cbiedl
/
tcpreplay


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311
							/* $Id$ */

/*
 *   Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
 *   Copyright (c) 2013-2024 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
 *
 *   The Tcpreplay Suite of tools is free software: you can redistribute it 
 *   and/or modify it under the terms of the GNU General Public License as 
 *   published by the Free Software Foundation, either version 3 of the 
 *   License, or with the authors permission any later version.
 *
 *   The Tcpreplay Suite is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with the Tcpreplay Suite.  If not, see <http://www.gnu.org/licenses/>.
 */

autogen definitions options;

copyright = {
    date        = "2000-2024";
    owner       = "Aaron Turner and Fred Klassen";
    eaddr       = "tcpreplay-users@lists.sourceforge.net"; 
    type        = gpl;
    author      = <<- EOText
Copyright 2013-2024 Fred Klassen - AppNeta

Copyright 2000-2012 Aaron Turner

For support please use the tcpreplay-users@lists.sourceforge.net mailing list.

The latest version of this software is always available from:
http://tcpreplay.appneta.com/
EOText;
};

package         = "tcprewrite";
prog-name       = "tcprewrite";
prog-title      = "Rewrite the packets in a pcap file.";
long-opts;
gnu-usage;
help-value      = "H";
save-opts-value = "";
load-opts-value = "";
config-header   = "config.h";

#include tcpedit/tcpedit_opts.def

detail = <<- EOText
Tcprewrite is a tool to rewrite packets stored in @file{pcap(3)} file format,
such as created by tools such as @file{tcpdump(1)} and @file{wireshark(1)}.
Once a pcap file has had it's packets rewritten, they can be replayed back
out on the network using @file{tcpreplay(1)}.

tcprewrite currently supports reading the following DLT types:
@item
@var{DLT_C_HDLC} aka Cisco HDLC
@item
@var{DLT_EN10MB} aka Ethernet
@item
@var{DLT_LINUX_SLL} aka Linux Cooked Socket
@item
@var{DLT_LINUX_SLL2} aka Linux Cooked Socket v2
@item
@var{DLT_RAW} aka RAW IP
@item
@var{DLT_NULL} aka BSD Loopback
@item
@var{DLT_LOOP} aka OpenBSD Loopback
@item
@var{DLT_IEEE802_11} aka 802.11a/b/g
@item
@var{DLT_IEEE802_11_RADIO} aka 802.11a/b/g with Radiotap headers
@item
@var{DLT_JUNIPER_ETHER} aka Juniper Encapsulated Ethernet
@item
@var{DLT_PPP_SERIAL} aka PPP over Serial

Please see the --dlt option for supported DLT types for writing.

The packet editing features of tcprewrite which distinguish between "client"
and "server" traffic requires a tcpprep(1) cache file.

For more details, please see the Tcpreplay Manual at:
http://tcpreplay.appneta.com
EOText;

man-doc = <<- EOMan
.SH "SEE ALSO"
tcpdump(1), tcpbridge(1), tcpreplay(1), tcpprep(1), tcpcapinfo(1)
EOMan;


config-header   = "config.h";
include         = "#include \"defines.h\"\n"
                "#include \"common.h\"\n"
                "#include \"config.h\"\n"
                "#include \"tcprewrite.h\"\n"
                "#include <stdlib.h>\n"
                "#include <string.h>\n"
                "extern tcprewrite_opt_t options;\n";

homerc          = "$$/";

flag = {
    ifdef       = DEBUG;
    name        = dbug;
    value       = d;
    arg-type    = number;
    descrip     = "Enable debugging output";
    arg-range   = "0->5";
    arg-default = 0;
    max         = 1;
    immediate;
    doc         = <<- EOText
If configured with --enable-debug, then you can specify a verbosity 
level for debugging output.  Higher numbers increase verbosity.
EOText;
};


flag = {
    name        = infile;
    value       = i;
    arg-type    = string;
    descrip     = "Input pcap file to be processed";
    max         = 1;
    immediate;
    must-set;
    doc         = "";
};

flag = {
    name      = outfile;
    value     = o;
    arg-type  = string;
    descrip   = "Output pcap file";
    max       = 1;
    must-set;
    doc       = "";
    /* options.outfile is set in post_args, because we need to make
     * sure that options.infile is processed first
     */
};

flag = {
    name        = cachefile;
    value       = c;
    arg-type    = string;
    max         = 1;
    descrip     = "Split traffic via tcpprep cache file";
    settable;
    flag-code   = <<- EOCachefile

    options.cache_packets =
        read_cache(&options.cachedata, OPT_ARG(CACHEFILE), &options.comment);

EOCachefile;
    doc         = <<- EOText
Use tcpprep cache file to split traffic based upon client/server relationships.
EOText;
};


/* Verbose decoding via tcpdump */

flag = {
    ifdef       = ENABLE_VERBOSE;
    name        = verbose;
    value       = v;
    max         = 1;
    immediate;
    descrip     = "Print decoded packets via tcpdump to STDOUT";
    settable;
    doc         = "";
};

flag = {
    ifdef       = ENABLE_VERBOSE;
    name        = decode;
    flags-must  = verbose;
    value       = A;
    arg-type    = string;
    max         = 1;
    descrip     = "Arguments passed to tcpdump decoder";
    doc         = <<- EOText
When enabling verbose mode (@var{-v}) you may also specify one or
more additional arguments to pass to @code{tcpdump} to modify
the way packets are decoded.  By default, -n and -l are used.
Be sure to quote the arguments so that they are not interpreted
by tcprewrite.   Please see the tcpdump(1) man page for a complete list of
options.
EOText;
};


/* Fragroute */
flag = {
    ifdef       = ENABLE_FRAGROUTE;
    name        = fragroute;
    arg-type    = string;
    max         = 1;
    descrip     = "Parse fragroute configuration file";
    doc         = <<- EOText
Enable advanced evasion techniques using the built-in fragroute(8)
engine.  See the fragroute(8) man page for more details.  Important:
tcprewrite does not support the delay, echo or print commands.
EOText;
};


flag = {
    ifdef       = ENABLE_FRAGROUTE;
    name        = fragdir;
    flags-must  = cachefile;
    arg-type    = string;
    max         = 1;
    descrip     = "Which flows to apply fragroute to: c2s, s2c, both";
    doc         = <<- EOText
Apply the fragroute engine to packets going c2s, s2c or both when
using a cache file.
EOText;
};

flag = {
    name    = skip-soft-errors;
    max     = 1;
    descrip = "Skip writing packets with soft errors";
    doc     = <<- EOText
In some cases, packets can not be decoded or the requested editing
is not possible.  Normally these packets are written to the output
file unedited so that tcpprep cache files can still be used, but if
you wish, these packets can be suppressed.

One example of this is 802.11 management frames which contain no data.
EOText;
};


flag = {
    name        = version;
    value       = V;
    descrip     = "Print version information";
    flag-code   = <<- EOVersion

    fprintf(stderr, "tcprewrite version: %s (build %s)", VERSION, git_version());
#ifdef DEBUG
    fprintf(stderr, " (debug)");
#endif
    fprintf(stderr, "\n");
    fprintf(stderr, "Copyright 2013-2024 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta\n");
    fprintf(stderr, "Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>\n");
    fprintf(stderr, "The entire Tcpreplay Suite is licensed under the GPLv3\n");  
    fprintf(stderr, "Cache file supported: %s\n", CACHEVERSION);
#ifdef HAVE_LIBDNET
    fprintf(stderr, "Compiled against libdnet: %s\n", LIBDNET_VERSION);
#else
    fprintf(stderr, "Not compiled with libdnet.\n");
#endif
#ifdef HAVE_WINPCAP
    fprintf(stderr, "Compiled against winpcap: %s\n", get_pcap_version());
#elif defined HAVE_PF_RING_PCAP
    fprintf(stderr, "Compiled against PF_RING libpcap: %s\n", get_pcap_version());
#else
    fprintf(stderr, "Compiled against libpcap: %s\n", get_pcap_version());
#endif
#ifdef ENABLE_64BITS
    fprintf(stderr, "64 bit packet counters: enabled\n");
#else
    fprintf(stderr, "64 bit packet counters: disabled\n");
#endif
#ifdef ENABLE_VERBOSE
    fprintf(stderr, "Verbose printing via tcpdump: enabled\n");
#else
    fprintf(stderr, "Verbose printing via tcpdump: disabled\n");
#endif
#ifdef ENABLE_FRAGROUTE
    fprintf(stderr, "Fragroute engine: enabled\n");
#else
    fprintf(stderr, "Fragroute engine: disabled\n");
#endif
    exit(0);

EOVersion;
    doc         = "";
};

flag = {
    name        = less-help;
    value       = h;
    immediate;
    descrip     = "Display less usage information and exit";
    flag-code   = <<- EOHelp

    USAGE(EXIT_FAILURE);

EOHelp;
    doc         = "";
};

flag = {
    name        = suppress-warnings;
    value       = w;
    immediate;
    descrip     = "suppress printing warning messages";
    settable;
    doc         = "";
};