1/* 2 * Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net> 3 * Copyright (c) 2013-2018 Fred Klassen <tcpreplay at appneta dot com> - AppNeta 4 * 5 * The Tcpreplay Suite of tools is free software: you can redistribute it 6 * and/or modify it under the terms of the GNU General Public License as 7 * published by the Free Software Foundation, either version 3 of the 8 * License, or with the authors permission any later version. 9 * 10 * The Tcpreplay Suite is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>. 17 */ 18 19flag = { 20 name = tcpedit; 21 documentation; 22 lib-name = tcpedit; 23}; 24 25flag = { 26 name = portmap; 27 value = r; 28 arg-type = string; 29 max = 9999; 30 stack-arg; 31 descrip = "Rewrite TCP/UDP ports"; 32 doc = <<- EOText 33Specify a list of comma delimited port mappings consisting of 34colon delimited port number pairs. Each colon delimited port pair 35consists of the port to match followed by the port number to rewrite. 36 37Examples: 38@example 39--portmap=80:8000 --portmap=8080:80 # 80->8000 and 8080->80 40--portmap=8000,8080,88888:80 # 3 different ports become 80 41--portmap=8000-8999:80 # ports 8000 to 8999 become 80 42@end example 43EOText; 44}; 45 46flag = { 47 name = seed; 48 flags-cant = fuzz-seed; 49 value = s; 50 arg-type = number; 51 descrip = "Randomize src/dst IPv4/v6 addresses w/ given seed"; 52 max = 1; 53 doc = <<- EOText 54Causes the source and destination IPv4/v6 addresses to be pseudo 55randomized but still maintain client/server relationships. 56Since the randomization is deterministic based on the seed, 57you can reuse the same seed value to recreate the traffic. 58EOText; 59}; 60 61flag = { 62 name = pnat; 63 value = N; 64 arg-type = string; 65 max = 2; 66 stack-arg; 67 flags-cant = srcipmap; 68 flass-cant = dstipmap; 69 descrip = "Rewrite IPv4/v6 addresses using pseudo-NAT"; 70 doc = <<- EOText 71Takes a comma delimited series of colon delimited CIDR 72netblock pairs. Each netblock pair is evaluated in order against 73the IP addresses. If the IP address in the packet matches the 74first netblock, it is rewritten using the second netblock as a 75mask against the high order bits. 76 77IPv4 Example: 78@example 79--pnat=192.168.0.0/16:10.77.0.0/16,172.16.0.0/12:10.1.0.0/24 80@end example 81IPv6 Example: 82@example 83--pnat=[2001:db8::/32]:[dead::/16],[2001:db8::/32]:[::ffff:0:0/96] 84@end example 85EOText; 86}; 87 88flag = { 89 name = srcipmap; 90 value = S; 91 arg-type = string; 92 max = 1; 93 flags-cant = pnat; 94 descrip = "Rewrite source IPv4/v6 addresses using pseudo-NAT"; 95 doc = <<- EOText 96Works just like the --pnat option, but only affects the source IP 97addresses in the IPv4/v6 header. 98EOText; 99}; 100 101flag = { 102 name = dstipmap; 103 value = D; 104 arg-type = string; 105 max = 1; 106 flags-cant = pnat; 107 descrip = "Rewrite destination IPv4/v6 addresses using pseudo-NAT"; 108 doc = <<- EOText 109Works just like the --pnat option, but only affects the destination IP 110addresses in the IPv4/v6 header. 111EOText; 112}; 113 114 115flag = { 116 ifdef = HAVE_CACHEFILE_SUPPORT; 117 name = endpoints; 118 value = e; 119 arg-type = string; 120 max = 1; 121 flags-must = cachefile; 122 descrip = "Rewrite IP addresses to be between two endpoints"; 123 doc = <<- EOText 124Takes a pair of colon delimited IPv4/v6 addresses which will be used to rewrite 125all traffic to appear to be between the two IP addresses. 126 127IPv4 Example: 128@example 129--endpoints=172.16.0.1:172.16.0.2 130@end example 131IPv6 Example: 132@example 133--endpoints=[2001:db8::dead:beef]:[::ffff:0:0:ac:f:0:2] 134@end example 135 136EOText; 137}; 138 139flag = { 140 name = tcp-sequence; 141 arg-type = number; 142 arg-default = 0; 143 arg-range = "1->"; 144 descrip = "Change TCP Sequence (and ACK) numbers /w given seed"; 145 doc = <<- EOText 146Change all TCP sequence numbers, and related sequence-acknowledgement numbers. 147They will be shifted by a random amount based on the provided seed. 148EOText; 149}; 150 151flag = { 152 name = skipbroadcast; 153 value = b; 154 descrip = "Skip rewriting broadcast/multicast IPv4/v6 addresses"; 155 doc = <<- EOText 156By default --seed, --pnat and --endpoints will rewrite 157broadcast and multicast IPv4/v6 and MAC addresses. Setting this flag 158will keep broadcast/multicast IPv4/v6 and MAC addresses from being rewritten. 159EOText; 160}; 161 162flag = { 163 name = fixcsum; 164 value = C; 165 descrip = "Force recalculation of IPv4/TCP/UDP header checksums"; 166 doc = <<- EOText 167Causes each IPv4/v6 packet to have their checksums recalculated and 168fixed. Automatically enabled for packets modified with @samp{--seed}, 169@samp{--pnat}, @samp{--endpoints} or @samp{--fixlen}. 170EOText; 171}; 172 173flag = { 174 name = mtu; 175 value = m; 176 arg-type = number; 177 max = 1; 178 arg-range = "1->MAX_SNAPLEN"; 179 default = DEFAULT_MTU; 180 descrip = "Override default MTU length (1500 bytes)"; 181 doc = <<- EOText 182Override the default 1500 byte MTU size for determining the maximum padding length 183(--fixlen=pad) or when truncating (--mtu-trunc). 184EOText; 185}; 186 187flag = { 188 name = mtu-trunc; 189 max = 1; 190 descrip = "Truncate packets larger then specified MTU"; 191 doc = <<- EOText 192Similar to --fixlen, this option will truncate data in packets from Layer 3 and above to be 193no larger then the MTU. 194EOText; 195}; 196 197flag = { 198 name = efcs; 199 value = E; 200 descrip = "Remove Ethernet checksums (FCS) from end of frames"; 201 doc = <<- EOText 202Note, this option is pretty dangerous! We do not actually check to see if a FCS 203actually exists in the frame, we just blindly delete the last 4 bytes. Hence, 204you should only use this if you know know that your OS provides the FCS when 205reading raw packets. 206EOText; 207}; 208 209flag = { 210 name = ttl; 211 descrip = "Modify the IPv4/v6 TTL/Hop Limit"; 212 arg-type = string; 213 doc = <<- EOText 214Allows you to modify the TTL/Hop Limit of all the IPv4/v6 packets. Specify a number to hard-code 215the value or +/-value to increase or decrease by the value provided (limited to 1-255). 216 217Examples: 218@example 219--ttl=10 220--ttl=+7 221--ttl=-64 222@end example 223EOText; 224}; 225 226flag = { 227 name = tos; 228 descrip = "Set the IPv4 TOS/DiffServ/ECN byte"; 229 arg-type = number; 230 arg-range = "0->255"; 231 max = 1; 232 doc = <<- EOText 233Allows you to override the TOS (also known as DiffServ/ECN) value in IPv4. 234EOText; 235}; 236 237flag = { 238 name = tclass; 239 descrip = "Set the IPv6 Traffic Class byte"; 240 arg-type = number; 241 arg-range = "0->255"; 242 max = 1; 243 doc = <<- EOText 244Allows you to override the IPv6 Traffic Class field. 245EOText; 246}; 247 248flag = { 249 name = flowlabel; 250 descrip = "Set the IPv6 Flow Label"; 251 arg-type = number; 252 arg-range = "0->1048575"; 253 max = 1; 254 doc = <<- EOText 255Allows you to override the 20bit IPv6 Flow Label field. Has no effect on IPv4 256packets. 257EOText; 258}; 259 260flag = { 261 name = fixlen; 262 value = F; 263 arg-type = string; 264 descrip = "Pad or truncate packet data to match header length"; 265 max = 1; 266 doc = <<- EOText 267Packets may be truncated during capture if the snaplen is smaller then the 268packet. This option allows you to modify the packet to pad the packet back 269out to the size stored in the IPv4/v6 header or rewrite the IP header total length 270to reflect the stored packet length. 271@table @bullet 272@item 273@var{pad} 274Truncated packets will be padded out so that the packet length matches the 275IPv4 total length 276@item 277@var{trunc} 278Truncated packets will have their IPv4 total length field rewritten to match 279the actual packet length 280@item 281@var{del} 282Delete the packet 283EOText; 284}; 285 286flag = { 287 name = fuzz-seed; 288 arg-type = number; 289 arg-default = 0; 290 arg-range = "0->"; 291 descrip = "Fuzz 1 in X packets. Edit bytes, length, or emulate packet drop"; 292 doc = <<- EOText 293This fuzzing was designed as to test layer 7 protocols such as voip protocols. 294It modifies randomly 1 out of X packets (where X = @var{--fuzz-factor}) in order 295for stateful protocols to cover more of their code. The random fuzzing actions 296focus on data start and end because it often is the part of the data application 297protocols base their decisions on. 298 299Possible fuzzing actions list: 300 * drop packet 301 * reduce packet size 302 * edit packet Bytes: 303 * Not all Bytes have the same probability of appearance in real life. 304 Replace with 0x00, 0xFF, or a random byte with equal likelihood. 305 * Not all Bytes have the same significance in a packet. 306 Replace the start, the end, or the middle of the packet with equal likelihood. 307 * do nothing (7 out of 8 packets) 308 309EOText; 310}; 311 312flag = { 313 name = fuzz-factor; 314 flags-must = fuzz-seed; 315 arg-type = number; 316 arg-default = 8; 317 arg-range = "1->"; 318 descrip = "Set the Fuzz 1 in X packet ratio (default 1 in 8 packets)"; 319 doc = <<- EOText 320Sets the ratio of for @var{--fuzz-seed} option. By default this value is 8, 321which means 1 in 8 packets are modified by fuzzing. Note that this ratio is 322based on the random number generated by the supplied fuzz seed. Therefore by 323default you cannot expect that exactly every eighth packet will be modified. 324EOText; 325}; 326 327#include plugins/dlt_stub.def 328