DIY-pcap 0.3.2 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/diy/builder.rb +12 -0
- data/lib/diy/ext/capture_wrapper.rb +1 -0
- data/lib/diy/live.rb +4 -0
- data/lib/diy/mac_learner.rb +53 -0
- data/lib/diy/offline.rb +10 -40
- data/lib/diy/strategy_builder.rb +2 -1
- data/lib/diy/version.rb +1 -1
- data/lib/diy/worker.rb +5 -0
- data/spec/controller_spec.rb +9 -0
- metadata +5 -4
data/lib/diy/builder.rb
CHANGED
|
@@ -70,11 +70,23 @@ module DIY
|
|
|
70
70
|
end
|
|
71
71
|
alias pcapfiles pcapfile
|
|
72
72
|
|
|
73
|
+
def filter(reg)
|
|
74
|
+
@filter = reg
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def set_filter
|
|
78
|
+
if @filter
|
|
79
|
+
@client.filter(@filter)
|
|
80
|
+
@server.filter(@filter)
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
|
|
73
84
|
def run
|
|
74
85
|
@offline ||= DIY::Offline.new('pcaps/example.pcap')
|
|
75
86
|
@strategy_builder = DIY::StrategyBuilder.new
|
|
76
87
|
@strategies.each { |builder| @strategy_builder.add(builder) }
|
|
77
88
|
find_worker_keepers
|
|
89
|
+
set_filter
|
|
78
90
|
controller = Controller.new( @client, @server, @offline, @strategy_builder )
|
|
79
91
|
controller.before_send(&@before_send_hook)
|
|
80
92
|
controller.timeout(@timeout) if @timeout
|
data/lib/diy/live.rb
CHANGED
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
module DIY
|
|
2
|
+
class MacLearner
|
|
3
|
+
def initialize(default_host = :A)
|
|
4
|
+
@default_host = default_host
|
|
5
|
+
@table = {}
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
#
|
|
9
|
+
def learn(packet, where)
|
|
10
|
+
raise "Only receive :A or B for where argument" unless where == :A or where == :B
|
|
11
|
+
#~ @table.delete( src(packet) )
|
|
12
|
+
_learn( src(packet), where)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def _learn(mac, where)
|
|
16
|
+
@table[mac] = where
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# 报告包所在的端口 A or B
|
|
20
|
+
# 如果包不在学习表内, 返回缺省端口(默认为A)
|
|
21
|
+
def tellme(packet)
|
|
22
|
+
src_p = src(packet)
|
|
23
|
+
if @table.has_key? src_p
|
|
24
|
+
where = @table[src_p]
|
|
25
|
+
else
|
|
26
|
+
where = @default_host
|
|
27
|
+
_learn( src(packet), where )
|
|
28
|
+
end
|
|
29
|
+
_learn( dst(packet), other(where) )
|
|
30
|
+
where
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def other(where)
|
|
34
|
+
if where == :A
|
|
35
|
+
return :B
|
|
36
|
+
elsif where == :B
|
|
37
|
+
return :A
|
|
38
|
+
else
|
|
39
|
+
raise "Argument error"
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
private
|
|
45
|
+
def src(packet)
|
|
46
|
+
Utils.src_mac(packet)
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def dst(packet)
|
|
50
|
+
Utils.dst_mac(packet)
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
data/lib/diy/offline.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding : utf-8
|
|
2
|
+
require 'diy/mac_learner'
|
|
2
3
|
|
|
3
4
|
module DIY
|
|
4
5
|
class Offline
|
|
@@ -6,6 +7,9 @@ module DIY
|
|
|
6
7
|
@pcap_files = [ pcap_files ] if pcap_files.kind_of?(String)
|
|
7
8
|
@pcap_files ||= pcap_files
|
|
8
9
|
@off = FFI::PCap::Offline.new(@pcap_files[0])
|
|
10
|
+
|
|
11
|
+
@ml = MacLearner.new
|
|
12
|
+
|
|
9
13
|
# 记录文件在目录中的位置
|
|
10
14
|
@position = 0
|
|
11
15
|
# 记录包在当前文件的位置
|
|
@@ -24,42 +28,21 @@ module DIY
|
|
|
24
28
|
end
|
|
25
29
|
|
|
26
30
|
ret << pkt
|
|
27
|
-
|
|
28
|
-
if ! fetch_cached_mac
|
|
29
|
-
cached_mac(pkt)
|
|
30
|
-
else
|
|
31
|
-
if Utils.src_mac(pkt) != fetch_cached_mac
|
|
32
|
-
op = "!="
|
|
33
|
-
end
|
|
34
|
-
end
|
|
31
|
+
where = @ml.tellme(pkt.content)
|
|
35
32
|
|
|
36
33
|
loop do
|
|
37
|
-
pkt =
|
|
38
|
-
if pkt.nil?
|
|
39
|
-
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
if compare_mac( op, Utils.src_mac(pkt), fetch_cached_mac)
|
|
43
|
-
ret << pkt
|
|
44
|
-
else
|
|
34
|
+
pkt = fetch_one
|
|
35
|
+
return ret if pkt.nil?
|
|
36
|
+
if @ml.tellme(pkt.content) != where
|
|
45
37
|
cached(pkt)
|
|
46
38
|
return ret
|
|
39
|
+
else
|
|
40
|
+
ret << pkt
|
|
47
41
|
end
|
|
48
|
-
|
|
49
42
|
end
|
|
50
43
|
|
|
51
44
|
end
|
|
52
45
|
|
|
53
|
-
def compare_mac( op, mac1, mac2)
|
|
54
|
-
if op == "=="
|
|
55
|
-
mac1 == mac2
|
|
56
|
-
elsif op == "!="
|
|
57
|
-
mac1 != mac2
|
|
58
|
-
else
|
|
59
|
-
raise "error op"
|
|
60
|
-
end
|
|
61
|
-
end
|
|
62
|
-
|
|
63
46
|
def fetch_one
|
|
64
47
|
pkt = fetch_cache
|
|
65
48
|
if pkt.nil?
|
|
@@ -82,18 +65,6 @@ module DIY
|
|
|
82
65
|
@tmp_pcap = pkt
|
|
83
66
|
end
|
|
84
67
|
|
|
85
|
-
def cached_mac(pkt)
|
|
86
|
-
@src = Utils.src_mac(pkt)
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
def fetch_cached_mac
|
|
90
|
-
@src
|
|
91
|
-
end
|
|
92
|
-
|
|
93
|
-
def clear_cached_mac
|
|
94
|
-
@src = nil
|
|
95
|
-
end
|
|
96
|
-
|
|
97
68
|
def fetch_cache
|
|
98
69
|
if @tmp_pcap
|
|
99
70
|
tmp = @tmp_pcap
|
|
@@ -104,7 +75,6 @@ module DIY
|
|
|
104
75
|
end
|
|
105
76
|
|
|
106
77
|
def first_pkt?
|
|
107
|
-
puts @num
|
|
108
78
|
@num == 1
|
|
109
79
|
end
|
|
110
80
|
public
|
data/lib/diy/strategy_builder.rb
CHANGED
data/lib/diy/version.rb
CHANGED
data/lib/diy/worker.rb
CHANGED
data/spec/controller_spec.rb
CHANGED
|
@@ -121,5 +121,14 @@ describe "Controller" do
|
|
|
121
121
|
end
|
|
122
122
|
lambda { build2.run }.should_not raise_error
|
|
123
123
|
end
|
|
124
|
+
|
|
125
|
+
it "#run with filter" do
|
|
126
|
+
build2 = DIY::Builder.new do
|
|
127
|
+
use DIY::SimpleStrategy.new
|
|
128
|
+
filter "not host 127.0.0.1"
|
|
129
|
+
pcapfiles "helper/http.pcap"
|
|
130
|
+
end
|
|
131
|
+
lambda { build2.run }.should_not raise_error
|
|
132
|
+
end
|
|
124
133
|
|
|
125
134
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: DIY-pcap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 21
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 3
|
|
9
|
-
-
|
|
10
|
-
version: 0.3.
|
|
9
|
+
- 3
|
|
10
|
+
version: 0.3.3
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- yafei Lee
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2012-10-
|
|
18
|
+
date: 2012-10-15 00:00:00 Z
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
21
21
|
name: ffi-pcap
|
|
@@ -62,6 +62,7 @@ files:
|
|
|
62
62
|
- lib/diy/ext/capture_wrapper.rb
|
|
63
63
|
- lib/diy/live.rb
|
|
64
64
|
- lib/diy/logger.rb
|
|
65
|
+
- lib/diy/mac_learner.rb
|
|
65
66
|
- lib/diy/offline.rb
|
|
66
67
|
- lib/diy/packet.rb
|
|
67
68
|
- lib/diy/parser/mu/fixnum_ext.rb
|