1/* $Id$ */
2
3/*
4 *   Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
5 *   Copyright (c) 2013-2018 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
6 *
7 *   The Tcpreplay Suite of tools is free software: you can redistribute it
8 *   and/or modify it under the terms of the GNU General Public License as
9 *   published by the Free Software Foundation, either version 3 of the
10 *   License, or with the authors permission any later version.
11 *
12 *   The Tcpreplay Suite is distributed in the hope that it will be useful,
13 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 *   GNU General Public License for more details.
16 *
17 *   You should have received a copy of the GNU General Public License
18 *   along with the Tcpreplay Suite.  If not, see <http://www.gnu.org/licenses/>.
19 */
20
21autogen definitions options;
22
23
24copyright = {
25    date        = "2000-2018";
26    owner       = "Aaron Turner and Fred Klassen";
27    eaddr       = "tcpreplay-users@lists.sourceforge.net";
28    type        = gpl;
29    author      = <<- EOText
30Copyright 2013-2018 Fred Klassen - AppNeta
31
32Copyright 2000-2012 Aaron Turner
33
34For support please use the tcpreplay-users@lists.sourceforge.net mailing list.
35
36The latest version of this software is always available from:
37http://tcpreplay.appneta.com/
38EOText;
39};
40
41package         = "tcpreplay";
42#ifdef TCPREPLAY_EDIT_MAN
43prog-name       = "tcpreplay-edit";
44#else
45prog-name       = "tcpreplay";
46#endif
47prog-title      = "Replay network traffic stored in pcap files";
48long-opts;
49gnu-usage;
50help-value      = "H";
51save-opts-value = "";
52load-opts-value = "";
53argument = "<pcap_file(s)>";
54
55
56config-header   = "config.h";
57
58include         = "#include \"defines.h\"\n"
59                "#include \"tcpreplay.h\"\n"
60                "#include \"common.h\"\n"
61                "#include \"config.h\"\n"
62                "#include <stdlib.h>\n"
63                "#include <sys/types.h>\n"
64                "#include <unistd.h>\n";
65
66homerc          = "$$/";
67
68#ifdef TCPREPLAY_EDIT
69#include tcpedit/tcpedit_opts.def
70#endif
71
72explain = <<- EOExplain
73tcpreplay is a tool for replaying network traffic from files saved with
74tcpdump or other tools which write pcap(3) files.
75EOExplain;
76
77detail = <<- EODetail
78The basic operation of tcpreplay is to resend  all  packets  from  the
79input file(s) at the speed at which they were recorded, or a specified
80data rate, up to as fast as the hardware is capable.
81
82Optionally, the traffic can be split between two interfaces, written to
83files, filtered and edited in various ways, providing the means to test
84firewalls, NIDS and other network devices.
85
86For more details, please see the Tcpreplay Manual at:
87http://tcpreplay.appneta.com
88EODetail;
89
90man-doc = <<- EOMan
91.SH "SIGNALS"
92tcpreplay understands the following signals:
93@enumerate
94@item @var{SIGUSR1}
95Suspend tcpreplay
96@item @var{SIGCONT}
97Restart tcpreplay
98@end enumerate
99
100.SH "SEE ALSO"
101tcpdump(1), tcpbridge(1), tcprewrite(1), tcpprep(1), tcpcapinfo(1)
102
103.SH "BUGS"
104tcpreplay can only send packets as fast as your computer's interface,
105processor, disk and system bus will allow.
106
107Packet timing at high speeds is a black art and very OS/CPU dependent.
108
109Replaying captured traffic may simulate odd or broken conditions on your
110network and cause all sorts of problems.
111
112In most cases, you can not replay traffic back to/at a server.
113
114Some operating systems by default do not allow for forging source MAC
115addresses.  Please consult your operating system's documentation and the
116tcpreplay FAQ if you experience this issue.
117EOMan;
118
119
120flag = {
121    ifdef       = DEBUG;
122    name        = dbug;
123    value       = d;
124    arg-type    = number;
125    max         = 1;
126    immediate;
127    arg-range   = "0->5";
128    arg-default = 0;
129    descrip     = "Enable debugging output";
130    doc         = <<- EOText
131If configured with --enable-debug, then you can specify a verbosity
132level for debugging output.  Higher numbers increase verbosity.
133EOText;
134};
135
136flag = {
137    name        = quiet;
138    value       = q;
139    descrip     = "Quiet mode";
140    doc	        = "Print nothing except the statistics at the end of the run";
141};
142
143flag = {
144    name        = timer;
145    value       = T;
146    arg-default = "gtod";
147    max	        = 1;
148    arg-type    = string;
149    descrip     = "Select packet timing mode: select, ioport, gtod, nano";
150    doc	        = <<- EOText
151Allows you to select the packet timing method to use:
152@enumerate
153@item nano
154- Use nanosleep() API
155@item select
156- Use select() API
157@item ioport
158- Write to the i386 IO Port 0x80
159@item gtod [default]
160- Use a gettimeofday() loop
161@end enumerate
162
163EOText;
164};
165
166flag = {
167    name        = maxsleep;
168    arg-type    = number;
169    arg-default = 0;
170    descrip     = "Sleep for no more then X milliseconds between packets";
171    doc         = <<- EOText
172Set a limit for the maximum number of milliseconds that tcpreplay will sleep
173between packets.  Effectively prevents long delays between packets without
174effecting the majority of packets.  Default is disabled.
175EOText;
176};
177
178/* Verbose decoding via tcpdump */
179flag = {
180    ifdef       = ENABLE_VERBOSE;
181    name        = verbose;
182    value       = v;
183    max         = 1;
184    immediate;
185    descrip     = "Print decoded packets via tcpdump to STDOUT";
186    settable;
187    doc         = "";
188};
189
190flag = {
191    ifdef       = ENABLE_VERBOSE;
192    name        = decode;
193    flags-must  = verbose;
194    value       = A;
195    arg-type    = string;
196    max         = 1;
197    descrip     = "Arguments passed to tcpdump decoder";
198    doc         = <<- EOText
199When enabling verbose mode (@var{-v}) you may also specify one or more
200additional  arguments to pass to @code{tcpdump} to modify the way packets
201are decoded.  By default, -n and -l are used.   Be  sure  to
202quote the arguments like: -A "-axxx" so that they are not interpreted
203by tcpreplay.   Please see the tcpdump(1) man page for a complete list of
204options.
205EOText;
206};
207
208flag = {
209    name        = preload_pcap;
210    value       = K;
211    descrip     = "Preloads packets into RAM before sending";
212    doc         = <<- EOText
213This option loads the specified pcap(s) into RAM before starting to send in order
214to improve replay performance while introducing a startup performance hit.
215Preloading can be used with or without @var{--loop}. This option also suppresses
216flow statistics collection for every iteration, which can significantly reduce
217memory usage. Flow statistics are predicted based on options supplied and
218statistics collected from the first loop iteration.
219EOText;
220};
221
222/*
223 * Output modifiers: -c
224 */
225
226flag = {
227    name        = cachefile;
228    value       = c;
229    arg-type    = string;
230    flags-cant  = dualfile;
231    flags-must  = intf2;
232    max         = 1;
233    descrip     = "Split traffic via a tcpprep cache file";
234    doc         = <<- EOText
235If you have a pcap file you would like to use to send bi-directional
236traffic through a device (firewall, router, IDS, etc) then using tcpprep
237you can create a cachefile which tcpreplay will use to split the traffic
238across two network interfaces.
239EOText;
240};
241
242flag = {
243    name        = dualfile;
244    value       = 2;
245    max         = 1;
246    flags-cant  = cachefile;
247    flags-must  = intf2;
248    descrip     = "Replay two files at a time from a network tap";
249    doc         = <<- EOText
250If you captured network traffic using a network tap, then you can end up with
251two pcap files- one for each direction.  This option will replay these two
252files at the same time, one on each interface and inter-mix them using the
253timestamps in each.
254EOText;
255};
256
257/*
258 * Outputs: -i, -I
259 */
260
261flag = {
262    name        = intf1;
263    value       = i;
264    arg-type    = string;
265    max         = 1;
266    must-set;
267    descrip     = "Client to server/RX/primary traffic output interface";
268    doc         = <<- EOText
269Required network interface used to send either all traffic or traffic which is
270marked as 'primary' via tcpprep.  Primary traffic is usually client-to-server
271or inbound (RX) on khial virtual interfaces.
272EOText;
273};
274
275flag = {
276    name        = intf2;
277    value       = I;
278    arg-type    = string;
279    max         = 1;
280    descrip     = "Server to client/TX/secondary traffic output interface";
281    doc         = <<- EOText
282Optional network interface used to send traffic which is marked as 'secondary'
283via tcpprep.  Secondary traffic is usually server-to-client or outbound
284(TX) on khial virtual interfaces.  Generally, it only makes sense to use this
285option with --cachefile.
286EOText;
287};
288
289
290flag = {
291    ifdef       = ENABLE_PCAP_FINDALLDEVS;
292    name        = listnics;
293    descrip     = "List available network interfaces and exit";
294    immediate;
295    doc         = "";
296    flag-code   = <<- EOFlag
297
298    interface_list_t *list = get_interface_list();
299    list_interfaces(list);
300    free(list);
301    exit(0);
302
303EOFlag;
304};
305
306/*
307 * Limits and loops: -l
308 */
309
310flag = {
311    name        = loop;
312    value       = l;
313    arg-type    = number;
314    arg-range   = "0->";
315    max         = 1;
316    descrip     = "Loop through the capture file X times";
317    arg-default = 1;
318    doc         = "";
319};
320
321flag = {
322    name        = loopdelay-ms;
323    flags-must  = loop;
324    arg-type    = number;
325    arg-range   = "0->";
326    descrip     = "Delay between loops in milliseconds";
327    arg-default = 0;
328    doc         = "";
329};
330
331flag = {
332    name        = pktlen;
333    max         = 1;
334    descrip     = "Override the snaplen and use the actual packet len";
335    doc         = <<- EOText
336By default, tcpreplay will send packets based on the size of the "snaplen"
337stored in the pcap file which is usually the correct thing to do.  However,
338occasionally, tools will store more bytes then told to.  By specifying this
339option, tcpreplay will ignore the snaplen field and instead try to send
340packets based on the original packet length.  Bad things may happen if
341you specify this option.
342EOText;
343};
344
345flag = {
346    name        = limit;
347    value       = L;
348    arg-type    = number;
349    max         = 1;
350    arg-default = -1;
351    arg-range   = "1->";
352    descrip     = "Limit the number of packets to send";
353    doc         = <<- EOText
354By default, tcpreplay will send all the packets.  Alternatively, you can
355specify a maximum number of packets to send.
356EOText;
357};
358
359flag = {
360    name        = duration;
361    arg-type    = number;
362    max         = 1;
363    arg-default = -1;
364    arg-range   = "1->";
365    descrip     = "Limit the number of seconds to send";
366    doc         = <<- EOText
367By default, tcpreplay will send all the packets.  Alternatively, you can
368specify a maximum number of seconds to transmit.
369EOText;
370};
371
372/*
373 * Replay speed modifiers: -m, -p, -r, -R, -o
374 */
375
376/* note that this is really a float, but autoopts does not support float */
377flag = {
378    name        = multiplier;
379    flags-cant  = pps;
380    flags-cant  = mbps;
381    flags-cant  = oneatatime;
382    flags-cant  = topspeed;
383    value       = x;
384    arg-type    = string;
385    max         = 1;
386    descrip     = "Modify replay speed to a given multiple";
387    doc         = <<- EOText
388Specify a value to modify the packet replay speed.
389Examples:
390@example
391    2.0 will replay traffic at twice the speed captured
392    0.7 will replay traffic at 70% the speed captured
393@end example
394EOText;
395};
396
397flag = {
398    name        = pps;
399    flags-cant  = multiplier;
400    flags-cant  = mbps;
401    flags-cant  = oneatatime;
402    flags-cant  = topspeed;
403    value       = p;
404    arg-type    = string;
405    max         = 1;
406    descrip     = "Replay packets at a given packets/sec";
407    doc         = <<- EOText
408Specify a value to regulate the packet replay to a specific packet-per-second rate.
409Examples:
410@example
411    200 will replay traffic at 200 packets per second
412    0.25 will replay traffic at 15 packets per minute
413@end example
414EOText;
415};
416
417flag = {
418    name        = mbps;
419    flags-cant  = multiplier;
420    flags-cant  = pps;
421    flags-cant  = oneatatime;
422    flags-cant  = topspeed;
423    value       = M;
424    arg-type    = string;
425    max         = 1;
426    descrip     = "Replay packets at a given Mbps";
427    doc         = <<- EOText
428Specify a floating point value for the Mbps rate that tcpreplay
429should send packets at.
430EOText;
431};
432
433flag = {
434    name        = topspeed;
435    flags-cant  = mbps;
436    flags-cant  = multiplier;
437    flags-cant  = pps;
438    flags-cant  = oneatatime;
439    value       = t;
440    descrip     = "Replay packets as fast as possible";
441    doc         = "";
442};
443
444flag = {
445    name        = oneatatime;
446    flags-cant  = mbps;
447    flags-cant  = pps;
448    flags-cant  = multiplier;
449    flags-cant  = topspeed;
450    value       = o;
451    descrip     = "Replay one packet at a time for each user input";
452    doc         = <<- EOText
453Allows you to step through one or more packets at a time.
454EOText;
455};
456
457flag = {
458    name        = pps-multi;
459    arg-type    = number;
460    flags-must  = pps;
461    arg-default = 1;
462    arg-range   = "1->";
463    descrip     = "Number of packets to send for each time interval";
464    doc         = <<- EOText
465When trying to send packets at very high rates, the time between each packet
466can be so short that it is impossible to accurately sleep for the required
467period of time.  This option allows you to send multiple packets at a time,
468thus allowing for longer sleep times which can be more accurately implemented.
469EOText;
470};
471
472flag = {
473    name        = unique-ip;
474    flags-must   = loop;
475#ifdef TCPREPLAY_EDIT
476    flags-cant   = seed;
477    flags-cant   = fuzz-seed;
478#endif
479    descrip     = "Modify IP addresses each loop iteration to generate unique flows";
480    doc         = <<- EOText
481Ensure IPv4 and IPv6 packets will be unique for each @var{--loop} iteration.
482This is done in a way that will not alter packet CRC, and therefore will genrally
483not affect performance. This option will significantly increase the flows/sec over
484generated over multiple loop iterations.
485EOText;
486};
487
488flag = {
489    name        = unique-ip-loops;
490    flags-must   = unique-ip;
491    arg-type    = string;
492    max         = 1;
493    descrip     = "Number of times to loop before assigning new unique ip";
494    doc         = <<- EOText
495Number of @var{--loop} iterations before a new unique IP is assigned. Default
496is 1. Assumes both @var{--loop} and @var{--unique-ip}.
497EOText;
498};
499
500flag = {
501    ifdef       = HAVE_NETMAP;
502    name        = netmap;
503    descrip     = "Write packets directly to netmap enabled network adapter";
504    doc         = <<- EOText
505This feature will detect netmap capable network drivers on Linux and BSD
506systems. If detected, the network driver is bypassed for the execution
507duration, and network buffers will be written to directly. This will allow
508you to achieve full line rates on commodity network adapters, similar to rates
509achieved by commercial network traffic generators. Note that bypassing the network
510driver will disrupt other applications connected through the test interface. See
511INSTALL for more information.
512
513This feature can also be enabled by specifying an interface as 'netmap:<intf>'
514or 'vale:<intf>. For example 'netmap:eth0' specifies netmap over interface eth0.
515EOText;
516};
517
518
519flag = {
520    ifdef       = HAVE_NETMAP;
521    name        = nm-delay;
522    arg-type    = number;
523    arg-default = 10;
524    descrip     = "Netmap startup delay";
525    doc         = <<- EOText
526Number of seconds to delay after netmap is loaded. Required to ensure interfaces
527are fully up before netmap transmit. Requires netmap option. Default is 10 seconds.
528EOText;
529};
530
531flag = {
532    name        = no-flow-stats;
533    descrip     = "Suppress printing and tracking flow count, rates and expirations";
534    doc         = <<- EOText
535Suppress the collection and printing of flow statistics. This option may
536improve performance when not using @var{--preload-pcap} option, otherwise
537its only function is to suppress printing.
538
539The flow feature will track and print statistics of the flows being sent.
540A flow is loosely defined as a unique combination of a 5-tuple, i.e.
541source IP, destination IP, source port, destination port and protocol.
542
543If @var{--loop} is specified, the flows from one iteration to the next
544will not be unique, unless the packets are altered. Use @var{--unique-ip}
545or @var{tcpreplay-edit} to alter packets between iterations.
546EOText;
547};
548
549flag = {
550    name        = flow-expiry;
551    arg-type    = number;
552    flags-cant  = no-flow-stats;
553    arg-default = 0;
554    arg-range   = "0->";
555    descrip     = "Number of inactive seconds before a flow is considered expired";
556    doc         = <<- EOText
557This option will track and report flow expirations based on the flow idle
558times. The timestamps within the pcap file are used to determine the expiry,
559not the actual timestamp of the packets are replayed. For example, a value of
56030 suggests that if no traffic is seen on a flow for 30 seconds, any
561subsequent traffic would be considered a new flow, and thereby will increment
562the flows and flows per second (fps) statistics.
563
564This option can be used to optimize flow timeout settings for flow products.
565Setting the timeout low may lead to flows being dropped when in fact the flow
566is simply slow to respond. Configuring your flow timeouts too high may
567increase resources required by your flow product.
568
569Note that using this option while replaying at higher than original speeds
570can lead to inflated flows and fps counts.
571
572Default is 0 (no expiry) and a typical value is 30-120 seconds.
573EOText;
574};
575
576
577flag = {
578    name        = pid;
579    value       = P;
580    descrip     = "Print the PID of tcpreplay at startup";
581    flag-code   = <<- EOPid
582
583    fprintf(stderr, "PID: %d\n", getpid());
584
585EOPid;
586    doc         = "";
587};
588
589flag = {
590    name        = stats;
591    arg-type    = number;
592    arg-range   = "0->";
593    descrip     = "Print statistics every X seconds, or every loop if '0'";
594    doc         = <<- EOText
595Note that timed delays are a "best effort" and long delays between
596sending packets may cause equally long delays between printing statistics.
597EOText;
598};
599
600flag = {
601    name        = version;
602    value       = V;
603    descrip     = "Print version information";
604    flag-code   = <<- EOVersion
605
606    fprintf(stderr, "tcpreplay version: %s (build %s)", VERSION, git_version());
607#ifdef DEBUG
608    fprintf(stderr, " (debug)");
609#endif
610#ifdef TIMESTAMP_TRACE
611    fprintf(stderr, " (timestamp-trace)");
612#endif
613    fprintf(stderr, "\n");
614    fprintf(stderr, "Copyright 2013-2018 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta\n");
615    fprintf(stderr, "Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>\n");
616    fprintf(stderr, "The entire Tcpreplay Suite is licensed under the GPLv3\n");
617    fprintf(stderr, "Cache file supported: %s\n", CACHEVERSION);
618#ifdef HAVE_LIBDNET
619    fprintf(stderr, "Compiled against libdnet: %s\n", LIBDNET_VERSION);
620#else
621    fprintf(stderr, "Not compiled with libdnet.\n");
622#endif
623#ifdef HAVE_WINPCAP
624    fprintf(stderr, "Compiled against winpcap: %s\n", get_pcap_version());
625#elif defined HAVE_PF_RING_PCAP
626    fprintf(stderr, "Compiled against PF_RING libpcap: %s\n", get_pcap_version());
627#else
628    fprintf(stderr, "Compiled against libpcap: %s\n", get_pcap_version());
629#endif
630#ifdef ENABLE_64BITS
631    fprintf(stderr, "64 bit packet counters: enabled\n");
632#else
633    fprintf(stderr, "64 bit packet counters: disabled\n");
634#endif
635#ifdef ENABLE_VERBOSE
636    fprintf(stderr, "Verbose printing via tcpdump: enabled\n");
637#else
638    fprintf(stderr, "Verbose printing via tcpdump: disabled\n");
639#endif
640#ifdef TCPREPLAY_EDIT
641    fprintf(stderr, "Packet editing: enabled\n");
642#else
643    fprintf(stderr, "Packet editing: disabled\n");
644#endif
645#ifdef ENABLE_FRAGROUTE
646    fprintf(stderr, "Fragroute engine: enabled\n");
647#else
648    fprintf(stderr, "Fragroute engine: disabled\n");
649#endif
650#if defined HAVE_NETMAP
651    fprintf(stderr, "Default injection method: %s\n", sendpacket_get_method(NULL));
652#else
653    fprintf(stderr, "Injection method: %s\n", sendpacket_get_method(NULL));
654#endif
655#ifdef HAVE_NETMAP
656    fprintf(stderr, "Optional injection method: netmap\n");
657#else
658    fprintf(stderr, "Not compiled with netmap\n");
659#endif
660    exit(0);
661
662EOVersion;
663    doc         = "";
664};
665
666flag = {
667    name        = less-help;
668    value       = "h";
669    immediate;
670    descrip     = "Display less usage information and exit";
671    flag-code   = <<- EOHelp
672
673    USAGE(EXIT_FAILURE);
674
675EOHelp;
676    doc         = "";
677};
678