123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163 |
- This is a general list of things which should/could/may be done.
- If any of these features interest you let me know- especially if you're
- willing and able to help code it.
- Legend:
- - = Not started
- + = Done
- O = Mostly done
- o = Started work
- . = Canceled
- ? = To think about
- GENERAL:
- + Improve config file format
- + better variable names
- + use "var: value" format
- + have tcpreplay, tcpprep, tcprewrite sections
- + Being solved using GNU AutoOpts
- + Improve autoconf detection of libraries
- + Re-organize source tree
- O tcpdump decoder should print packets syncronously w/ the main process
- + Better use of GNU Autotools
- + Improve CLI/config file parsing
- - Only tcpreplay/tcpbridge should need to run as root.
- - Tcpreplay should use raw sockets or BPF directly for writing rather then
- libnet where applicable for theoretically higher performance.
- - Detect system version of libopts b/c we need a recent version
- - Generalize packet editing and printing code so it can be shipped as a
- seperate library and plugged into tcpreplay/tcprewrite/flowreplay/etc
- - See about removing libnet_init() from all binaries other then tcprewrite
- so we don't have to run as root:
- . libnet_addr2name4 (ignore, doesn't require libnet_t context)
- + libnet_name2addr4
- - libnet_get_hwaddr
- - libnet_do_checksum
- TCPREPLAY:
- . Add support for dual-nic send on one intf, wait for packet, send next.
- would be really useful for testing the effectiveness of how well an IPS
- detects and blocks attacks. (TP's tomahawk does this even better then
- described here, so why re-invent the wheel?)
- - Rewrite do_sleep() to handle sub sleep times by only nanosleep()'ing
- once for multiple packets when the timestamps are close enough. We
- also need to time nanosleep, since different architectures have lower
- minimum sleep times (Linux/Alpha is 1ms vs. 10ms for Linux/x86)
- + Tcpreplay should say which interface each packet is going out
- TCPBRIDGE:
- - Duplicate all tcprewrite functionality
- TCPREWRITE:
- - Support fragrouter like features
- - basic IP fragmenation
- - TCP fudging
- - then more advanced stuff
- - Can we integrate FR's code?
- + Look at VLAN (802.1q) packets
- - others non-vanilla types?
- + Add tags? Remove tags? Change tags?
- - Tag only one side of the connection
- - Support Q-in-Q tags:
- http://www.informit.com/articles/article.asp?p=101367&rl=1
- - Cisco's ISL trunking?
- - Add support for MPLS
- - Add support for GRE
- http://www.linuxguruz.com/iptables/howto/2.4routing-5.html
- Perhaps this should be done via the hardware interface rather then the GRE
- virtual interface since libnet doesn't support the GRE virtual
- + Add support for setting the ethernet protocol field so we can use
- -I, -K to fill out an entire ethernet header w/o using -2
- + Add a secondary interface full layer two rewrite option
- + Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
- - Add support for more linktypes (Prism Monitor, 802.11, FDDI, etc)
- - Make it easier for others to add support for others
- + Rip out packet munger from tcpreplay and put it into another tool so
- that tcpreplay can be more optimized
- ? perhaps use libnetdude?
- ? make into a library?
- + definately put it into a seperate binary (tcprewrite)
- - Add the ability to modify packet data via regex(es) in tcprewrite
- - Should support pcre
- - Support (foo) and $1, etc so new data can include old
- - Limit matching which packets via BPF filter and tcpprep cache
- (client/server)
- - Step through packets ala tcpreplay and provide option to edit (Y/n)
- - Support connection tracking and generating 3way handshake for connections
- missing them.
- - Bump Syn/Ack numbers by a pseudo random or given value so that running
- the same pcap will behave as different streams.
- - IPv6 support? People ask for this every few months, but nobody actually
- says they "need" or "really want" it; seems more of "gee, wouldn't it be
- nice". What does that mean anyways???
- - tcprewrite should be able to remove the two byte ethernet FCS (checksums)
- at the end of the frame.
- + Support randomization of IP addresses in ARP packets
- - Add support for rewriting MAC addresses in the ARP body for
- tcprewrite/tcpbridge to allow proxy-arp like behaviour
- - Add support for IP fragmenting frames which are > MTU
- TCPPREP:
- + When splitting traffic via tcpprep print out each packet (tcpdump style)
- so end users know where each packet is going
- FLOWREPLAY:
- - Improve flowreplay so it actually works
- . Use libnids to read the pcaps. This seems DOA at this time since
- libnids is GPL and the author is unwilling to make it support multiple
- threads which flowreplay probably needs to be. The only other option is
- a major rewrite which would break API compatibility. Doesn't seem worth
- it.
- - Allow handoff to a socket after user specified client/server exchanges
- - Perhaps integrate stick/snot/fpg logic into flowreplay:
- http://www.geschke-online.de/FLoP/fpg.8.html
- to do full 3way handshakes
- BUGS:
- - fix RNG for randomization of IP's
- - Fix tcpbridge after code refactoring
- - Fix spec file using patch
- - adding a layer 2 header to RawIP pcap's results in broken pcap's
- - Tcpbridge between loopback (LinuxSSL and BSD loop) and another NIC
- (support rewriting MAC)
|