Browse Source

Import upstream version 2.99+3.0.beta6

Aaron Turner 16 years ago
parent
commit
f6a2e4df1d
100 changed files with 48370 additions and 22274 deletions
  1. 0 2
      Docs/.svn/README.txt
  2. 0 5
      Docs/.svn/dir-wcprops
  3. 0 0
      Docs/.svn/empty-file
  4. 0 104
      Docs/.svn/entries
  5. 0 1
      Docs/.svn/format
  6. 0 9
      Docs/.svn/prop-base/CHANGELOG.svn-base
  7. 0 9
      Docs/.svn/prop-base/CREDIT.svn-base
  8. 0 9
      Docs/.svn/prop-base/FAQ.lyx.svn-base
  9. 0 9
      Docs/.svn/prop-base/HACKING.svn-base
  10. 0 9
      Docs/.svn/prop-base/INSTALL.svn-base
  11. 0 9
      Docs/.svn/prop-base/LICENSE.svn-base
  12. 0 9
      Docs/.svn/prop-base/Makefile.svn-base
  13. 0 9
      Docs/.svn/prop-base/TODO.svn-base
  14. 0 5
      Docs/.svn/prop-base/flowheader.fig.svn-base
  15. 0 9
      Docs/.svn/prop-base/flowreplay.lyx.svn-base
  16. 0 9
      Docs/.svn/props/CHANGELOG.svn-work
  17. 0 9
      Docs/.svn/props/CREDIT.svn-work
  18. 0 9
      Docs/.svn/props/FAQ.lyx.svn-work
  19. 0 9
      Docs/.svn/props/HACKING.svn-work
  20. 0 9
      Docs/.svn/props/INSTALL.svn-work
  21. 0 9
      Docs/.svn/props/LICENSE.svn-work
  22. 0 9
      Docs/.svn/props/Makefile.svn-work
  23. 0 9
      Docs/.svn/props/TODO.svn-work
  24. 0 5
      Docs/.svn/props/flowheader.fig.svn-work
  25. 0 9
      Docs/.svn/props/flowreplay.lyx.svn-work
  26. 0 277
      Docs/.svn/text-base/CHANGELOG.svn-base
  27. 0 33
      Docs/.svn/text-base/CREDIT.svn-base
  28. 0 122
      Docs/.svn/text-base/HACKING.svn-base
  29. 0 24
      Docs/.svn/text-base/INSTALL.svn-base
  30. 0 32
      Docs/.svn/text-base/LICENSE.svn-base
  31. 0 40
      Docs/.svn/text-base/Makefile.svn-base
  32. 0 47
      Docs/.svn/text-base/TODO.svn-base
  33. 0 92
      Docs/.svn/text-base/flowheader.fig.svn-base
  34. 0 1125
      Docs/.svn/text-base/flowreplay.lyx.svn-base
  35. 0 5
      Docs/.svn/wcprops/CHANGELOG.svn-work
  36. 0 5
      Docs/.svn/wcprops/CREDIT.svn-work
  37. 0 5
      Docs/.svn/wcprops/FAQ.lyx.svn-work
  38. 0 5
      Docs/.svn/wcprops/HACKING.svn-work
  39. 0 5
      Docs/.svn/wcprops/INSTALL.svn-work
  40. 0 5
      Docs/.svn/wcprops/LICENSE.svn-work
  41. 0 5
      Docs/.svn/wcprops/Makefile.svn-work
  42. 0 5
      Docs/.svn/wcprops/TODO.svn-work
  43. 0 5
      Docs/.svn/wcprops/flowheader.fig.svn-work
  44. 0 5
      Docs/.svn/wcprops/flowreplay.lyx.svn-work
  45. 0 277
      Docs/CHANGELOG
  46. 0 33
      Docs/CREDIT
  47. BIN
      Docs/FAQ.dvi
  48. 0 2277
      Docs/FAQ.lyx
  49. BIN
      Docs/FAQ.pdf
  50. 0 2028
      Docs/FAQ.ps
  51. 0 1355
      Docs/FAQ.tex
  52. 0 1499
      Docs/FAQ.txt
  53. 0 24
      Docs/INSTALL
  54. 0 40
      Docs/Makefile
  55. 0 47
      Docs/TODO
  56. 0 278
      Docs/flowheader.eps
  57. BIN
      Docs/flowreplay.dvi
  58. 0 664
      Docs/flowreplay.html
  59. BIN
      Docs/flowreplay.pdf
  60. 0 1224
      Docs/flowreplay.ps
  61. 0 520
      Docs/flowreplay.tex
  62. 0 498
      Docs/flowreplay.txt
  63. BIN
      Docs/img1.png
  64. 0 664
      Docs/index.html
  65. 56 0
      Makefile.am
  66. 671 131
      Makefile.in
  67. 1 1
      README
  68. 7452 99
      aclocal.m4
  69. 0 152
      capinfo.c
  70. 0 67
      config.h.in
  71. 136 0
      config/compile
  72. 0 0
      config/config.guess
  73. 0 0
      config/config.sub
  74. 526 0
      config/depcomp
  75. 325 0
      config/install-sh
  76. 6290 0
      config/ltmain.sh
  77. 360 0
      config/missing
  78. 150 0
      config/mkinstalldirs
  79. 26307 6493
      configure
  80. 394 193
      configure.in
  81. 0 676
      do_packets.c
  82. 0 42
      do_packets.h
  83. 92 0
      docs/CHANGELOG
  84. 39 0
      docs/CREDIT
  85. 952 0
      docs/FAQ.lyx
  86. BIN
      docs/FAQ.pdf
  87. 30 13
      Docs/HACKING
  88. 38 0
      docs/INSTALL
  89. 2 7
      Docs/LICENSE
  90. 100 0
      docs/Makefile.am
  91. 447 0
      docs/Makefile.in
  92. 119 0
      docs/TODO
  93. 0 0
      docs/flowheader.fig
  94. 1 1
      Docs/flowreplay.lyx
  95. BIN
      docs/flowreplay.pdf
  96. 785 845
      Docs/.svn/text-base/FAQ.lyx.svn-base
  97. 1717 0
      docs/manual.pdf
  98. 690 0
      docs/router-mode1.fig
  99. 690 0
      docs/router-mode2.fig
  100. 0 0
      docs/router-mode3.fig

+ 0 - 2
Docs/.svn/README.txt

@@ -1,2 +0,0 @@
-This is a Subversion working copy administrative directory.
-Visit http://subversion.tigris.org/ for more information.

+ 0 - 5
Docs/.svn/dir-wcprops

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 48
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs
-END

+ 0 - 0
Docs/.svn/empty-file


+ 0 - 104
Docs/.svn/entries

@@ -1,104 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<wc-entries
-   xmlns="svn:">
-<entry
-   committed-rev="767"
-   name=""
-   committed-date="2004-10-06T12:48:49.445445Z"
-   url="https://www.synfin.net:444/svn/tcpreplay/branches/stable/Docs"
-   last-author="aturner"
-   kind="dir"
-   uuid="0192c630-c6e5-0310-95d6-b430f9ea3712"
-   revision="877"/>
-<entry
-   committed-rev="622"
-   name="flowreplay.lyx"
-   text-time="2004-10-26T17:15:35.000000Z"
-   committed-date="2004-03-25T02:31:50.000000Z"
-   checksum="a786d7d9d39dc58eb5444edc98a79cc4"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:35.000000Z"/>
-<entry
-   committed-rev="578"
-   name="LICENSE"
-   text-time="2004-10-26T17:15:35.000000Z"
-   committed-date="2004-01-31T23:42:15.000000Z"
-   checksum="7dbc88d059f05dedbfa01da04edf1254"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:35.000000Z"/>
-<entry
-   committed-rev="753"
-   name="FAQ.lyx"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2004-09-20T21:32:36.000000Z"
-   checksum="5b69933de891d4e94273f89d17d66581"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-<entry
-   committed-rev="479"
-   name="flowheader.fig"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2003-10-24T03:30:25.000000Z"
-   checksum="8e5e0f5a5ef76f6e7b22d912e0a8e2e8"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-<entry
-   committed-rev="767"
-   name="HACKING"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2004-10-06T12:48:49.445445Z"
-   checksum="dbf38d3bfd5808e3a8bb4ca8e50ce87a"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-<entry
-   committed-rev="720"
-   name="TODO"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2004-07-25T23:35:20.000000Z"
-   checksum="cc1965bd0bbd4a23532428611757c82c"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-<entry
-   committed-rev="767"
-   name="INSTALL"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2004-10-06T12:48:49.445445Z"
-   checksum="ade780bbb32233787211dfd888359228"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-<entry
-   committed-rev="1133"
-   name="CHANGELOG"
-   text-time="2005-02-09T01:31:17.000000Z"
-   committed-date="2005-02-09T01:31:16.732097Z"
-   checksum="ef930af2dd1ba2034447acbc50d47b18"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"
-   revision="1133"/>
-<entry
-   committed-rev="767"
-   name="CREDIT"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2004-10-06T12:48:49.445445Z"
-   checksum="0214c3ee73a86b847cf8e43e39481160"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-<entry
-   committed-rev="619"
-   name="Makefile"
-   text-time="2004-10-26T17:15:36.000000Z"
-   committed-date="2004-03-25T00:58:20.000000Z"
-   checksum="849ee017ce47422f81ccb0165f858541"
-   last-author="aturner"
-   kind="file"
-   prop-time="2004-10-26T17:15:36.000000Z"/>
-</wc-entries>

+ 0 - 1
Docs/.svn/format

@@ -1 +0,0 @@
-4

+ 0 - 9
Docs/.svn/prop-base/CHANGELOG.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/prop-base/CREDIT.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/prop-base/FAQ.lyx.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/prop-base/HACKING.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/prop-base/INSTALL.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/prop-base/LICENSE.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/prop-base/Makefile.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/prop-base/TODO.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 5
Docs/.svn/prop-base/flowheader.fig.svn-base

@@ -1,5 +0,0 @@
-K 13
-svn:mime-type
-V 24
-application/octet-stream
-END

+ 0 - 9
Docs/.svn/prop-base/flowreplay.lyx.svn-base

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/props/CHANGELOG.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/props/CREDIT.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/props/FAQ.lyx.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/props/HACKING.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/props/INSTALL.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/props/LICENSE.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/props/Makefile.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 9
Docs/.svn/props/TODO.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 5
Docs/.svn/props/flowheader.fig.svn-work

@@ -1,5 +0,0 @@
-K 13
-svn:mime-type
-V 24
-application/octet-stream
-END

+ 0 - 9
Docs/.svn/props/flowreplay.lyx.svn-work

@@ -1,9 +0,0 @@
-K 12
-svn:keywords
-V 23
-author date id revision
-K 13
-svn:eol-style
-V 6
-native
-END

+ 0 - 277
Docs/.svn/text-base/CHANGELOG.svn-base

@@ -1,277 +0,0 @@
-$Id$
-
-02/09/2005: Version 2.3.3
-    - Fix port rewriting feature on little-endian systems
-    - configure now properly handles --with-libnet and --with-libpcap
-
-11/08/2004: Version 2.3.2
-    - When sending via -1, report which interface the packet will exit
-    - Fix bug when caplen > packet len
-    - Allow rewriting of Layer 2 via -2 for Cisco HDLC (DLT_CHDLC)
-
-09/19/2004: Version 2.3.1
-    - Fix bug with fakepcap.c which appeared on systems using an older
-      version of libpcap (such as Red Hat 9.0)
-    - Don't die when setting STDERR to non-blocking
-
-09/05/2004: Version 2.3.0
-    - Fix longstanding endian bug in cache files on little endian systems
-      (note that this breaks compatibility w/ existing cache files created
-      on little endian systems)
-    - Add support to tcpreplay and tcpprep for DLT_CHDLC (Cisco HDLC)
-    - Clean up validate_l2() and rewrite_l2()
-    - Write a simple perl script to parse net/bpf.h of DLT values
-    - Teach everything the names of all the current DLT values
-    - Detect if libpcap supports pcap_datalink_val_to_description()
-    - Start printing datalink descriptions instead of DLT values
-    - Remove magic numbers from tcpreplay.c
-    - Add a HACKING document
-
-06/21/2004: Version 2.2.2
-    - tcpprep now supports DLT_RAW and DLT_LINUX_SLL
-    - add makefile target for website docs (FAQ.html, FAQ.pdf, CHANGELOG)
-    - Fix some sanity checks in tcpreplay for processing various DLT types
-      in validate_l2()
-    - Fix -x & -X
-    - Merge in patch from Denis which rewrites TCP/UDP ports via -4
-    - Fix rewrite of source MAC address in single interface mode (bug #975848)
-
-05/16/2004: Version 2.2.1
-    - Fix compile issue under RH9
-    - Fix compile issue when not using --with-debug
-
-05/15/2004: Version 2.2.0
-    - Fix pseudo-NAT (not evaluating all rules and an infinate loop)
-    - Start using strtok_r() in any function to prevent future bugs
-    - Minor updates to tcpprep.1 & tcpreplay.8 man pages
-    - Re-org some functions into different files for better modularity
-    - Clean up of some of the cache comment code
-    - flowreplay man page moved to section 1
-    - Update tcpprep and tcpreplay man pages and the FAQ
-    - Improve documentation regarding pseudo-NAT feature
-    - Fix one output mode which treated all packets as primary
-    - Add endpoint mode (-e) which rewrites all traffic between two IP's
-    - Fix rewrite of IP addresses in ARP requests & replies w/ pseudo-NAT
-    - Fix CIDR matching of 0.0.0.0/0 (all packets) which matched only 
-      255.255.255.255
-    - All CIDR notation now accepts IP addresses w/o requiring /32
-    - non-debug mode now uses -O3 -funroll-loops for better performance
-
-05/01/2004: Version 2.1.1
-    - Fix ntohll/htonll compile error on big endian systems
-
-04/23/2004: Version 2.1.0
-    - Add support for per output interface/file NAT tables 
-    - Add support for using dual output features w/ a single output
-    - Add support to tcpprep for splitting via destination port
-    - Now fully 64bit when tracking number of packets
-    - Fix a bug where sometimes the last few packets are not sent when using
-      a tcpprep cache file
-    - Some code refactorization/cleanup
-    - tcpprep cache files now support user comments
-    - Fix bug where regex optimization was turned always turned off
-
-03/24/2004: Version 2.0.3
-    - Add support for rewriting src mac & Linux SLL loopback frames
-    - Update FAQ
-
-02/25/2004: Version 2.0.2
-    - Fix compile issue in edit_packet.c on strict aligned archs
-
-02/03/2004: Version 2.0.1
-    - Re-organize FAQ and add more content
-    - Add support for "pseudo NAT" (-N) for ARP and IPv4
-    - Code optimization to only run the checksum fixer once per packet
-    - Clean up help (-h) a little
-
-02/01/2004: Version 2.0.0
-    - Remove libpcapnav requirement
-    - Now support libpcapnav >= 0.4
-    - Add -1 to replay one packet at a time (user must hit <ENTER>)
-    - Add tcpdump packet parsing to print packets as sent (-v)
-    - Place flowreplay manpage in correct location
-    - More FAQ updates
-    - Rename 1.5.x as 2.0
-    - Fix/standardize all licensing info.  Still BSD of course.
-    - -T now forces -F
-    - tcpprep now actually accepts -n (client|server)
-    - Update the INSTALL doc
-    - Remove the Docs/README... the FAQ has replaced it.
-
-12/10/2003: Version 1.5.alpha6
-    - Add BPF filter support to tcpprep and tcpreplay (-x F:"filter")
-    - Update the FAQ
-    - Add two new auto modes to tcpprep (client and server)
-    - Make clean no longer wipes out the compiled documentation in Docs
-    - Add support for replaying live traffic
-    - Add bridge mode
-    - Add -L to limit the total number of packets to send
-
-11/03/2003: Version 1.5.alpha5
-    - Add -T to truncate packets > MTU so they can be sent
-    - Now fixes ICMP checksums as appropriate
-    - Updated FAQ
-    - Updated flowreplay design doc
-    - Merge packetrate code from 1.4.5
-    - Fix compile issues under Libnet 1.1.1
-    - --with-debug now enables debuging during 'make test'
-    - Fix various Solaris compatibility bugs
-    - Add data dump mode which dumps layer 7 data to the file (-D)
-    - Now requires libpcapnav
-    - Allow to jump X bytes into the pcap and start replaying packets (-o)
-    - Can now split traffic/data into files (-w & -W)
-
-07/16/2003: Version 1.5.alpha4
-    - Split do_packets.c & do_packets() -> edit_packet.c & rewrite_l2()
-    - Don't die when packet > MTU, just skip
-    - Fix a ptr bug in do_packets() w/ the ethernet header
-    - Merge Ctrl-C fix from 1.4.4 for libnet_adv_write_link() 
-        in do_packets.c
-    - Rewrite flowreplay design document
-    - Fix an integer overflow in packet_stats() in tcpreplay.c
-    - tcpreplay's -2 now accepts a hex string rather then a filename
-    - tcpreplay now can output to a file (-w <file>)
-    - fix bug in checksum fixer
-    - Add support for files > 2GB
-
-06/06/2003: Version 1.5.alpha3
-    - Add support for Linux Cooked Sockets (SLL) format rewriting
-    - Added a flowreplay design doc in Docs/
-    - A lot more work on flowreplay
-    - Start work on read-ahead buffering of packets in flowreplay        
-    - Add support for specifying MTU.
-    - Update tcpreplay man page
-    - Fix compile of do_packets() under OpenBSD
-    - configure now checks for libpcap >= 0.6 (required for SLL)
-
-
-05/29/2003: Version 1.5.alpha2
-    - Add -F to force checksum fixing
-    - Fix packet corruption when not using -2
-    - Improve timerdiv() code
-    - Port from libredblack to OpenBSD RB_*
-    - Add flowreplay application
-    - Fix a bunch of compiler warnings about miss-matched sign
-    - IP & layer 4 checksums now work when IP options exist (tcpreplay)
-    - Updated FAQ
-    - Fix spec file
-
-05/07/2003: Version 1.5.alpha1
-    - Add layer2 rewriting
-
-05/07/2002: Branch 1.4.x tree
-
-05/04/2003: Version 1.4.beta5
-    - Fixed a one-off bug when replaying tcpprep cache files
-    - Fixed a small reporting bug in tcpprep
-
-05/02/2003: Version 1.4.beta4
-    - significantly improved timing accuracy between packets
-    - fix bug with writing only about 1/2 of cache data which caused
-        tcpreplay to bitch
-    - updated 'make test' standard cache files
-    - improved alignment of cache header (20bytes vs 17bytes)
-
-04/30/2003: Version 1.4.beta3
-    - Specifying a list of packets to include/exclude now works (-x/X P:)
-    - Minor code cleanups (better error messages, etc)
-    - Add -p option to pause a given number of sec/usec between each packet
-    - Ported tcpprep to libpcap
-    - Increase final report resolution to two sig digits
-    - Switch to err.h that we ship rather then system provided err.h
-    - Don't reset timer each time we open a file for reading
-    - fix --mandir option for ./configure
-    - fix SIGSEGV in tcpprep
-    - Add SIGUSR1 and SIGCONT signal support to tcpreplay
-    - Updated tcpreplay man pages
-    - Remove need for math.h/libm
-
-01/07/2003: Version 1.4.beta2
-    - Major updates to configure script
-    - Remove unneeded memcpy() for non-strict aligned architectures
-        for added performance boost
-    - Switch to libpcap for reading packets
-    - Fix portability issues with tcpprep cache files
-
-12/23/2002: Version 1.4.beta1
-    - Remove libnet 1.0 support
-    - Start a quality FAQ for all programs
-    - Add support for detecting libpcap in autoconf
-    - Add pcapmerge to makefile and port to non-BSD OS's
-    - Write pcapmerge manpage
-    - Variety of small configure/makefile improvements
-
-12/13/2002: Version 1.3.0
-    - Re-release 1.3.beta6 as 1.3.0
-
-11/22/2002: Version 1.3.beta6
-    - Improve cross platform compatibility of test subsystem
-    - Fix bug in Makefile which caused possible failures of clean/distclean
-    - Fix bug with CCFLAGS when using --with-debug
-    - Fix bug with -x/-X which would drop/send all packets in certain 
-        conditions
-    - Update libredblack to 1.2 (latest)
-    - Add support for OSX
-    - Add --with-testnic and --with-testnic2 to allow end user to specify
-        specific network cards to be used for 'make test'
-    - Fixes SIGBUS errors on SPARC
-
-11/08/2002: Version 1.3-beta5
-    - Add testing subsystem
-    - Fix segfault when we don't send a packet
-    - Improve debug output support in dbg()
-
-10/21/2002: Version 1.3-beta4
-    - Updated tcpprep man page with -x and -X options
-    - Now supports (again) the include/exclude options in the config file
-    - Fixed -x|-X sanity check in tcpprep/tcpreplay
-
-10/13/2002: Version 1.3-beta3
-    - Fix compile of list.c under FreeBSD 4.7 and others
-    - Add -x|-X to tcpprep
-    - Modify cache file format to be 2 bits/packet to allow caching of
-        -x|-X args (dropping packets)
-    - Modularize some more code
-
-10/08/2002: Version 1.3-beta2
-    - Fix ./configure bug w/ INET_ATON and INET_ADDR
-    - Add support for filtering packets to send based on
-        IP address or packet number (-x & -X)
-    - Move a lot of code from tcpreplay.c to do_packets.c
-    - Update tcpreplay man page
-
-10/03/2002: Version 1.3-beta1
-    - Add support for randomizing IP addresses (-s)
-    - Update tcpreplay man page
-    - Fix problem with checksums after untruncate
-
-08/21/2002: Version 1.2a
-    - Fix compile bug in tree.c w/ libnet 1.1
-    - Sync tcpprep version to tcpreplay
-
-08/19/2002: Version 1.2
-    - Configuration files specified via -f
-    - Now requires a recent version of AutoConf (2.53)
-    - Added support for Libnet 1.1.x (requires beta8 or better)
-    - Added -V switch to print version info (tcpprep & tcpreplay)
-    - Added CIDR dual-nic support to tcpreplay. 
-    - Fix for -I in tcpreplay when only using a single NIC.
-    - Remove requirement for libpcap in tcpprep.  We're now
-        100% libpcap independant.
-    - tcpprep now supports snoop files.
-    - Added -u flag to untruncate IP packets (pad/trunc)
-    - Fixed --with-debug configure option
-    - Added RPM .spec file
-    - Added -M flag to ignore martian IP packets
-    - Now auto-detects snoop/pcap files.  Remove -S flag from tcpprep and
-        tcpreplay
-    - tcpprep now detects servers via ICMP port unreachable
-    - Improve usefulness of -h
-    - Rename -I to -v in tcpprep
-
-06/17/2002: Version 1.1
-    - Major rewrite
-    - Support multiple nics
-    - Better control over packet rates
-    - Added support for snoop capture files
-    - Includes tcpprep and capinfo commands

+ 0 - 33
Docs/.svn/text-base/CREDIT.svn-base

@@ -1,33 +0,0 @@
-$Id$ 
-
-Here's a list of people in no particular order who have kindly submitted
-patches or code snippets for me to use in tcpreplay.
-
-Branden Moore <bmoore-at-cse.nd.edu>
-	- Patch to pad truncated packets
-	- Patch to allow specifying a destination MAC w/ only a single NIC
-
-Scott Mace <smace@intt.org>
-	- Patch for tcpreplay to support CIDR mode
-	- Patch for ignoring martian IP packets 
-
-Jeffrey Guttenfelder <guttenfelder@sourceforge.net>
-        - Code for pausing/restarting tcpreplay via signals.
-
-John Carlson
-        - Patch for improved timerdiv() accuracy
-
-Frey Kuo <kero@3sheep.com>
-        - Patch to replace pause option with packets/sec
-
-Seth Robertson (seth at sysd dot com)
-        - Patch to allow replaying of live traffic
-
-Nick Mathewson <nickm@freehaven.net>
-	- Kindly giving me his BSD licensed implimentation of poll()
-	  using select() so I don't have to worry about cross platform
-	  issues.
-          
-Denis McLaughlin <denism@cyberus.ca>
-        - Patch to allow TCP/UDP port translation
-

+ 0 - 122
Docs/.svn/text-base/HACKING.svn-base

@@ -1,122 +0,0 @@
-$Id$
-
-                          Guide to Hacking Tcpreplay
-
-[Note: Pay attention to the last update date at the top of this file.  If it
-was significantly long ago, this document may be out of date.]
-
-0. Contributing Code
-
-If you contribute code the following will happen:
-    a) You will be given credit in the CREDITS file
-    b) Your code will be licensed under the same license as that of tcpreplay
-    c) You will be assigning your copyright to me
-
-I do this for a simple reason: keep things simple for me.
-
-1. Introduction
-
-If you're reading this to find out how to add a new feature or fix a bug in
-tcpreplay or tcpprep, then you've come to the right place.  This isn't the
-place to find answers regarding how to use tcpreplay, the meaning of life,
-etc.
-
-2. File Layout
-
-The file layout is pretty simple:
-
-/       - Code, header files, autoconf stuff
-/Docs   - Where to find documentation
-/test   - Test scripts and stuff which is used during 'make test'
-/man    - Unix man pages which get copied to $MANPATH
-
-3. Adding support for additional DLTs (Data Link Types)
-
-There are a number of files/functions that need to be touched to add support
-for a new DLT to tcpreplay and tcpprep.  Note that for a patch to be
-accepted, BOTH tcpreplay and tcpprep need to be updated to support the new
-DLT.
-
-3a) dlt.h
-Two things need to be added here:
-    - A structure defining the header
-    - A #define for the length of the header
-
-    example for DLT_CHDLC (Cisco HDLC):
-    
-/* Cisco HDLC has a simple 32 bit header */
-#define CISCO_HDLC_LEN 4
-struct cisco_hdlc_header {
-    u_int16_t address;
-    u_int16_t protocol;
-}
-
-3b) tcpreplay.c
-You will need to edit validate_l2() to process the DLT type as defined by
-pcap-bpf.h which is included with libpcap.  The key here is that tcpreplay
-needs to be able to generate a valid 802.3 ethernet frame.  Basically
-validate_l2() has to make sure that between the existing Layer 2 header (if
-any) and the user supplied arguments (-2, -I, -J, -K and -k) that enough
-information is available.  Generally this means one of:
-    - The DLT already has a valid header
-    - User specified their own complete header via -2
-    - The existing header + user specified MAC addresses are enough
-
-validate_l2() also calcuates the 'maxpacket' which is the maximum size of a
-packet that we can send out of the interface.  Generally this is the length
-of the Layer 2 header + MTU.  You shouldn't need to change anything here.
-
-3c) edit_packet.c
-Next, you'll have to edit rewrite_l2() to add support for rewriting the
-Layer 2 header from your DLT to a standard 802.3 header.  Note that
-do_packets.c will automatically fill out the source/destination MAC address
-if the appropriate flag is used (-I, -J, -K and -k) so there is no need to
-copy those values over here.
-
-3d) tcpprep.c
-Look at process_raw_packets().  Should be painfully obvious what do do here.
-
-3e) dlt_names.h
-Look in dlt_names.h and make sure your DLT type is listed here.  Note that
-this file is generated by scripts/dlt2name.pl.  If it's not listed here,
-your best bet is to edit scripts/dlt2name.pl and list it in the %known hash
-and then run:
-    make dlt_names
-
-Note that editing dlt_names.h is NOT going to work, since it will get 
-overwritten the next time it is regenerated.
-
-4. Hacking tcprewrite
-
-tcprewrite order of execution:
-
-Figure out if input file's DLT is supported
-
-foreach (packet) {
-	Update packet timestamp based on modifier
-	
-	Decide packet path via cache or CIDR lookup
-	
-	if (a Layer 2 header is specified) {
-	    if (existing Layer 2 header) {
-	        strip existing Layer 2 header
-	    }
-	    prepend specified Layer 2 header
-	}
-	
-	if (primary path or single path) {
-	    re-write MAC addresses
-	    re-write IP addresses
-	    re-write Ports
-	} else if (secondary path) {
-	    re-write MAC addresses
-	    re-write IP addresses
-	    re-write Ports
-	}
-	
-	pad or truncate packet
-	
-	fix checksums
-	
-	write packet to outfile
-}

+ 0 - 24
Docs/.svn/text-base/INSTALL.svn-base

@@ -1,24 +0,0 @@
-$Id$
-
-You'll need:
-
-- libnet 1.1.x (1.1.1 or greater is recommended)
-http://www.packetfactory.net/Projects/libnet/
-
-- libpcap >= 0.6 (0.7 or greater is recommended)
-http://www.tcpdump.org/
-
-- libpcapnav >= 0.4 (Optional. If you want the jump to byte offset feature)
-http://netdude.sf.net/
-
-- tcpdump (Also optional. If you want packet decoding of sent packets)
-http://www.tcpdump.org/
-
-Run:
-./configure ; make
-
-Run as root:
-make test -i    (optional)
-make install
-
-For more detailed information, see the FAQ.

+ 0 - 32
Docs/.svn/text-base/LICENSE.svn-base

@@ -1,32 +0,0 @@
-Copyright (c) 2001-2004 Aaron Turner, Matt Bing.  All rights reserved.
-
-Some portions of code are:
-Copyright(c) 1999 Anzen Computing. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. Neither the names of the copyright owners nor the names of its
-   contributors may be used to endorse or promote products derived from
-   this software without specific prior written permission.
-4. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-       This product includes software developed by Anzen Computing, Inc.
-
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
-WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+ 0 - 40
Docs/.svn/text-base/Makefile.svn-base

@@ -1,40 +0,0 @@
-MAKEFLAGS=-s
-
-all: images pdf txt ps rmtemp html
-
-images:
-	fig2dev -L eps flowheader.fig flowheader.eps
-
-tex: images
-	lyx -e latex FAQ.lyx
-	lyx -e latex flowreplay.lyx
-
-dvi: tex 
-	texi2dvi FAQ.tex
-	texi2dvi flowreplay.tex
-
-html: tex 
-	latex2html -nonavigation -no_subdir -split 0 -show_section_numbers FAQ.tex
-	latex2html -nonavigation -no_subdir -split 0 -show_section_numbers flowreplay.tex
-
-
-pdf: dvi
-	dvipdfm FAQ.dvi
-	dvipdfm flowreplay.dvi
-
-txt:
-	lyx -e text FAQ.lyx
-	lyx -e text flowreplay.lyx
-
-ps: dvi
-	dvips -o FAQ.ps FAQ.dvi
-	dvips -o flowreplay.ps flowreplay.dvi
-
-rmtemp:
-	rm -f labels.pl *.log *.toc WARNINGS *.aux index.html 
-
-clean: rmtemp
-	rm -f *~
-
-distclean: rmtemp clean
-	rm -f *.html *.pdf *.txt *.ps *.dvi *.tex  *.css images.pl img1.png *.eps

+ 0 - 47
Docs/.svn/text-base/TODO.svn-base

@@ -1,47 +0,0 @@
-This is a general list of things which should/could/may be done.
-If any of these features interest you let me know- especially if you're
-willing and able to help code it.
-
-- Look at VLAN packets
-    - others non-vanilla types?
-    - Add tags?  Remove tags?  Change tags?
-
-- Add support for setting the ethernet protocol field so we can use
-    -I, -K to fill out an entire ethernet header w/o using -2
-
-- Add a secondary interface full layer two rewrite option
-
-- Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
-
-- Add support for more linktypes (Prism Monitor, 802.11, etc)
-    - Make it easier for others to add support for others
-
-- Rip out packet munger from tcpreplay and put it into another tool so
-  that tcpreplay can be more optimized
-    - perhaps use libnetdude?
-    - make into a library?
-    - definately put it into a seperate binary
-
-- Improve config file format
-  - better variable names
-  - use "var: value" format
-  - have tcpreplay, tcpprep, tcprewrite sections
-
-- Add support for dual-nic send on one intf, wait for packet, send next.
-  would be really useful for testing the effectiveness of how well an IPS
-  detects and blocks attacks.
-
-- Support fragrouter like features 
-    - basic IP fragmenation
-    - TCP fudging 
-    - then more advanced stuff
-
-- Support connection tracking and generating 3way handshake for connections
-  missing them.
-
-- Bump Syn/Ack numbers by a random or given value so that running 
-  the same pcap will behave as different streams.
-
-- Improve flowreplay so it actually works
-
-- IPv6 support?

+ 0 - 92
Docs/.svn/text-base/flowheader.fig.svn-base

@@ -1,92 +0,0 @@
-#FIG 3.2
-Landscape
-Center
-Inches
-Letter  
-100.00
-Single
--2
-1200 2
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 6000 3150 6000 3450
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 6000 3450 6000 3750
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 2850 8400 2850
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 3150 8400 3150
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 3450 8400 3450
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 3750 8400 3750
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 3600 2550 8400 2550 8400 4350 3600 4350 3600 2550
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 7200 3150 7200 3450
-2 1 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 2
-	 3600 4050 8400 4050
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 3600 4950 8400 4950 8400 5250 3600 5250 3600 4950
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 4800 5250 4800 5550
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 5550 8400 5550
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 3600 5250 8400 5250 8400 6150 3600 6150 3600 5250
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 3600 1350 8400 1350 8400 1950 3600 1950 3600 1350
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 1650 8400 1650
-2 2 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 5
-	 3600 6750 8400 6750 8400 7950 3600 7950 3600 6750
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 3600 6150 8400 6150 8400 6750 3600 6750 3600 6150
-2 1 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 2
-	 3600 6450 8400 6450
-2 1 2 1 0 7 50 0 -1 3.000 0 0 -1 0 0 2
-	 3600 5850 8400 5850
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 3600 450 8400 450
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 3600 150 8400 150 8400 750 3600 750 3600 150
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 4800 150 4800 450
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 6000 150 6000 450
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 7200 150 7200 450
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 6000 5250 6000 5550
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 6000 1650 6000 1950
-4 0 0 50 0 0 12 0.0000 4 135 840 4350 3375 IP Protocol\001
-4 0 0 50 0 0 12 0.0000 4 180 1380 5250 2775 Client (Source) IP\001
-4 0 0 50 0 0 12 0.0000 4 180 1785 5100 3075 Server (Destination) IP\001
-4 0 0 50 0 0 12 0.0000 4 180 1725 3900 3675 Client Port/ICMP Type\001
-4 0 0 50 0 0 12 0.0000 4 135 1785 6375 3675 Server Port/ICMP Code\001
-4 0 0 50 0 0 12 0.0000 4 180 420 6375 3375 Flags\001
-4 0 0 50 0 0 12 0.0000 4 135 660 7350 3375 Instance\001
-4 0 0 50 0 0 12 0.0000 4 180 1260 8625 5100 Flag 1: Direction\001
-4 0 0 50 0 0 12 0.0000 4 180 1365 8625 2775 Flag 1: Last Index\001
-4 0 0 50 0 0 12 0.0000 4 180 1035 8625 3000 Flag 2: Ignore\001
-4 0 0 50 0 0 12 0.0000 4 180 1620 8625 3225 Flag 3: Server Socket\001
-4 0 0 50 0 0 12 0.0000 4 180 1035 8625 5325 Flag 2: Ignore\001
-4 0 0 50 0 0 12 0.0000 4 180 2100 4950 5175 Data Length of This Stream\001
-4 0 0 50 0 0 12 0.0000 4 180 420 3675 5475 Flags\001
-4 0 0 50 0 0 12 0.0000 4 135 2100 4875 3975 Offset to First Data Stream\001
-4 0 0 50 0 0 12 0.0000 4 180 2040 8625 5775 Flag 4: Urgent Data Exists\001
-4 0 0 50 0 0 12 0.0000 4 180 1125 5400 1575 Magic Number\001
-4 0 0 50 0 0 12 0.0000 4 135 960 5475 7350 Data Stream\001
-4 0 0 50 0 0 12 0.0000 4 180 2235 4950 6375 Offset to Next Data Segment\001
-4 0 0 50 0 0 12 0.0000 4 135 915 5475 675 32 Bit Word\001
-4 0 0 50 0 0 12 0.0000 4 135 450 3975 375 8 Bits\001
-4 0 0 50 0 0 12 0.0000 4 180 705 5100 5475 Urg Data\001
-4 0 0 50 0 0 12 0.0000 4 135 720 6825 5475 Reserved\001
-4 0 0 50 0 0 12 0.0000 4 180 840 5625 5775 Timestamp\001
-4 0 0 50 0 0 12 0.0000 4 135 945 5475 6675 In This Flow\001
-4 0 0 50 0 0 12 0.0000 4 180 1305 5325 2475 Flow Index Entry\001
-4 0 0 50 0 0 12 0.0000 4 135 1560 5250 4875 Data Stream Header\001
-4 0 0 50 0 0 12 0.0000 4 180 1635 5250 1275 Flowprep File Header\001
-4 0 0 50 0 0 12 0.0000 4 180 2055 8625 5550 Flag 3: More Data Streams\001
-4 0 0 50 0 0 12 0.0000 4 135 720 6900 1875 Reserved\001
-4 0 0 50 0 0 12 0.0000 4 135 600 4575 1875 Version\001

File diff suppressed because it is too large
+ 0 - 1125
Docs/.svn/text-base/flowreplay.lyx.svn-base


+ 0 - 5
Docs/.svn/wcprops/CHANGELOG.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 59
-/svn/!svn/ver/1133/tcpreplay/branches/stable/Docs/CHANGELOG
-END

+ 0 - 5
Docs/.svn/wcprops/CREDIT.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 55
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/CREDIT
-END

+ 0 - 5
Docs/.svn/wcprops/FAQ.lyx.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 56
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/FAQ.lyx
-END

+ 0 - 5
Docs/.svn/wcprops/HACKING.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 56
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/HACKING
-END

+ 0 - 5
Docs/.svn/wcprops/INSTALL.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 56
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/INSTALL
-END

+ 0 - 5
Docs/.svn/wcprops/LICENSE.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 56
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/LICENSE
-END

+ 0 - 5
Docs/.svn/wcprops/Makefile.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 57
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/Makefile
-END

+ 0 - 5
Docs/.svn/wcprops/TODO.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 53
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/TODO
-END

+ 0 - 5
Docs/.svn/wcprops/flowheader.fig.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 63
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/flowheader.fig
-END

+ 0 - 5
Docs/.svn/wcprops/flowreplay.lyx.svn-work

@@ -1,5 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 63
-/svn/!svn/ver/769/tcpreplay/branches/stable/Docs/flowreplay.lyx
-END

+ 0 - 277
Docs/CHANGELOG

@@ -1,277 +0,0 @@
-$Id: CHANGELOG 1133 2005-02-09 01:31:16Z aturner $
-
-02/09/2005: Version 2.3.3
-    - Fix port rewriting feature on little-endian systems
-    - configure now properly handles --with-libnet and --with-libpcap
-
-11/08/2004: Version 2.3.2
-    - When sending via -1, report which interface the packet will exit
-    - Fix bug when caplen > packet len
-    - Allow rewriting of Layer 2 via -2 for Cisco HDLC (DLT_CHDLC)
-
-09/19/2004: Version 2.3.1
-    - Fix bug with fakepcap.c which appeared on systems using an older
-      version of libpcap (such as Red Hat 9.0)
-    - Don't die when setting STDERR to non-blocking
-
-09/05/2004: Version 2.3.0
-    - Fix longstanding endian bug in cache files on little endian systems
-      (note that this breaks compatibility w/ existing cache files created
-      on little endian systems)
-    - Add support to tcpreplay and tcpprep for DLT_CHDLC (Cisco HDLC)
-    - Clean up validate_l2() and rewrite_l2()
-    - Write a simple perl script to parse net/bpf.h of DLT values
-    - Teach everything the names of all the current DLT values
-    - Detect if libpcap supports pcap_datalink_val_to_description()
-    - Start printing datalink descriptions instead of DLT values
-    - Remove magic numbers from tcpreplay.c
-    - Add a HACKING document
-
-06/21/2004: Version 2.2.2
-    - tcpprep now supports DLT_RAW and DLT_LINUX_SLL
-    - add makefile target for website docs (FAQ.html, FAQ.pdf, CHANGELOG)
-    - Fix some sanity checks in tcpreplay for processing various DLT types
-      in validate_l2()
-    - Fix -x & -X
-    - Merge in patch from Denis which rewrites TCP/UDP ports via -4
-    - Fix rewrite of source MAC address in single interface mode (bug #975848)
-
-05/16/2004: Version 2.2.1
-    - Fix compile issue under RH9
-    - Fix compile issue when not using --with-debug
-
-05/15/2004: Version 2.2.0
-    - Fix pseudo-NAT (not evaluating all rules and an infinate loop)
-    - Start using strtok_r() in any function to prevent future bugs
-    - Minor updates to tcpprep.1 & tcpreplay.8 man pages
-    - Re-org some functions into different files for better modularity
-    - Clean up of some of the cache comment code
-    - flowreplay man page moved to section 1
-    - Update tcpprep and tcpreplay man pages and the FAQ
-    - Improve documentation regarding pseudo-NAT feature
-    - Fix one output mode which treated all packets as primary
-    - Add endpoint mode (-e) which rewrites all traffic between two IP's
-    - Fix rewrite of IP addresses in ARP requests & replies w/ pseudo-NAT
-    - Fix CIDR matching of 0.0.0.0/0 (all packets) which matched only 
-      255.255.255.255
-    - All CIDR notation now accepts IP addresses w/o requiring /32
-    - non-debug mode now uses -O3 -funroll-loops for better performance
-
-05/01/2004: Version 2.1.1
-    - Fix ntohll/htonll compile error on big endian systems
-
-04/23/2004: Version 2.1.0
-    - Add support for per output interface/file NAT tables 
-    - Add support for using dual output features w/ a single output
-    - Add support to tcpprep for splitting via destination port
-    - Now fully 64bit when tracking number of packets
-    - Fix a bug where sometimes the last few packets are not sent when using
-      a tcpprep cache file
-    - Some code refactorization/cleanup
-    - tcpprep cache files now support user comments
-    - Fix bug where regex optimization was turned always turned off
-
-03/24/2004: Version 2.0.3
-    - Add support for rewriting src mac & Linux SLL loopback frames
-    - Update FAQ
-
-02/25/2004: Version 2.0.2
-    - Fix compile issue in edit_packet.c on strict aligned archs
-
-02/03/2004: Version 2.0.1
-    - Re-organize FAQ and add more content
-    - Add support for "pseudo NAT" (-N) for ARP and IPv4
-    - Code optimization to only run the checksum fixer once per packet
-    - Clean up help (-h) a little
-
-02/01/2004: Version 2.0.0
-    - Remove libpcapnav requirement
-    - Now support libpcapnav >= 0.4
-    - Add -1 to replay one packet at a time (user must hit <ENTER>)
-    - Add tcpdump packet parsing to print packets as sent (-v)
-    - Place flowreplay manpage in correct location
-    - More FAQ updates
-    - Rename 1.5.x as 2.0
-    - Fix/standardize all licensing info.  Still BSD of course.
-    - -T now forces -F
-    - tcpprep now actually accepts -n (client|server)
-    - Update the INSTALL doc
-    - Remove the Docs/README... the FAQ has replaced it.
-
-12/10/2003: Version 1.5.alpha6
-    - Add BPF filter support to tcpprep and tcpreplay (-x F:"filter")
-    - Update the FAQ
-    - Add two new auto modes to tcpprep (client and server)
-    - Make clean no longer wipes out the compiled documentation in Docs
-    - Add support for replaying live traffic
-    - Add bridge mode
-    - Add -L to limit the total number of packets to send
-
-11/03/2003: Version 1.5.alpha5
-    - Add -T to truncate packets > MTU so they can be sent
-    - Now fixes ICMP checksums as appropriate
-    - Updated FAQ
-    - Updated flowreplay design doc
-    - Merge packetrate code from 1.4.5
-    - Fix compile issues under Libnet 1.1.1
-    - --with-debug now enables debuging during 'make test'
-    - Fix various Solaris compatibility bugs
-    - Add data dump mode which dumps layer 7 data to the file (-D)
-    - Now requires libpcapnav
-    - Allow to jump X bytes into the pcap and start replaying packets (-o)
-    - Can now split traffic/data into files (-w & -W)
-
-07/16/2003: Version 1.5.alpha4
-    - Split do_packets.c & do_packets() -> edit_packet.c & rewrite_l2()
-    - Don't die when packet > MTU, just skip
-    - Fix a ptr bug in do_packets() w/ the ethernet header
-    - Merge Ctrl-C fix from 1.4.4 for libnet_adv_write_link() 
-        in do_packets.c
-    - Rewrite flowreplay design document
-    - Fix an integer overflow in packet_stats() in tcpreplay.c
-    - tcpreplay's -2 now accepts a hex string rather then a filename
-    - tcpreplay now can output to a file (-w <file>)
-    - fix bug in checksum fixer
-    - Add support for files > 2GB
-
-06/06/2003: Version 1.5.alpha3
-    - Add support for Linux Cooked Sockets (SLL) format rewriting
-    - Added a flowreplay design doc in Docs/
-    - A lot more work on flowreplay
-    - Start work on read-ahead buffering of packets in flowreplay        
-    - Add support for specifying MTU.
-    - Update tcpreplay man page
-    - Fix compile of do_packets() under OpenBSD
-    - configure now checks for libpcap >= 0.6 (required for SLL)
-
-
-05/29/2003: Version 1.5.alpha2
-    - Add -F to force checksum fixing
-    - Fix packet corruption when not using -2
-    - Improve timerdiv() code
-    - Port from libredblack to OpenBSD RB_*
-    - Add flowreplay application
-    - Fix a bunch of compiler warnings about miss-matched sign
-    - IP & layer 4 checksums now work when IP options exist (tcpreplay)
-    - Updated FAQ
-    - Fix spec file
-
-05/07/2003: Version 1.5.alpha1
-    - Add layer2 rewriting
-
-05/07/2002: Branch 1.4.x tree
-
-05/04/2003: Version 1.4.beta5
-    - Fixed a one-off bug when replaying tcpprep cache files
-    - Fixed a small reporting bug in tcpprep
-
-05/02/2003: Version 1.4.beta4
-    - significantly improved timing accuracy between packets
-    - fix bug with writing only about 1/2 of cache data which caused
-        tcpreplay to bitch
-    - updated 'make test' standard cache files
-    - improved alignment of cache header (20bytes vs 17bytes)
-
-04/30/2003: Version 1.4.beta3
-    - Specifying a list of packets to include/exclude now works (-x/X P:)
-    - Minor code cleanups (better error messages, etc)
-    - Add -p option to pause a given number of sec/usec between each packet
-    - Ported tcpprep to libpcap
-    - Increase final report resolution to two sig digits
-    - Switch to err.h that we ship rather then system provided err.h
-    - Don't reset timer each time we open a file for reading
-    - fix --mandir option for ./configure
-    - fix SIGSEGV in tcpprep
-    - Add SIGUSR1 and SIGCONT signal support to tcpreplay
-    - Updated tcpreplay man pages
-    - Remove need for math.h/libm
-
-01/07/2003: Version 1.4.beta2
-    - Major updates to configure script
-    - Remove unneeded memcpy() for non-strict aligned architectures
-        for added performance boost
-    - Switch to libpcap for reading packets
-    - Fix portability issues with tcpprep cache files
-
-12/23/2002: Version 1.4.beta1
-    - Remove libnet 1.0 support
-    - Start a quality FAQ for all programs
-    - Add support for detecting libpcap in autoconf
-    - Add pcapmerge to makefile and port to non-BSD OS's
-    - Write pcapmerge manpage
-    - Variety of small configure/makefile improvements
-
-12/13/2002: Version 1.3.0
-    - Re-release 1.3.beta6 as 1.3.0
-
-11/22/2002: Version 1.3.beta6
-    - Improve cross platform compatibility of test subsystem
-    - Fix bug in Makefile which caused possible failures of clean/distclean
-    - Fix bug with CCFLAGS when using --with-debug
-    - Fix bug with -x/-X which would drop/send all packets in certain 
-        conditions
-    - Update libredblack to 1.2 (latest)
-    - Add support for OSX
-    - Add --with-testnic and --with-testnic2 to allow end user to specify
-        specific network cards to be used for 'make test'
-    - Fixes SIGBUS errors on SPARC
-
-11/08/2002: Version 1.3-beta5
-    - Add testing subsystem
-    - Fix segfault when we don't send a packet
-    - Improve debug output support in dbg()
-
-10/21/2002: Version 1.3-beta4
-    - Updated tcpprep man page with -x and -X options
-    - Now supports (again) the include/exclude options in the config file
-    - Fixed -x|-X sanity check in tcpprep/tcpreplay
-
-10/13/2002: Version 1.3-beta3
-    - Fix compile of list.c under FreeBSD 4.7 and others
-    - Add -x|-X to tcpprep
-    - Modify cache file format to be 2 bits/packet to allow caching of
-        -x|-X args (dropping packets)
-    - Modularize some more code
-
-10/08/2002: Version 1.3-beta2
-    - Fix ./configure bug w/ INET_ATON and INET_ADDR
-    - Add support for filtering packets to send based on
-        IP address or packet number (-x & -X)
-    - Move a lot of code from tcpreplay.c to do_packets.c
-    - Update tcpreplay man page
-
-10/03/2002: Version 1.3-beta1
-    - Add support for randomizing IP addresses (-s)
-    - Update tcpreplay man page
-    - Fix problem with checksums after untruncate
-
-08/21/2002: Version 1.2a
-    - Fix compile bug in tree.c w/ libnet 1.1
-    - Sync tcpprep version to tcpreplay
-
-08/19/2002: Version 1.2
-    - Configuration files specified via -f
-    - Now requires a recent version of AutoConf (2.53)
-    - Added support for Libnet 1.1.x (requires beta8 or better)
-    - Added -V switch to print version info (tcpprep & tcpreplay)
-    - Added CIDR dual-nic support to tcpreplay. 
-    - Fix for -I in tcpreplay when only using a single NIC.
-    - Remove requirement for libpcap in tcpprep.  We're now
-        100% libpcap independant.
-    - tcpprep now supports snoop files.
-    - Added -u flag to untruncate IP packets (pad/trunc)
-    - Fixed --with-debug configure option
-    - Added RPM .spec file
-    - Added -M flag to ignore martian IP packets
-    - Now auto-detects snoop/pcap files.  Remove -S flag from tcpprep and
-        tcpreplay
-    - tcpprep now detects servers via ICMP port unreachable
-    - Improve usefulness of -h
-    - Rename -I to -v in tcpprep
-
-06/17/2002: Version 1.1
-    - Major rewrite
-    - Support multiple nics
-    - Better control over packet rates
-    - Added support for snoop capture files
-    - Includes tcpprep and capinfo commands

+ 0 - 33
Docs/CREDIT

@@ -1,33 +0,0 @@
-$Id: CREDIT 767 2004-10-06 12:48:49Z aturner $ 
-
-Here's a list of people in no particular order who have kindly submitted
-patches or code snippets for me to use in tcpreplay.
-
-Branden Moore <bmoore-at-cse.nd.edu>
-	- Patch to pad truncated packets
-	- Patch to allow specifying a destination MAC w/ only a single NIC
-
-Scott Mace <smace@intt.org>
-	- Patch for tcpreplay to support CIDR mode
-	- Patch for ignoring martian IP packets 
-
-Jeffrey Guttenfelder <guttenfelder@sourceforge.net>
-        - Code for pausing/restarting tcpreplay via signals.
-
-John Carlson
-        - Patch for improved timerdiv() accuracy
-
-Frey Kuo <kero@3sheep.com>
-        - Patch to replace pause option with packets/sec
-
-Seth Robertson (seth at sysd dot com)
-        - Patch to allow replaying of live traffic
-
-Nick Mathewson <nickm@freehaven.net>
-	- Kindly giving me his BSD licensed implimentation of poll()
-	  using select() so I don't have to worry about cross platform
-	  issues.
-          
-Denis McLaughlin <denism@cyberus.ca>
-        - Patch to allow TCP/UDP port translation
-

BIN
Docs/FAQ.dvi


File diff suppressed because it is too large
+ 0 - 2277
Docs/FAQ.lyx


BIN
Docs/FAQ.pdf


File diff suppressed because it is too large
+ 0 - 2028
Docs/FAQ.ps


File diff suppressed because it is too large
+ 0 - 1355
Docs/FAQ.tex


File diff suppressed because it is too large
+ 0 - 1499
Docs/FAQ.txt


+ 0 - 24
Docs/INSTALL

@@ -1,24 +0,0 @@
-$Id: INSTALL 767 2004-10-06 12:48:49Z aturner $
-
-You'll need:
-
-- libnet 1.1.x (1.1.1 or greater is recommended)
-http://www.packetfactory.net/Projects/libnet/
-
-- libpcap >= 0.6 (0.7 or greater is recommended)
-http://www.tcpdump.org/
-
-- libpcapnav >= 0.4 (Optional. If you want the jump to byte offset feature)
-http://netdude.sf.net/
-
-- tcpdump (Also optional. If you want packet decoding of sent packets)
-http://www.tcpdump.org/
-
-Run:
-./configure ; make
-
-Run as root:
-make test -i    (optional)
-make install
-
-For more detailed information, see the FAQ.

+ 0 - 40
Docs/Makefile

@@ -1,40 +0,0 @@
-MAKEFLAGS=-s
-
-all: images pdf txt ps rmtemp html
-
-images:
-	fig2dev -L eps flowheader.fig flowheader.eps
-
-tex: images
-	lyx -e latex FAQ.lyx
-	lyx -e latex flowreplay.lyx
-
-dvi: tex 
-	texi2dvi FAQ.tex
-	texi2dvi flowreplay.tex
-
-html: tex 
-	latex2html -nonavigation -no_subdir -split 0 -show_section_numbers FAQ.tex
-	latex2html -nonavigation -no_subdir -split 0 -show_section_numbers flowreplay.tex
-
-
-pdf: dvi
-	dvipdfm FAQ.dvi
-	dvipdfm flowreplay.dvi
-
-txt:
-	lyx -e text FAQ.lyx
-	lyx -e text flowreplay.lyx
-
-ps: dvi
-	dvips -o FAQ.ps FAQ.dvi
-	dvips -o flowreplay.ps flowreplay.dvi
-
-rmtemp:
-	rm -f labels.pl *.log *.toc WARNINGS *.aux index.html 
-
-clean: rmtemp
-	rm -f *~
-
-distclean: rmtemp clean
-	rm -f *.html *.pdf *.txt *.ps *.dvi *.tex  *.css images.pl img1.png *.eps

+ 0 - 47
Docs/TODO

@@ -1,47 +0,0 @@
-This is a general list of things which should/could/may be done.
-If any of these features interest you let me know- especially if you're
-willing and able to help code it.
-
-- Look at VLAN packets
-    - others non-vanilla types?
-    - Add tags?  Remove tags?  Change tags?
-
-- Add support for setting the ethernet protocol field so we can use
-    -I, -K to fill out an entire ethernet header w/o using -2
-
-- Add a secondary interface full layer two rewrite option
-
-- Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
-
-- Add support for more linktypes (Prism Monitor, 802.11, etc)
-    - Make it easier for others to add support for others
-
-- Rip out packet munger from tcpreplay and put it into another tool so
-  that tcpreplay can be more optimized
-    - perhaps use libnetdude?
-    - make into a library?
-    - definately put it into a seperate binary
-
-- Improve config file format
-  - better variable names
-  - use "var: value" format
-  - have tcpreplay, tcpprep, tcprewrite sections
-
-- Add support for dual-nic send on one intf, wait for packet, send next.
-  would be really useful for testing the effectiveness of how well an IPS
-  detects and blocks attacks.
-
-- Support fragrouter like features 
-    - basic IP fragmenation
-    - TCP fudging 
-    - then more advanced stuff
-
-- Support connection tracking and generating 3way handshake for connections
-  missing them.
-
-- Bump Syn/Ack numbers by a random or given value so that running 
-  the same pcap will behave as different streams.
-
-- Improve flowreplay so it actually works
-
-- IPv6 support?

+ 0 - 278
Docs/flowheader.eps

@@ -1,278 +0,0 @@
-%!PS-Adobe-2.0 EPSF-2.0
-%%Title: flowheader.fig
-%%Creator: fig2dev Version 3.2 Patchlevel 5-alpha5
-%%CreationDate: Thu Feb 10 12:32:01 2005
-%%For: aturner@vodka (Aaron Turner,,,)
-%%BoundingBox: 0 0 430 470
-%Magnification: 1.0000
-%%EndComments
-/$F2psDict 200 dict def
-$F2psDict begin
-$F2psDict /mtrx matrix put
-/col-1 {0 setgray} bind def
-/col0 {0.000 0.000 0.000 srgb} bind def
-/col1 {0.000 0.000 1.000 srgb} bind def
-/col2 {0.000 1.000 0.000 srgb} bind def
-/col3 {0.000 1.000 1.000 srgb} bind def
-/col4 {1.000 0.000 0.000 srgb} bind def
-/col5 {1.000 0.000 1.000 srgb} bind def
-/col6 {1.000 1.000 0.000 srgb} bind def
-/col7 {1.000 1.000 1.000 srgb} bind def
-/col8 {0.000 0.000 0.560 srgb} bind def
-/col9 {0.000 0.000 0.690 srgb} bind def
-/col10 {0.000 0.000 0.820 srgb} bind def
-/col11 {0.530 0.810 1.000 srgb} bind def
-/col12 {0.000 0.560 0.000 srgb} bind def
-/col13 {0.000 0.690 0.000 srgb} bind def
-/col14 {0.000 0.820 0.000 srgb} bind def
-/col15 {0.000 0.560 0.560 srgb} bind def
-/col16 {0.000 0.690 0.690 srgb} bind def
-/col17 {0.000 0.820 0.820 srgb} bind def
-/col18 {0.560 0.000 0.000 srgb} bind def
-/col19 {0.690 0.000 0.000 srgb} bind def
-/col20 {0.820 0.000 0.000 srgb} bind def
-/col21 {0.560 0.000 0.560 srgb} bind def
-/col22 {0.690 0.000 0.690 srgb} bind def
-/col23 {0.820 0.000 0.820 srgb} bind def
-/col24 {0.500 0.190 0.000 srgb} bind def
-/col25 {0.630 0.250 0.000 srgb} bind def
-/col26 {0.750 0.380 0.000 srgb} bind def
-/col27 {1.000 0.500 0.500 srgb} bind def
-/col28 {1.000 0.630 0.630 srgb} bind def
-/col29 {1.000 0.750 0.750 srgb} bind def
-/col30 {1.000 0.880 0.880 srgb} bind def
-/col31 {1.000 0.840 0.000 srgb} bind def
-
-end
-save
-newpath 0 470 moveto 0 0 lineto 430 0 lineto 430 470 lineto closepath clip newpath
--215.3 477.7 translate
-1 -1 scale
-
-/cp {closepath} bind def
-/ef {eofill} bind def
-/gr {grestore} bind def
-/gs {gsave} bind def
-/sa {save} bind def
-/rs {restore} bind def
-/l {lineto} bind def
-/m {moveto} bind def
-/rm {rmoveto} bind def
-/n {newpath} bind def
-/s {stroke} bind def
-/sh {show} bind def
-/slc {setlinecap} bind def
-/slj {setlinejoin} bind def
-/slw {setlinewidth} bind def
-/srgb {setrgbcolor} bind def
-/rot {rotate} bind def
-/sc {scale} bind def
-/sd {setdash} bind def
-/ff {findfont} bind def
-/sf {setfont} bind def
-/scf {scalefont} bind def
-/sw {stringwidth} bind def
-/tr {translate} bind def
-/tnt {dup dup currentrgbcolor
-  4 -2 roll dup 1 exch sub 3 -1 roll mul add
-  4 -2 roll dup 1 exch sub 3 -1 roll mul add
-  4 -2 roll dup 1 exch sub 3 -1 roll mul add srgb}
-  bind def
-/shd {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
-  4 -2 roll mul srgb} bind def
-/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
-/$F2psEnd {$F2psEnteredState restore end} def
-
-$F2psBegin
-10 setmiterlimit
-0 slj 0 slc
- 0.06000 0.06000 sc
-%
-% Fig objects follow
-%
-% 
-% here starts figure with depth 50
-% Polyline
-0 slj
-0 slc
-7.500 slw
-n 6000 3150 m
- 6000 3450 l gs col0 s gr 
-% Polyline
-n 6000 3450 m
- 6000 3750 l gs col0 s gr 
-% Polyline
-n 3600 2850 m
- 8400 2850 l gs col0 s gr 
-% Polyline
-n 3600 3150 m
- 8400 3150 l gs col0 s gr 
-% Polyline
-n 3600 3450 m
- 8400 3450 l gs col0 s gr 
-% Polyline
-n 3600 3750 m
- 8400 3750 l gs col0 s gr 
-% Polyline
-n 3600 2550 m 8400 2550 l 8400 4350 l 3600 4350 l
- cp gs col0 s gr 
-% Polyline
-n 7200 3150 m
- 7200 3450 l gs col0 s gr 
-% Polyline
- [15 45] 45 sd
-n 3600 4050 m
- 8400 4050 l gs col0 s gr  [] 0 sd
-% Polyline
-n 3600 4950 m 8400 4950 l 8400 5250 l 3600 5250 l
- cp gs col0 s gr 
-% Polyline
-n 4800 5250 m
- 4800 5550 l gs col0 s gr 
-% Polyline
-n 3600 5550 m
- 8400 5550 l gs col0 s gr 
-% Polyline
-n 3600 5250 m 8400 5250 l 8400 6150 l 3600 6150 l
- cp gs col0 s gr 
-% Polyline
-n 3600 1350 m 8400 1350 l 8400 1950 l 3600 1950 l
- cp gs col0 s gr 
-% Polyline
-n 3600 1650 m
- 8400 1650 l gs col0 s gr 
-% Polyline
- [15 45] 45 sd
-n 3600 6750 m 8400 6750 l 8400 7950 l 3600 7950 l
- cp gs col0 s gr  [] 0 sd
-% Polyline
-n 3600 6150 m 8400 6150 l 8400 6750 l 3600 6750 l
- cp gs col0 s gr 
-% Polyline
- [15 45] 45 sd
-n 3600 6450 m
- 8400 6450 l gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 3600 5850 m
- 8400 5850 l gs col0 s gr  [] 0 sd
-% Polyline
-n 3600 450 m
- 8400 450 l gs col0 s gr 
-% Polyline
-n 3600 150 m 8400 150 l 8400 750 l 3600 750 l
- cp gs col0 s gr 
-% Polyline
-n 4800 150 m
- 4800 450 l gs col0 s gr 
-% Polyline
-n 6000 150 m
- 6000 450 l gs col0 s gr 
-% Polyline
-n 7200 150 m
- 7200 450 l gs col0 s gr 
-% Polyline
-n 6000 5250 m
- 6000 5550 l gs col0 s gr 
-% Polyline
-n 6000 1650 m
- 6000 1950 l gs col0 s gr 
-/Times-Roman ff 180.00 scf sf
-4350 3375 m
-gs 1 -1 sc (IP Protocol) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5250 2775 m
-gs 1 -1 sc (Client \(Source\) IP) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5100 3075 m
-gs 1 -1 sc (Server \(Destination\) IP) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-3900 3675 m
-gs 1 -1 sc (Client Port/ICMP Type) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-6375 3675 m
-gs 1 -1 sc (Server Port/ICMP Code) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-6375 3375 m
-gs 1 -1 sc (Flags) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-7350 3375 m
-gs 1 -1 sc (Instance) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 5100 m
-gs 1 -1 sc (Flag 1: Direction) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 2775 m
-gs 1 -1 sc (Flag 1: Last Index) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 3000 m
-gs 1 -1 sc (Flag 2: Ignore) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 3225 m
-gs 1 -1 sc (Flag 3: Server Socket) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 5325 m
-gs 1 -1 sc (Flag 2: Ignore) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-4950 5175 m
-gs 1 -1 sc (Data Length of This Stream) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-3675 5475 m
-gs 1 -1 sc (Flags) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-4875 3975 m
-gs 1 -1 sc (Offset to First Data Stream) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 5775 m
-gs 1 -1 sc (Flag 4: Urgent Data Exists) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5400 1575 m
-gs 1 -1 sc (Magic Number) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5475 7350 m
-gs 1 -1 sc (Data Stream) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-4950 6375 m
-gs 1 -1 sc (Offset to Next Data Segment) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5475 675 m
-gs 1 -1 sc (32 Bit Word) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-3975 375 m
-gs 1 -1 sc (8 Bits) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5100 5475 m
-gs 1 -1 sc (Urg Data) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-6825 5475 m
-gs 1 -1 sc (Reserved) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5625 5775 m
-gs 1 -1 sc (Timestamp) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5475 6675 m
-gs 1 -1 sc (In This Flow) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5325 2475 m
-gs 1 -1 sc (Flow Index Entry) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5250 4875 m
-gs 1 -1 sc (Data Stream Header) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-5250 1275 m
-gs 1 -1 sc (Flowprep File Header) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-8625 5550 m
-gs 1 -1 sc (Flag 3: More Data Streams) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-6900 1875 m
-gs 1 -1 sc (Reserved) col0 sh gr
-/Times-Roman ff 180.00 scf sf
-4575 1875 m
-gs 1 -1 sc (Version) col0 sh gr
-% here ends figure;
-$F2psEnd
-rs
-showpage
-%%Trailer
-%EOF

BIN
Docs/flowreplay.dvi


+ 0 - 664
Docs/flowreplay.html

@@ -1,664 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-
-<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
-original version by:  Nikos Drakos, CBLU, University of Leeds
-* revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
-* with significant contributions from:
-  Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
-<HTML>
-<HEAD>
-<TITLE>Flowreplay Design Notes</TITLE>
-<META NAME="description" CONTENT="Flowreplay Design Notes">
-<META NAME="keywords" CONTENT="flowreplay">
-<META NAME="resource-type" CONTENT="document">
-<META NAME="distribution" CONTENT="global">
-
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
-<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
-<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
-
-<LINK REL="STYLESHEET" HREF="flowreplay.css">
-
-</HEAD>
-
-<BODY >
-
-<P>
-
-<P>
-
-<P>
-
-<P>
-<H1 ALIGN="CENTER"><SPAN ID="hue33">Flowreplay Design Notes</SPAN></H1>
-<DIV CLASS="author_info">
-
-<P ALIGN="CENTER"><STRONG><SPAN ID="hue35">Aaron Turner </SPAN></STRONG></P>
-<P ALIGN="CENTER"><I><SPAN ID="hue37">http://synfin.net/</SPAN></I></P>
-<P ALIGN="CENTER"><STRONG><SPAN ID="hue39">Last Edited:</SPAN>
-<BR><SPAN ID="hue41">October 23, 2003</SPAN></STRONG></P>
-</DIV>
-
-<P>
-
-<H1><A NAME="SECTION00010000000000000000">
-<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue43">Overview</SPAN></A>
-</H1>
-
-<P>
-<SPAN ID="hue45">Tcpreplay</SPAN><A NAME="tex2html1"
-  HREF="#foot362"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A> <SPAN ID="hue49">was designed to replay traffic previously captured
-in the pcap format back onto the wire for testing NIDS and other passive
-devices. Over time, it was enhanced to be able to test in-line network
-devices. However, a re-occurring feature request for tcpreplay is
-to connect to a server in order to test applications and host TCP/IP
-stacks. It was determined early on, that adding this feature to tcpreplay
-was far too complex, so I decided to create a new tool specifically
-designed for this.</SPAN>
-<P>
-<SPAN ID="hue51">Flowreplay is designed to replay traffic at Layer
-4 or 7 depending on the protocol rather then at Layer 2 like tcpreplay
-does. This allows flowreplay to connect to one or more servers using
-a pcap savefile as the basis of the connections. Hence, flowreplay
-allows the testing of applications running on real servers rather
-then passive devices. </SPAN>
-<P>
-
-<H1><A NAME="SECTION00020000000000000000">
-<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue53">Features</SPAN></A>
-</H1>
-
-<P>
-
-<H2><A NAME="SECTION00021000000000000000">
-<SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue55">Requirements</SPAN></A>
-</H2>
-
-<P>
-
-<OL>
-<LI><SPAN ID="hue58">Full TCP/IP support, including IP fragments and
-TCP stream reassembly.</SPAN>
-</LI>
-<LI><SPAN ID="hue60">Support replaying TCP and UDP flows.</SPAN>
-</LI>
-<LI><SPAN ID="hue62">Code should handle each flow/service independently.</SPAN>
-</LI>
-<LI><SPAN ID="hue64">Should be able to connect to the server(s) in the
-pcap file or to a user specified IP address.</SPAN>
-</LI>
-<LI><SPAN ID="hue66">Support a plug-in architecture to allow adding application
-layer intelligence.</SPAN>
-</LI>
-<LI><SPAN ID="hue68">Plug-ins must be able to support multi-flow protocols
-like FTP.</SPAN>
-</LI>
-<LI><SPAN ID="hue365">Ship with a default plug-in which will work ``well
-enough'' for simple single-flow protocols like HTTP and telnet.</SPAN>
-</LI>
-<LI><SPAN ID="hue366">Flows being replayed ``correctly'' is more important
-then performance (Mbps).</SPAN>
-</LI>
-<LI><SPAN ID="hue74">Portable to run on common flavors of Unix and Unix-like
-systems.</SPAN>
-</LI>
-</OL>
-
-<P>
-
-<H2><A NAME="SECTION00022000000000000000">
-<SPAN CLASS="arabic">2</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue77">Wishes</SPAN></A>
-</H2>
-
-<P>
-
-<OL>
-<LI><SPAN ID="hue80">Support clients connecting to flowreplay on a limited
-basis. Flowreplay would replay the server side of the connection.</SPAN>
-</LI>
-<LI><SPAN ID="hue82">Support other IP based traffic (ICMP, VRRP, OSPF,
-etc) via plug-ins.</SPAN>
-</LI>
-<LI><SPAN ID="hue84">Support non-IP traffic (ARP, STP, CDP, etc) via
-plug-ins.</SPAN>
-</LI>
-<LI><SPAN ID="hue86">Limit which flows are replayed using user defined
-filters. (bpf filter syntax?)</SPAN>
-</LI>
-<LI><SPAN ID="hue88">Process pcap files directly with no intermediary
-file conversions.</SPAN>
-</LI>
-<LI><SPAN ID="hue90">Should be able to scale to pcap files in the 100's
-of MB in size and 100+ simultaneous flows on a P3 500MHz w/ 256MB
-of RAM.</SPAN>
-</LI>
-</OL>
-
-<P>
-
-<H1><A NAME="SECTION00030000000000000000">
-<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue93">Design Thoughts</SPAN></A>
-</H1>
-
-<P>
-
-<H2><A NAME="SECTION00031000000000000000">
-<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue95">Sending and Receiving traffic</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue97">Flowreplay must be able to process multiple connections
-to one or more devices. There are two options:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue100">Use sockets</SPAN><A NAME="tex2html2"
-  HREF="#foot370"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A> <SPAN ID="hue104">to send and receive data</SPAN>
-</LI>
-<LI><SPAN ID="hue106">Use libpcap</SPAN><A NAME="tex2html3"
-  HREF="#foot371"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> <SPAN ID="hue110">to receive packets and libnet</SPAN><A NAME="tex2html4"
-  HREF="#foot372"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A> <SPAN ID="hue114">to send packets</SPAN>
-</LI>
-</OL>
-<SPAN ID="hue117">Although using libpcap/libnet would allow more simultaneous
-connections and greater flexibility, there would be a very high complexity
-cost associated with it. With that in mind, I've decided to use sockets
-to send and receive data.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00032000000000000000">
-<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue119">Handling Multiple Connections</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue121">Because a pcap file can contain multiple simultaneous
-flows, we need to be able to support that too. The biggest problem
-with this is reading packet data in a different order then stored
-in the pcap file. </SPAN>
-<P>
-<SPAN ID="hue123">Reading and writing to multiple sockets is easy
-with select() or poll(), however a pcap file has it's data stored
-serially, but we need to access it randomly. There are a number of
-possible solutions for this such as caching packets in RAM where they
-can be accessed more randomly, creating an index of the packets in
-the pcap file, or converting the pcap file to another format altogether.
-Alternatively, I've started looking at libpcapnav</SPAN><A NAME="tex2html5"
-  HREF="#foot124"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A> <SPAN ID="hue126">as an alternate means to navigate a pcap file and
-process packets out of order.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00033000000000000000">
-<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue128">Data Synchronization</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue375">Knowing when to start sending client traffic in
-response to the server will be &#34;tricky&#34;. Without
-understanding the actual protocol involved, probably the best general
-solution is waiting for a given period of time after no more data
-from the server has been received. Not sure what to do if the client
-traffic doesn't elicit a response from the server (implement some
-kind of timeout?). This will be the basis for the default plug-in.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00034000000000000000">
-<SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">4</SPAN> <SPAN ID="hue133">TCP/IP</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue135">Dealing with IP fragmentation and TCP stream reassembly
-will be another really complex problem. We're basically talking about
-implementing a significant portion of a TCP/IP stack. One thought
-is to use libnids</SPAN><A NAME="tex2html6"
-  HREF="#foot403"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A> <SPAN ID="hue139">which basically implements a Linux 2.0.37 TCP/IP
-stack in user-space. Other solutions include porting a TCP/IP stack
-from Open/Net/FreeBSD or writing our own custom stack from scratch.</SPAN>
-<P>
-
-<H1><A NAME="SECTION00040000000000000000">
-<SPAN CLASS="arabic">4</SPAN> <SPAN ID="hue141">Multiple Independent Flows</SPAN></A>
-</H1>
-
-<P>
-<SPAN ID="hue143">The biggest asynchronous problem, that pcap files
-are serial, has to be solved in a scaleable manner. Not much can be
-assumed about the network traffic contained in a pcap savefile other
-then Murphy's Law will be in effect. This means we'll have to deal
-with:</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue146">Thousands of small simultaneous flows (captured
-on a busy network)</SPAN>
-</LI>
-<LI><SPAN ID="hue379">Flows which ``hang'' mid-stream (an exploit
-against a server causes it to crash)</SPAN>
-</LI>
-<LI><SPAN ID="hue150">Flows which contain large quantities of data (FTP
-transfers of ISO's for example)</SPAN>
-</LI>
-</UL>
-<SPAN ID="hue153">How we implement parallel processing of the pcap
-savefile will dramatically effect how well we can scale. A few considerations:</SPAN>
-<P>
-
-<UL>
-<LI>Most Unix systems limit the maximum number of open file descriptors
-a single process can have. Generally speaking this shouldn't be a
-problem except for highly parallel pcap's.
-</LI>
-<LI>While RAM isn't limitless, we can use mmap() to get around this.
-</LI>
-<LI>Many Unix systems have enhanced solutions to poll() which will improve
-flow management.
-</LI>
-</UL>
-
-<P>
-
-<H2><A NAME="SECTION00041000000000000000">
-<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue157">IP Fragments and TCP Streams</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue159">There are five major complications with flowreplay:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue162">The IP datagrams may be fragmented- we won't be
-able to use the standard 5-tuple (src/dst IP, src/dst port, protocol)
-to lookup which flow a packet belongs to.</SPAN>
-</LI>
-<LI><SPAN ID="hue164">IP fragments may arrive out of order which will
-complicate ordering of data to be sent.</SPAN>
-</LI>
-<LI><SPAN ID="hue166">The TCP segments may arrive out of order which will
-complicate ordering of data to be sent.</SPAN>
-</LI>
-<LI><SPAN ID="hue168">Packets may be missing in the pcap file because
-they were dropped during capture.</SPAN>
-</LI>
-<LI><SPAN ID="hue170">There are tools like fragrouter which intentionally
-create non-deterministic situations.</SPAN>
-</LI>
-</OL>
-<SPAN ID="hue173">First off, I've decided, that I'm not going to worry
-about fragrouter or it's cousins. I'll handle non-deterministic situations
-one and only one way, so that the way flowreplay handles the traffic
-will be deterministic. Perhaps, I'll make it easy for others to write
-a plug-in which will change it, but that's not something I'm going
-to concern myself with now.</SPAN>
-<P>
-<SPAN ID="hue175">Missing packets in the pcap file will probably make
-that flow unplayable. There are proabably certain situation where
-we can make an educated guess, but this is far too complex to worry
-about for the first stable release.</SPAN>
-<P>
-<SPAN ID="hue177">That still leaves creating a basic TCP/IP stack
-in user space. The good news it that there is already a library which
-does this called libnids. As of version 1.17, libnids can process
-packets from a pcap savefile (it's not documented in the man page,
-but the code is there).</SPAN>
-<P>
-<SPAN ID="hue179">A potential problem with libnids though is that
-it has to maintain it's own state/cache system. This not only means
-additional overhead, but jumping around in the pcap file as I'm planning
-on doing to handle multiple simultaneous flows is likely to really
-confuse libnids' state engine. Also, libnids is licensed under the
-GPL, but I want flowreplay released under a BSD-like license; I need
-to research if the two are compatible in this way.</SPAN>
-<P>
-<SPAN ID="hue181">Possible solutions:</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue184">Developing a custom wedge between the capture file
-and libnids which will cause each packet to only be processed a single
-time.</SPAN>
-</LI>
-<LI><SPAN ID="hue186">Use libnids to process the pcap file into a new
-flow-based format, effectively putting the TCP/IP stack into a dedicated
-utility.</SPAN>
-</LI>
-<LI><SPAN ID="hue188">Develop a custom user-space TCP/IP stack, perhaps
-based on a BSD TCP/IP stack, much like libnids is based on Linux 2.0.37.</SPAN>
-</LI>
-<LI><SPAN ID="hue190">Screw it and say that IP fragmentation and out of
-order IP packets/TCP segments are not supported. Not sure if this
-will meet the needs of potential users.</SPAN>
-</LI>
-</UL>
-
-<P>
-
-<H2><A NAME="SECTION00042000000000000000">
-<SPAN CLASS="arabic">4</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue193">Blocking</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue195">As earlier stated, one of the main goals of this
-project is to keep things single threaded to make coding plugins easier.
-One caveat of that is that any function which blocks will cause serious
-problems.</SPAN>
-<P>
-<SPAN ID="hue197">There are three major cases where blocking is likely
-to occur:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue200">Opening a socket</SPAN>
-</LI>
-<LI><SPAN ID="hue202">Reading from a socket</SPAN>
-</LI>
-<LI><SPAN ID="hue204">Writing to a socket</SPAN>
-</LI>
-</OL>
-<SPAN ID="hue207">Reading from sockets in a non-blocking manner is
-easy to solve for using poll() or select(). Writing to a socket, or
-merely opening a TCP socket via connect() however requires a different
-method:</SPAN>
-<P>
-<BLOCKQUOTE>
-<SPAN ID="hue210">It is possible to do non-blocking IO on sockets
-by setting the O_NONBLOCK flag on a socket file descriptor using
-fcntl(2). Then all operations that would block will (usually) return
-with EAGAIN (operation should be retried later); connect(2) will return
-EINPROGRESS error. The user can then wait for various events via poll(2)
-or select(2).</SPAN><A NAME="tex2html7"
-  HREF="#foot382"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A>
-</BLOCKQUOTE>
-<SPAN ID="hue215">If connect() returns EINPROGRESS, then we'll just
-have to do something like this:</SPAN>
-<P>
-
-<DL COMPACT>
-<DT>
-<DD><SPAN ID="hue218">int&nbsp;e,&nbsp;len=sizeof(e);</SPAN>
-<P>
-<SPAN ID="hue220">if&nbsp;(getsockopt(conn-&gt;s,&nbsp;SOL_SOCKET,&nbsp;SO_ERROR,&nbsp;&amp;e,&nbsp;&amp;len)&nbsp;&lt;&nbsp;0)&nbsp;{&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue383">&nbsp;&nbsp;&nbsp;/*&nbsp;not&nbsp;yet&nbsp;*/</SPAN>
-<P>
-&nbsp;<SPAN ID="hue384">&nbsp;&nbsp;&nbsp;if(errno&nbsp;!=&nbsp;EINPROGRESS){&nbsp;&nbsp;/*&nbsp;yuck.&nbsp;kill&nbsp;it.&nbsp;*/&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue385">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;log_fn(LOG_DEBUG,&#34;in-progress&nbsp;connect&nbsp;failed.&nbsp;Removing.&#34;);&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue231">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;-1;&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue233">&nbsp;&nbsp;&nbsp;}&nbsp;else&nbsp;{&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue386">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;0;&nbsp;/*&nbsp;no&nbsp;change,&nbsp;see&nbsp;if&nbsp;next&nbsp;time&nbsp;is&nbsp;better&nbsp;*/&nbsp;</SPAN>
-<P>
-&nbsp;<SPAN ID="hue238">&nbsp;&nbsp;&nbsp;}&nbsp;</SPAN>
-<P>
-<SPAN ID="hue240">}&nbsp;</SPAN>
-<P>
-<SPAN ID="hue387">/*&nbsp;the&nbsp;connect&nbsp;has&nbsp;finished.&nbsp;*/&nbsp;</SPAN>
-</DD>
-</DL><BLOCKQUOTE>
-<SPAN ID="hue247">Note: It may not be totally right, but it works
-ok. (that chunk of code gets called after poll returns the socket
-as writable. if poll returns it as readable, then it's probably because
-of eof, connect fails. You must poll for both.</SPAN>
-</BLOCKQUOTE>
-
-<P>
-
-<H1><A NAME="SECTION00050000000000000000">
-<SPAN CLASS="arabic">5</SPAN> <SPAN ID="hue250">pcap vs flow File Format</SPAN></A>
-</H1>
-
-<P>
-<SPAN ID="hue252">As stated before, the pcap file format really isn't
-well suited for flowreplay because it uses the raw packet as a container
-for data. Flowreplay however isn't interested in packets, it's interested
-in data streams</SPAN><A NAME="tex2html8"
-  HREF="#foot404"><SUP><SPAN CLASS="arabic">8</SPAN></SUP></A> <SPAN ID="hue256">which may span one or more TCP/UDP segments, each
-comprised of an IP datagram which may be comprised of multiple IP
-fragments. Handling all this additional complexity requires a full
-TCP/IP stack in user space which would have additional feature requirements
-specific to flowreplay.</SPAN>
-<P>
-<SPAN ID="hue258">Rather then trying to do that, I've decided to create
-a pcap preprocessor for flowreplay called: flowprep. Flowprep will
-handle all the TCP/IP defragmentation/reassembly and write out a file
-containing the data streams for each flow.</SPAN>
-<P>
-<SPAN ID="hue260">A flow file will contain three sections:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue263">A header which identifies this as a flowprep file
-and the file version</SPAN>
-</LI>
-<LI><SPAN ID="hue265">An index of all the flows contained in the file</SPAN>
-</LI>
-<LI><SPAN ID="hue267">The data streams themselves</SPAN>
-</LI>
-</OL>
-<DIV ALIGN="CENTER">
-<SPAN ID="hue390"><IMG
- WIDTH="668" HEIGHT="748" ALIGN="BOTTOM" BORDER="0"
- SRC="img1.png"
- ALT="\includegraphics{flowheader.eps}"></SPAN>
-</DIV>
-
-<P>
-<SPAN ID="hue274">At startup, the file header is validated and the
-data stream indexes are loaded into memory. Then the first data stream
-header from each flow is read. Then each flow and subsequent data
-stream is processed based upon the timestamps and plug-ins.</SPAN>
-<P>
-
-<H1><A NAME="SECTION00060000000000000000">
-<SPAN CLASS="arabic">6</SPAN> <SPAN ID="hue276">Plug-ins</SPAN></A>
-</H1>
-
-<P>
-<SPAN ID="hue392">Plug-ins will provide the ``intelligence'' in
-flowreplay. Flowreplay is designed to be a mere framework for connecting
-captured flows in a flow file with socket file handles. How data is
-processed and what should be done with it will be done via plug-ins.</SPAN>
-<P>
-<SPAN ID="hue280">Plug-ins will allow proper handling of a variety
-of protocols while hopefully keeping things simple. Another part of
-the consideration will be making it easy for others to contribute
-to flowreplay. I don't want to have to write all the protocol logic
-myself.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00061000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue282">Plug-in Basics</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue284">Each plug-in provides the logic for handling one
-or more services. The main purpose of a plug-in is to decide when
-flowreplay should send data via one or more sockets. The plug-in can
-use any</SPAN> <SPAN ID="hue394"><SPAN  CLASS="textit">non-blocking</SPAN></SPAN> <SPAN ID="hue288">method
-of determining if it appropriate to send data or wait for data to
-received. If necessary, a plug-in can also modify the data sent.</SPAN>
-<P>
-<SPAN ID="hue290">Each time poll() returns, flowreplay calls the plug-ins
-for the flows which either have data waiting or in the case of a timeout,
-those flows which timed out. Afterwords, all the flows are processed
-and poll() is called on those flows which have their state set to
-POLL. And the process repeats until there are no more nodes in the
-tree.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00062000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue292">The Default Plug-in</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue396">Initially, flowreplay will ship with one basic plug-in
-called ``default''. Any flow which doesn't have a specific plug-in
-defined, will use default. The goal of the default plug-in is to work
-``good enough'' for a majority of single-flow protocols such as
-SMTP, HTTP, and Telnet. Protocols which use encryption (SSL, SSH,
-etc) or multiple flows (FTP, RPC, etc) will never work with the default
-plug-in. Furthermore, the default plug-in will only support connections</SPAN><SPAN ID="hue397"><SPAN  CLASS="textit">to</SPAN></SPAN> <SPAN ID="hue299">a server, it will not
-support accepting connections from clients.</SPAN>
-<P>
-<SPAN ID="hue398">The default plug-in will provide no data level manipulation
-and only a simple method for detecting when it is time to send data
-to the server. Detecting when to send data will be done by a ``no
-more data'' timeout value. Basically, by using the pcap file as a
-means to determine the order of the exchange, anytime it is the servers
-turn to send data, flowreplay will wait for the first byte of data
-and then start the ``no more data'' timer. Every time more data
-is received, the timer is reset. If the timer reaches zero, then flowreplay
-sends the next portion of the client side of the connection. This
-is repeated until the the flow has been completely replayed or a ``server
-hung'' timeout is reached. The server hung timeout is used to detect
-a server which crashed and never starts sending any data which would
-start the ``no more data'' timer.</SPAN>
-<P>
-<SPAN ID="hue399">Both the ``no more data'' and ``server hung''
-timers will be user defined values and global to all flows using the
-default plug-in.</SPAN>
-<P>
-
-<H2><A NAME="SECTION00063000000000000000">
-<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue309">Plug-in Details</SPAN></A>
-</H2>
-
-<P>
-<SPAN ID="hue311">Each plug-in will be comprised of the following:</SPAN>
-<P>
-
-<OL>
-<LI><SPAN ID="hue314">An optional global data structure, for intra-flow
-communication</SPAN>
-</LI>
-<LI><SPAN ID="hue316">Per-flow data structure, for tracking flow state
-information</SPAN>
-</LI>
-<LI><SPAN ID="hue318">A list of functions which flow replay will call
-when certain well-defined conditions are met.</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue321">Required functions:</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue324">initialize_node() - called when a node in the tree
-created using this plug-in</SPAN>
-</LI>
-<LI><SPAN ID="hue326">post_poll_timeout() - called when the poll() returned
-due to a timeout for this node</SPAN>
-</LI>
-<LI><SPAN ID="hue328">post_poll_read() - called when the poll() returned
-due to the socket being ready</SPAN>
-</LI>
-<LI><SPAN ID="hue330">buffer_full() - called when a the packet buffer
-for this flow is full</SPAN>
-</LI>
-<LI><SPAN ID="hue332">delete_node() - called just prior to the node being
-free()'d</SPAN>
-</LI>
-</UL>
-</LI>
-<LI><SPAN ID="hue335">Optional functions:</SPAN>
-<P>
-
-<UL>
-<LI><SPAN ID="hue338">pre_send_data() - called before data is sent</SPAN>
-</LI>
-<LI><SPAN ID="hue340">post_send_data() - called after data is sent</SPAN>
-</LI>
-<LI><SPAN ID="hue342">pre_poll() - called prior to poll()</SPAN>
-</LI>
-<LI><SPAN ID="hue344">post_poll_default() - called when poll() returns
-and neither the socket was ready or the node timed out </SPAN>
-</LI>
-<LI><SPAN ID="hue346">open_socket() - called after the socket is opened</SPAN>
-</LI>
-<LI><SPAN ID="hue348">close_socket() - called after the socket is closed</SPAN>
-</LI>
-</UL>
-</LI>
-</UL>
-</LI>
-</OL>
-
-<DL COMPACT>
-<DT>
-<DD><P>
-</DD>
-</DL>
-<P>
-
-<H1><A NAME="SECTION00070000000000000000">
-About this document ...</A>
-</H1>
- <STRONG><SPAN ID="hue33">Flowreplay Design Notes</SPAN></STRONG><P>
-This document was generated using the
-<A HREF="http://www.latex2html.org/"><STRONG>LaTeX</STRONG>2<tt>HTML</tt></A> translator Version 2002-2-1 (1.70)
-<P>
-Copyright &#169; 1993, 1994, 1995, 1996,
-<A HREF="http://cbl.leeds.ac.uk/nikos/personal.html">Nikos Drakos</A>, 
-Computer Based Learning Unit, University of Leeds.
-<BR>
-Copyright &#169; 1997, 1998, 1999,
-<A HREF="http://www.maths.mq.edu.au/~ross/">Ross Moore</A>, 
-Mathematics Department, Macquarie University, Sydney.
-<P>
-The command line arguments were: <BR>
- <STRONG>latex2html</STRONG> <TT>-nonavigation -no_subdir -split 0 -show_section_numbers flowreplay.tex</TT>
-<P>
-The translation was initiated by Aaron Turner on 2005-02-10
-<BR><HR><H4>Footnotes</H4>
-<DL>
-<DT><A NAME="foot362">...Tcpreplay</A><A
- HREF="flowreplay.html#tex2html1"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue47">http://tcpreplay.sourceforge.net/</SPAN>
-
-</DD>
-<DT><A NAME="foot370">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html2"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue102">socket(2)</SPAN>
-
-</DD>
-<DT><A NAME="foot371">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html3"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue108">http://www.tcpdump.org/</SPAN>
-
-</DD>
-<DT><A NAME="foot372">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html4"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue112">http://www.packetfactory.net/projects/libnet/</SPAN>
-
-</DD>
-<DT><A NAME="foot124">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html5"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A></DT>
-<DD>http://netdude.sourceforge.net/
-
-</DD>
-<DT><A NAME="foot403">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html6"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue377">http://www.avet.com.pl/~nergal/libnids/</SPAN>
-
-</DD>
-<DT><A NAME="foot382">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html7"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue212">socket(7)</SPAN>
-
-</DD>
-<DT><A NAME="foot404">...&nbsp;</A><A
- HREF="flowreplay.html#tex2html8"><SUP><SPAN CLASS="arabic">8</SPAN></SUP></A></DT>
-<DD><SPAN ID="hue389">A ``data stream'' as I call it is a simplex
-communication from the client or server which is a complete query,
-response or message.</SPAN>
-
-</DD>
-</DL>
-<BR><HR>
-<ADDRESS>
-Aaron Turner
-2005-02-10
-</ADDRESS>
-</BODY>
-</HTML>

BIN
Docs/flowreplay.pdf


File diff suppressed because it is too large
+ 0 - 1224
Docs/flowreplay.ps


+ 0 - 520
Docs/flowreplay.tex

@@ -1,520 +0,0 @@
-%% LyX 1.3 created this file.  For more info, see http://www.lyx.org/.
-%% Do not edit unless you really know what you are doing.
-\documentclass[english]{article}
-\usepackage{pslatex}
-\usepackage[T1]{fontenc}
-\usepackage[latin1]{inputenc}
-\usepackage{geometry}
-\geometry{verbose,letterpaper,tmargin=10mm,bmargin=15mm,lmargin=10mm,rmargin=10mm}
-\setcounter{secnumdepth}{4}
-\setlength\parskip{\medskipamount}
-\setlength\parindent{0pt}
-\usepackage{color}
-\usepackage{graphicx}
-
-\makeatletter
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Textclass specific LaTeX commands.
- \usepackage{verbatim}
- \newenvironment{lyxcode}
-   {\begin{list}{}{
-     \setlength{\rightmargin}{\leftmargin}
-     \setlength{\listparindent}{0pt}% needed for AMS classes
-     \raggedright
-     \setlength{\itemsep}{0pt}
-     \setlength{\parsep}{0pt}
-     \normalfont\ttfamily}%
-    \item[]}
-   {\end{list}}
-
-\AtBeginDocument{
-  \renewcommand{\labelitemii}{\(\ast\)}
-  \renewcommand{\labelitemiii}{\normalfont\bfseries{--}}
-}
-
-\usepackage{babel}
-\makeatother
-\begin{document}
-
-\title{\textcolor{black}{Flowreplay Design Notes}}
-
-
-\author{\textcolor{black}{Aaron Turner }\\
-\textcolor{black}{http://synfin.net/}}
-
-
-\date{\textcolor{black}{Last Edited:}\\
-\textcolor{black}{October 23, 2003}}
-
-\maketitle
-
-\newpage
-\section{\textcolor{black}{Overview}}
-
-\textcolor{black}{Tcpreplay}%
-\footnote{\textcolor{black}{http://tcpreplay.sourceforge.net/}%
-} \textcolor{black}{was designed to replay traffic previously captured
-in the pcap format back onto the wire for testing NIDS and other passive
-devices. Over time, it was enhanced to be able to test in-line network
-devices. However, a re-occurring feature request for tcpreplay is
-to connect to a server in order to test applications and host TCP/IP
-stacks. It was determined early on, that adding this feature to tcpreplay
-was far too complex, so I decided to create a new tool specifically
-designed for this.}
-
-\textcolor{black}{Flowreplay is designed to replay traffic at Layer
-4 or 7 depending on the protocol rather then at Layer 2 like tcpreplay
-does. This allows flowreplay to connect to one or more servers using
-a pcap savefile as the basis of the connections. Hence, flowreplay
-allows the testing of applications running on real servers rather
-then passive devices. }
-
-
-\section{\textcolor{black}{Features}}
-
-
-\subsection{\textcolor{black}{Requirements}}
-
-\begin{enumerate}
-\item \textcolor{black}{Full TCP/IP support, including IP fragments and
-TCP stream reassembly.}
-\item \textcolor{black}{Support replaying TCP and UDP flows.}
-\item \textcolor{black}{Code should handle each flow/service independently.}
-\item \textcolor{black}{Should be able to connect to the server(s) in the
-pcap file or to a user specified IP address.}
-\item \textcolor{black}{Support a plug-in architecture to allow adding application
-layer intelligence.}
-\item \textcolor{black}{Plug-ins must be able to support multi-flow protocols
-like FTP.}
-\item \textcolor{black}{Ship with a default plug-in which will work {}``well
-enough'' for simple single-flow protocols like HTTP and telnet.}
-\item \textcolor{black}{Flows being replayed {}``correctly'' is more important
-then performance (Mbps).}
-\item \textcolor{black}{Portable to run on common flavors of Unix and Unix-like
-systems.}
-\end{enumerate}
-
-\subsection{\textcolor{black}{Wishes}}
-
-\begin{enumerate}
-\item \textcolor{black}{Support clients connecting to flowreplay on a limited
-basis. Flowreplay would replay the server side of the connection.}
-\item \textcolor{black}{Support other IP based traffic (ICMP, VRRP, OSPF,
-etc) via plug-ins.}
-\item \textcolor{black}{Support non-IP traffic (ARP, STP, CDP, etc) via
-plug-ins.}
-\item \textcolor{black}{Limit which flows are replayed using user defined
-filters. (bpf filter syntax?)}
-\item \textcolor{black}{Process pcap files directly with no intermediary
-file conversions.}
-\item \textcolor{black}{Should be able to scale to pcap files in the 100's
-of MB in size and 100+ simultaneous flows on a P3 500MHz w/ 256MB
-of RAM.}
-\end{enumerate}
-
-\section{\textcolor{black}{Design Thoughts}}
-
-
-\subsection{\textcolor{black}{Sending and Receiving traffic}}
-
-\textcolor{black}{Flowreplay must be able to process multiple connections
-to one or more devices. There are two options:}
-
-\begin{enumerate}
-\item \textcolor{black}{Use sockets}%
-\footnote{\textcolor{black}{socket(2)}%
-} \textcolor{black}{to send and receive data}
-\item \textcolor{black}{Use libpcap}%
-\footnote{\textcolor{black}{http://www.tcpdump.org/}%
-} \textcolor{black}{to receive packets and libnet}%
-\footnote{\textcolor{black}{http://www.packetfactory.net/projects/libnet/}%
-} \textcolor{black}{to send packets}
-\end{enumerate}
-\textcolor{black}{Although using libpcap/libnet would allow more simultaneous
-connections and greater flexibility, there would be a very high complexity
-cost associated with it. With that in mind, I've decided to use sockets
-to send and receive data.}
-
-
-\subsection{\textcolor{black}{Handling Multiple Connections}}
-
-\textcolor{black}{Because a pcap file can contain multiple simultaneous
-flows, we need to be able to support that too. The biggest problem
-with this is reading packet data in a different order then stored
-in the pcap file. }
-
-\textcolor{black}{Reading and writing to multiple sockets is easy
-with select() or poll(), however a pcap file has it's data stored
-serially, but we need to access it randomly. There are a number of
-possible solutions for this such as caching packets in RAM where they
-can be accessed more randomly, creating an index of the packets in
-the pcap file, or converting the pcap file to another format altogether.
-Alternatively, I've started looking at libpcapnav}%
-\footnote{http://netdude.sourceforge.net/%
-} \textcolor{black}{as an alternate means to navigate a pcap file and
-process packets out of order.}
-
-
-\subsection{\textcolor{black}{Data Synchronization}}
-
-\textcolor{black}{Knowing when to start sending client traffic in
-response to the server will be \char`\"{}tricky\char`\"{}. Without
-understanding the actual protocol involved, probably the best general
-solution is waiting for a given period of time after no more data
-from the server has been received. Not sure what to do if the client
-traffic doesn't elicit a response from the server (implement some
-kind of timeout?). This will be the basis for the default plug-in.}
-
-
-\subsection{\textcolor{black}{TCP/IP}}
-
-\textcolor{black}{Dealing with IP fragmentation and TCP stream reassembly
-will be another really complex problem. We're basically talking about
-implementing a significant portion of a TCP/IP stack. One thought
-is to use libnids}%
-\footnote{\textcolor{black}{http://www.avet.com.pl/\textasciitilde{}nergal/libnids/}%
-} \textcolor{black}{which basically implements a Linux 2.0.37 TCP/IP
-stack in user-space. Other solutions include porting a TCP/IP stack
-from Open/Net/FreeBSD or writing our own custom stack from scratch.}
-
-
-\section{\textcolor{black}{Multiple Independent Flows}}
-
-\textcolor{black}{The biggest asynchronous problem, that pcap files
-are serial, has to be solved in a scaleable manner. Not much can be
-assumed about the network traffic contained in a pcap savefile other
-then Murphy's Law will be in effect. This means we'll have to deal
-with:}
-
-\begin{itemize}
-\item \textcolor{black}{Thousands of small simultaneous flows (captured
-on a busy network)}
-\item \textcolor{black}{Flows which {}``hang'' mid-stream (an exploit
-against a server causes it to crash)}
-\item \textcolor{black}{Flows which contain large quantities of data (FTP
-transfers of ISO's for example)}
-\end{itemize}
-\textcolor{black}{How we implement parallel processing of the pcap
-savefile will dramatically effect how well we can scale. A few considerations:}
-
-\begin{itemize}
-\item Most Unix systems limit the maximum number of open file descriptors
-a single process can have. Generally speaking this shouldn't be a
-problem except for highly parallel pcap's.
-\item While RAM isn't limitless, we can use mmap() to get around this.
-\item Many Unix systems have enhanced solutions to poll() which will improve
-flow management.
-\end{itemize}
-\begin{comment}
-\textcolor{black}{Unix systems implement a maximum limit on the number
-of file descriptors a single process can open. My Linux box for example
-craps out at 1021 (it's really 1024, but 3 are reserved for STDIN,
-STDOUT, STDERR), which seems to be pretty standard for recent Unix's.
-This means we're limited to at most 1020 simultaneous flows if the
-pcap savefile is opened once and half that (510 flows) if the savefile
-is re-opened for each flow.}%
-\footnote{\textcolor{black}{It appears that most Unix-like OS's allow root to
-increase the {}``hard-limit'' beyond 1024. Compiling a list of methods
-to do this for common OS's should be added to the flowreplay documentation.}%
-}
-
-\textcolor{black}{RAM isn't limitless. Caching packets in memory may
-cause problems when one or more flows with a lot of data {}``hang''
-and their packets have to be cached so that other flows can be processed.
-If you work with large pcaps containing malicious traffic (say packet
-captures from DefCon), this sort of thing may be a real problem. Dealing
-with this situation would require complicated buffer limits and error
-handling.}
-
-\textcolor{black}{Jumping around in the pcap file via fgetpos() and
-fsetpos() is probably the most disk I/O intensive solution and may
-effect performance. However, on systems with enough free memory, one
-would hope the system disk cache will provide a dramatic speedup.
-The {}``bookmarks'' used by fgetpos/fsetpos are just 64 bit integers
-which are relatively space efficent compared to other solutions.}
-
-\textcolor{black}{The other typical asynchronous issue is dealing
-with multiple sockets, which we will solve via poll()}%
-\footnote{\textcolor{black}{poll(2)}%
-}\textcolor{black}{. Each flow will define a} \textcolor{black}{\emph{struct
-pollfd}} \textcolor{black}{and the amount of time in ms to timeout.
-Then prior to calling poll() we walk the list of flows and create
-the array of pollfd's and determine the flow(s) with the smallest
-timeout. A list of these flows is saved for when poll() returns. Finally,
-the current time is tucked away and the timeout and array of pollfd's
-is passed to poll().}
-
-\textcolor{black}{When poll() returns, the sockets that returned ready
-have their plug-in called. If no sockets are ready, then the flows
-saved prior to calling poll() are processed.}
-
-\textcolor{black}{Once all flows are processed, all the flows not
-processed have their timeout decremented by the time difference of
-the current time and when poll was last called and we start again.}
-\end{comment}
-
-\subsection{\textcolor{black}{IP Fragments and TCP Streams}}
-
-\textcolor{black}{There are five major complications with flowreplay:}
-
-\begin{enumerate}
-\item \textcolor{black}{The IP datagrams may be fragmented- we won't be