TODO 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
  1. This is a general list of things which should/could/may be done.
  2. If any of these features interest you let me know- especially if you're
  3. willing and able to help code it.
  4. Legend:
  5. - = Not started
  6. + = Done
  7. O = Mostly done
  8. o = Started work
  9. . = Canceled
  10. ? = To think about
  11. + Look at VLAN (802.1q) packets
  12. - others non-vanilla types?
  13. + Add tags? Remove tags? Change tags?
  14. - Tag only one side of the connection
  15. - Support Q-in-Q tags:
  16. http://www.informit.com/articles/article.asp?p=101367&rl=1
  17. - Cisco's ISL trunking?
  18. - Add support for MPLS
  19. - Add support for GRE
  20. http://www.linuxguruz.com/iptables/howto/2.4routing-5.html
  21. Perhaps this should be done via the hardware interface rather then the GRE
  22. virtual interface since libnet doesn't support the GRE virtual
  23. + Add support for setting the ethernet protocol field so we can use
  24. -I, -K to fill out an entire ethernet header w/o using -2
  25. + Add a secondary interface full layer two rewrite option
  26. + Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
  27. - Add support for more linktypes (Prism Monitor, 802.11, FDDI, etc)
  28. - Make it easier for others to add support for others
  29. + Rip out packet munger from tcpreplay and put it into another tool so
  30. that tcpreplay can be more optimized
  31. ? perhaps use libnetdude?
  32. ? make into a library?
  33. + definately put it into a seperate binary (tcprewrite)
  34. - Add the ability to modify packet data via regex(es) in tcprewrite
  35. - Should support pcre
  36. - Support (foo) and $1, etc so new data can include old
  37. - Limit matching which packets via BPF filter and tcpprep cache
  38. (client/server)
  39. - Step through packets ala tcpreplay and provide option to edit (Y/n)
  40. + Improve config file format
  41. + better variable names
  42. + use "var: value" format
  43. + have tcpreplay, tcpprep, tcprewrite sections
  44. + Being solved using GNU AutoOpts
  45. . Add support for dual-nic send on one intf, wait for packet, send next.
  46. would be really useful for testing the effectiveness of how well an IPS
  47. detects and blocks attacks. (TP's tomahawk does this even better then
  48. described here, so why re-invent the wheel?)
  49. - Support fragrouter like features
  50. - basic IP fragmenation
  51. - TCP fudging
  52. - then more advanced stuff
  53. - Can we integrate FR's code?
  54. - Support connection tracking and generating 3way handshake for connections
  55. missing them.
  56. - Bump Syn/Ack numbers by a random or given value so that running
  57. the same pcap will behave as different streams.
  58. - Improve flowreplay so it actually works
  59. o Use libnids to read the pcaps
  60. - Allow handoff to a socket after user specified client/server exchanges
  61. - Perhaps integrate stick/snot/fpg logic into flowreplay:
  62. http://www.geschke-online.de/FLoP/fpg.8.html
  63. to do full 3way handshakes
  64. - IPv6 support? People ask for this every few months, but nobody actually
  65. says they "need" or "really want" it; seems more of "gee, wouldn't it be
  66. nice".
  67. + When splitting traffic via tcpprep print out each packet (tcpdump style)
  68. so end users know where each packet is going
  69. + Improve autoconf detection of libraries
  70. + Re-organize source tree
  71. O tcpdump decoder should print packets syncronously w/ the main process
  72. - Rewrite do_sleep() to handle sub sleep times by only nanosleep()'ing
  73. once for multiple packets when the timestamps are close enough. We
  74. also need to time nanosleep, since different architectures have lower
  75. minimum sleep times (Linux/Alpha is 1ms vs. 10ms for Linux/x86)
  76. + Tcpreplay should say which interface each packet is going out
  77. + Better use of GNU Autotools
  78. + Improve CLI/config file parsing
  79. - Tcprewrite should be able to remove the two byte ethernet FCS (checksums)
  80. at the end of the frame.
  81. - See about removing libnet_init() from all binaries other then tcprewrite
  82. so we don't have to run as root:
  83. . libnet_addr2name4 (ignore, doesn't require libnet_t context)
  84. + libnet_name2addr4
  85. - libnet_get_hwaddr
  86. - libnet_do_checksum
  87. + Support randomization of IP addresses in ARP packets
  88. - Only tcpreplay should need to run as root.
  89. - Tcpreplay should use raw sockets or BPF directly for writing rather then
  90. libnet where applicable for higher performance.