Opened 10 years ago

Last modified 8 years ago

#98 new enhancement

tcprewrite edit language/rules

Reported by: aturner Owned by: aturner
Priority: high Milestone: Future Release
Component: libtcpedit Version: 3.0.beta11
Keywords: Cc:
Operating System: Add to FAQ?: no
Hardware: All
Output of tcpreplay -V:

Description

Out of the openpacket.org mailing list, it was talked about having a simple language allowing people to edit packets in a human friendly language. I had the suggestion of doing something like:

Packet 57:             # packet to modify
  Offset: 89           # byte offset starting from start of packet
  Direction: C2S       # direction of packet
  Type: IPv4           # type of field
  Encoding: big_endian # encoding of new value
  Value: 192.168.2.34  # optional new value

Honestly the above kinda sucks for a variety of reasons- not easily parsed/generated, but the goal is clear, and honestly for something like this, it's most important that it's easy for newbies to be able to create these "rules" by hand. I definately don't want something over complicated like XML.

The other advantage of this is that it requires tcprewrite/libtcpedit to have minimal packet decoding logic. We don't care what the protocol is or how to decode it, the rule writer just tells us to go to some packet, jump to a given offset and write a new value using some kind of encoding (big/little endian, string, etc) After that, just apply the L3/L4 checksum calculations and we're done. It would also allow for generic packet editing- changing payload, ports, bit flags, etc.

Change History (6)

comment:1 in reply to: ↑ description Changed 10 years ago by JoNO

That would be a major update.
I can't wait to see it in action :)

Also it would be nice to have sometihing like editcap's -E option, in other words to introduce impairment on capture files (packet errors on specific layers, packet reorder, packet drop). It would be very useful.

Thanks.

Replying to aturner:

Out of the openpacket.org mailing list, it was talked about having a simple language allowing people to edit packets in a human friendly language. I had the suggestion of doing something like:

Packet 57:             # packet to modify
  Offset: 89           # byte offset starting from start of packet
  Direction: C2S       # direction of packet
  Type: IPv4           # type of field
  Encoding: big_endian # encoding of new value
  Value: 192.168.2.34  # optional new value

Honestly the above kinda sucks for a variety of reasons- not easily parsed/generated, but the goal is clear, and honestly for something like this, it's most important that it's easy for newbies to be able to create these "rules" by hand. I definately don't want something over complicated like XML.

The other advantage of this is that it requires tcprewrite/libtcpedit to have minimal packet decoding logic. We don't care what the protocol is or how to decode it, the rule writer just tells us to go to some packet, jump to a given offset and write a new value using some kind of encoding (big/little endian, string, etc) After that, just apply the L3/L4 checksum calculations and we're done. It would also allow for generic packet editing- changing payload, ports, bit flags, etc.

comment:2 Changed 10 years ago by aturner

  • Add to FAQ? unset

Another idea is use an embedded programming language like Lua Not sure what the performance would be (probably not as good as a custom DSL), but it would be much easier for other people to write and contribute powerful plugins.

comment:3 Changed 10 years ago by aturner

  • Priority changed from medium to high

comment:4 Changed 9 years ago by aturner

  • Milestone changed from Future Release to 4.0

comment:5 Changed 9 years ago by aturner

  • Component changed from tcprewrite to libtcpedit

comment:6 Changed 9 years ago by aturner

  • Milestone changed from 4.0 to Future Release
Note: See TracTickets for help on using tickets.