Ticket #98 (new enhancement)

Opened 22 months ago

Last modified 6 months ago

tcprewrite edit language/rules

Reported by: aturner Owned by: aturner
Priority: high Milestone: Future Release
Component: libtcpedit Version: 3.0.beta11
Keywords: Cc:
Operating System: Add to FAQ?: no
Hardware: All
Output of tcpreplay -V:

Description

Out of the openpacket.org mailing list, it was talked about having a simple language allowing people to edit packets in a human friendly language. I had the suggestion of doing something like: 

Packet 57:             # packet to modify
  Offset: 89           # byte offset starting from start of packet
  Direction: C2S       # direction of packet
  Type: IPv4           # type of field
  Encoding: big_endian # encoding of new value
  Value: 192.168.2.34  # optional new value

Honestly the above kinda sucks for a variety of reasons- not easily parsed/generated, but the goal is clear, and honestly for something like this, it's most important that it's easy for newbies to be able to create these "rules" by hand. I definately don't want something over complicated like XML.

The other advantage of this is that it requires tcprewrite/libtcpedit to have minimal packet decoding logic. We don't care what the protocol is or how to decode it, the rule writer just tells us to go to some packet, jump to a given offset and write a new value using some kind of encoding (big/little endian, string, etc) After that, just apply the L3/L4 checksum calculations and we're done. It would also allow for generic packet editing- changing payload, ports, bit flags, etc.

Attachments

Change History

in reply to: ↑ description   Changed 20 months ago by JoNO

That would be a major update. I can't wait to see it in action :)

Also it would be nice to have sometihing like editcap's -E option, in other words to introduce impairment on capture files (packet errors on specific layers, packet reorder, packet drop). It would be very useful.

Thanks.

Replying to aturner:

Out of the openpacket.org mailing list, it was talked about having a simple language allowing people to edit packets in a human friendly language. I had the suggestion of doing something like: {{{ Packet 57: # packet to modify Offset: 89 # byte offset starting from start of packet Direction: C2S # direction of packet Type: IPv4 # type of field Encoding: big_endian # encoding of new value Value: 192.168.2.34 # optional new value }}} Honestly the above kinda sucks for a variety of reasons- not easily parsed/generated, but the goal is clear, and honestly for something like this, it's most important that it's easy for newbies to be able to create these "rules" by hand. I definately don't want something over complicated like XML. The other advantage of this is that it requires tcprewrite/libtcpedit to have minimal packet decoding logic. We don't care what the protocol is or how to decode it, the rule writer just tells us to go to some packet, jump to a given offset and write a new value using some kind of encoding (big/little endian, string, etc) After that, just apply the L3/L4 checksum calculations and we're done. It would also allow for generic packet editing- changing payload, ports, bit flags, etc.

  Changed 19 months ago by aturner

  • add_to_faq unset

Another idea is use an embedded programming language like Lua Not sure what the performance would be (probably not as good as a custom DSL), but it would be much easier for other people to write and contribute powerful plugins.

  Changed 19 months ago by aturner

  • priority changed from medium to high

  Changed 7 months ago by aturner

  • milestone changed from Future Release to 4.0

  Changed 7 months ago by aturner

  • component changed from tcprewrite to libtcpedit

  Changed 6 months ago by aturner

  • milestone changed from 4.0 to Future Release

Add/Change #98 (tcprewrite edit language/rules)

Author



Action
as new
 
Note: See TracTickets for help on using tickets.