Aaron Turner | 6 Feb 21:50 2007
Picon

Better DLT support and beta12

I'm happy to announce that over the past few days I've made a lot of
progress improving DLT support in tcprewrite.  The plugin API seems
pretty solid and I've already finished a few plugins (ethernet is
fully tested, while user-defined and HDLC needs testing) and more to
come quickly.

I can use some help though.  I really could use some sample pcap's for
various DLT types so that I can test my plugins.  Ideally the pcap
would only have a few packets.  If the DLT supports multiple protocols
(ARP, IPv4, IPv6, etc) then getting one or more pcap's containing each
of these is useful as well.

The best way to submit a pcap is to attach it to the ticket I have
open for each DLT:
http://tcpreplay.synfin.net/trac/query?status=new&status=assigned&status=reopened&status=closed&summary=%7EDLT+Plugin&order=priority

If you have a pcap of a DLT not listed, feel free to create a new
ticket and I'll see about writing a DLT plugin for it.

Anyways, I'm happy to say that Beta12 is a lot closer to release and I
hope to have it out in the next 2 weeks.  There is a little more
coding to finish up some DLT's, but most of the work is testing and
fixing the discovered bugs.  If you are interested in helping test,
that would be big big help... just let me know.

Regards,
Aaron

--

-- 
Aaron Turner
(Continue reading)

Aaron Turner | 22 Feb 19:47 2007
Picon

3.0.beta12 released (finally!)

I'm happy to announce that 3.0.beta12 is finally out.  This is a
pretty important release because of the extensive changes to how
different DLT/Layer2's are supported in tcprewrite.  In the past it
was a big block of monolithic code which as many of you know had some
serious bugs and limitations.  3.0.beta12 moves to a full plugin based
architecture which makes adding support for various DLT's very easy.

In this release the following input DLT's are supported:
* DLT_EN10MB (Ethernet, w/ full 802.1Q VLAN support)
* DLT_LOOP (BSD Loopback)
* DLT_NULL (BSD NULL)
* DLT_RAW (Raw IP)
* DLT_CHDLC (Cisco HDLC)
* DLT_LINUX_SLL (Linux Cooked Socket)

The following DLT's can be used for output conversion and editing
(meaning you can convert another DLT type to one below as well as edit
fields in these Layer 2 headers):
* DLT_EN10MB
* DLT_CHDLC
* User defined DLT types.

Note for LOOP/NULL/RAW/LINUX_SLL:
Since these DLT types do not have an output converter, you can't
convert a pcap to these DLT types, but they are fully supported
otherwise.  If someone needs to convert say a DLT_EN10MB to DLT_LOOP
for example, let me know and I can add support quite easily.

There are also a few fixes in tcpreplay and tcpprep as well as a
number of improvements for cross-platform support.
(Continue reading)

Aaron Turner | 23 Feb 04:24 2007
Picon

Re: Support for DLT_IEEE802_11, DLT_PRISIM_HEADER or DLT_IEEE802_11_RADIO

Hi Maria,

I was wondering if you had any pcap examples of the these DLT's?   I
was looking into writing the necessary plugins, but I don't have any
pcap's to work off of.

Thanks,
Aaron

On 12/14/06, Cruz, Petagay <cruz_petagay <at> bah.com> wrote:
>
>
> hi, I saw posting:
> http://sourceforge.net/mailarchive/message.php?msg_id=15210474
> Should I follow what he proposed or does tcpreplay support DLT_IEEE802_11,
> DLT_PRISIM_HEADER or DLT_IEEE802_11_RADIO
> thanks
>
>
> Maria Cruz
> Associate
> Booz Allen Hamilton
> 151 Industrial Way East
> Eatontown, NJ 07724
> 732-935-5393
> cruz_petagay <at> bah.com
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
(Continue reading)

CS Lee | 23 Feb 08:32 2007
Picon

Re: 3.0.beta12 released (finally!)

Aaron,

I tried to compiled it on gentoo - ./configure --prefix=/usr/local/stow/tcpreplay-3.0b12 --enable-flowreplay --enable-tcpbridge && make

gcc -DHAVE_CONFIG_H -I.    -I../libopts -I..  -DFLOWREPLAY -g -O2 -Wall -O2 -funroll-loops -std=gnu99 -MT flowreplay-flowreplay_opts.o -MD -MP -MF .deps/flowreplay-flowreplay_opts.Tpo -c -o flowreplay-flowreplay_opts.o `test -f 'flowreplay_opts.c' || echo './'`flowreplay_opts.c
In file included from defines.h:5,
                 from flowreplay_opts.c:92:
tcpr.h:1716:7: warning: no newline at end of file
mv -f .deps/flowreplay-flowreplay_opts.Tpo .deps/flowreplay-flowreplay_opts.Po
gcc -DHAVE_CONFIG_H -I.    -I../libopts -I..  -DFLOWREPLAY -g -O2 -Wall -O2 -funroll-loops -std=gnu99 -MT flowreplay-flowreplay.o -MD -MP -MF .deps/flowreplay-flowreplay.Tpo -c -o flowreplay-flowreplay.o `test -f 'flowreplay.c ' || echo './'`flowreplay.c
In file included from defines.h:5,
                 from flowreplay.c:34:
tcpr.h:1716:7: warning: no newline at end of file
flowreplay.c:70: error: expected declaration specifiers or '...' before 'ip_hdr_t'
flowreplay.c: In function 'main':
flowreplay.c:89: warning: unused variable 'pcap'
flowreplay.c:88: warning: unused variable 'ebuf'
flowreplay.c: In function 'main_loop':
flowreplay.c :147: error: 'ip_hdr_t' undeclared (first use in this function)
flowreplay.c:147: error: (Each undeclared identifier is reported only once
flowreplay.c:147: error: for each function it appears in.)
flowreplay.c :147: error: 'ip_hdr' undeclared (first use in this function)
flowreplay.c:180: error: expected expression before ')' token
flowreplay.c:217: error: too many arguments to function 'process_packet'
flowreplay.c:246: error: too many arguments to function 'process_packet'
flowreplay.c: At top level:
flowreplay.c:270: error: expected declaration specifiers or '...' before 'ip_hdr_t'
flowreplay.c: In function 'process_packet':
flowreplay.c:284: error: 'ip_hdr' undeclared (first use in this function)
make[3]: *** [flowreplay-flowreplay.o] Error 1

Disable flowreplay and tcpbridge compiles fine. Thanks.


On 2/23/07, Aaron Turner <synfinatic <at> gmail.com> wrote:
I'm happy to announce that 3.0.beta12 is finally out.  This is a
pretty important release because of the extensive changes to how
different DLT/Layer2's are supported in tcprewrite.  In the past it
was a big block of monolithic code which as many of you know had some
serious bugs and limitations.  3.0.beta12 moves to a full plugin based
architecture which makes adding support for various DLT's very easy.

In this release the following input DLT's are supported:
* DLT_EN10MB (Ethernet, w/ full 802.1Q VLAN support)
* DLT_LOOP (BSD Loopback)
* DLT_NULL (BSD NULL)
* DLT_RAW (Raw IP)
* DLT_CHDLC (Cisco HDLC)
* DLT_LINUX_SLL (Linux Cooked Socket)

The following DLT's can be used for output conversion and editing
(meaning you can convert another DLT type to one below as well as edit
fields in these Layer 2 headers):
* DLT_EN10MB
* DLT_CHDLC
* User defined DLT types.

Note for LOOP/NULL/RAW/LINUX_SLL:
Since these DLT types do not have an output converter, you can't
convert a pcap to these DLT types, but they are fully supported
otherwise.  If someone needs to convert say a DLT_EN10MB to DLT_LOOP
for example, let me know and I can add support quite easily.

There are also a few fixes in tcpreplay and tcpprep as well as a
number of improvements for cross-platform support.

Changelog:
https://sourceforge.net/project/shownotes.php?release_id=488338&group_id=48862

Download:
http://downloads.sourceforge.net/tcpreplay/tcpreplay-3.0.beta12.tar.gz

--
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users



--
Best Regards,

CS Lee<geekooL[at]gmail.com>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Lothar Braun | 23 Feb 13:51 2007
Picon

Replaying small dumps at high speed

Hi,

i replayed a small dump file (about 30 packets) using -l 10000 at different 
speeds (2000, 4000, 8000 and 15000 pkts/s) using tcpreplay 2.x and tcpreplay 
3.0.betax
Both, tcpreplay 2 and 3, displayed the message

processing file: /home/lothar/net/localhost.dump

on stdout.

Tcpreplay 2 writes this message once, while tcpreplay 3.0 writes the message 
each time the dumpfile is processed. This behavior results in an huge amount 
of messages printed to the screen with tcpreplay.
The more packets per second you replay, the more busy tcpreplay gets printing 
these messages.

Whereas tcpreplay 2 had no problem to send out all packets at 15000 pkts/s, 
tcpreplay 3 already got problems at 4000 pkts/s because it was so busy 
printing its messages.

I think it would be a good idea to get the tcpreplay-2 behavior back. Is that 
possible for the next beta or the final release?

Best regards,
  Lothar

--
Blog: http://const-cast.blogspot.com
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Aaron Turner | 23 Feb 17:13 2007
Picon

Re: Replaying small dumps at high speed

Added as ticket #109: http://tcpreplay.synfin.net/trac/ticket/109

Should go out in the next release (RC1).

-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix

On 2/23/07, Lothar Braun <mail <at> lobraun.de> wrote:
> Hi,
>
> i replayed a small dump file (about 30 packets) using -l 10000 at different
> speeds (2000, 4000, 8000 and 15000 pkts/s) using tcpreplay 2.x and tcpreplay
> 3.0.betax
> Both, tcpreplay 2 and 3, displayed the message
>
> processing file: /home/lothar/net/localhost.dump
>
> on stdout.
>
> Tcpreplay 2 writes this message once, while tcpreplay 3.0 writes the message
> each time the dumpfile is processed. This behavior results in an huge amount
> of messages printed to the screen with tcpreplay.
> The more packets per second you replay, the more busy tcpreplay gets printing
> these messages.
>
> Whereas tcpreplay 2 had no problem to send out all packets at 15000 pkts/s,
> tcpreplay 3 already got problems at 4000 pkts/s because it was so busy
> printing its messages.
>
> I think it would be a good idea to get the tcpreplay-2 behavior back. Is that
> possible for the next beta or the final release?
>
> Best regards,
>   Lothar

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Aaron Turner | 23 Feb 17:19 2007
Picon

Re: 3.0.beta12 released (finally!)

Yeah, that's why flowreplay and tcpbridge are disabled by default
right now.  If you look at the roadmap
(http://tcpreplay.synfin.net/trac/roadmap), tcpbridge is scheduled to
be fixed in RC1 and flowreplay is post 3.0.

-Aaron

On 2/22/07, CS Lee <geek00l <at> gmail.com> wrote:
> Aaron,
>
> I tried to compiled it on gentoo - ./configure
> --prefix=/usr/local/stow/tcpreplay-3.0b12
> --enable-flowreplay --enable-tcpbridge && make
[snip broken compile]

> Disable flowreplay and tcpbridge compiles fine. Thanks.
>
>
>
> On 2/23/07, Aaron Turner <synfinatic <at> gmail.com> wrote:
> >
> > I'm happy to announce that 3.0.beta12 is finally out.  This is a
> > pretty important release because of the extensive changes to how
> > different DLT/Layer2's are supported in tcprewrite.  In the past it
> > was a big block of monolithic code which as many of you know had some
> > serious bugs and limitations.  3.0.beta12 moves to a full plugin based
> > architecture which makes adding support for various DLT's very easy.
> >
> > In this release the following input DLT's are supported:
> > * DLT_EN10MB (Ethernet, w/ full 802.1Q VLAN support)
> > * DLT_LOOP (BSD Loopback)
> > * DLT_NULL (BSD NULL)
> > * DLT_RAW (Raw IP)
> > * DLT_CHDLC (Cisco HDLC)
> > * DLT_LINUX_SLL (Linux Cooked Socket)
> >
> > The following DLT's can be used for output conversion and editing
> > (meaning you can convert another DLT type to one below as well as edit
> > fields in these Layer 2 headers):
> > * DLT_EN10MB
> > * DLT_CHDLC
> > * User defined DLT types.
> >
> > Note for LOOP/NULL/RAW/LINUX_SLL:
> > Since these DLT types do not have an output converter, you can't
> > convert a pcap to these DLT types, but they are fully supported
> > otherwise.  If someone needs to convert say a DLT_EN10MB to DLT_LOOP
> > for example, let me know and I can add support quite easily.
> >
> > There are also a few fixes in tcpreplay and tcpprep as well as a
> > number of improvements for cross-platform support.
> >
> > Changelog:
> >
> https://sourceforge.net/project/shownotes.php?release_id=488338&group_id=48862
> >
> > Download:
> >
> http://downloads.sourceforge.net/tcpreplay/tcpreplay-3.0.beta12.tar.gz
> >
> > --
> > Aaron Turner
> > http://synfin.net/
> > http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Aaron Turner | 24 Feb 18:06 2007
Picon

Re: Replaying small dumps at high speed

Hey Lothar,

I've just done some testing:

First the beta12 binary:
./src/tcpreplay -i en0 -tl 50000 test/test.pcap
Actual: 5000000 packets (531450000 bytes) sent in 28.66 seconds
Rated: 18540696.0 bps, 141.45 Mbps/sec, 174435.02 pps

Then using a hacked version which doesn't print the notices (they're
commented out):
Actual: 5000000 packets (531450000 bytes) sent in 28.90 seconds
Rated: 18384908.0 bps, 140.27 Mbps/sec, 172969.33 pps

This is on a Apple Powerbook G4 1.67Ghz, 2GB of RAM.  The
test/test.pcap in the source tarball is  100 packets.

You'll notice that they're basically the same (actually the version
which printed the notices was .24 seconds faster).  I also tried the
latest 2.3.5 binary with the equivalent options:

 ../branches/stable/tcpreplay -i en0 -l 50000 -R test/test.pcap
 5000000 packets (531450000 bytes) sent in 35.85 seconds
 14824134.0 bytes/sec 113.10 megabits/sec 139468 packets/sec

This is what I would expect based on how much more optimized the code
in 3.0.beta12 is vs. 2.x.

Anyways, since my results are very different from yours, I was hoping
you could send me the exact command lines you were using for beta12 &
2.3.5 as well as the pcap involved.

Thanks,
Aaron

On 2/23/07, Lothar Braun <mail <at> lobraun.de> wrote:
> Hi,
>
> i replayed a small dump file (about 30 packets) using -l 10000 at different
> speeds (2000, 4000, 8000 and 15000 pkts/s) using tcpreplay 2.x and tcpreplay
> 3.0.betax
> Both, tcpreplay 2 and 3, displayed the message
>
> processing file: /home/lothar/net/localhost.dump
>
> on stdout.
>
> Tcpreplay 2 writes this message once, while tcpreplay 3.0 writes the message
> each time the dumpfile is processed. This behavior results in an huge amount
> of messages printed to the screen with tcpreplay.
> The more packets per second you replay, the more busy tcpreplay gets printing
> these messages.
>
> Whereas tcpreplay 2 had no problem to send out all packets at 15000 pkts/s,
> tcpreplay 3 already got problems at 4000 pkts/s because it was so busy
> printing its messages.
>
> I think it would be a good idea to get the tcpreplay-2 behavior back. Is that
> possible for the next beta or the final release?
>
> Best regards,
>   Lothar
>
> --
> Blog: http://const-cast.blogspot.com
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>
>
>

--

-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Gmane