git Service des IN-Ulm e.V. Erkunden Hilfe
Anmelden
cbiedl
/
tcpreplay
1
0
Fork 0
Dateien
Struktur: 5fd85191d7
Branches Tags
tcpreplay
/
docs
/
TODO

TODO 5.1 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151 
  1. This is a general list of things which should/could/may be done.
    2. 

  2. If any of these features interest you let us know- especially if you're
    3. 

  3. willing and able to help code it.  In general, higher priority tasks are
    4. 

  4. tracked on the tcpreplay GitHub wiki https://github.com/appneta/tcpreplay/wiki
    5. 

  5. 

  6. Legend:
    7. 

  7.     - = Not started
    8. 

  8.     + = Done
    9. 

  9.     O = Mostly done
    10. 

  10.     o = Started work
    11. 

  11.     . = Canceled
    12. 

  12.     ? = To think about
    13. 

  13. 

  14. GENERAL:
    15. 

  15. 

  16. + Improve config file format
    17. 

  17.   + better variable names
    18. 

  18.   + use "var: value" format
    19. 

  19.   + have tcpreplay, tcpprep, tcprewrite sections
    20. 

  20.   + Being solved using GNU AutoOpts
    21. 

  21. 

  22. + Improve autoconf detection of libraries
    23. 

  23. 

  24. + Re-organize source tree
    25. 

  25. 

  26. + tcpdump decoder should print packets synchronously w/ the main process
    27. 

  27. 

  28. + Better use of GNU Autotools
    29. 

  29. 

  30. + Improve CLI/config file parsing
    31. 

  31. 

  32. + Only tcpreplay/tcpbridge should need to run as root.
    33. 

  33. 

  34. + Tcpreplay should use raw sockets or BPF directly for writing rather then
    35. 

  35.       libnet where applicable for theoretically higher performance.
    36. 

  36. 

  37. - Detect system version of libopts b/c we need a recent version
    38. 

  38. 

  39. + Generalize packet editing and printing code so it can be shipped as a 
    40. 

  40.   separate library and plugged into tcpreplay/tcprewrite/flowreplay/etc
    41. 

  41. 

  42. + See about removing libnet_init() from all binaries other then tcprewrite
    43. 

  43.   so we don't have to run as root:
    44. 

  44.   . libnet_addr2name4 (ignore, doesn't require libnet_t context)
    45. 

  45.   + libnet_name2addr4
    46. 

  46.   + libnet_get_hwaddr
    47. 

  47.   + libnet_do_checksum
    48. 

  48. 

  49. TCPREPLAY:
    50. 

  50. 

  51. . Add support for dual-nic send on one intf, wait for packet, send next.
    52. 

  52.   would be really useful for testing the effectiveness of how well an IPS
    53. 

  53.   detects and blocks attacks. (TP's tomahawk does this even better then
    54. 

  54.   described here, so why re-invent the wheel?)
    55. 

  55. 

  56. - Rewrite do_sleep() to handle sub sleep times by only nanosleep()'ing
    57. 

  57.   once for multiple packets when the timestamps are close enough.  We
    58. 

  58.   also need to time nanosleep, since different architectures have lower
    59. 

  59.   minimum sleep times (Linux/Alpha is 1ms vs. 10ms for Linux/x86)
    60. 

  60. 

  61. + Tcpreplay should say which interface each packet is going out
    62. 

  62. 

  63. TCPBRIDGE:
    64. 

  64. 

  65. - Duplicate all tcprewrite functionality
    66. 

  66. 

  67. TCPREWRITE:
    68. 

  68. 

  69. - Support fragrouter like features 
    70. 

  70.     - basic IP fragmenation
    71. 

  71.     - TCP fudging 
    72. 

  72.     - then more advanced stuff
    73. 

  73.     - Can we integrate FR's code?
    74. 

  74. 

  75. + Look at VLAN (802.1q) packets
    76. 

  76.     - others non-vanilla types?
    77. 

  77.     + Add tags?  Remove tags?  Change tags?
    78. 

  78.     - Tag only one side of the connection
    79. 

  79.     - Support Q-in-Q tags:
    80. 

  80.           http://www.informit.com/articles/article.asp?p=101367&rl=1
    81. 

  81.     - Cisco's ISL trunking?
    82. 

  82. 

  83. - Add support for MPLS
    84. 

  84. 

  85. - Add support for GRE
    86. 

  86.   http://www.linuxguruz.com/iptables/howto/2.4routing-5.html
    87. 

  87.   Perhaps this should be done via the hardware interface rather then the GRE
    88. 

  88.   virtual interface since libnet doesn't support the GRE virtual
    89. 

  89. 

  90. + Add support for setting the ethernet protocol field so we can use
    91. 

  91.     -I, -K to fill out an entire ethernet header w/o using -2
    92. 

  92. 

  93. + Add a secondary interface full layer two rewrite option
    94. 

  94. 

  95. + Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
    96. 

  96. 

  97. - Add support for more linktypes (Prism Monitor, 802.11, FDDI, etc)
    98. 

  98.     + Make it easier for others to add support for others
    99. 

  99. 

  100. + Rip out packet munger from tcpreplay and put it into another tool so
    101. 

  101.   that tcpreplay can be more optimized
    102. 

  102.     ? perhaps use libnetdude?
    103. 

  103.     ? make into a library?
    104. 

  104.     + definitely put it into a separate binary (tcprewrite)
    105. 

  105. 

  106. - Add the ability to modify packet data via regex(es) in tcprewrite
    107. 

  107.   - Should support pcre
    108. 

  108.   - Support (foo) and $1, etc so new data can include old
    109. 

  109.   - Limit matching which packets via BPF filter and tcpprep cache
    110. 

  110.         (client/server)
    111. 

  111.   - Step through packets ala tcpreplay and provide option to edit (Y/n)
    112. 

  112. 

  113. - Support connection tracking and generating 3way handshake for connections
    114. 

  114.   missing them.
    115. 

  115. 

  116. - Bump Syn/Ack numbers by a pseudo random or given value so that running 
    117. 

  117.   the same pcap will behave as different streams.
    118. 

  118. 

  119. - IPv6 support?  People ask for this every few months, but nobody actually
    120. 

  120.   says they "need" or "really want" it; seems more of "gee, wouldn't it be
    121. 

  121.   nice".  What does that mean anyways???
    122. 

  122. 

  123. - tcprewrite should be able to remove the two byte ethernet FCS (checksums)
    124. 

  124.   at the end of the frame.
    125. 

  125. 

  126. + Support randomization of IP addresses in ARP packets
    127. 

  127. 

  128. - Add support for rewriting MAC addresses in the ARP body for
    129. 

  129.   tcprewrite/tcpbridge to allow proxy-arp like behaviour
    130. 

  130. 

  131. - Add support for IP fragmenting frames which are > MTU
    132. 

  132. 

  133. 

  134. TCPPREP:
    135. 

  135. 

  136. + When splitting traffic via tcpprep print out each packet (tcpdump style)
    137. 

  137.   so end users know where each packet is going
    138. 

  138. 

  139. FLOWREPLAY:
    140. 

  140. 

  141. - Improve flowreplay so it actually works
    142. 

  142.   . Use libnids to read the pcaps.  This seems DOA at this time since
    143. 

  143.     libnids is GPL and the author is unwilling to make it support multiple
    144. 

  144.     threads which flowreplay probably needs to be.  The only other option is
    145. 

  145.     a major rewrite which would break API compatibility.  Doesn't seem worth
    146. 

  146.     it.
    147. 

  147.   - Allow handoff to a socket after user specified client/server exchanges
    148. 

  148. 

  149. - Perhaps integrate stick/snot/fpg logic into flowreplay:
    150. 

  150.   http://www.geschke-online.de/FLoP/fpg.8.html
    151. 

  151.   to do full 3way handshakes
    152.