1/* $Id$ */ 2 3/* 4 * Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net> 5 * Copyright (c) 2013-2018 Fred Klassen <tcpreplay at appneta dot com> - AppNeta 6 * 7 * The Tcpreplay Suite of tools is free software: you can redistribute it 8 * and/or modify it under the terms of the GNU General Public License as 9 * published by the Free Software Foundation, either version 3 of the 10 * License, or with the authors permission any later version. 11 * 12 * The Tcpreplay Suite is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>. 19 */ 20 21autogen definitions options; 22 23 24copyright = { 25 date = "2000-2018"; 26 owner = "Aaron Turner and Fred Klassen"; 27 eaddr = "tcpreplay-users@lists.sourceforge.net"; 28 type = gpl; 29 author = <<- EOText 30Copyright 2013-2018 Fred Klassen - AppNeta 31 32Copyright 2000-2012 Aaron Turner 33 34For support please use the tcpreplay-users@lists.sourceforge.net mailing list. 35 36The latest version of this software is always available from: 37http://tcpreplay.appneta.com/ 38EOText; 39}; 40 41package = "tcpreplay"; 42#ifdef TCPREPLAY_EDIT_MAN 43prog-name = "tcpreplay-edit"; 44#else 45prog-name = "tcpreplay"; 46#endif 47prog-title = "Replay network traffic stored in pcap files"; 48long-opts; 49gnu-usage; 50help-value = "H"; 51save-opts-value = ""; 52load-opts-value = ""; 53argument = "<pcap_file(s)>"; 54 55 56config-header = "config.h"; 57 58include = "#include \"defines.h\"\n" 59 "#include \"tcpreplay.h\"\n" 60 "#include \"common.h\"\n" 61 "#include \"config.h\"\n" 62 "#include <stdlib.h>\n" 63 "#include <sys/types.h>\n" 64 "#include <unistd.h>\n"; 65 66homerc = "$$/"; 67 68#ifdef TCPREPLAY_EDIT 69#include tcpedit/tcpedit_opts.def 70#endif 71 72explain = <<- EOExplain 73tcpreplay is a tool for replaying network traffic from files saved with 74tcpdump or other tools which write pcap(3) files. 75EOExplain; 76 77detail = <<- EODetail 78The basic operation of tcpreplay is to resend all packets from the 79input file(s) at the speed at which they were recorded, or a specified 80data rate, up to as fast as the hardware is capable. 81 82Optionally, the traffic can be split between two interfaces, written to 83files, filtered and edited in various ways, providing the means to test 84firewalls, NIDS and other network devices. 85 86For more details, please see the Tcpreplay Manual at: 87http://tcpreplay.appneta.com 88EODetail; 89 90man-doc = <<- EOMan 91.SH "SIGNALS" 92tcpreplay understands the following signals: 93@enumerate 94@item @var{SIGUSR1} 95Suspend tcpreplay 96@item @var{SIGCONT} 97Restart tcpreplay 98@end enumerate 99 100.SH "SEE ALSO" 101tcpdump(1), tcpbridge(1), tcprewrite(1), tcpprep(1), tcpcapinfo(1) 102 103.SH "BUGS" 104tcpreplay can only send packets as fast as your computer's interface, 105processor, disk and system bus will allow. 106 107Packet timing at high speeds is a black art and very OS/CPU dependent. 108 109Replaying captured traffic may simulate odd or broken conditions on your 110network and cause all sorts of problems. 111 112In most cases, you can not replay traffic back to/at a server. 113 114Some operating systems by default do not allow for forging source MAC 115addresses. Please consult your operating system's documentation and the 116tcpreplay FAQ if you experience this issue. 117EOMan; 118 119 120flag = { 121 ifdef = DEBUG; 122 name = dbug; 123 value = d; 124 arg-type = number; 125 max = 1; 126 immediate; 127 arg-range = "0->5"; 128 arg-default = 0; 129 descrip = "Enable debugging output"; 130 doc = <<- EOText 131If configured with --enable-debug, then you can specify a verbosity 132level for debugging output. Higher numbers increase verbosity. 133EOText; 134}; 135 136flag = { 137 name = quiet; 138 value = q; 139 descrip = "Quiet mode"; 140 doc = "Print nothing except the statistics at the end of the run"; 141}; 142 143flag = { 144 name = timer; 145 value = T; 146 arg-default = "gtod"; 147 max = 1; 148 arg-type = string; 149 descrip = "Select packet timing mode: select, ioport, gtod, nano"; 150 doc = <<- EOText 151Allows you to select the packet timing method to use: 152@enumerate 153@item nano 154- Use nanosleep() API 155@item select 156- Use select() API 157@item ioport 158- Write to the i386 IO Port 0x80 159@item gtod [default] 160- Use a gettimeofday() loop 161@end enumerate 162 163EOText; 164}; 165 166flag = { 167 name = maxsleep; 168 arg-type = number; 169 arg-default = 0; 170 descrip = "Sleep for no more then X milliseconds between packets"; 171 doc = <<- EOText 172Set a limit for the maximum number of milliseconds that tcpreplay will sleep 173between packets. Effectively prevents long delays between packets without 174effecting the majority of packets. Default is disabled. 175EOText; 176}; 177 178/* Verbose decoding via tcpdump */ 179flag = { 180 ifdef = ENABLE_VERBOSE; 181 name = verbose; 182 value = v; 183 max = 1; 184 immediate; 185 descrip = "Print decoded packets via tcpdump to STDOUT"; 186 settable; 187 doc = ""; 188}; 189 190flag = { 191 ifdef = ENABLE_VERBOSE; 192 name = decode; 193 flags-must = verbose; 194 value = A; 195 arg-type = string; 196 max = 1; 197 descrip = "Arguments passed to tcpdump decoder"; 198 doc = <<- EOText 199When enabling verbose mode (@var{-v}) you may also specify one or more 200additional arguments to pass to @code{tcpdump} to modify the way packets 201are decoded. By default, -n and -l are used. Be sure to 202quote the arguments like: -A "-axxx" so that they are not interpreted 203by tcpreplay. Please see the tcpdump(1) man page for a complete list of 204options. 205EOText; 206}; 207 208flag = { 209 name = preload_pcap; 210 value = K; 211 descrip = "Preloads packets into RAM before sending"; 212 doc = <<- EOText 213This option loads the specified pcap(s) into RAM before starting to send in order 214to improve replay performance while introducing a startup performance hit. 215Preloading can be used with or without @var{--loop}. This option also suppresses 216flow statistics collection for every iteration, which can significantly reduce 217memory usage. Flow statistics are predicted based on options supplied and 218statistics collected from the first loop iteration. 219EOText; 220}; 221 222/* 223 * Output modifiers: -c 224 */ 225 226flag = { 227 name = cachefile; 228 value = c; 229 arg-type = string; 230 flags-cant = dualfile; 231 flags-must = intf2; 232 max = 1; 233 descrip = "Split traffic via a tcpprep cache file"; 234 doc = <<- EOText 235If you have a pcap file you would like to use to send bi-directional 236traffic through a device (firewall, router, IDS, etc) then using tcpprep 237you can create a cachefile which tcpreplay will use to split the traffic 238across two network interfaces. 239EOText; 240}; 241 242flag = { 243 name = dualfile; 244 value = 2; 245 max = 1; 246 flags-cant = cachefile; 247 flags-must = intf2; 248 descrip = "Replay two files at a time from a network tap"; 249 doc = <<- EOText 250If you captured network traffic using a network tap, then you can end up with 251two pcap files- one for each direction. This option will replay these two 252files at the same time, one on each interface and inter-mix them using the 253timestamps in each. 254EOText; 255}; 256 257/* 258 * Outputs: -i, -I 259 */ 260 261flag = { 262 name = intf1; 263 value = i; 264 arg-type = string; 265 max = 1; 266 must-set; 267 descrip = "Client to server/RX/primary traffic output interface"; 268 doc = <<- EOText 269Required network interface used to send either all traffic or traffic which is 270marked as 'primary' via tcpprep. Primary traffic is usually client-to-server 271or inbound (RX) on khial virtual interfaces. 272EOText; 273}; 274 275flag = { 276 name = intf2; 277 value = I; 278 arg-type = string; 279 max = 1; 280 descrip = "Server to client/TX/secondary traffic output interface"; 281 doc = <<- EOText 282Optional network interface used to send traffic which is marked as 'secondary' 283via tcpprep. Secondary traffic is usually server-to-client or outbound 284(TX) on khial virtual interfaces. Generally, it only makes sense to use this 285option with --cachefile. 286EOText; 287}; 288 289 290flag = { 291 ifdef = ENABLE_PCAP_FINDALLDEVS; 292 name = listnics; 293 descrip = "List available network interfaces and exit"; 294 immediate; 295 doc = ""; 296 flag-code = <<- EOFlag 297 298 interface_list_t *list = get_interface_list(); 299 list_interfaces(list); 300 free(list); 301 exit(0); 302 303EOFlag; 304}; 305 306/* 307 * Limits and loops: -l 308 */ 309 310flag = { 311 name = loop; 312 value = l; 313 arg-type = number; 314 arg-range = "0->"; 315 max = 1; 316 descrip = "Loop through the capture file X times"; 317 arg-default = 1; 318 doc = ""; 319}; 320 321flag = { 322 name = loopdelay-ms; 323 flags-must = loop; 324 arg-type = number; 325 arg-range = "0->"; 326 descrip = "Delay between loops in milliseconds"; 327 arg-default = 0; 328 doc = ""; 329}; 330 331flag = { 332 name = pktlen; 333 max = 1; 334 descrip = "Override the snaplen and use the actual packet len"; 335 doc = <<- EOText 336By default, tcpreplay will send packets based on the size of the "snaplen" 337stored in the pcap file which is usually the correct thing to do. However, 338occasionally, tools will store more bytes then told to. By specifying this 339option, tcpreplay will ignore the snaplen field and instead try to send 340packets based on the original packet length. Bad things may happen if 341you specify this option. 342EOText; 343}; 344 345flag = { 346 name = limit; 347 value = L; 348 arg-type = number; 349 max = 1; 350 arg-default = -1; 351 arg-range = "1->"; 352 descrip = "Limit the number of packets to send"; 353 doc = <<- EOText 354By default, tcpreplay will send all the packets. Alternatively, you can 355specify a maximum number of packets to send. 356EOText; 357}; 358 359flag = { 360 name = duration; 361 arg-type = number; 362 max = 1; 363 arg-default = -1; 364 arg-range = "1->"; 365 descrip = "Limit the number of seconds to send"; 366 doc = <<- EOText 367By default, tcpreplay will send all the packets. Alternatively, you can 368specify a maximum number of seconds to transmit. 369EOText; 370}; 371 372/* 373 * Replay speed modifiers: -m, -p, -r, -R, -o 374 */ 375 376/* note that this is really a float, but autoopts does not support float */ 377flag = { 378 name = multiplier; 379 flags-cant = pps; 380 flags-cant = mbps; 381 flags-cant = oneatatime; 382 flags-cant = topspeed; 383 value = x; 384 arg-type = string; 385 max = 1; 386 descrip = "Modify replay speed to a given multiple"; 387 doc = <<- EOText 388Specify a value to modify the packet replay speed. 389Examples: 390@example 391 2.0 will replay traffic at twice the speed captured 392 0.7 will replay traffic at 70% the speed captured 393@end example 394EOText; 395}; 396 397flag = { 398 name = pps; 399 flags-cant = multiplier; 400 flags-cant = mbps; 401 flags-cant = oneatatime; 402 flags-cant = topspeed; 403 value = p; 404 arg-type = string; 405 max = 1; 406 descrip = "Replay packets at a given packets/sec"; 407 doc = <<- EOText 408Specify a value to regulate the packet replay to a specific packet-per-second rate. 409Examples: 410@example 411 200 will replay traffic at 200 packets per second 412 0.25 will replay traffic at 15 packets per minute 413@end example 414EOText; 415}; 416 417flag = { 418 name = mbps; 419 flags-cant = multiplier; 420 flags-cant = pps; 421 flags-cant = oneatatime; 422 flags-cant = topspeed; 423 value = M; 424 arg-type = string; 425 max = 1; 426 descrip = "Replay packets at a given Mbps"; 427 doc = <<- EOText 428Specify a floating point value for the Mbps rate that tcpreplay 429should send packets at. 430EOText; 431}; 432 433flag = { 434 name = topspeed; 435 flags-cant = mbps; 436 flags-cant = multiplier; 437 flags-cant = pps; 438 flags-cant = oneatatime; 439 value = t; 440 descrip = "Replay packets as fast as possible"; 441 doc = ""; 442}; 443 444flag = { 445 name = oneatatime; 446 flags-cant = mbps; 447 flags-cant = pps; 448 flags-cant = multiplier; 449 flags-cant = topspeed; 450 value = o; 451 descrip = "Replay one packet at a time for each user input"; 452 doc = <<- EOText 453Allows you to step through one or more packets at a time. 454EOText; 455}; 456 457flag = { 458 name = pps-multi; 459 arg-type = number; 460 flags-must = pps; 461 arg-default = 1; 462 arg-range = "1->"; 463 descrip = "Number of packets to send for each time interval"; 464 doc = <<- EOText 465When trying to send packets at very high rates, the time between each packet 466can be so short that it is impossible to accurately sleep for the required 467period of time. This option allows you to send multiple packets at a time, 468thus allowing for longer sleep times which can be more accurately implemented. 469EOText; 470}; 471 472flag = { 473 name = unique-ip; 474 flags-must = loop; 475#ifdef TCPREPLAY_EDIT 476 flags-cant = seed; 477 flags-cant = fuzz-seed; 478#endif 479 descrip = "Modify IP addresses each loop iteration to generate unique flows"; 480 doc = <<- EOText 481Ensure IPv4 and IPv6 packets will be unique for each @var{--loop} iteration. 482This is done in a way that will not alter packet CRC, and therefore will genrally 483not affect performance. This option will significantly increase the flows/sec over 484generated over multiple loop iterations. 485EOText; 486}; 487 488flag = { 489 name = unique-ip-loops; 490 flags-must = unique-ip; 491 arg-type = string; 492 max = 1; 493 descrip = "Number of times to loop before assigning new unique ip"; 494 doc = <<- EOText 495Number of @var{--loop} iterations before a new unique IP is assigned. Default 496is 1. Assumes both @var{--loop} and @var{--unique-ip}. 497EOText; 498}; 499 500flag = { 501 ifdef = HAVE_NETMAP; 502 name = netmap; 503 descrip = "Write packets directly to netmap enabled network adapter"; 504 doc = <<- EOText 505This feature will detect netmap capable network drivers on Linux and BSD 506systems. If detected, the network driver is bypassed for the execution 507duration, and network buffers will be written to directly. This will allow 508you to achieve full line rates on commodity network adapters, similar to rates 509achieved by commercial network traffic generators. Note that bypassing the network 510driver will disrupt other applications connected through the test interface. See 511INSTALL for more information. 512 513This feature can also be enabled by specifying an interface as 'netmap:<intf>' 514or 'vale:<intf>. For example 'netmap:eth0' specifies netmap over interface eth0. 515EOText; 516}; 517 518 519flag = { 520 ifdef = HAVE_NETMAP; 521 name = nm-delay; 522 arg-type = number; 523 arg-default = 10; 524 descrip = "Netmap startup delay"; 525 doc = <<- EOText 526Number of seconds to delay after netmap is loaded. Required to ensure interfaces 527are fully up before netmap transmit. Requires netmap option. Default is 10 seconds. 528EOText; 529}; 530 531flag = { 532 name = no-flow-stats; 533 descrip = "Suppress printing and tracking flow count, rates and expirations"; 534 doc = <<- EOText 535Suppress the collection and printing of flow statistics. This option may 536improve performance when not using @var{--preload-pcap} option, otherwise 537its only function is to suppress printing. 538 539The flow feature will track and print statistics of the flows being sent. 540A flow is loosely defined as a unique combination of a 5-tuple, i.e. 541source IP, destination IP, source port, destination port and protocol. 542 543If @var{--loop} is specified, the flows from one iteration to the next 544will not be unique, unless the packets are altered. Use @var{--unique-ip} 545or @var{tcpreplay-edit} to alter packets between iterations. 546EOText; 547}; 548 549flag = { 550 name = flow-expiry; 551 arg-type = number; 552 flags-cant = no-flow-stats; 553 arg-default = 0; 554 arg-range = "0->"; 555 descrip = "Number of inactive seconds before a flow is considered expired"; 556 doc = <<- EOText 557This option will track and report flow expirations based on the flow idle 558times. The timestamps within the pcap file are used to determine the expiry, 559not the actual timestamp of the packets are replayed. For example, a value of 56030 suggests that if no traffic is seen on a flow for 30 seconds, any 561subsequent traffic would be considered a new flow, and thereby will increment 562the flows and flows per second (fps) statistics. 563 564This option can be used to optimize flow timeout settings for flow products. 565Setting the timeout low may lead to flows being dropped when in fact the flow 566is simply slow to respond. Configuring your flow timeouts too high may 567increase resources required by your flow product. 568 569Note that using this option while replaying at higher than original speeds 570can lead to inflated flows and fps counts. 571 572Default is 0 (no expiry) and a typical value is 30-120 seconds. 573EOText; 574}; 575 576 577flag = { 578 name = pid; 579 value = P; 580 descrip = "Print the PID of tcpreplay at startup"; 581 flag-code = <<- EOPid 582 583 fprintf(stderr, "PID: %d\n", getpid()); 584 585EOPid; 586 doc = ""; 587}; 588 589flag = { 590 name = stats; 591 arg-type = number; 592 arg-range = "0->"; 593 descrip = "Print statistics every X seconds, or every loop if '0'"; 594 doc = <<- EOText 595Note that timed delays are a "best effort" and long delays between 596sending packets may cause equally long delays between printing statistics. 597EOText; 598}; 599 600flag = { 601 name = version; 602 value = V; 603 descrip = "Print version information"; 604 flag-code = <<- EOVersion 605 606 fprintf(stderr, "tcpreplay version: %s (build %s)", VERSION, git_version()); 607#ifdef DEBUG 608 fprintf(stderr, " (debug)"); 609#endif 610#ifdef TIMESTAMP_TRACE 611 fprintf(stderr, " (timestamp-trace)"); 612#endif 613 fprintf(stderr, "\n"); 614 fprintf(stderr, "Copyright 2013-2018 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta\n"); 615 fprintf(stderr, "Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>\n"); 616 fprintf(stderr, "The entire Tcpreplay Suite is licensed under the GPLv3\n"); 617 fprintf(stderr, "Cache file supported: %s\n", CACHEVERSION); 618#ifdef HAVE_LIBDNET 619 fprintf(stderr, "Compiled against libdnet: %s\n", LIBDNET_VERSION); 620#else 621 fprintf(stderr, "Not compiled with libdnet.\n"); 622#endif 623#ifdef HAVE_WINPCAP 624 fprintf(stderr, "Compiled against winpcap: %s\n", get_pcap_version()); 625#elif defined HAVE_PF_RING_PCAP 626 fprintf(stderr, "Compiled against PF_RING libpcap: %s\n", get_pcap_version()); 627#else 628 fprintf(stderr, "Compiled against libpcap: %s\n", get_pcap_version()); 629#endif 630#ifdef ENABLE_64BITS 631 fprintf(stderr, "64 bit packet counters: enabled\n"); 632#else 633 fprintf(stderr, "64 bit packet counters: disabled\n"); 634#endif 635#ifdef ENABLE_VERBOSE 636 fprintf(stderr, "Verbose printing via tcpdump: enabled\n"); 637#else 638 fprintf(stderr, "Verbose printing via tcpdump: disabled\n"); 639#endif 640#ifdef TCPREPLAY_EDIT 641 fprintf(stderr, "Packet editing: enabled\n"); 642#else 643 fprintf(stderr, "Packet editing: disabled\n"); 644#endif 645#ifdef ENABLE_FRAGROUTE 646 fprintf(stderr, "Fragroute engine: enabled\n"); 647#else 648 fprintf(stderr, "Fragroute engine: disabled\n"); 649#endif 650#if defined HAVE_NETMAP 651 fprintf(stderr, "Default injection method: %s\n", sendpacket_get_method(NULL)); 652#else 653 fprintf(stderr, "Injection method: %s\n", sendpacket_get_method(NULL)); 654#endif 655#ifdef HAVE_NETMAP 656 fprintf(stderr, "Optional injection method: netmap\n"); 657#else 658 fprintf(stderr, "Not compiled with netmap\n"); 659#endif 660 exit(0); 661 662EOVersion; 663 doc = ""; 664}; 665 666flag = { 667 name = less-help; 668 value = "h"; 669 immediate; 670 descrip = "Display less usage information and exit"; 671 flag-code = <<- EOHelp 672 673 USAGE(EXIT_FAILURE); 674 675EOHelp; 676 doc = ""; 677}; 678