TODO 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151
  1. This is a general list of things which should/could/may be done.
  2. If any of these features interest you let me know- especially if you're
  3. willing and able to help code it. In general, higher priority tasks are
  4. tracked on the tcpreplay website: http://tcpreplay.synfin.net/
  5. Legend:
  6. - = Not started
  7. + = Done
  8. O = Mostly done
  9. o = Started work
  10. . = Canceled
  11. ? = To think about
  12. GENERAL:
  13. + Improve config file format
  14. + better variable names
  15. + use "var: value" format
  16. + have tcpreplay, tcpprep, tcprewrite sections
  17. + Being solved using GNU AutoOpts
  18. + Improve autoconf detection of libraries
  19. + Re-organize source tree
  20. + tcpdump decoder should print packets syncronously w/ the main process
  21. + Better use of GNU Autotools
  22. + Improve CLI/config file parsing
  23. + Only tcpreplay/tcpbridge should need to run as root.
  24. + Tcpreplay should use raw sockets or BPF directly for writing rather then
  25. libnet where applicable for theoretically higher performance.
  26. - Detect system version of libopts b/c we need a recent version
  27. + Generalize packet editing and printing code so it can be shipped as a
  28. seperate library and plugged into tcpreplay/tcprewrite/flowreplay/etc
  29. + See about removing libnet_init() from all binaries other then tcprewrite
  30. so we don't have to run as root:
  31. . libnet_addr2name4 (ignore, doesn't require libnet_t context)
  32. + libnet_name2addr4
  33. + libnet_get_hwaddr
  34. + libnet_do_checksum
  35. TCPREPLAY:
  36. . Add support for dual-nic send on one intf, wait for packet, send next.
  37. would be really useful for testing the effectiveness of how well an IPS
  38. detects and blocks attacks. (TP's tomahawk does this even better then
  39. described here, so why re-invent the wheel?)
  40. - Rewrite do_sleep() to handle sub sleep times by only nanosleep()'ing
  41. once for multiple packets when the timestamps are close enough. We
  42. also need to time nanosleep, since different architectures have lower
  43. minimum sleep times (Linux/Alpha is 1ms vs. 10ms for Linux/x86)
  44. + Tcpreplay should say which interface each packet is going out
  45. TCPBRIDGE:
  46. - Duplicate all tcprewrite functionality
  47. TCPREWRITE:
  48. - Support fragrouter like features
  49. - basic IP fragmenation
  50. - TCP fudging
  51. - then more advanced stuff
  52. - Can we integrate FR's code?
  53. + Look at VLAN (802.1q) packets
  54. - others non-vanilla types?
  55. + Add tags? Remove tags? Change tags?
  56. - Tag only one side of the connection
  57. - Support Q-in-Q tags:
  58. http://www.informit.com/articles/article.asp?p=101367&rl=1
  59. - Cisco's ISL trunking?
  60. - Add support for MPLS
  61. - Add support for GRE
  62. http://www.linuxguruz.com/iptables/howto/2.4routing-5.html
  63. Perhaps this should be done via the hardware interface rather then the GRE
  64. virtual interface since libnet doesn't support the GRE virtual
  65. + Add support for setting the ethernet protocol field so we can use
  66. -I, -K to fill out an entire ethernet header w/o using -2
  67. + Add a secondary interface full layer two rewrite option
  68. + Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
  69. - Add support for more linktypes (Prism Monitor, 802.11, FDDI, etc)
  70. + Make it easier for others to add support for others
  71. + Rip out packet munger from tcpreplay and put it into another tool so
  72. that tcpreplay can be more optimized
  73. ? perhaps use libnetdude?
  74. ? make into a library?
  75. + definately put it into a seperate binary (tcprewrite)
  76. - Add the ability to modify packet data via regex(es) in tcprewrite
  77. - Should support pcre
  78. - Support (foo) and $1, etc so new data can include old
  79. - Limit matching which packets via BPF filter and tcpprep cache
  80. (client/server)
  81. - Step through packets ala tcpreplay and provide option to edit (Y/n)
  82. - Support connection tracking and generating 3way handshake for connections
  83. missing them.
  84. - Bump Syn/Ack numbers by a pseudo random or given value so that running
  85. the same pcap will behave as different streams.
  86. - IPv6 support? People ask for this every few months, but nobody actually
  87. says they "need" or "really want" it; seems more of "gee, wouldn't it be
  88. nice". What does that mean anyways???
  89. - tcprewrite should be able to remove the two byte ethernet FCS (checksums)
  90. at the end of the frame.
  91. + Support randomization of IP addresses in ARP packets
  92. - Add support for rewriting MAC addresses in the ARP body for
  93. tcprewrite/tcpbridge to allow proxy-arp like behaviour
  94. - Add support for IP fragmenting frames which are > MTU
  95. TCPPREP:
  96. + When splitting traffic via tcpprep print out each packet (tcpdump style)
  97. so end users know where each packet is going
  98. FLOWREPLAY:
  99. - Improve flowreplay so it actually works
  100. . Use libnids to read the pcaps. This seems DOA at this time since
  101. libnids is GPL and the author is unwilling to make it support multiple
  102. threads which flowreplay probably needs to be. The only other option is
  103. a major rewrite which would break API compatibility. Doesn't seem worth
  104. it.
  105. - Allow handoff to a socket after user specified client/server exchanges
  106. - Perhaps integrate stick/snot/fpg logic into flowreplay:
  107. http://www.geschke-online.de/FLoP/fpg.8.html
  108. to do full 3way handshakes