autogen definitions options; copyright = { date = "2004-2008"; owner = "Aaron Turner"; type = "bsd"; author = <<- EOText Copyright 2004-2008 Aaron Turner For support please use the tcpreplay-users@lists.sourceforge.net mailing list. The latest version of this software is always available from: http://tcpreplay.synfin.net/ EOText; }; package = "tcprewrite"; prog-name = "tcprewrite"; prog-title = "Rewrite the packets in a pcap file."; long-opts; gnu-usage; help-value = "H"; save-opts-value = ""; load-opts-value = ""; config-header = "config.h"; #include tcpedit/tcpedit_opts.def detail = <<- EOText Tcprewrite is a tool to rewrite packets stored in @file{pcap(3)} file format, such as crated by tools such as @file{tcpdump(1)} and @file{ethereal(1)}. Once a pcap file has had it's packets rewritten, they can be replayed back out on the network using @file{tcpreplay(1)}. tcprewrite currently supports reading the following DLT types: @item @var{DLT_C_HDLC} aka Cisco HDLC @item @var{DLT_EN10MB} aka Ethernet @item @var{DLT_LINUX_SLL} aka Linux Cooked Socket @item @var{DLT_RAW} aka RAW IP @item @var{DLT_NULL} aka BSD Loopback @item @var{DLT_LOOP} aka OpenBSD Loopback @item @var{DLT_IEEE802_11} aka 802.11a/b/g @item @var{DLT_IEEE802_11_RADIO} aka 802.11a/b/g with Radiotap headers Please see the --dlt option for supported DLT types for writing. The packet editing features of tcprewrite which distinguish between "client" and "server" traffic requires a tcpprep(1) cache file. For more details, please see the Tcpreplay Manual at: http://tcpreplay.synfin.net/trac/wiki/manual EOText; man-doc = <<- EOMan .SH "SEE ALSO" tcpdump(1), tcpprep(1), tcpreplay(1) EOMan; config-header = "config.h"; include = "#include \"defines.h\"\n" "#include \"common.h\"\n" "#include \"config.h\"\n" "#include \"tcprewrite.h\"\n" "#include \n" "#include \n" "extern tcprewrite_opt_t options;\n"; homerc = "$$/"; flag = { ifdef = DEBUG; name = dbug; value = d; arg-type = number; descrip = "Enable debugging output"; arg-range = "0->5"; arg-default = 0; max = 1; immediate; doc = <<- EOText If configured with --enable-debug, then you can specify a verbosity level for debugging output. Higher numbers increase verbosity. EOText; }; flag = { name = infile; value = i; arg-type = string; descrip = "Input pcap file to be processed"; max = 1; immediate; must-set; doc = ""; }; flag = { name = outfile; value = o; arg-type = string; descrip = "Output pcap file"; max = 1; must-set; doc = ""; /* options.outfile is set in post_args, because we need to make * sure that options.infile is processed first */ }; flag = { name = cachefile; value = c; arg-type = string; max = 1; descrip = "Split traffic via tcpprep cache file"; settable; flag-code = <<- EOCachefile options.cache_packets = read_cache(&options.cachedata, OPT_ARG(CACHEFILE), &options.comment); EOCachefile; doc = <<- EOText Use tcpprep cache file to split traffic based upon client/server relationships. EOText; }; /* Verbose decoding via tcpdump */ flag = { ifdef = ENABLE_VERBOSE; name = verbose; value = v; max = 1; immediate; descrip = "Print decoded packets via tcpdump to STDOUT"; settable; doc = ""; }; flag = { ifdef = ENABLE_VERBOSE; name = decode; flags-must = verbose; value = A; arg-type = string; max = 1; descrip = "Arguments passed to tcpdump decoder"; doc = <<- EOText When enabling verbose mode (@var{-v}) you may also specify one or more additional arguments to pass to @code{tcpdump} to modify the way packets are decoded. By default, -n and -l are used. Be sure to quote the arguments so that they are not interpreted by tcprewrite. Please see the tcpdump(1) man page for a complete list of options. EOText; }; /* Fragroute */ flag = { ifdef = ENABLE_FRAGROUTE; name = fragroute; arg-type = string; max = 1; descrip = "Parse fragroute configuration file"; doc = <<- EOText Enable advanced evasion techniques using the built-in fragroute(8) engine. See the fragroute(8) man page for more details. Important: tcprewrite does not support the delay, echo or print commands. EOText; }; flag = { ifdef = ENABLE_FRAGROUTE; name = fragdir; arg-type = string; max = 1; descrip = "Which flows to apply fragroute to: c2s, s2c, both"; doc = <<- EOText Apply the fragroute engine to packets going c2s, s2c or both when using a cache file. EOText; }; flag = { name = skip-soft-errors; max = 1; descrip = "Skip writing packets with soft errors"; doc = <<- EOText In some cases, packets can't be decoded or the requested editing is not possible. Normally these packets are written to the output file unedited so that tcpprep cache files can still be used, but if you wish, these packets can be suppressed. One example of this is 802.11 management frames which contain no data. EOText; }; flag = { name = version; value = V; descrip = "Print version information"; flag-code = <<- EOVersion fprintf(stderr, "tcprewrite version: %s (build %s)", VERSION, svn_version()); #ifdef DEBUG fprintf(stderr, " (debug)"); #endif fprintf(stderr, "\n"); fprintf(stderr, "Copyright 2001-2008 by Aaron Turner \n"); fprintf(stderr, "Cache file supported: %s\n", CACHEVERSION); #ifdef HAVE_LIBNET fprintf(stderr, "Compiled against libnet: %s\n", LIBNET_VERSION); #else fprintf(stderr, "Not compiled with libnet.\n"); #endif #ifdef HAVE_WINPCAP fprintf(stderr, "Compiled against winpcap: %s\n", get_pcap_version()); #else fprintf(stderr, "Compiled against libpcap: %s\n", get_pcap_version()); #endif #ifdef ENABLE_64BITS fprintf(stderr, "64 bit packet counters: enabled\n"); #else fprintf(stderr, "64 bit packet counters: disabled\n"); #endif #ifdef ENABLE_VERBOSE fprintf(stderr, "Verbose printing via tcpdump: enabled\n"); #else fprintf(stderr, "Verbose printing via tcpdump: disabled\n"); #endif #ifdef ENABLE_FRAGROUTE fprintf(stderr, "Fragroute engine: enabled\n"); #else fprintf(stderr, "Fragroute engine: disabled\n"); #endif exit(0); EOVersion; doc = ""; }; flag = { name = less-help; value = h; immediate; descrip = "Display less usage information and exit"; flag-code = <<- EOHelp USAGE(EXIT_FAILURE); EOHelp; doc = ""; };