Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tcpprep -x option issue #404

Closed
fklassen opened this issue Jun 9, 2017 · 1 comment
Closed

tcpprep -x option issue #404

fklassen opened this issue Jun 9, 2017 · 1 comment
Labels
bug

Comments

@fklassen
Copy link
Member

fklassen commented Jun 9, 2017

As reported in [email protected] mail list:

tcpreplay version: 4.1.0 (build git:v4.1.0)

This is from the tcpprep man page

-x string, --include=string
Include only packets matching rule. This option may appear up to 1 times. This option must not appear in combination with any of the following options: exclude.
Override default of processing all packets stored in the capture file and only send/edit packets which match the provided rule. Rules can be one of:
S:<CIDR1>,... - Source IP must match specified IPv4/v6 CIDR(s)
D:<CIDR1>,... - Destination IP must match specified IPv4/v6 CIDR(s)
B:<CIDR1>,... - Both source and destination IP must match specified IPv4/v6 CIDR(s)
E:<CIDR1>,... - Either IP must match specified IPv4/v6 CIDR(s)
P:<LIST> - Must be one of the listed packets where the list corresponds to the packet number in the capture file.
-x P:1-5,9,15,72-
would process packets 1 thru 5, the 9th and 15th packet, and packets 72 until the end of the file

Emphasis mine.

After doing all this, to the attached capture:

tcprewrite --enet-vlan=del --pnat=10.48.144.240/32:1.0.1.5/32,10.48.144.248/32:1.0.1.6/32,172.21.61.25/32:4.0.1.12/32 -b --infile='tmp/LINK.pcap' --outfile='tmp/IP.pcap'
tcprewrite --dlt=enet --enet-vlan=del --enet-dmac=02:00:00:bb:bb:00,02:00:00:cc:cc:00 --enet-smac=02:00:00:aa:aa:00,02:00:00:dd:dd:00 --cachefile=tmp/INPUT.cache --infile='tmp/IP.pcap' --outfile='tmp/REPLAY.pcap'
tcpprep --cidr=1.0.0.0/8 --include=P:4-16,21-33 --cachefile='tmp/INPUT.cache' --pcap='tmp/IP.pcap'

I would expect only packets 4-16,21-33 to be modified and/or given a direction in the cache. But they all have and there is nothing indicating that it will not replay everything.
And, indeed, the entire capture is replayed. This makes no difference: --include='P:4-16,21-33' vs --include=P:4-16,21-33

This also does not stop anything:
tcpprep --cidr=1.0.0.0/8 --include=E:1.0.0.0/8 --cachefile='tmp/INPUT.cache' --pcap='tmp/IP.pcap'

This does:
tcpprep --cidr=1.0.0.0/8 --include=S:1.0.0.0/8 --cachefile='tmp/INPUT.cache' --pcap='tmp/IP.pcap'

I cannot find where this was recently discussed or fixed in the archives. Seems like a bug.

-Mike
two-gets.pcap.txt
@fklassen fklassen added the bug label Jun 9, 2017
fklassen added a commit that referenced this issue Jan 22, 2018
@fklassen
#404 fix check_list return values
fd78549
fklassen added a commit that referenced this issue Jan 22, 2018
@fklassen
#404 update tests
cb82af4
fklassen added a commit that referenced this issue Jan 22, 2018
@fklassen
#404 minor report formatting [ci skip]
6bbf118
fklassen added a commit that referenced this issue Jan 22, 2018
@fklassen
#404 fix check_list return values (#453)
fcd470f 
* #404 fix check_list return values

* #404 update tests

* #404 minor report formatting [ci skip]
@fklassen
Copy link
Member Author

fixed in PR #453

fklassen added a commit that referenced this issue Oct 19, 2018
@fklassen
Merge branch 'Enhancement_#493_codacy_fixes' into coverity_scan
a2cd56a 
* Enhancement_#493_codacy_fixes: (26 commits)
  Enhancement #493 - fixes for Codacy identified issues
  Bug #486 Enforce max snaplen rather than doing realloc
  Bug #486 CVE-2018-17974 realloc memory if packet size increases
  Bug #484 CVE-2018-17582 Check for corrupt PCAP files
  4.3 - revert travis updates from merge
  Remove dead code
  resolve possible null pointer dereference
  travis-ci: add autogen package
  Bug #461 build warnings (#462)
  #412 fix gcc 6.3 compiler warning
  #421 fix ms to ns conversion
  Bug #423 remove commented code
  Bug #423 Remove limit for tcpprep -S
  Bug #398 Rewrite of tcpdump.c (#457)
  Bug #402 memset dlt radiotap get 80211 (#454)
  #404 fix check_list return values (#453)
  #406 fix zero-length IP headers
  #416 apply STDIN restore to all programs
  #416 fix compile issue introduced by downstream PR
  #416 update CHANGELOG [ci skip]
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fklassen