gfwleak/common-tools-tcp-burst
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

copy from intranet.

Browse Source
This commit is contained in:
lijia
2019-07-10 17:54:02 +08:00
commit f36a4fca25
353 changed files with 130721 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
docs/TODO Normal file
View File

@@ -0,0 +1,151 @@
This is a general list of things which should/could/may be done.
If any of these features interest you let me know- especially if you're
willing and able to help code it. In general, higher priority tasks are
tracked on the tcpreplay website: http://tcpreplay.synfin.net/
Legend:
- = Not started
+ = Done
O = Mostly done
o = Started work
. = Canceled
? = To think about
GENERAL:
+ Improve config file format
+ better variable names
+ use "var: value" format
+ have tcpreplay, tcpprep, tcprewrite sections
+ Being solved using GNU AutoOpts
+ Improve autoconf detection of libraries
+ Re-organize source tree
+ tcpdump decoder should print packets syncronously w/ the main process
+ Better use of GNU Autotools
+ Improve CLI/config file parsing
+ Only tcpreplay/tcpbridge should need to run as root.
+ Tcpreplay should use raw sockets or BPF directly for writing rather then
libnet where applicable for theoretically higher performance.
- Detect system version of libopts b/c we need a recent version
+ Generalize packet editing and printing code so it can be shipped as a
seperate library and plugged into tcpreplay/tcprewrite/flowreplay/etc
+ See about removing libnet_init() from all binaries other then tcprewrite
so we don't have to run as root:
. libnet_addr2name4 (ignore, doesn't require libnet_t context)
+ libnet_name2addr4
+ libnet_get_hwaddr
+ libnet_do_checksum
TCPREPLAY:
. Add support for dual-nic send on one intf, wait for packet, send next.
would be really useful for testing the effectiveness of how well an IPS
detects and blocks attacks. (TP's tomahawk does this even better then
described here, so why re-invent the wheel?)
- Rewrite do_sleep() to handle sub sleep times by only nanosleep()'ing
once for multiple packets when the timestamps are close enough. We
also need to time nanosleep, since different architectures have lower
minimum sleep times (Linux/Alpha is 1ms vs. 10ms for Linux/x86)
+ Tcpreplay should say which interface each packet is going out
TCPBRIDGE:
- Duplicate all tcprewrite functionality
TCPREWRITE:
- Support fragrouter like features
- basic IP fragmenation
- TCP fudging
- then more advanced stuff
- Can we integrate FR's code?
+ Look at VLAN (802.1q) packets
- others non-vanilla types?
+ Add tags? Remove tags? Change tags?
- Tag only one side of the connection
- Support Q-in-Q tags:
http://www.informit.com/articles/article.asp?p=101367&rl=1
- Cisco's ISL trunking?
- Add support for MPLS
- Add support for GRE
http://www.linuxguruz.com/iptables/howto/2.4routing-5.html
Perhaps this should be done via the hardware interface rather then the GRE
virtual interface since libnet doesn't support the GRE virtual
+ Add support for setting the ethernet protocol field so we can use
-I, -K to fill out an entire ethernet header w/o using -2
+ Add a secondary interface full layer two rewrite option
+ Fix MAC rewriting to allow sending packets with a MAC of 00:00:00:00:00:00
- Add support for more linktypes (Prism Monitor, 802.11, FDDI, etc)
+ Make it easier for others to add support for others
+ Rip out packet munger from tcpreplay and put it into another tool so
that tcpreplay can be more optimized
? perhaps use libnetdude?
? make into a library?
+ definately put it into a seperate binary (tcprewrite)
- Add the ability to modify packet data via regex(es) in tcprewrite
- Should support pcre
- Support (foo) and $1, etc so new data can include old
- Limit matching which packets via BPF filter and tcpprep cache
(client/server)
- Step through packets ala tcpreplay and provide option to edit (Y/n)
- Support connection tracking and generating 3way handshake for connections
missing them.
- Bump Syn/Ack numbers by a pseudo random or given value so that running
the same pcap will behave as different streams.
- IPv6 support? People ask for this every few months, but nobody actually
says they "need" or "really want" it; seems more of "gee, wouldn't it be
nice". What does that mean anyways???
- tcprewrite should be able to remove the two byte ethernet FCS (checksums)
at the end of the frame.
+ Support randomization of IP addresses in ARP packets
- Add support for rewriting MAC addresses in the ARP body for
tcprewrite/tcpbridge to allow proxy-arp like behaviour
- Add support for IP fragmenting frames which are > MTU
TCPPREP:
+ When splitting traffic via tcpprep print out each packet (tcpdump style)
so end users know where each packet is going
FLOWREPLAY:
- Improve flowreplay so it actually works
. Use libnids to read the pcaps. This seems DOA at this time since
libnids is GPL and the author is unwilling to make it support multiple
threads which flowreplay probably needs to be. The only other option is
a major rewrite which would break API compatibility. Doesn't seem worth
it.
- Allow handoff to a socket after user specified client/server exchanges
- Perhaps integrate stick/snot/fpg logic into flowreplay:
http://www.geschke-online.de/FLoP/fpg.8.html
to do full 3way handshakes