Mike,
This sounds like a bug. I opened the following issue. You can subscribe to it
and track its progress.
Thanks, Fred.
https://github.com/appneta/tcpreplay/issues/404
<https://github.com/appneta/tcpreplay/issues/404>
> On Jun 7, 2017, at 6:18 PM, Mike Komer <[email protected]> wrote:
>
> tcpreplay version: 4.1.0 (build git:v4.1.0)
>
>
> This is from the tcpprep man page
>
> -x string, --include=string
> Include only packets matching rule. This option may appear up to 1 times.
> This option must not appear in combination with any of the following options:
> exclude.
> Override default of processing all packets stored in the capture file and
> only send/edit packets which match the provided rule. Rules can be one of:
> S:<CIDR1>,... - Source IP must match specified IPv4/v6 CIDR(s)
> D:<CIDR1>,... - Destination IP must match specified IPv4/v6 CIDR(s)
> B:<CIDR1>,... - Both source and destination IP must match specified IPv4/v6
> CIDR(s)
> E:<CIDR1>,... - Either IP must match specified IPv4/v6 CIDR(s)
> P:<LIST> - Must be one of the listed packets where the list corresponds to
> the packet number in the capture file.
> -x P:1-5,9,15,72-
> would process packets 1 thru 5, the 9th and 15th packet, and packets 72 until
> the end of the file
>
> Emphasis mine.
>
> After doing all this, to the attached capture:
>
> tcprewrite --enet-vlan=del
> --pnat=10.48.144.240/32:1.0.1.5/32,10.48.144.248/32:1.0.1.6/32,172.21.61.25/32:4.0.1.12/32
> -b --infile='tmp/LINK.pcap' --outfile='tmp/IP.pcap'
> tcprewrite --dlt=enet --enet-vlan=del
> --enet-dmac=02:00:00:bb:bb:00,02:00:00:cc:cc:00
> --enet-smac=02:00:00:aa:aa:00,02:00:00:dd:dd:00 --cachefile=tmp/INPUT.cache
> --infile='tmp/IP.pcap' --outfile='tmp/REPLAY.pcap'
> tcpprep --cidr=1.0.0.0/8 --include=P:4-16,21-33 --cachefile='tmp/INPUT.cache'
> --pcap='tmp/IP.pcap'
>
> I would expect only packets 4-16,21-33 to be modified and/or given a
> direction in the cache. But they all have and there is nothing indicating
> that it will not replay everything.
> And, indeed, the entire capture is replayed. This makes no difference:
> --include='P:4-16,21-33' vs --include=P:4-16,21-33
>
> This also does not stop anything:
> tcpprep --cidr=1.0.0.0/8 --include=E:1.0.0.0/8 --cachefile='tmp/INPUT.cache'
> --pcap='tmp/IP.pcap'
>
> This does:
> tcpprep --cidr=1.0.0.0/8 --include=S:1.0.0.0/8 --cachefile='tmp/INPUT.cache'
> --pcap='tmp/IP.pcap'
>
> I cannot find where this was recently discussed or fixed in the archives.
> Seems like a bug.
>
> -Mike
>
>
> <two-gets.pcap>------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org <http://slashdot.org/>!
> http://sdm.link/slashdot_______________________________________________
> <http://sdm.link/slashdot_______________________________________________>
> Tcpreplay-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> <https://lists.sourceforge.net/lists/listinfo/tcpreplay-users>
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
> <http://tcpreplay.synfin.net/trac/wiki/Support>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Tcpreplay-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
