DIY-pcap 0.3.2 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/diy/builder.rb +12 -0
- data/lib/diy/ext/capture_wrapper.rb +1 -0
- data/lib/diy/live.rb +4 -0
- data/lib/diy/mac_learner.rb +53 -0
- data/lib/diy/offline.rb +10 -40
- data/lib/diy/strategy_builder.rb +2 -1
- data/lib/diy/version.rb +1 -1
- data/lib/diy/worker.rb +5 -0
- data/spec/controller_spec.rb +9 -0
- metadata +5 -4
data/lib/diy/builder.rb
CHANGED
|
@@ -70,11 +70,23 @@ module DIY
|
|
|
70
70
|
end
|
|
71
71
|
alias pcapfiles pcapfile
|
|
72
72
|
|
|
73
|
+
def filter(reg)
|
|
74
|
+
@filter = reg
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def set_filter
|
|
78
|
+
if @filter
|
|
79
|
+
@client.filter(@filter)
|
|
80
|
+
@server.filter(@filter)
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
|
|
73
84
|
def run
|
|
74
85
|
@offline ||= DIY::Offline.new('pcaps/example.pcap')
|
|
75
86
|
@strategy_builder = DIY::StrategyBuilder.new
|
|
76
87
|
@strategies.each { |builder| @strategy_builder.add(builder) }
|
|
77
88
|
find_worker_keepers
|
|
89
|
+
set_filter
|
|
78
90
|
controller = Controller.new( @client, @server, @offline, @strategy_builder )
|
|
79
91
|
controller.before_send(&@before_send_hook)
|
|
80
92
|
controller.timeout(@timeout) if @timeout
|
data/lib/diy/live.rb
CHANGED
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
module DIY
|
|
2
|
+
class MacLearner
|
|
3
|
+
def initialize(default_host = :A)
|
|
4
|
+
@default_host = default_host
|
|
5
|
+
@table = {}
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
#
|
|
9
|
+
def learn(packet, where)
|
|
10
|
+
raise "Only receive :A or B for where argument" unless where == :A or where == :B
|
|
11
|
+
#~ @table.delete( src(packet) )
|
|
12
|
+
_learn( src(packet), where)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def _learn(mac, where)
|
|
16
|
+
@table[mac] = where
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# 报告包所在的端口 A or B
|
|
20
|
+
# 如果包不在学习表内, 返回缺省端口(默认为A)
|
|
21
|
+
def tellme(packet)
|
|
22
|
+
src_p = src(packet)
|
|
23
|
+
if @table.has_key? src_p
|
|
24
|
+
where = @table[src_p]
|
|
25
|
+
else
|
|
26
|
+
where = @default_host
|
|
27
|
+
_learn( src(packet), where )
|
|
28
|
+
end
|
|
29
|
+
_learn( dst(packet), other(where) )
|
|
30
|
+
where
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def other(where)
|
|
34
|
+
if where == :A
|
|
35
|
+
return :B
|
|
36
|
+
elsif where == :B
|
|
37
|
+
return :A
|
|
38
|
+
else
|
|
39
|
+
raise "Argument error"
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
private
|
|
45
|
+
def src(packet)
|
|
46
|
+
Utils.src_mac(packet)
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def dst(packet)
|
|
50
|
+
Utils.dst_mac(packet)
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
data/lib/diy/offline.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# encoding : utf-8
|
|
2
|
+
require 'diy/mac_learner'
|
|
2
3
|
|
|
3
4
|
module DIY
|
|
4
5
|
class Offline
|
|
@@ -6,6 +7,9 @@ module DIY
|
|
|
6
7
|
@pcap_files = [ pcap_files ] if pcap_files.kind_of?(String)
|
|
7
8
|
@pcap_files ||= pcap_files
|
|
8
9
|
@off = FFI::PCap::Offline.new(@pcap_files[0])
|
|
10
|
+
|
|
11
|
+
@ml = MacLearner.new
|
|
12
|
+
|
|
9
13
|
# 记录文件在目录中的位置
|
|
10
14
|
@position = 0
|
|
11
15
|
# 记录包在当前文件的位置
|
|
@@ -24,42 +28,21 @@ module DIY
|
|
|
24
28
|
end
|
|
25
29
|
|
|
26
30
|
ret << pkt
|
|
27
|
-
|
|
28
|
-
if ! fetch_cached_mac
|
|
29
|
-
cached_mac(pkt)
|
|
30
|
-
else
|
|
31
|
-
if Utils.src_mac(pkt) != fetch_cached_mac
|
|
32
|
-
op = "!="
|
|
33
|
-
end
|
|
34
|
-
end
|
|
31
|
+
where = @ml.tellme(pkt.content)
|
|
35
32
|
|
|
36
33
|
loop do
|
|
37
|
-
pkt =
|
|
38
|
-
if pkt.nil?
|
|
39
|
-
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
if compare_mac( op, Utils.src_mac(pkt), fetch_cached_mac)
|
|
43
|
-
ret << pkt
|
|
44
|
-
else
|
|
34
|
+
pkt = fetch_one
|
|
35
|
+
return ret if pkt.nil?
|
|
36
|
+
if @ml.tellme(pkt.content) != where
|
|
45
37
|
cached(pkt)
|
|
46
38
|
return ret
|
|
39
|
+
else
|
|
40
|
+
ret << pkt
|
|
47
41
|
end
|
|
48
|
-
|
|
49
42
|
end
|
|
50
43
|
|
|
51
44
|
end
|
|
52
45
|
|
|
53
|
-
def compare_mac( op, mac1, mac2)
|
|
54
|
-
if op == "=="
|
|
55
|
-
mac1 == mac2
|
|
56
|
-
elsif op == "!="
|
|
57
|
-
mac1 != mac2
|
|
58
|
-
else
|
|
59
|
-
raise "error op"
|
|
60
|
-
end
|
|
61
|
-
end
|
|
62
|
-
|
|
63
46
|
def fetch_one
|
|
64
47
|
pkt = fetch_cache
|
|
65
48
|
if pkt.nil?
|
|
@@ -82,18 +65,6 @@ module DIY
|
|
|
82
65
|
@tmp_pcap = pkt
|
|
83
66
|
end
|
|
84
67
|
|
|
85
|
-
def cached_mac(pkt)
|
|
86
|
-
@src = Utils.src_mac(pkt)
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
def fetch_cached_mac
|
|
90
|
-
@src
|
|
91
|
-
end
|
|
92
|
-
|
|
93
|
-
def clear_cached_mac
|
|
94
|
-
@src = nil
|
|
95
|
-
end
|
|
96
|
-
|
|
97
68
|
def fetch_cache
|
|
98
69
|
if @tmp_pcap
|
|
99
70
|
tmp = @tmp_pcap
|
|
@@ -104,7 +75,6 @@ module DIY
|
|
|
104
75
|
end
|
|
105
76
|
|
|
106
77
|
def first_pkt?
|
|
107
|
-
puts @num
|
|
108
78
|
@num == 1
|
|
109
79
|
end
|
|
110
80
|
public
|
data/lib/diy/strategy_builder.rb
CHANGED
data/lib/diy/version.rb
CHANGED
data/lib/diy/worker.rb
CHANGED
data/spec/controller_spec.rb
CHANGED
|
@@ -121,5 +121,14 @@ describe "Controller" do
|
|
|
121
121
|
end
|
|
122
122
|
lambda { build2.run }.should_not raise_error
|
|
123
123
|
end
|
|
124
|
+
|
|
125
|
+
it "#run with filter" do
|
|
126
|
+
build2 = DIY::Builder.new do
|
|
127
|
+
use DIY::SimpleStrategy.new
|
|
128
|
+
filter "not host 127.0.0.1"
|
|
129
|
+
pcapfiles "helper/http.pcap"
|
|
130
|
+
end
|
|
131
|
+
lambda { build2.run }.should_not raise_error
|
|
132
|
+
end
|
|
124
133
|
|
|
125
134
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: DIY-pcap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 21
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 3
|
|
9
|
-
-
|
|
10
|
-
version: 0.3.
|
|
9
|
+
- 3
|
|
10
|
+
version: 0.3.3
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- yafei Lee
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2012-10-
|
|
18
|
+
date: 2012-10-15 00:00:00 Z
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
21
21
|
name: ffi-pcap
|
|
@@ -62,6 +62,7 @@ files:
|
|
|
62
62
|
- lib/diy/ext/capture_wrapper.rb
|
|
63
63
|
- lib/diy/live.rb
|
|
64
64
|
- lib/diy/logger.rb
|
|
65
|
+
- lib/diy/mac_learner.rb
|
|
65
66
|
- lib/diy/offline.rb
|
|
66
67
|
- lib/diy/packet.rb
|
|
67
68
|
- lib/diy/parser/mu/fixnum_ext.rb
|