forked from appneta/tcpreplay
-
Notifications
You must be signed in to change notification settings - Fork 0
/
tcpedit_opts.def
327 lines (298 loc) · 9.71 KB
/
tcpedit_opts.def
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
/*
* Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
* Copyright (c) 2013-2022 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
*
* The Tcpreplay Suite of tools is free software: you can redistribute it
* and/or modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or with the authors permission any later version.
*
* The Tcpreplay Suite is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>.
*/
flag = {
name = tcpedit;
documentation;
lib-name = tcpedit;
};
flag = {
name = portmap;
value = r;
arg-type = string;
max = 9999;
stack-arg;
descrip = "Rewrite TCP/UDP ports";
doc = <<- EOText
Specify a list of comma delimited port mappings consisting of
colon delimited port number pairs. Each colon delimited port pair
consists of the port to match followed by the port number to rewrite.
Examples:
@example
--portmap=80:8000 --portmap=8080:80 # 80->8000 and 8080->80
--portmap=8000,8080,88888:80 # 3 different ports become 80
--portmap=8000-8999:80 # ports 8000 to 8999 become 80
@end example
EOText;
};
flag = {
name = seed;
flags-cant = fuzz-seed;
value = s;
arg-type = number;
descrip = "Randomize src/dst IPv4/v6 addresses w/ given seed";
max = 1;
doc = <<- EOText
Causes the source and destination IPv4/v6 addresses to be pseudo
randomized but still maintain client/server relationships.
Since the randomization is deterministic based on the seed,
you can reuse the same seed value to recreate the traffic.
EOText;
};
flag = {
name = pnat;
value = N;
arg-type = string;
max = 2;
stack-arg;
flags-cant = srcipmap;
flass-cant = dstipmap;
descrip = "Rewrite IPv4/v6 addresses using pseudo-NAT";
doc = <<- EOText
Takes a comma delimited series of colon delimited CIDR
netblock pairs. Each netblock pair is evaluated in order against
the IP addresses. If the IP address in the packet matches the
first netblock, it is rewritten using the second netblock as a
mask against the high order bits.
IPv4 Example:
@example
--pnat=192.168.0.0/16:10.77.0.0/16,172.16.0.0/12:10.1.0.0/24
@end example
IPv6 Example:
@example
--pnat=[2001:db8::/32]:[dead::/16],[2001:db8::/32]:[::ffff:0:0/96]
@end example
EOText;
};
flag = {
name = srcipmap;
value = S;
arg-type = string;
max = 1;
flags-cant = pnat;
descrip = "Rewrite source IPv4/v6 addresses using pseudo-NAT";
doc = <<- EOText
Works just like the --pnat option, but only affects the source IP
addresses in the IPv4/v6 header.
EOText;
};
flag = {
name = dstipmap;
value = D;
arg-type = string;
max = 1;
flags-cant = pnat;
descrip = "Rewrite destination IPv4/v6 addresses using pseudo-NAT";
doc = <<- EOText
Works just like the --pnat option, but only affects the destination IP
addresses in the IPv4/v6 header.
EOText;
};
flag = {
ifdef = HAVE_CACHEFILE_SUPPORT;
name = endpoints;
value = e;
arg-type = string;
max = 1;
flags-must = cachefile;
descrip = "Rewrite IP addresses to be between two endpoints";
doc = <<- EOText
Takes a pair of colon delimited IPv4/v6 addresses which will be used to rewrite
all traffic to appear to be between the two IP addresses.
IPv4 Example:
@example
--endpoints=172.16.0.1:172.16.0.2
@end example
IPv6 Example:
@example
--endpoints=[2001:db8::dead:beef]:[::ffff:0:0:ac:f:0:2]
@end example
EOText;
};
flag = {
name = tcp-sequence;
arg-type = number;
arg-default = 0;
arg-range = "1->";
descrip = "Change TCP Sequence (and ACK) numbers /w given seed";
doc = <<- EOText
Change all TCP sequence numbers, and related sequence-acknowledgement numbers.
They will be shifted by a random amount based on the provided seed.
EOText;
};
flag = {
name = skipbroadcast;
value = b;
descrip = "Skip rewriting broadcast/multicast IPv4/v6 addresses";
doc = <<- EOText
By default --seed, --pnat and --endpoints will rewrite
broadcast and multicast IPv4/v6 and MAC addresses. Setting this flag
will keep broadcast/multicast IPv4/v6 and MAC addresses from being rewritten.
EOText;
};
flag = {
name = fixcsum;
value = C;
descrip = "Force recalculation of IPv4/TCP/UDP header checksums";
doc = <<- EOText
Causes each IPv4/v6 packet to have their checksums recalculated and
fixed. Automatically enabled for packets modified with @samp{--seed},
@samp{--pnat}, @samp{--endpoints} or @samp{--fixlen}.
EOText;
};
flag = {
name = mtu;
value = m;
arg-type = number;
max = 1;
arg-range = "1->MAX_SNAPLEN";
default = DEFAULT_MTU;
descrip = "Override default MTU length (1500 bytes)";
doc = <<- EOText
Override the default 1500 byte MTU size for determining the maximum padding length
(--fixlen=pad) or when truncating (--mtu-trunc).
EOText;
};
flag = {
name = mtu-trunc;
max = 1;
descrip = "Truncate packets larger then specified MTU";
doc = <<- EOText
Similar to --fixlen, this option will truncate data in packets from Layer 3 and above to be
no larger then the MTU.
EOText;
};
flag = {
name = efcs;
value = E;
descrip = "Remove Ethernet checksums (FCS) from end of frames";
doc = <<- EOText
Note, this option is pretty dangerous! We do not actually check to see if a FCS
actually exists in the frame, we just blindly delete the last 4 bytes. Hence,
you should only use this if you know know that your OS provides the FCS when
reading raw packets.
EOText;
};
flag = {
name = ttl;
descrip = "Modify the IPv4/v6 TTL/Hop Limit";
arg-type = string;
doc = <<- EOText
Allows you to modify the TTL/Hop Limit of all the IPv4/v6 packets. Specify a number to hard-code
the value or +/-value to increase or decrease by the value provided (limited to 1-255).
Examples:
@example
--ttl=10
--ttl=+7
--ttl=-64
@end example
EOText;
};
flag = {
name = tos;
descrip = "Set the IPv4 TOS/DiffServ/ECN byte";
arg-type = number;
arg-range = "0->255";
max = 1;
doc = <<- EOText
Allows you to override the TOS (also known as DiffServ/ECN) value in IPv4.
EOText;
};
flag = {
name = tclass;
descrip = "Set the IPv6 Traffic Class byte";
arg-type = number;
arg-range = "0->255";
max = 1;
doc = <<- EOText
Allows you to override the IPv6 Traffic Class field.
EOText;
};
flag = {
name = flowlabel;
descrip = "Set the IPv6 Flow Label";
arg-type = number;
arg-range = "0->1048575";
max = 1;
doc = <<- EOText
Allows you to override the 20bit IPv6 Flow Label field. Has no effect on IPv4
packets.
EOText;
};
flag = {
name = fixlen;
value = F;
arg-type = string;
descrip = "Pad or truncate packet data to match header length";
max = 1;
doc = <<- EOText
Packets may be truncated during capture if the snaplen is smaller then the
packet. This option allows you to modify the packet to pad the packet back
out to the size stored in the IPv4/v6 header or rewrite the IP header total length
to reflect the stored packet length.
@table @bullet
@item
@var{pad}
Truncated packets will be padded out so that the packet length matches the
IPv4 total length
@item
@var{trunc}
Truncated packets will have their IPv4 total length field rewritten to match
the actual packet length
@item
@var{del}
Delete the packet
EOText;
};
flag = {
name = fuzz-seed;
arg-type = number;
arg-default = 0;
arg-range = "0->";
descrip = "Fuzz 1 in X packets. Edit bytes, length, or emulate packet drop";
doc = <<- EOText
This fuzzing was designed as to test layer 7 protocols such as voip protocols.
It modifies randomly 1 out of X packets (where X = @var{--fuzz-factor}) in order
for stateful protocols to cover more of their code. The random fuzzing actions
focus on data start and end because it often is the part of the data application
protocols base their decisions on.
Possible fuzzing actions list:
* drop packet
* reduce packet size
* edit packet Bytes:
* Not all Bytes have the same probability of appearance in real life.
Replace with 0x00, 0xFF, or a random byte with equal likelihood.
* Not all Bytes have the same significance in a packet.
Replace the start, the end, or the middle of the packet with equal likelihood.
* do nothing (7 out of 8 packets)
EOText;
};
flag = {
name = fuzz-factor;
flags-must = fuzz-seed;
arg-type = number;
arg-default = 8;
arg-range = "1->";
descrip = "Set the Fuzz 1 in X packet ratio (default 1 in 8 packets)";
doc = <<- EOText
Sets the ratio of for @var{--fuzz-seed} option. By default this value is 8,
which means 1 in 8 packets are modified by fuzzing. Note that this ratio is
based on the random number generated by the supplied fuzz seed. Therefore by
default you cannot expect that exactly every eighth packet will be modified.
EOText;
};
#include plugins/dlt_stub.def