forked from mayhemheroes/tcpreplay
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TODO
151 lines (108 loc) · 5.09 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
This is a general list of things which should/could/may be done.
If any of these features interest you let us know- especially if you're
willing and able to help code it. In general, higher priority tasks are
tracked on the tcpreplay GitHub wiki https://github.com/appneta/tcpreplay/wiki
Legend:
- = Not started
+ = Done
O = Mostly done
o = Started work
. = Canceled
? = To think about
GENERAL:
+ Improve config file format
+ better variable names
+ use "var: value" format
+ have tcpreplay, tcpprep, tcprewrite sections
+ Being solved using GNU AutoOpts
+ Improve autoconf detection of libraries
+ Re-organize source tree
+ tcpdump decoder should print packets synchronously w/ the main process
+ Better use of GNU Autotools
+ Improve CLI/config file parsing
+ Only tcpreplay/tcpbridge should need to run as root.
+ Tcpreplay should use raw sockets or BPF directly for writing rather then
libnet where applicable for theoretically higher performance.
- Detect system version of libopts b/c we need a recent version
+ Generalize packet editing and printing code so it can be shipped as a
separate library and plugged into tcpreplay/tcprewrite/flowreplay/etc
+ See about removing libnet_init() from all binaries other then tcprewrite
so we don't have to run as root:
. libnet_addr2name4 (ignore, doesn't require libnet_t context)
+ libnet_name2addr4
+ libnet_get_hwaddr
+ libnet_do_checksum
TCPREPLAY:
. Add support for dual-nic send on one intf, wait for packet, send next.
would be really useful for testing the effectiveness of how well an IPS
detects and blocks attacks. (TP's tomahawk does this even better then
described here, so why re-invent the wheel?)
- Rewrite do_sleep() to handle sub sleep times by only nanosleep()'ing
once for multiple packets when the timestamps are close enough. We
also need to time nanosleep, since different architectures have lower
minimum sleep times (Linux/Alpha is 1ms vs. 10ms for Linux/x86)
+ Tcpreplay should say which interface each packet is going out
TCPBRIDGE:
- Duplicate all tcprewrite functionality
TCPREWRITE:
- Support fragrouter like features
- basic IP fragmenation
- TCP fudging
- then more advanced stuff
- Can we integrate FR's code?
+ Look at VLAN (802.1q) packets
- others non-vanilla types?
+ Add tags? Remove tags? Change tags?
- Tag only one side of the connection
+ Support Q-in-Q tags:
http://www.informit.com/articles/article.asp?p=101367&rl=1
- Cisco's ISL trunking?
- Add support for MPLS
- Add support for GRE
http://www.linuxguruz.com/iptables/howto/2.4routing-5.html
Perhaps this should be done via the hardware interface rather then the GRE
virtual interface since libnet doesn't support the GRE virtual
+ Add support for setting the ethernet protocol field so we can use
-I, -K to fill out an entire ethernet header w/o using -2
+ Add a secondary interface full layer two rewrite option
+ Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
- Add support for more linktypes (Prism Monitor, 802.11, FDDI, etc)
+ Make it easier for others to add support for others
+ Rip out packet munger from tcpreplay and put it into another tool so
that tcpreplay can be more optimized
? perhaps use libnetdude?
? make into a library?
+ definitely put it into a separate binary (tcprewrite)
- Add the ability to modify packet data via regex(es) in tcprewrite
- Should support pcre
- Support (foo) and $1, etc so new data can include old
- Limit matching which packets via BPF filter and tcpprep cache
(client/server)
- Step through packets ala tcpreplay and provide option to edit (Y/n)
- Support connection tracking and generating 3way handshake for connections
missing them.
- Bump Syn/Ack numbers by a pseudo random or given value so that running
the same pcap will behave as different streams.
- IPv6 support? People ask for this every few months, but nobody actually
says they "need" or "really want" it; seems more of "gee, wouldn't it be
nice". What does that mean anyways???
- tcprewrite should be able to remove the two byte ethernet FCS (checksums)
at the end of the frame.
+ Support randomization of IP addresses in ARP packets
- Add support for rewriting MAC addresses in the ARP body for
tcprewrite/tcpbridge to allow proxy-arp like behaviour
- Add support for IP fragmenting frames which are > MTU
TCPPREP:
+ When splitting traffic via tcpprep print out each packet (tcpdump style)
so end users know where each packet is going
FLOWREPLAY:
- Improve flowreplay so it actually works
. Use libnids to read the pcaps. This seems DOA at this time since
libnids is GPL and the author is unwilling to make it support multiple
threads which flowreplay probably needs to be. The only other option is
a major rewrite which would break API compatibility. Doesn't seem worth
it.
- Allow handoff to a socket after user specified client/server exchanges
- Perhaps integrate stick/snot/fpg logic into flowreplay:
http://www.geschke-online.de/FLoP/fpg.8.html
to do full 3way handshakes