TODO 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163
  1. This is a general list of things which should/could/may be done.
  2. If any of these features interest you let me know- especially if you're
  3. willing and able to help code it.
  4. Legend:
  5. - = Not started
  6. + = Done
  7. O = Mostly done
  8. o = Started work
  9. . = Canceled
  10. ? = To think about
  11. GENERAL:
  12. + Improve config file format
  13. + better variable names
  14. + use "var: value" format
  15. + have tcpreplay, tcpprep, tcprewrite sections
  16. + Being solved using GNU AutoOpts
  17. + Improve autoconf detection of libraries
  18. + Re-organize source tree
  19. O tcpdump decoder should print packets syncronously w/ the main process
  20. + Better use of GNU Autotools
  21. + Improve CLI/config file parsing
  22. - Only tcpreplay/tcpbridge should need to run as root.
  23. - Tcpreplay should use raw sockets or BPF directly for writing rather then
  24. libnet where applicable for theoretically higher performance.
  25. - Detect system version of libopts b/c we need a recent version
  26. - Generalize packet editing and printing code so it can be shipped as a
  27. seperate library and plugged into tcpreplay/tcprewrite/flowreplay/etc
  28. - See about removing libnet_init() from all binaries other then tcprewrite
  29. so we don't have to run as root:
  30. . libnet_addr2name4 (ignore, doesn't require libnet_t context)
  31. + libnet_name2addr4
  32. - libnet_get_hwaddr
  33. - libnet_do_checksum
  34. TCPREPLAY:
  35. . Add support for dual-nic send on one intf, wait for packet, send next.
  36. would be really useful for testing the effectiveness of how well an IPS
  37. detects and blocks attacks. (TP's tomahawk does this even better then
  38. described here, so why re-invent the wheel?)
  39. - Rewrite do_sleep() to handle sub sleep times by only nanosleep()'ing
  40. once for multiple packets when the timestamps are close enough. We
  41. also need to time nanosleep, since different architectures have lower
  42. minimum sleep times (Linux/Alpha is 1ms vs. 10ms for Linux/x86)
  43. + Tcpreplay should say which interface each packet is going out
  44. TCPBRIDGE:
  45. - Duplicate all tcprewrite functionality
  46. TCPREWRITE:
  47. - Support fragrouter like features
  48. - basic IP fragmenation
  49. - TCP fudging
  50. - then more advanced stuff
  51. - Can we integrate FR's code?
  52. + Look at VLAN (802.1q) packets
  53. - others non-vanilla types?
  54. + Add tags? Remove tags? Change tags?
  55. - Tag only one side of the connection
  56. - Support Q-in-Q tags:
  57. http://www.informit.com/articles/article.asp?p=101367&rl=1
  58. - Cisco's ISL trunking?
  59. - Add support for MPLS
  60. - Add support for GRE
  61. http://www.linuxguruz.com/iptables/howto/2.4routing-5.html
  62. Perhaps this should be done via the hardware interface rather then the GRE
  63. virtual interface since libnet doesn't support the GRE virtual
  64. + Add support for setting the ethernet protocol field so we can use
  65. -I, -K to fill out an entire ethernet header w/o using -2
  66. + Add a secondary interface full layer two rewrite option
  67. + Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
  68. - Add support for more linktypes (Prism Monitor, 802.11, FDDI, etc)
  69. - Make it easier for others to add support for others
  70. + Rip out packet munger from tcpreplay and put it into another tool so
  71. that tcpreplay can be more optimized
  72. ? perhaps use libnetdude?
  73. ? make into a library?
  74. + definately put it into a seperate binary (tcprewrite)
  75. - Add the ability to modify packet data via regex(es) in tcprewrite
  76. - Should support pcre
  77. - Support (foo) and $1, etc so new data can include old
  78. - Limit matching which packets via BPF filter and tcpprep cache
  79. (client/server)
  80. - Step through packets ala tcpreplay and provide option to edit (Y/n)
  81. - Support connection tracking and generating 3way handshake for connections
  82. missing them.
  83. - Bump Syn/Ack numbers by a pseudo random or given value so that running
  84. the same pcap will behave as different streams.
  85. - IPv6 support? People ask for this every few months, but nobody actually
  86. says they "need" or "really want" it; seems more of "gee, wouldn't it be
  87. nice". What does that mean anyways???
  88. - tcprewrite should be able to remove the two byte ethernet FCS (checksums)
  89. at the end of the frame.
  90. + Support randomization of IP addresses in ARP packets
  91. - Add support for rewriting MAC addresses in the ARP body for
  92. tcprewrite/tcpbridge to allow proxy-arp like behaviour
  93. - Add support for IP fragmenting frames which are > MTU
  94. TCPPREP:
  95. + When splitting traffic via tcpprep print out each packet (tcpdump style)
  96. so end users know where each packet is going
  97. FLOWREPLAY:
  98. - Improve flowreplay so it actually works
  99. . Use libnids to read the pcaps. This seems DOA at this time since
  100. libnids is GPL and the author is unwilling to make it support multiple
  101. threads which flowreplay probably needs to be. The only other option is
  102. a major rewrite which would break API compatibility. Doesn't seem worth
  103. it.
  104. - Allow handoff to a socket after user specified client/server exchanges
  105. - Perhaps integrate stick/snot/fpg logic into flowreplay:
  106. http://www.geschke-online.de/FLoP/fpg.8.html
  107. to do full 3way handshakes
  108. BUGS:
  109. - fix RNG for randomization of IP's
  110. - Fix tcpbridge after code refactoring
  111. - Fix spec file using patch
  112. - adding a layer 2 header to RawIP pcap's results in broken pcap's
  113. - Tcpbridge between loopback (LinuxSSL and BSD loop) and another NIC
  114. (support rewriting MAC)