I've been adding a cool little feature for a new injection method and started looking at the code for dealing with two NIC's and tcpprep cache files. I started noticing there was a bit inconsistency in the terminology and even some of the logic in the code about what traffic goes out which interface. To say it another way, it was *deterministic*, but for new users it wasn't *predictable*. Unfortunately, the documentation (man pages and wiki) were pretty light on details of what goes where, so people had to figure it out manually. /suck
In an attempt to set things right, I'm making the following proposal which assuming I don't get too much negative feedback over will go into the next release: -i (aka primary interface) * traffic that client(s) send (client->server) * "matched" when using manual filters like --cidr or --regex * RX for khial interfaces (/dev/char/testpacketsX) -I (aka secondary interface) * traffic that server(s) send (server->client) * "not-matched" when using manual filters like --cidr or --regex * TX for khial interfaces Probably the biggest change is that in the past, tcpreplay said that the "primary" interface was for "server" traffic. It never said if that was FROM or TO the server though. Looking at the code, it actually was FROM. Honestly though, I think people usually think of terms of client-to-server and client/server so "client" comes before "server" so the command line arguments should follow that pattern as well. It also means that tcpprep cache files in 3.5.0+ will mark C->S traffic as the primary interface. If anyone has any opinions, either pro or con, please let me know. Thanks! -Aaron -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
