "Must also have options" and "Incompatible options":
  */
 /** Descriptive text for the exclude option */
-#define EXCLUDE_DESC      (tcpprep_opt_strs+1268)
+#define EXCLUDE_DESC      (tcpprep_opt_strs+1269)
 /** Upper-cased name for the exclude option */
-#define EXCLUDE_NAME      (tcpprep_opt_strs+1306)
+#define EXCLUDE_NAME      (tcpprep_opt_strs+1307)
 /** Name string for the exclude option */
-#define EXCLUDE_name      (tcpprep_opt_strs+1314)
+#define EXCLUDE_name      (tcpprep_opt_strs+1315)
 /** Other options that appear in conjunction with the exclude option */
 static int const aExcludeCantList[] = {
     INDEX_OPT_INCLUDE, NO_EQUIVALENT };
@@ -392,11 +392,11 @@ static int const aExcludeCantList[] = {
  *  cachefile option description:
  */
 /** Descriptive text for the cachefile option */
-#define CACHEFILE_DESC      (tcpprep_opt_strs+1322)
+#define CACHEFILE_DESC      (tcpprep_opt_strs+1323)
 /** Upper-cased name for the cachefile option */
-#define CACHEFILE_NAME      (tcpprep_opt_strs+1340)
+#define CACHEFILE_NAME      (tcpprep_opt_strs+1341)
 /** Name string for the cachefile option */
-#define CACHEFILE_name      (tcpprep_opt_strs+1350)
+#define CACHEFILE_name      (tcpprep_opt_strs+1351)
 /** Compiled in flag settings for the cachefile option */
 #define CACHEFILE_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
@@ -405,11 +405,11 @@ static int const aExcludeCantList[] = {
  *  pcap option description:
  */
 /** Descriptive text for the pcap option */
-#define PCAP_DESC      (tcpprep_opt_strs+1360)
+#define PCAP_DESC      (tcpprep_opt_strs+1361)
 /** Upper-cased name for the pcap option */
-#define PCAP_NAME      (tcpprep_opt_strs+1387)
+#define PCAP_NAME      (tcpprep_opt_strs+1388)
 /** Name string for the pcap option */
-#define PCAP_name      (tcpprep_opt_strs+1392)
+#define PCAP_name      (tcpprep_opt_strs+1393)
 /** Compiled in flag settings for the pcap option */
 #define PCAP_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
@@ -418,11 +418,11 @@ static int const aExcludeCantList[] = {
  *  print-comment option description:
  */
 /** Descriptive text for the print-comment option */
-#define PRINT_COMMENT_DESC      (tcpprep_opt_strs+1397)
+#define PRINT_COMMENT_DESC      (tcpprep_opt_strs+1398)
 /** Upper-cased name for the print-comment option */
-#define PRINT_COMMENT_NAME      (tcpprep_opt_strs+1448)
+#define PRINT_COMMENT_NAME      (tcpprep_opt_strs+1449)
 /** Name string for the print-comment option */
-#define PRINT_COMMENT_name      (tcpprep_opt_strs+1462)
+#define PRINT_COMMENT_name      (tcpprep_opt_strs+1463)
 /** Compiled in flag settings for the print-comment option */
 #define PRINT_COMMENT_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
@@ -431,11 +431,11 @@ static int const aExcludeCantList[] = {
  *  print-info option description:
  */
 /** Descriptive text for the print-info option */
-#define PRINT_INFO_DESC      (tcpprep_opt_strs+1476)
+#define PRINT_INFO_DESC      (tcpprep_opt_strs+1477)
 /** Upper-cased name for the print-info option */
-#define PRINT_INFO_NAME      (tcpprep_opt_strs+1523)
+#define PRINT_INFO_NAME      (tcpprep_opt_strs+1524)
 /** Name string for the print-info option */
-#define PRINT_INFO_name      (tcpprep_opt_strs+1534)
+#define PRINT_INFO_name      (tcpprep_opt_strs+1535)
 /** Compiled in flag settings for the print-info option */
 #define PRINT_INFO_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
@@ -444,11 +444,11 @@ static int const aExcludeCantList[] = {
  *  print-stats option description:
  */
 /** Descriptive text for the print-stats option */
-#define PRINT_STATS_DESC      (tcpprep_opt_strs+1545)
+#define PRINT_STATS_DESC      (tcpprep_opt_strs+1546)
 /** Upper-cased name for the print-stats option */
-#define PRINT_STATS_NAME      (tcpprep_opt_strs+1606)
+#define PRINT_STATS_NAME      (tcpprep_opt_strs+1607)
 /** Name string for the print-stats option */
-#define PRINT_STATS_name      (tcpprep_opt_strs+1618)
+#define PRINT_STATS_name      (tcpprep_opt_strs+1619)
 /** Compiled in flag settings for the print-stats option */
 #define PRINT_STATS_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
@@ -458,11 +458,11 @@ static int const aExcludeCantList[] = {
  *  "Must also have options" and "Incompatible options":
  */
 /** Descriptive text for the services option */
-#define SERVICES_DESC      (tcpprep_opt_strs+1630)
+#define SERVICES_DESC      (tcpprep_opt_strs+1631)
 /** Upper-cased name for the services option */
-#define SERVICES_NAME      (tcpprep_opt_strs+1666)
+#define SERVICES_NAME      (tcpprep_opt_strs+1667)
 /** Name string for the services option */
-#define SERVICES_name      (tcpprep_opt_strs+1675)
+#define SERVICES_name      (tcpprep_opt_strs+1676)
 /** Other options that are required by the services option */
 static int const aServicesMustList[] = {
     INDEX_OPT_PORT, NO_EQUIVALENT };
@@ -474,11 +474,11 @@ static int const aServicesMustList[] = {
  *  nonip option description:
  */
 /** Descriptive text for the nonip option */
-#define NONIP_DESC      (tcpprep_opt_strs+1684)
+#define NONIP_DESC      (tcpprep_opt_strs+1685)
 /** Upper-cased name for the nonip option */
-#define NONIP_NAME      (tcpprep_opt_strs+1725)
+#define NONIP_NAME      (tcpprep_opt_strs+1726)
 /** Name string for the nonip option */
-#define NONIP_name      (tcpprep_opt_strs+1731)
+#define NONIP_name      (tcpprep_opt_strs+1732)
 /** Compiled in flag settings for the nonip option */
 #define NONIP_FLAGS     (OPTST_DISABLED)
 
@@ -487,13 +487,13 @@ static int const aServicesMustList[] = {
  *  "Must also have options" and "Incompatible options":
  */
 /** Descriptive text for the ratio option */
-#define RATIO_DESC      (tcpprep_opt_strs+1737)
+#define RATIO_DESC      (tcpprep_opt_strs+1738)
 /** Upper-cased name for the ratio option */
-#define RATIO_NAME      (tcpprep_opt_strs+1771)
+#define RATIO_NAME      (tcpprep_opt_strs+1772)
 /** Name string for the ratio option */
-#define RATIO_name      (tcpprep_opt_strs+1777)
+#define RATIO_name      (tcpprep_opt_strs+1778)
 /** The compiled in default value for the ratio option argument */
-#define RATIO_DFT_ARG   (tcpprep_opt_strs+1783)
+#define RATIO_DFT_ARG   (tcpprep_opt_strs+1784)
 /** Other options that are required by the ratio option */
 static int const aRatioMustList[] = {
     INDEX_OPT_AUTO, NO_EQUIVALENT };
@@ -506,11 +506,11 @@ static int const aRatioMustList[] = {
  *  "Must also have options" and "Incompatible options":
  */
 /** Descriptive text for the minmask option */
-#define MINMASK_DESC      (tcpprep_opt_strs+1787)
+#define MINMASK_DESC      (tcpprep_opt_strs+1788)
 /** Upper-cased name for the minmask option */
-#define MINMASK_NAME      (tcpprep_opt_strs+1828)
+#define MINMASK_NAME      (tcpprep_opt_strs+1829)
 /** Name string for the minmask option */
-#define MINMASK_name      (tcpprep_opt_strs+1836)
+#define MINMASK_name      (tcpprep_opt_strs+1837)
 /** The compiled in default value for the minmask option argument */
 #define MINMASK_DFT_ARG   ((char const*)30)
 /** Other options that are required by the minmask option */
@@ -525,11 +525,11 @@ static int const aMinmaskMustList[] = {
  *  "Must also have options" and "Incompatible options":
  */
 /** Descriptive text for the maxmask option */
-#define MAXMASK_DESC      (tcpprep_opt_strs+1844)
+#define MAXMASK_DESC      (tcpprep_opt_strs+1845)
 /** Upper-cased name for the maxmask option */
-#define MAXMASK_NAME      (tcpprep_opt_strs+1885)
+#define MAXMASK_NAME      (tcpprep_opt_strs+1886)
 /** Name string for the maxmask option */
-#define MAXMASK_name      (tcpprep_opt_strs+1893)
+#define MAXMASK_name      (tcpprep_opt_strs+1894)
 /** The compiled in default value for the maxmask option argument */
 #define MAXMASK_DFT_ARG   ((char const*)8)
 /** Other options that are required by the maxmask option */
@@ -544,11 +544,11 @@ static int const aMaxmaskMustList[] = {
  */
 #ifdef ENABLE_VERBOSE
 /** Descriptive text for the verbose option */
-#define VERBOSE_DESC      (tcpprep_opt_strs+1901)
+#define VERBOSE_DESC      (tcpprep_opt_strs+1902)
 /** Upper-cased name for the verbose option */
-#define VERBOSE_NAME      (tcpprep_opt_strs+1945)
+#define VERBOSE_NAME      (tcpprep_opt_strs+1946)
 /** Name string for the verbose option */
-#define VERBOSE_name      (tcpprep_opt_strs+1953)
+#define VERBOSE_name      (tcpprep_opt_strs+1954)
 /** Compiled in flag settings for the verbose option */
 #define VERBOSE_FLAGS     (OPTST_DISABLED | OPTST_IMM)
 
@@ -565,11 +565,11 @@ static int const aMaxmaskMustList[] = {
  */
 #ifdef ENABLE_VERBOSE
 /** Descriptive text for the decode option */
-#define DECODE_DESC      (tcpprep_opt_strs+1961)
+#define DECODE_DESC      (tcpprep_opt_strs+1962)
 /** Upper-cased name for the decode option */
-#define DECODE_NAME      (tcpprep_opt_strs+1997)
+#define DECODE_NAME      (tcpprep_opt_strs+1998)
 /** Name string for the decode option */
-#define DECODE_name      (tcpprep_opt_strs+2004)
+#define DECODE_name      (tcpprep_opt_strs+2005)
 /** Other options that are required by the decode option */
 static int const aDecodeMustList[] = {
     INDEX_OPT_VERBOSE, NO_EQUIVALENT };
@@ -589,11 +589,11 @@ static int const aDecodeMustList[] = {
  *  version option description:
  */
 /** Descriptive text for the version option */
-#define VERSION_DESC      (tcpprep_opt_strs+2011)
+#define VERSION_DESC      (tcpprep_opt_strs+2012)
 /** Upper-cased name for the version option */
-#define VERSION_NAME      (tcpprep_opt_strs+2037)
+#define VERSION_NAME      (tcpprep_opt_strs+2038)
 /** Name string for the version option */
-#define VERSION_name      (tcpprep_opt_strs+2045)
+#define VERSION_name      (tcpprep_opt_strs+2046)
 /** Compiled in flag settings for the version option */
 #define VERSION_FLAGS     (OPTST_DISABLED)
 
@@ -601,34 +601,34 @@ static int const aDecodeMustList[] = {
  *  less-help option description:
  */
 /** Descriptive text for the less-help option */
-#define LESS_HELP_DESC      (tcpprep_opt_strs+2053)
+#define LESS_HELP_DESC      (tcpprep_opt_strs+2054)
 /** Upper-cased name for the less-help option */
-#define LESS_HELP_NAME      (tcpprep_opt_strs+2093)
+#define LESS_HELP_NAME      (tcpprep_opt_strs+2094)
 /** Name string for the less-help option */
-#define LESS_HELP_name      (tcpprep_opt_strs+2103)
+#define LESS_HELP_name      (tcpprep_opt_strs+2104)
 /** Compiled in flag settings for the less-help option */
 #define LESS_HELP_FLAGS     (OPTST_DISABLED | OPTST_IMM)
 
 /*
  *  Help/More_Help option descriptions:
  */
-#define HELP_DESC       (tcpprep_opt_strs+2113)
-#define HELP_name       (tcpprep_opt_strs+2157)
+#define HELP_DESC       (tcpprep_opt_strs+2114)
+#define HELP_name       (tcpprep_opt_strs+2158)
 #ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC  (tcpprep_opt_strs+2162)
-#define MORE_HELP_name  (tcpprep_opt_strs+2207)
+#define MORE_HELP_DESC  (tcpprep_opt_strs+2163)
+#define MORE_HELP_name  (tcpprep_opt_strs+2208)
 #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
 #else
 #define MORE_HELP_DESC  HELP_DESC
 #define MORE_HELP_name  HELP_name
 #define MORE_HELP_FLAGS (OPTST_OMITTED | OPTST_NO_INIT)
 #endif
-#define SAVE_OPTS_DESC  (tcpprep_opt_strs+2217)
-#define SAVE_OPTS_name  (tcpprep_opt_strs+2256)
-#define LOAD_OPTS_DESC     (tcpprep_opt_strs+2266)
-#define LOAD_OPTS_NAME     (tcpprep_opt_strs+2298)
-#define NO_LOAD_OPTS_name  (tcpprep_opt_strs+2308)
-#define LOAD_OPTS_pfx      (tcpprep_opt_strs+2321)
+#define SAVE_OPTS_DESC  (tcpprep_opt_strs+2218)
+#define SAVE_OPTS_name  (tcpprep_opt_strs+2257)
+#define LOAD_OPTS_DESC     (tcpprep_opt_strs+2267)
+#define LOAD_OPTS_NAME     (tcpprep_opt_strs+2299)
+#define NO_LOAD_OPTS_name  (tcpprep_opt_strs+2309)
+#define LOAD_OPTS_pfx      (tcpprep_opt_strs+2322)
 #define LOAD_OPTS_name     (NO_LOAD_OPTS_name + 3)
 /**
  *  Declare option callback procedures
@@ -1012,21 +1012,21 @@ static tOptDesc optDesc[OPTION_CT] = {
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
 /** Reference to the upper cased version of tcpprep. */
-#define zPROGNAME       (tcpprep_opt_strs+2324)
+#define zPROGNAME       (tcpprep_opt_strs+2325)
 /** Reference to the title line for tcpprep usage. */
-#define zUsageTitle     (tcpprep_opt_strs+2332)
+#define zUsageTitle     (tcpprep_opt_strs+2333)
 /** tcpprep configuration file name. */
-#define zRcName         (tcpprep_opt_strs+2468)
+#define zRcName         (tcpprep_opt_strs+2469)
 /** Directories to search for tcpprep config files. */
 static char const * const apzHomeList[2] = {
-    tcpprep_opt_strs+2464,
+    tcpprep_opt_strs+2465,
     NULL };
 /** The tcpprep program bug email address. */
-#define zBugsAddr       (tcpprep_opt_strs+2479)
+#define zBugsAddr       (tcpprep_opt_strs+2480)
 /** Clarification/explanation of what tcpprep does. */
-#define zExplain        (tcpprep_opt_strs+2517)
+#define zExplain        (tcpprep_opt_strs+2518)
 /** Extra detail explaining what tcpprep does. */
-#define zDetail         (tcpprep_opt_strs+2685)
+#define zDetail         (tcpprep_opt_strs+2686)
 /** The full version string for tcpprep. */
 #define zFullVersion    (NULL)
 /* extracted from optcode.tlib near line 364 */
@@ -1911,7 +1911,7 @@ with this program.  If not, see <http://www.gnu.org/licenses/>.\n"));
   puts(_("Matches to be client instead of server"));
 
   /* referenced via tcpprepOptions.pOptDesc->pzText */
-  puts(_("Embeded cache file comment"));
+  puts(_("Embedded cache file comment"));
 
   /* referenced via tcpprepOptions.pOptDesc->pzText */
   puts(_("Do not embed any cache file comment"));

+ 1 - 1
src/tcpprep_opts.def

@@ -295,7 +295,7 @@ flag = {
     value       = C;
     arg-type    = string;
     max         = 1;
-    descrip     = "Embeded cache file comment";
+    descrip     = "Embedded cache file comment";
     flag-code   = <<- EOComment
 
     /* our comment_len is only 16bit - myargs[] */

+ 32 - 7
src/tcpreplay-edit.1

@@ -10,7 +10,7 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH tcpreplay-edit 1 "26 Apr 2017" "tcpreplay" "User Commands"
+.TH tcpreplay-edit 1 "08 May 2017" "tcpreplay" "User Commands"
 .\"
 .\" DO NOT EDIT THIS FILE (in-mem file)
 .\"
@@ -48,7 +48,7 @@ http://tcpreplay.appneta.com
 .TP
 .NOP \f\*[B-Font]\-r\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-portmap\f[]=\f\*[I-Font]string\f[]
 Rewrite TCP/UDP ports.
-This option may appear up to \-1 times.
+This option may appear up to 9999 times.
 .sp
 Specify a list of comma delimited port mappingings consisting of
 colon delimited port number pairs.  Each colon delimited port pair
@@ -259,7 +259,7 @@ the actual packet length
 Delete the packet
 .TP
 .NOP \f\*[B-Font]\-\-fuzz\-seed\f[]=\f\*[I-Font]number\f[]
-Fuzz 1/8 packet. Edit Bytes, length, or emulate packet drop.
+Fuzz 1 in X packets. Edit bytes, length, or emulate packet drop.
 This option takes an integer number as its argument.
 The value of
 \f\*[I-Font]number\f[]
@@ -277,10 +277,10 @@ for this option is:
  0
 .sp
 This fuzzing was designed as to test layer 7 protocols such as voip protocols.
-It modifies randomly 1 out of 8 packets in order for stateful protocols to cover
-more of their code.  The random fuzzing actions focus on data start and end
-because it often is the part of the data application protocols base their
-decisions on.
+It modifies randomly 1 out of X packets (where X = \fB--fuzz-factor\fP) in order 
+for stateful protocols to cover more of their code.  The random fuzzing actions 
+focus on data start and end because it often is the part of the data application 
+protocols base their decisions on.
 .sp
 Possible fuzzing actions list:
  * drop packet
@@ -292,6 +292,31 @@ Possible fuzzing actions list:
      Replace the start, the end, or the middle of the packet with equal likelihood.
  * do nothing (7 out of 8 packets)
 .TP
+.NOP \f\*[B-Font]\-\-fuzz\-factor\f[]=\f\*[I-Font]number\f[]
+Set the Fuzz 1 in X packet ratio (default 1 in 8 packets).
+This option must appear in combination with the following options:
+fuzz-seed.
+This option takes an integer number as its argument.
+The value of
+\f\*[I-Font]number\f[]
+is constrained to being:
+.in +4
+.nf
+.na
+greater than or equal to 1
+.fi
+.in -4
+The default
+\f\*[I-Font]number\f[]
+for this option is:
+.ti +4
+ 8
+.sp
+Sets the ratio of for \fB--fuzz-seed\fP option. By default this value is 8,
+which means 1 in 8 packets are modified by fuzzing. Note that this ratio is
+based on the random number genereated by the supplied fuzz seed. Therefore by
+default you cannot expect that exactly every eighth packet will be modified. 
+.TP
 .NOP \f\*[B-Font]\-\-skipl2broadcast\f[]
 Skip rewriting broadcast/multicast Layer 2 addresses.
 .sp

+ 32 - 7
src/tcpreplay.1

@@ -10,7 +10,7 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH tcpreplay-edit 1 "26 Apr 2017" "tcpreplay" "User Commands"
+.TH tcpreplay-edit 1 "08 May 2017" "tcpreplay" "User Commands"
 .\"
 .\" DO NOT EDIT THIS FILE (in-mem file)
 .\"
@@ -48,7 +48,7 @@ http://tcpreplay.appneta.com
 .TP
 .NOP \f\*[B-Font]\-r\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-portmap\f[]=\f\*[I-Font]string\f[]
 Rewrite TCP/UDP ports.
-This option may appear up to \-1 times.
+This option may appear up to 9999 times.
 .sp
 Specify a list of comma delimited port mappingings consisting of
 colon delimited port number pairs.  Each colon delimited port pair
@@ -259,7 +259,7 @@ the actual packet length
 Delete the packet
 .TP
 .NOP \f\*[B-Font]\-\-fuzz\-seed\f[]=\f\*[I-Font]number\f[]
-Fuzz 1/8 packet. Edit Bytes, length, or emulate packet drop.
+Fuzz 1 in X packets. Edit bytes, length, or emulate packet drop.
 This option takes an integer number as its argument.
 The value of
 \f\*[I-Font]number\f[]
@@ -277,10 +277,10 @@ for this option is:
  0
 .sp
 This fuzzing was designed as to test layer 7 protocols such as voip protocols.
-It modifies randomly 1 out of 8 packets in order for stateful protocols to cover
-more of their code.  The random fuzzing actions focus on data start and end
-because it often is the part of the data application protocols base their
-decisions on.
+It modifies randomly 1 out of X packets (where X = \fB--fuzz-factor\fP) in order 
+for stateful protocols to cover more of their code.  The random fuzzing actions 
+focus on data start and end because it often is the part of the data application 
+protocols base their decisions on.
 .sp
 Possible fuzzing actions list:
  * drop packet
@@ -292,6 +292,31 @@ Possible fuzzing actions list:
      Replace the start, the end, or the middle of the packet with equal likelihood.
  * do nothing (7 out of 8 packets)
 .TP
+.NOP \f\*[B-Font]\-\-fuzz\-factor\f[]=\f\*[I-Font]number\f[]
+Set the Fuzz 1 in X packet ratio (default 1 in 8 packets).
+This option must appear in combination with the following options:
+fuzz-seed.
+This option takes an integer number as its argument.
+The value of
+\f\*[I-Font]number\f[]
+is constrained to being:
+.in +4
+.nf
+.na
+greater than or equal to 1
+.fi
+.in -4
+The default
+\f\*[I-Font]number\f[]
+for this option is:
+.ti +4
+ 8
+.sp
+Sets the ratio of for \fB--fuzz-seed\fP option. By default this value is 8,
+which means 1 in 8 packets are modified by fuzzing. Note that this ratio is
+based on the random number genereated by the supplied fuzz seed. Therefore by
+default you cannot expect that exactly every eighth packet will be modified. 
+.TP
 .NOP \f\*[B-Font]\-\-skipl2broadcast\f[]
 Skip rewriting broadcast/multicast Layer 2 addresses.
 .sp

+ 1 - 1
src/tcpreplay.c

@@ -129,7 +129,7 @@ main(int argc, char *argv[])
 
 #ifdef TCPREPLAY_EDIT
     /* fuzzing init */
-    fuzzing_init(tcpedit->fuzz_seed);
+    fuzzing_init(tcpedit->fuzz_seed, tcpedit->fuzz_factor);
 #endif
 
     /* init the signal handlers */

File diff suppressed because it is too large
+ 515 - 439
src/tcpreplay_edit_opts.c


+ 88 - 84
src/tcpreplay_edit_opts.h

@@ -83,61 +83,62 @@ typedef enum {
     INDEX_OPT_FLOWLABEL                 = 15,
     INDEX_OPT_FIXLEN                    = 16,
     INDEX_OPT_FUZZ_SEED                 = 17,
-    INDEX_OPT_SKIPL2BROADCAST           = 18,
-    INDEX_OPT_DLT                       = 19,
-    INDEX_OPT_ENET_DMAC                 = 20,
-    INDEX_OPT_ENET_SMAC                 = 21,
-    INDEX_OPT_ENET_SUBSMAC              = 22,
-    INDEX_OPT_ENET_MAC_SEED             = 23,
-    INDEX_OPT_ENET_MAC_SEED_KEEP_BYTES  = 24,
-    INDEX_OPT_ENET_VLAN                 = 25,
-    INDEX_OPT_ENET_VLAN_TAG             = 26,
-    INDEX_OPT_ENET_VLAN_CFI             = 27,
-    INDEX_OPT_ENET_VLAN_PRI             = 28,
-    INDEX_OPT_HDLC_CONTROL              = 29,
-    INDEX_OPT_HDLC_ADDRESS              = 30,
-    INDEX_OPT_USER_DLT                  = 31,
-    INDEX_OPT_USER_DLINK                = 32,
-    INDEX_OPT_DBUG                      = 33,
-    INDEX_OPT_QUIET                     = 34,
-    INDEX_OPT_TIMER                     = 35,
-    INDEX_OPT_MAXSLEEP                  = 36,
-    INDEX_OPT_VERBOSE                   = 37,
-    INDEX_OPT_DECODE                    = 38,
-    INDEX_OPT_PRELOAD_PCAP              = 39,
-    INDEX_OPT_CACHEFILE                 = 40,
-    INDEX_OPT_DUALFILE                  = 41,
-    INDEX_OPT_INTF1                     = 42,
-    INDEX_OPT_INTF2                     = 43,
-    INDEX_OPT_LISTNICS                  = 44,
-    INDEX_OPT_LOOP                      = 45,
-    INDEX_OPT_LOOPDELAY_MS              = 46,
-    INDEX_OPT_PKTLEN                    = 47,
-    INDEX_OPT_LIMIT                     = 48,
-    INDEX_OPT_DURATION                  = 49,
-    INDEX_OPT_MULTIPLIER                = 50,
-    INDEX_OPT_PPS                       = 51,
-    INDEX_OPT_MBPS                      = 52,
-    INDEX_OPT_TOPSPEED                  = 53,
-    INDEX_OPT_ONEATATIME                = 54,
-    INDEX_OPT_PPS_MULTI                 = 55,
-    INDEX_OPT_UNIQUE_IP                 = 56,
-    INDEX_OPT_UNIQUE_IP_LOOPS           = 57,
-    INDEX_OPT_NETMAP                    = 58,
-    INDEX_OPT_NM_DELAY                  = 59,
-    INDEX_OPT_NO_FLOW_STATS             = 60,
-    INDEX_OPT_FLOW_EXPIRY               = 61,
-    INDEX_OPT_PID                       = 62,
-    INDEX_OPT_STATS                     = 63,
-    INDEX_OPT_VERSION                   = 64,
-    INDEX_OPT_LESS_HELP                 = 65,
-    INDEX_OPT_HELP                      = 66,
-    INDEX_OPT_MORE_HELP                 = 67,
-    INDEX_OPT_SAVE_OPTS                 = 68,
-    INDEX_OPT_LOAD_OPTS                 = 69
+    INDEX_OPT_FUZZ_FACTOR               = 18,
+    INDEX_OPT_SKIPL2BROADCAST           = 19,
+    INDEX_OPT_DLT                       = 20,
+    INDEX_OPT_ENET_DMAC                 = 21,
+    INDEX_OPT_ENET_SMAC                 = 22,
+    INDEX_OPT_ENET_SUBSMAC              = 23,
+    INDEX_OPT_ENET_MAC_SEED             = 24,
+    INDEX_OPT_ENET_MAC_SEED_KEEP_BYTES  = 25,
+    INDEX_OPT_ENET_VLAN                 = 26,
+    INDEX_OPT_ENET_VLAN_TAG             = 27,
+    INDEX_OPT_ENET_VLAN_CFI             = 28,
+    INDEX_OPT_ENET_VLAN_PRI             = 29,
+    INDEX_OPT_HDLC_CONTROL              = 30,
+    INDEX_OPT_HDLC_ADDRESS              = 31,
+    INDEX_OPT_USER_DLT                  = 32,
+    INDEX_OPT_USER_DLINK                = 33,
+    INDEX_OPT_DBUG                      = 34,
+    INDEX_OPT_QUIET                     = 35,
+    INDEX_OPT_TIMER                     = 36,
+    INDEX_OPT_MAXSLEEP                  = 37,
+    INDEX_OPT_VERBOSE                   = 38,
+    INDEX_OPT_DECODE                    = 39,
+    INDEX_OPT_PRELOAD_PCAP              = 40,
+    INDEX_OPT_CACHEFILE                 = 41,
+    INDEX_OPT_DUALFILE                  = 42,
+    INDEX_OPT_INTF1                     = 43,
+    INDEX_OPT_INTF2                     = 44,
+    INDEX_OPT_LISTNICS                  = 45,
+    INDEX_OPT_LOOP                      = 46,
+    INDEX_OPT_LOOPDELAY_MS              = 47,
+    INDEX_OPT_PKTLEN                    = 48,
+    INDEX_OPT_LIMIT                     = 49,
+    INDEX_OPT_DURATION                  = 50,
+    INDEX_OPT_MULTIPLIER                = 51,
+    INDEX_OPT_PPS                       = 52,
+    INDEX_OPT_MBPS                      = 53,
+    INDEX_OPT_TOPSPEED                  = 54,
+    INDEX_OPT_ONEATATIME                = 55,
+    INDEX_OPT_PPS_MULTI                 = 56,
+    INDEX_OPT_UNIQUE_IP                 = 57,
+    INDEX_OPT_UNIQUE_IP_LOOPS           = 58,
+    INDEX_OPT_NETMAP                    = 59,
+    INDEX_OPT_NM_DELAY                  = 60,
+    INDEX_OPT_NO_FLOW_STATS             = 61,
+    INDEX_OPT_FLOW_EXPIRY               = 62,
+    INDEX_OPT_PID                       = 63,
+    INDEX_OPT_STATS                     = 64,
+    INDEX_OPT_VERSION                   = 65,
+    INDEX_OPT_LESS_HELP                 = 66,
+    INDEX_OPT_HELP                      = 67,
+    INDEX_OPT_MORE_HELP                 = 68,
+    INDEX_OPT_SAVE_OPTS                 = 69,
+    INDEX_OPT_LOAD_OPTS                 = 70
 } teOptIndex;
 /** count of all options for tcpreplay */
-#define OPTION_CT    70
+#define OPTION_CT    71
 
 /**
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
@@ -218,50 +219,53 @@ typedef enum {
 #define VALUE_OPT_FUZZ_SEED      0x1006
 
 #define OPT_VALUE_FUZZ_SEED      (DESC(FUZZ_SEED).optArg.argInt)
-#define VALUE_OPT_SKIPL2BROADCAST 0x1007
-#define VALUE_OPT_DLT            0x1008
-#define VALUE_OPT_ENET_DMAC      0x1009
-#define VALUE_OPT_ENET_SMAC      0x100A
-#define VALUE_OPT_ENET_SUBSMAC   0x100B
-#define VALUE_OPT_ENET_MAC_SEED  0x100C
+#define VALUE_OPT_FUZZ_FACTOR    0x1007
+
+#define OPT_VALUE_FUZZ_FACTOR    (DESC(FUZZ_FACTOR).optArg.argInt)
+#define VALUE_OPT_SKIPL2BROADCAST 0x1008
+#define VALUE_OPT_DLT            0x1009
+#define VALUE_OPT_ENET_DMAC      0x100A
+#define VALUE_OPT_ENET_SMAC      0x100B
+#define VALUE_OPT_ENET_SUBSMAC   0x100C
+#define VALUE_OPT_ENET_MAC_SEED  0x100D
 
 #define OPT_VALUE_ENET_MAC_SEED  (DESC(ENET_MAC_SEED).optArg.argInt)
-#define VALUE_OPT_ENET_MAC_SEED_KEEP_BYTES 0x100D
+#define VALUE_OPT_ENET_MAC_SEED_KEEP_BYTES 0x100E
 
 #define OPT_VALUE_ENET_MAC_SEED_KEEP_BYTES (DESC(ENET_MAC_SEED_KEEP_BYTES).optArg.argInt)
-#define VALUE_OPT_ENET_VLAN      0x100E
-#define VALUE_OPT_ENET_VLAN_TAG  0x100F
+#define VALUE_OPT_ENET_VLAN      0x100F
+#define VALUE_OPT_ENET_VLAN_TAG  0x1010
 
 #define OPT_VALUE_ENET_VLAN_TAG  (DESC(ENET_VLAN_TAG).optArg.argInt)
-#define VALUE_OPT_ENET_VLAN_CFI  0x1010
+#define VALUE_OPT_ENET_VLAN_CFI  0x1011
 
 #define OPT_VALUE_ENET_VLAN_CFI  (DESC(ENET_VLAN_CFI).optArg.argInt)
-#define VALUE_OPT_ENET_VLAN_PRI  0x1011
+#define VALUE_OPT_ENET_VLAN_PRI  0x1012
 
 #define OPT_VALUE_ENET_VLAN_PRI  (DESC(ENET_VLAN_PRI).optArg.argInt)
-#define VALUE_OPT_HDLC_CONTROL   0x1012
+#define VALUE_OPT_HDLC_CONTROL   0x1013
 
 #define OPT_VALUE_HDLC_CONTROL   (DESC(HDLC_CONTROL).optArg.argInt)
-#define VALUE_OPT_HDLC_ADDRESS   0x1013
+#define VALUE_OPT_HDLC_ADDRESS   0x1014
 
 #define OPT_VALUE_HDLC_ADDRESS   (DESC(HDLC_ADDRESS).optArg.argInt)
-#define VALUE_OPT_USER_DLT       0x1014
+#define VALUE_OPT_USER_DLT       0x1015
 
 #define OPT_VALUE_USER_DLT       (DESC(USER_DLT).optArg.argInt)
-#define VALUE_OPT_USER_DLINK     0x1015
+#define VALUE_OPT_USER_DLINK     0x1016
 #define VALUE_OPT_DBUG           'd'
 #ifdef DEBUG
 #define OPT_VALUE_DBUG           (DESC(DBUG).optArg.argInt)
 #endif /* DEBUG */
 #define VALUE_OPT_QUIET          'q'
 #define VALUE_OPT_TIMER          'T'
-#define VALUE_OPT_MAXSLEEP       0x1016
+#define VALUE_OPT_MAXSLEEP       0x1017
 
 #define OPT_VALUE_MAXSLEEP       (DESC(MAXSLEEP).optArg.argInt)
 #define VALUE_OPT_VERBOSE        'v'
 #ifdef ENABLE_VERBOSE
 #define SET_OPT_VERBOSE   STMTS( \
-        DESC(VERBOSE).optActualIndex = 37; \
+        DESC(VERBOSE).optActualIndex = 38; \
         DESC(VERBOSE).optActualValue = VALUE_OPT_VERBOSE; \
         DESC(VERBOSE).fOptState &= OPTST_PERSISTENT_MASK; \
         DESC(VERBOSE).fOptState |= OPTST_SET )
@@ -272,18 +276,18 @@ typedef enum {
 #define VALUE_OPT_DUALFILE       '2'
 #define VALUE_OPT_INTF1          'i'
 #define VALUE_OPT_INTF2          'I'
-#define VALUE_OPT_LISTNICS       0x1017
+#define VALUE_OPT_LISTNICS       0x1018
 #define VALUE_OPT_LOOP           'l'
 
 #define OPT_VALUE_LOOP           (DESC(LOOP).optArg.argInt)
-#define VALUE_OPT_LOOPDELAY_MS   0x1018
+#define VALUE_OPT_LOOPDELAY_MS   0x1019
 
 #define OPT_VALUE_LOOPDELAY_MS   (DESC(LOOPDELAY_MS).optArg.argInt)
-#define VALUE_OPT_PKTLEN         0x1019
+#define VALUE_OPT_PKTLEN         0x101A
 #define VALUE_OPT_LIMIT          'L'
 
 #define OPT_VALUE_LIMIT          (DESC(LIMIT).optArg.argInt)
-#define VALUE_OPT_DURATION       0x101A
+#define VALUE_OPT_DURATION       0x101B
 
 #define OPT_VALUE_DURATION       (DESC(DURATION).optArg.argInt)
 #define VALUE_OPT_MULTIPLIER     'x'
@@ -291,22 +295,22 @@ typedef enum {
 #define VALUE_OPT_MBPS           'M'
 #define VALUE_OPT_TOPSPEED       't'
 #define VALUE_OPT_ONEATATIME     'o'
-#define VALUE_OPT_PPS_MULTI      0x101B
+#define VALUE_OPT_PPS_MULTI      0x101C
 
 #define OPT_VALUE_PPS_MULTI      (DESC(PPS_MULTI).optArg.argInt)
-#define VALUE_OPT_UNIQUE_IP      0x101C
-#define VALUE_OPT_UNIQUE_IP_LOOPS 0x101D
-#define VALUE_OPT_NETMAP         0x101E
-#define VALUE_OPT_NM_DELAY       0x101F
+#define VALUE_OPT_UNIQUE_IP      0x101D
+#define VALUE_OPT_UNIQUE_IP_LOOPS 0x101E
+#define VALUE_OPT_NETMAP         0x101F
+#define VALUE_OPT_NM_DELAY       0x1020
 #ifdef HAVE_NETMAP
 #define OPT_VALUE_NM_DELAY       (DESC(NM_DELAY).optArg.argInt)
 #endif /* HAVE_NETMAP */
-#define VALUE_OPT_NO_FLOW_STATS  0x1020
-#define VALUE_OPT_FLOW_EXPIRY    0x1021
+#define VALUE_OPT_NO_FLOW_STATS  0x1021
+#define VALUE_OPT_FLOW_EXPIRY    0x1022
 
 #define OPT_VALUE_FLOW_EXPIRY    (DESC(FLOW_EXPIRY).optArg.argInt)
 #define VALUE_OPT_PID            'P'
-#define VALUE_OPT_STATS          0x1022
+#define VALUE_OPT_STATS          0x1023
 
 #define OPT_VALUE_STATS          (DESC(STATS).optArg.argInt)
 #define VALUE_OPT_VERSION        'V'
@@ -316,9 +320,9 @@ typedef enum {
 /** option flag (value) for more-help-value option */
 #define VALUE_OPT_MORE_HELP     '!'
 /** option flag (value) for save-opts-value option */
-#define VALUE_OPT_SAVE_OPTS     0x1023
+#define VALUE_OPT_SAVE_OPTS     0x1024
 /** option flag (value) for load-opts-value option */
-#define VALUE_OPT_LOAD_OPTS     0x1024
+#define VALUE_OPT_LOAD_OPTS     0x1025
 #define SET_OPT_SAVE_OPTS(a)   STMTS( \
         DESC(SAVE_OPTS).fOptState &= OPTST_PERSISTENT_MASK; \
         DESC(SAVE_OPTS).fOptState |= OPTST_SET; \

+ 32 - 7
src/tcprewrite.1

@@ -10,7 +10,7 @@
 .ds B-Font B
 .ds I-Font I
 .ds R-Font R
-.TH tcprewrite 1 "26 Apr 2017" "tcprewrite" "User Commands"
+.TH tcprewrite 1 "08 May 2017" "tcprewrite" "User Commands"
 .\"
 .\" DO NOT EDIT THIS FILE (in-mem file)
 .\"
@@ -73,7 +73,7 @@ http://tcpreplay.appneta.com
 .TP
 .NOP \f\*[B-Font]\-r\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-portmap\f[]=\f\*[I-Font]string\f[]
 Rewrite TCP/UDP ports.
-This option may appear up to \-1 times.
+This option may appear up to 9999 times.
 .sp
 Specify a list of comma delimited port mappingings consisting of
 colon delimited port number pairs.  Each colon delimited port pair
@@ -284,7 +284,7 @@ the actual packet length
 Delete the packet
 .TP
 .NOP \f\*[B-Font]\-\-fuzz\-seed\f[]=\f\*[I-Font]number\f[]
-Fuzz 1/8 packet. Edit Bytes, length, or emulate packet drop.
+Fuzz 1 in X packets. Edit bytes, length, or emulate packet drop.
 This option takes an integer number as its argument.
 The value of
 \f\*[I-Font]number\f[]
@@ -302,10 +302,10 @@ for this option is:
  0
 .sp
 This fuzzing was designed as to test layer 7 protocols such as voip protocols.
-It modifies randomly 1 out of 8 packets in order for stateful protocols to cover
-more of their code.  The random fuzzing actions focus on data start and end
-because it often is the part of the data application protocols base their
-decisions on.
+It modifies randomly 1 out of X packets (where X = \fB--fuzz-factor\fP) in order 
+for stateful protocols to cover more of their code.  The random fuzzing actions 
+focus on data start and end because it often is the part of the data application 
+protocols base their decisions on.
 .sp
 Possible fuzzing actions list:
  * drop packet
@@ -317,6 +317,31 @@ Possible fuzzing actions list:
      Replace the start, the end, or the middle of the packet with equal likelihood.
  * do nothing (7 out of 8 packets)
 .TP
+.NOP \f\*[B-Font]\-\-fuzz\-factor\f[]=\f\*[I-Font]number\f[]
+Set the Fuzz 1 in X packet ratio (default 1 in 8 packets).
+This option must appear in combination with the following options:
+fuzz-seed.
+This option takes an integer number as its argument.
+The value of
+\f\*[I-Font]number\f[]
+is constrained to being:
+.in +4
+.nf
+.na
+greater than or equal to 1
+.fi
+.in -4
+The default
+\f\*[I-Font]number\f[]
+for this option is:
+.ti +4
+ 8
+.sp
+Sets the ratio of for \fB--fuzz-seed\fP option. By default this value is 8,
+which means 1 in 8 packets are modified by fuzzing. Note that this ratio is
+based on the random number genereated by the supplied fuzz seed. Therefore by
+default you cannot expect that exactly every eighth packet will be modified. 
+.TP
 .NOP \f\*[B-Font]\-\-skipl2broadcast\f[]
 Skip rewriting broadcast/multicast Layer 2 addresses.
 .sp

+ 1 - 1
src/tcprewrite.c

@@ -98,7 +98,7 @@ main(int argc, char *argv[])
     }
 
     /* fuzzing init */
-    fuzzing_init(tcpedit->fuzz_seed);
+    fuzzing_init(tcpedit->fuzz_seed, tcpedit->fuzz_factor);
 
    /* open up the output file */
     options.outfile = safe_strdup(OPT_ARG(OUTFILE));

File diff suppressed because it is too large
+ 331 - 256
src/tcprewrite_opts.c


+ 58 - 54
src/tcprewrite_opts.h

@@ -83,39 +83,40 @@ typedef enum {
     INDEX_OPT_FLOWLABEL                 = 15,
     INDEX_OPT_FIXLEN                    = 16,
     INDEX_OPT_FUZZ_SEED                 = 17,
-    INDEX_OPT_SKIPL2BROADCAST           = 18,
-    INDEX_OPT_DLT                       = 19,
-    INDEX_OPT_ENET_DMAC                 = 20,
-    INDEX_OPT_ENET_SMAC                 = 21,
-    INDEX_OPT_ENET_SUBSMAC              = 22,
-    INDEX_OPT_ENET_MAC_SEED             = 23,
-    INDEX_OPT_ENET_MAC_SEED_KEEP_BYTES  = 24,
-    INDEX_OPT_ENET_VLAN                 = 25,
-    INDEX_OPT_ENET_VLAN_TAG             = 26,
-    INDEX_OPT_ENET_VLAN_CFI             = 27,
-    INDEX_OPT_ENET_VLAN_PRI             = 28,
-    INDEX_OPT_HDLC_CONTROL              = 29,
-    INDEX_OPT_HDLC_ADDRESS              = 30,
-    INDEX_OPT_USER_DLT                  = 31,
-    INDEX_OPT_USER_DLINK                = 32,
-    INDEX_OPT_DBUG                      = 33,
-    INDEX_OPT_INFILE                    = 34,
-    INDEX_OPT_OUTFILE                   = 35,
-    INDEX_OPT_CACHEFILE                 = 36,
-    INDEX_OPT_VERBOSE                   = 37,
-    INDEX_OPT_DECODE                    = 38,
-    INDEX_OPT_FRAGROUTE                 = 39,
-    INDEX_OPT_FRAGDIR                   = 40,
-    INDEX_OPT_SKIP_SOFT_ERRORS          = 41,
-    INDEX_OPT_VERSION                   = 42,
-    INDEX_OPT_LESS_HELP                 = 43,
-    INDEX_OPT_HELP                      = 44,
-    INDEX_OPT_MORE_HELP                 = 45,
-    INDEX_OPT_SAVE_OPTS                 = 46,
-    INDEX_OPT_LOAD_OPTS                 = 47
+    INDEX_OPT_FUZZ_FACTOR               = 18,
+    INDEX_OPT_SKIPL2BROADCAST           = 19,
+    INDEX_OPT_DLT                       = 20,
+    INDEX_OPT_ENET_DMAC                 = 21,
+    INDEX_OPT_ENET_SMAC                 = 22,
+    INDEX_OPT_ENET_SUBSMAC              = 23,
+    INDEX_OPT_ENET_MAC_SEED             = 24,
+    INDEX_OPT_ENET_MAC_SEED_KEEP_BYTES  = 25,
+    INDEX_OPT_ENET_VLAN                 = 26,
+    INDEX_OPT_ENET_VLAN_TAG             = 27,
+    INDEX_OPT_ENET_VLAN_CFI             = 28,
+    INDEX_OPT_ENET_VLAN_PRI             = 29,
+    INDEX_OPT_HDLC_CONTROL              = 30,
+    INDEX_OPT_HDLC_ADDRESS              = 31,
+    INDEX_OPT_USER_DLT                  = 32,
+    INDEX_OPT_USER_DLINK                = 33,
+    INDEX_OPT_DBUG                      = 34,
+    INDEX_OPT_INFILE                    = 35,
+    INDEX_OPT_OUTFILE                   = 36,
+    INDEX_OPT_CACHEFILE                 = 37,
+    INDEX_OPT_VERBOSE                   = 38,
+    INDEX_OPT_DECODE                    = 39,
+    INDEX_OPT_FRAGROUTE                 = 40,
+    INDEX_OPT_FRAGDIR                   = 41,
+    INDEX_OPT_SKIP_SOFT_ERRORS          = 42,
+    INDEX_OPT_VERSION                   = 43,
+    INDEX_OPT_LESS_HELP                 = 44,
+    INDEX_OPT_HELP                      = 45,
+    INDEX_OPT_MORE_HELP                 = 46,
+    INDEX_OPT_SAVE_OPTS                 = 47,
+    INDEX_OPT_LOAD_OPTS                 = 48
 } teOptIndex;
 /** count of all options for tcprewrite */
-#define OPTION_CT    48
+#define OPTION_CT    49
 
 /**
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
@@ -196,37 +197,40 @@ typedef enum {
 #define VALUE_OPT_FUZZ_SEED      0x1006
 
 #define OPT_VALUE_FUZZ_SEED      (DESC(FUZZ_SEED).optArg.argInt)
-#define VALUE_OPT_SKIPL2BROADCAST 0x1007
-#define VALUE_OPT_DLT            0x1008
-#define VALUE_OPT_ENET_DMAC      0x1009
-#define VALUE_OPT_ENET_SMAC      0x100A
-#define VALUE_OPT_ENET_SUBSMAC   0x100B
-#define VALUE_OPT_ENET_MAC_SEED  0x100C
+#define VALUE_OPT_FUZZ_FACTOR    0x1007
+
+#define OPT_VALUE_FUZZ_FACTOR    (DESC(FUZZ_FACTOR).optArg.argInt)
+#define VALUE_OPT_SKIPL2BROADCAST 0x1008
+#define VALUE_OPT_DLT            0x1009
+#define VALUE_OPT_ENET_DMAC      0x100A
+#define VALUE_OPT_ENET_SMAC      0x100B
+#define VALUE_OPT_ENET_SUBSMAC   0x100C
+#define VALUE_OPT_ENET_MAC_SEED  0x100D
 
 #define OPT_VALUE_ENET_MAC_SEED  (DESC(ENET_MAC_SEED).optArg.argInt)
-#define VALUE_OPT_ENET_MAC_SEED_KEEP_BYTES 0x100D
+#define VALUE_OPT_ENET_MAC_SEED_KEEP_BYTES 0x100E
 
 #define OPT_VALUE_ENET_MAC_SEED_KEEP_BYTES (DESC(ENET_MAC_SEED_KEEP_BYTES).optArg.argInt)
-#define VALUE_OPT_ENET_VLAN      0x100E
-#define VALUE_OPT_ENET_VLAN_TAG  0x100F
+#define VALUE_OPT_ENET_VLAN      0x100F
+#define VALUE_OPT_ENET_VLAN_TAG  0x1010
 
 #define OPT_VALUE_ENET_VLAN_TAG  (DESC(ENET_VLAN_TAG).optArg.argInt)
-#define VALUE_OPT_ENET_VLAN_CFI  0x1010
+#define VALUE_OPT_ENET_VLAN_CFI  0x1011
 
 #define OPT_VALUE_ENET_VLAN_CFI  (DESC(ENET_VLAN_CFI).optArg.argInt)
-#define VALUE_OPT_ENET_VLAN_PRI  0x1011
+#define VALUE_OPT_ENET_VLAN_PRI  0x1012
 
 #define OPT_VALUE_ENET_VLAN_PRI  (DESC(ENET_VLAN_PRI).optArg.argInt)
-#define VALUE_OPT_HDLC_CONTROL   0x1012
+#define VALUE_OPT_HDLC_CONTROL   0x1013
 
 #define OPT_VALUE_HDLC_CONTROL   (DESC(HDLC_CONTROL).optArg.argInt)
-#define VALUE_OPT_HDLC_ADDRESS   0x1013
+#define VALUE_OPT_HDLC_ADDRESS   0x1014
 
 #define OPT_VALUE_HDLC_ADDRESS   (DESC(HDLC_ADDRESS).optArg.argInt)
-#define VALUE_OPT_USER_DLT       0x1014
+#define VALUE_OPT_USER_DLT       0x1015
 
 #define OPT_VALUE_USER_DLT       (DESC(USER_DLT).optArg.argInt)
-#define VALUE_OPT_USER_DLINK     0x1015
+#define VALUE_OPT_USER_DLINK     0x1016
 #define VALUE_OPT_DBUG           'd'
 #ifdef DEBUG
 #define OPT_VALUE_DBUG           (DESC(DBUG).optArg.argInt)
@@ -236,25 +240,25 @@ typedef enum {
 #define VALUE_OPT_CACHEFILE      'c'
 
 #define SET_OPT_CACHEFILE(a)   STMTS( \
-        DESC(CACHEFILE).optActualIndex = 36; \
+        DESC(CACHEFILE).optActualIndex = 37; \
         DESC(CACHEFILE).optActualValue = VALUE_OPT_CACHEFILE; \
         DESC(CACHEFILE).fOptState &= OPTST_PERSISTENT_MASK; \
         DESC(CACHEFILE).fOptState |= OPTST_SET; \
         DESC(CACHEFILE).optArg.argString = (a); \
         (*(DESC(CACHEFILE).pOptProc))(&tcprewriteOptions, \
-                tcprewriteOptions.pOptDesc + 36); )
+                tcprewriteOptions.pOptDesc + 37); )
 #define VALUE_OPT_VERBOSE        'v'
 #ifdef ENABLE_VERBOSE
 #define SET_OPT_VERBOSE   STMTS( \
-        DESC(VERBOSE).optActualIndex = 37; \
+        DESC(VERBOSE).optActualIndex = 38; \
         DESC(VERBOSE).optActualValue = VALUE_OPT_VERBOSE; \
         DESC(VERBOSE).fOptState &= OPTST_PERSISTENT_MASK; \
         DESC(VERBOSE).fOptState |= OPTST_SET )
 #endif /* ENABLE_VERBOSE */
 #define VALUE_OPT_DECODE         'A'
-#define VALUE_OPT_FRAGROUTE      0x1016
-#define VALUE_OPT_FRAGDIR        0x1017
-#define VALUE_OPT_SKIP_SOFT_ERRORS 0x1018
+#define VALUE_OPT_FRAGROUTE      0x1017
+#define VALUE_OPT_FRAGDIR        0x1018
+#define VALUE_OPT_SKIP_SOFT_ERRORS 0x1019
 #define VALUE_OPT_VERSION        'V'
 #define VALUE_OPT_LESS_HELP      'h'
 /** option flag (value) for help-value option */
@@ -262,9 +266,9 @@ typedef enum {
 /** option flag (value) for more-help-value option */
 #define VALUE_OPT_MORE_HELP     '!'
 /** option flag (value) for save-opts-value option */
-#define VALUE_OPT_SAVE_OPTS     0x1019
+#define VALUE_OPT_SAVE_OPTS     0x101A
 /** option flag (value) for load-opts-value option */
-#define VALUE_OPT_LOAD_OPTS     0x101A
+#define VALUE_OPT_LOAD_OPTS     0x101B
 #define SET_OPT_SAVE_OPTS(a)   STMTS( \
         DESC(SAVE_OPTS).fOptState &= OPTST_PERSISTENT_MASK; \
         DESC(SAVE_OPTS).fOptState |= OPTST_SET; \

+ 34 - 33
src/tree.c

@@ -245,30 +245,32 @@ check_ip_tree(const int mode, const unsigned long ip)
              "Try a different auto mode (-n router|client|server)",
              get_addr2name4(ip, RESOLVE), ip);
 
+    /* return node type if we found the node, else return the default (mode) */
+    if (node != NULL) {
 #ifdef DEBUG
-    switch (node->type) {
-    case DIR_SERVER:
-        dbgx(1, "DIR_SERVER: %s", get_addr2name4(ip, RESOLVE));
-        break;
-    case DIR_CLIENT:
-        dbgx(1, "DIR_CLIENT: %s", get_addr2name4(ip, RESOLVE));
-        break;
-    case DIR_UNKNOWN:
-        dbgx(1, "DIR_UNKNOWN: %s", get_addr2name4(ip, RESOLVE));
-        break;
-    case DIR_ANY:
-        dbgx(1, "DIR_ANY: %s", get_addr2name4(ip, RESOLVE));
-        break;
-    }
+        switch (node->type) {
+        case DIR_SERVER:
+            dbgx(1, "DIR_SERVER: %s", get_addr2name4(ip, RESOLVE));
+            break;
+        case DIR_CLIENT:
+            dbgx(1, "DIR_CLIENT: %s", get_addr2name4(ip, RESOLVE));
+            break;
+        case DIR_UNKNOWN:
+            dbgx(1, "DIR_UNKNOWN: %s", get_addr2name4(ip, RESOLVE));
+            break;
+        case DIR_ANY:
+            dbgx(1, "DIR_ANY: %s", get_addr2name4(ip, RESOLVE));
+            break;
+        }
 #endif
 
-    /* return node type if we found the node, else return the default (mode) */
-    if (node != NULL) {
         switch (node->type) {
         case DIR_SERVER:
+            safe_free(finder);
             return TCPR_DIR_S2C;
             break;
         case DIR_CLIENT:
+            safe_free(finder);
             return TCPR_DIR_C2S;
             break;
         case DIR_UNKNOWN:
@@ -310,29 +312,28 @@ check_ip6_tree(const int mode, const struct tcpr_in6_addr *addr)
              "Try a different auto mode (-n router|client|server)",
              get_addr2name6(addr, RESOLVE));
 
-#ifdef DEBUG
-    switch (node->type) {
-    case DIR_SERVER:
-        dbgx(1, "DIR_SERVER: %s", get_addr2name6(addr, RESOLVE));
-        break;
-    case DIR_CLIENT:
-        dbgx(1, "DIR_CLIENT: %s", get_addr2name6(addr, RESOLVE));
-        break;
-    case DIR_UNKNOWN:
-        dbgx(1, "DIR_UNKNOWN: %s", get_addr2name6(addr, RESOLVE));
-        break;
-    case DIR_ANY:
-        dbgx(1, "DIR_ANY: %s", get_addr2name6(addr, RESOLVE));
-        break;
-    }
-#endif
-
     /*
      * FIXME: Is this logic correct?  I think this might be backwards :(
      */
 
     /* return node type if we found the node, else return the default (mode) */
     if (node != NULL) {
+#ifdef DEBUG
+        switch (node->type) {
+        case DIR_SERVER:
+            dbgx(1, "DIR_SERVER: %s", get_addr2name6(addr, RESOLVE));
+            break;
+        case DIR_CLIENT:
+            dbgx(1, "DIR_CLIENT: %s", get_addr2name6(addr, RESOLVE));
+            break;
+        case DIR_UNKNOWN:
+            dbgx(1, "DIR_UNKNOWN: %s", get_addr2name6(addr, RESOLVE));
+            break;
+        case DIR_ANY:
+            dbgx(1, "DIR_ANY: %s", get_addr2name6(addr, RESOLVE));
+            break;
+        }
+#endif
         switch (node->type) {
         case DIR_SERVER:
             return TCPR_DIR_C2S;

+ 4 - 2
test/Makefile.am

@@ -109,7 +109,8 @@ standard_bigendian:
 	$(TCPREWRITE) -i test.pcap -o test.rewrite_2ttl --ttl=+58
 	$(TCPREWRITE) -i test.pcap -o test.rewrite_3ttl --ttl=-58
 	$(TCPREWRITE) -i test.pcap -o test.rewrite_mtutrunc --mtu-trunc --mtu=300
-	$(TCPREWRITE) -i test.pcap -o test.rewrite_l7fuzzing --fuzz-seed=42
+	$(TCPREWRITE) -i test.pcap -o test.rewrite_l7fuzzing \
+		--fuzz-seed=42 --fuzz-factor=2
 
 standard_littleendian:
 	$(TCPREWRITE) -i test.pcap -o test2.rewrite_seed -s 55
@@ -148,7 +149,8 @@ standard_littleendian:
 	$(TCPREWRITE) -i test.pcap -o test2.rewrite_2ttl --ttl=+58
 	$(TCPREWRITE) -i test.pcap -o test2.rewrite_3ttl --ttl=-58
 	$(TCPREWRITE) -i test.pcap -o test2.rewrite_mtutrunc --mtu-trunc --mtu=300
-	$(TCPREWRITE) -i test.pcap -o test2.rewrite_l7fuzzing --fuzz-seed=42
+	$(TCPREWRITE) -i test.pcap -o test2.rewrite_l7fuzzing \
+		--fuzz-seed=42 --fuzz-factor=2
 
 tcpprep: auto_router auto_bridge auto_client auto_server auto_first cidr regex \
 	port mac comment print_info print_comment prep_config \

+ 4 - 2
test/Makefile.in

@@ -568,7 +568,8 @@ standard_bigendian:
 	$(TCPREWRITE) -i test.pcap -o test.rewrite_2ttl --ttl=+58
 	$(TCPREWRITE) -i test.pcap -o test.rewrite_3ttl --ttl=-58
 	$(TCPREWRITE) -i test.pcap -o test.rewrite_mtutrunc --mtu-trunc --mtu=300
-	$(TCPREWRITE) -i test.pcap -o test.rewrite_l7fuzzing --fuzz-seed=42
+	$(TCPREWRITE) -i test.pcap -o test.rewrite_l7fuzzing \
+		--fuzz-seed=42 --fuzz-factor=2
 
 standard_littleendian:
 	$(TCPREWRITE) -i test.pcap -o test2.rewrite_seed -s 55
@@ -607,7 +608,8 @@ standard_littleendian:
 	$(TCPREWRITE) -i test.pcap -o test2.rewrite_2ttl --ttl=+58
 	$(TCPREWRITE) -i test.pcap -o test2.rewrite_3ttl --ttl=-58
 	$(TCPREWRITE) -i test.pcap -o test2.rewrite_mtutrunc --mtu-trunc --mtu=300
-	$(TCPREWRITE) -i test.pcap -o test2.rewrite_l7fuzzing --fuzz-seed=42
+	$(TCPREWRITE) -i test.pcap -o test2.rewrite_l7fuzzing \
+		--fuzz-seed=42 --fuzz-factor=2
 
 tcpprep: auto_router auto_bridge auto_client auto_server auto_first cidr regex \
 	port mac comment print_info print_comment prep_config \

BIN
test/test.rewrite_l7fuzzing


BIN
test/test2.rewrite_l7fuzzing