DIY-pcap 0.4.1 → 0.4.3
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +4 -4
- data/DIY-pcap.gemspec +17 -17
- data/Gemfile +3 -3
- data/Rakefile +1 -1
- data/lib/DIY-pcap.rb +2 -2
- data/lib/diy/command.rb +7 -1
- data/lib/diy/controller.rb +10 -15
- data/lib/diy/live.rb +9 -2
- data/lib/diy/parser/mu/pcap/ethernet.rb +148 -148
- data/lib/diy/parser/mu/pcap/header.rb +75 -75
- data/lib/diy/parser/mu/pcap/io_pair.rb +67 -67
- data/lib/diy/parser/mu/pcap/io_wrapper.rb +76 -76
- data/lib/diy/parser/mu/pcap/ip.rb +61 -61
- data/lib/diy/parser/mu/pcap/ipv4.rb +257 -257
- data/lib/diy/parser/mu/pcap/ipv6.rb +148 -148
- data/lib/diy/parser/mu/pcap/packet.rb +104 -104
- data/lib/diy/parser/mu/pcap/pkthdr.rb +155 -155
- data/lib/diy/parser/mu/pcap/reader.rb +61 -61
- data/lib/diy/parser/mu/pcap/reader/http_family.rb +170 -170
- data/lib/diy/parser/mu/pcap/sctp.rb +367 -367
- data/lib/diy/parser/mu/pcap/sctp/chunk.rb +123 -123
- data/lib/diy/parser/mu/pcap/sctp/chunk/data.rb +134 -134
- data/lib/diy/parser/mu/pcap/sctp/chunk/init.rb +100 -100
- data/lib/diy/parser/mu/pcap/sctp/chunk/init_ack.rb +68 -68
- data/lib/diy/parser/mu/pcap/sctp/parameter.rb +110 -110
- data/lib/diy/parser/mu/pcap/sctp/parameter/ip_address.rb +48 -48
- data/lib/diy/parser/mu/pcap/stream_packetizer.rb +72 -72
- data/lib/diy/parser/mu/pcap/tcp.rb +505 -505
- data/lib/diy/parser/mu/pcap/udp.rb +69 -69
- data/lib/diy/parser/mu/scenario/pcap.rb +172 -172
- data/lib/diy/parser/mu/scenario/pcap/fields.rb +50 -50
- data/lib/diy/parser/mu/scenario/pcap/rtp.rb +71 -71
- data/lib/diy/parser/pcap.rb +109 -109
- data/lib/diy/version.rb +1 -1
- metadata +7 -9
@@ -1,75 +1,75 @@
|
|
1
|
-
# http://www.mudynamics.com
|
2
|
-
# http://labs.mudynamics.com
|
3
|
-
# http://www.pcapr.net
|
4
|
-
|
5
|
-
module Mu
|
6
|
-
class Pcap
|
7
|
-
|
8
|
-
class Header
|
9
|
-
attr_accessor :magic, :version_major, :version_minor, :thiszone, :sigfigs,
|
10
|
-
:snaplen, :linktype
|
11
|
-
|
12
|
-
BIG_ENDIAN_FORMAT = 'nnNNNN'
|
13
|
-
LITTLE_ENDIAN_FORMAT = 'vvVVVV'
|
14
|
-
|
15
|
-
UNSUPPORTED_FORMATS = {
|
16
|
-
0x474D4255 => "NetMon", # "GMBU"
|
17
|
-
0x5452534E => "NA Sniffer (DOS)" # Starts with "TRSNIFF data"
|
18
|
-
}
|
19
|
-
|
20
|
-
def initialize
|
21
|
-
@magic = BIG_ENDIAN
|
22
|
-
@version_major = 2
|
23
|
-
@version_minor = 4
|
24
|
-
@thiszone = 0
|
25
|
-
@sigfigs = 0
|
26
|
-
@snaplen = 1500
|
27
|
-
@linktype = DLT_NULL
|
28
|
-
end
|
29
|
-
|
30
|
-
def self.read ios
|
31
|
-
header = Header.new
|
32
|
-
bytes = ios.read 24
|
33
|
-
Pcap.assert bytes, 'PCAP header missing'
|
34
|
-
Pcap.assert bytes.length == 24, 'Truncated PCAP header: ' +
|
35
|
-
"expected 24 bytes, got #{bytes.length} bytes"
|
36
|
-
header.magic, _ = bytes[0, 4].unpack 'N'
|
37
|
-
if header.magic == BIG_ENDIAN
|
38
|
-
format = BIG_ENDIAN_FORMAT
|
39
|
-
elsif header.magic == LITTLE_ENDIAN
|
40
|
-
format = LITTLE_ENDIAN_FORMAT
|
41
|
-
else
|
42
|
-
format = UNSUPPORTED_FORMATS[header.magic]
|
43
|
-
if format.nil?
|
44
|
-
err = "Unsupported packet capture format. "
|
45
|
-
else
|
46
|
-
err = "#{format} capture files are not supported. "
|
47
|
-
end
|
48
|
-
raise ParseError, err
|
49
|
-
end
|
50
|
-
header.version_major, header.version_minor, header.thiszone,
|
51
|
-
header.sigfigs, header.snaplen, header.linktype =
|
52
|
-
bytes[4..-1].unpack format
|
53
|
-
return header
|
54
|
-
end
|
55
|
-
|
56
|
-
def write io
|
57
|
-
bytes = [BIG_ENDIAN, @version_major, @version_minor, @thiszone,
|
58
|
-
@sigfigs, @snaplen, DLT_EN10MB].pack('N' + BIG_ENDIAN_FORMAT)
|
59
|
-
io.write bytes
|
60
|
-
end
|
61
|
-
|
62
|
-
def == other
|
63
|
-
return self.class == other.class &&
|
64
|
-
self.magic == other.magic &&
|
65
|
-
self.version_major == other.version_major &&
|
66
|
-
self.version_minor == other.version_minor &&
|
67
|
-
self.thiszone == other.thiszone &&
|
68
|
-
self.sigfigs == other.sigfigs &&
|
69
|
-
self.snaplen == other.snaplen &&
|
70
|
-
self.linktype == other.linktype
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
74
|
-
end
|
75
|
-
end
|
1
|
+
# http://www.mudynamics.com
|
2
|
+
# http://labs.mudynamics.com
|
3
|
+
# http://www.pcapr.net
|
4
|
+
|
5
|
+
module Mu
|
6
|
+
class Pcap
|
7
|
+
|
8
|
+
class Header
|
9
|
+
attr_accessor :magic, :version_major, :version_minor, :thiszone, :sigfigs,
|
10
|
+
:snaplen, :linktype
|
11
|
+
|
12
|
+
BIG_ENDIAN_FORMAT = 'nnNNNN'
|
13
|
+
LITTLE_ENDIAN_FORMAT = 'vvVVVV'
|
14
|
+
|
15
|
+
UNSUPPORTED_FORMATS = {
|
16
|
+
0x474D4255 => "NetMon", # "GMBU"
|
17
|
+
0x5452534E => "NA Sniffer (DOS)" # Starts with "TRSNIFF data"
|
18
|
+
}
|
19
|
+
|
20
|
+
def initialize
|
21
|
+
@magic = BIG_ENDIAN
|
22
|
+
@version_major = 2
|
23
|
+
@version_minor = 4
|
24
|
+
@thiszone = 0
|
25
|
+
@sigfigs = 0
|
26
|
+
@snaplen = 1500
|
27
|
+
@linktype = DLT_NULL
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.read ios
|
31
|
+
header = Header.new
|
32
|
+
bytes = ios.read 24
|
33
|
+
Pcap.assert bytes, 'PCAP header missing'
|
34
|
+
Pcap.assert bytes.length == 24, 'Truncated PCAP header: ' +
|
35
|
+
"expected 24 bytes, got #{bytes.length} bytes"
|
36
|
+
header.magic, _ = bytes[0, 4].unpack 'N'
|
37
|
+
if header.magic == BIG_ENDIAN
|
38
|
+
format = BIG_ENDIAN_FORMAT
|
39
|
+
elsif header.magic == LITTLE_ENDIAN
|
40
|
+
format = LITTLE_ENDIAN_FORMAT
|
41
|
+
else
|
42
|
+
format = UNSUPPORTED_FORMATS[header.magic]
|
43
|
+
if format.nil?
|
44
|
+
err = "Unsupported packet capture format. "
|
45
|
+
else
|
46
|
+
err = "#{format} capture files are not supported. "
|
47
|
+
end
|
48
|
+
raise ParseError, err
|
49
|
+
end
|
50
|
+
header.version_major, header.version_minor, header.thiszone,
|
51
|
+
header.sigfigs, header.snaplen, header.linktype =
|
52
|
+
bytes[4..-1].unpack format
|
53
|
+
return header
|
54
|
+
end
|
55
|
+
|
56
|
+
def write io
|
57
|
+
bytes = [BIG_ENDIAN, @version_major, @version_minor, @thiszone,
|
58
|
+
@sigfigs, @snaplen, DLT_EN10MB].pack('N' + BIG_ENDIAN_FORMAT)
|
59
|
+
io.write bytes
|
60
|
+
end
|
61
|
+
|
62
|
+
def == other
|
63
|
+
return self.class == other.class &&
|
64
|
+
self.magic == other.magic &&
|
65
|
+
self.version_major == other.version_major &&
|
66
|
+
self.version_minor == other.version_minor &&
|
67
|
+
self.thiszone == other.thiszone &&
|
68
|
+
self.sigfigs == other.sigfigs &&
|
69
|
+
self.snaplen == other.snaplen &&
|
70
|
+
self.linktype == other.linktype
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
end
|
75
|
+
end
|
@@ -1,67 +1,67 @@
|
|
1
|
-
# http://www.mudynamics.com
|
2
|
-
# http://labs.mudynamics.com
|
3
|
-
# http://www.pcapr.net
|
4
|
-
|
5
|
-
module Mu
|
6
|
-
class Pcap
|
7
|
-
|
8
|
-
# For emulating of a pair of connected sockets. Bytes written
|
9
|
-
# with #write to one side are returned by a subsequent #read on
|
10
|
-
# the other side.
|
11
|
-
#
|
12
|
-
# Use Pair.stream_pair to get a pair with stream semantics.
|
13
|
-
# Use Pair.packet_pair to get a pair with packet semantics.
|
14
|
-
class IOPair
|
15
|
-
attr_reader :read_queue
|
16
|
-
attr_accessor :other
|
17
|
-
|
18
|
-
def initialize
|
19
|
-
raise NotImplementedError
|
20
|
-
end
|
21
|
-
|
22
|
-
def self.stream_pair
|
23
|
-
io1 = Stream.new
|
24
|
-
io2 = Stream.new
|
25
|
-
io1.other = io2
|
26
|
-
io2.other = io1
|
27
|
-
return io1, io2
|
28
|
-
end
|
29
|
-
|
30
|
-
def self.packet_pair
|
31
|
-
io1 = Packet.new
|
32
|
-
io2 = Packet.new
|
33
|
-
io1.other = io2
|
34
|
-
io2.other = io1
|
35
|
-
return io1, io2
|
36
|
-
end
|
37
|
-
|
38
|
-
def write bytes
|
39
|
-
@other.read_queue << bytes
|
40
|
-
bytes.size
|
41
|
-
end
|
42
|
-
|
43
|
-
class Stream < IOPair
|
44
|
-
def initialize
|
45
|
-
@read_queue = ""
|
46
|
-
end
|
47
|
-
|
48
|
-
def read n=nil
|
49
|
-
n ||= @read_queue.size
|
50
|
-
@read_queue.slice!(0,n)
|
51
|
-
end
|
52
|
-
end
|
53
|
-
|
54
|
-
class Packet < IOPair
|
55
|
-
def initialize
|
56
|
-
@read_queue = []
|
57
|
-
end
|
58
|
-
|
59
|
-
def read
|
60
|
-
@read_queue.shift
|
61
|
-
end
|
62
|
-
end
|
63
|
-
|
64
|
-
end
|
65
|
-
end
|
66
|
-
end
|
67
|
-
|
1
|
+
# http://www.mudynamics.com
|
2
|
+
# http://labs.mudynamics.com
|
3
|
+
# http://www.pcapr.net
|
4
|
+
|
5
|
+
module Mu
|
6
|
+
class Pcap
|
7
|
+
|
8
|
+
# For emulating of a pair of connected sockets. Bytes written
|
9
|
+
# with #write to one side are returned by a subsequent #read on
|
10
|
+
# the other side.
|
11
|
+
#
|
12
|
+
# Use Pair.stream_pair to get a pair with stream semantics.
|
13
|
+
# Use Pair.packet_pair to get a pair with packet semantics.
|
14
|
+
class IOPair
|
15
|
+
attr_reader :read_queue
|
16
|
+
attr_accessor :other
|
17
|
+
|
18
|
+
def initialize
|
19
|
+
raise NotImplementedError
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.stream_pair
|
23
|
+
io1 = Stream.new
|
24
|
+
io2 = Stream.new
|
25
|
+
io1.other = io2
|
26
|
+
io2.other = io1
|
27
|
+
return io1, io2
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.packet_pair
|
31
|
+
io1 = Packet.new
|
32
|
+
io2 = Packet.new
|
33
|
+
io1.other = io2
|
34
|
+
io2.other = io1
|
35
|
+
return io1, io2
|
36
|
+
end
|
37
|
+
|
38
|
+
def write bytes
|
39
|
+
@other.read_queue << bytes
|
40
|
+
bytes.size
|
41
|
+
end
|
42
|
+
|
43
|
+
class Stream < IOPair
|
44
|
+
def initialize
|
45
|
+
@read_queue = ""
|
46
|
+
end
|
47
|
+
|
48
|
+
def read n=nil
|
49
|
+
n ||= @read_queue.size
|
50
|
+
@read_queue.slice!(0,n)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
class Packet < IOPair
|
55
|
+
def initialize
|
56
|
+
@read_queue = []
|
57
|
+
end
|
58
|
+
|
59
|
+
def read
|
60
|
+
@read_queue.shift
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
@@ -1,76 +1,76 @@
|
|
1
|
-
# http://www.mudynamics.com
|
2
|
-
# http://labs.mudynamics.com
|
3
|
-
# http://www.pcapr.net
|
4
|
-
|
5
|
-
require 'mu/pcap/io_pair'
|
6
|
-
|
7
|
-
module Mu
|
8
|
-
class Pcap
|
9
|
-
class IOWrapper
|
10
|
-
attr_reader :ios, :unread, :state
|
11
|
-
|
12
|
-
def initialize ios, reader
|
13
|
-
@ios = ios
|
14
|
-
@reader = reader
|
15
|
-
# parse state for reader
|
16
|
-
@state = {}
|
17
|
-
# read off of underlying io but not yet processed by @reader
|
18
|
-
@unread = ""
|
19
|
-
end
|
20
|
-
|
21
|
-
# Impose upper limit to protect against memory exhaustion.
|
22
|
-
MAX_RECEIVE_SIZE = 1048576 # 1MB
|
23
|
-
|
24
|
-
# Returns next higher level protocol message.
|
25
|
-
def read
|
26
|
-
until message = @reader.read_message!(@unread, @state)
|
27
|
-
bytes = @ios.read
|
28
|
-
if bytes and not bytes.empty?
|
29
|
-
@unread << bytes
|
30
|
-
else
|
31
|
-
return nil
|
32
|
-
end
|
33
|
-
if @unread.size > MAX_RECEIVE_SIZE
|
34
|
-
raise "Maximum message size (#{MAX_RECEIVE_SIZE}) exceeded"
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
return message
|
39
|
-
end
|
40
|
-
|
41
|
-
# Parser may need to see requests to understand responses.
|
42
|
-
def record_write bytes
|
43
|
-
@reader.record_write bytes, @state
|
44
|
-
end
|
45
|
-
|
46
|
-
def write bytes, *args
|
47
|
-
w = @ios.write bytes, *args
|
48
|
-
record_write bytes
|
49
|
-
w
|
50
|
-
end
|
51
|
-
|
52
|
-
def write_to bytes, *args
|
53
|
-
w = @ios.write_to bytes, *args
|
54
|
-
record_write bytes
|
55
|
-
w
|
56
|
-
end
|
57
|
-
|
58
|
-
def open
|
59
|
-
if block_given?
|
60
|
-
@ios.open { yield }
|
61
|
-
else
|
62
|
-
@ios.open
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
def open?
|
67
|
-
@ios.open?
|
68
|
-
end
|
69
|
-
|
70
|
-
def close
|
71
|
-
@ios.close
|
72
|
-
end
|
73
|
-
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
1
|
+
# http://www.mudynamics.com
|
2
|
+
# http://labs.mudynamics.com
|
3
|
+
# http://www.pcapr.net
|
4
|
+
|
5
|
+
require 'mu/pcap/io_pair'
|
6
|
+
|
7
|
+
module Mu
|
8
|
+
class Pcap
|
9
|
+
class IOWrapper
|
10
|
+
attr_reader :ios, :unread, :state
|
11
|
+
|
12
|
+
def initialize ios, reader
|
13
|
+
@ios = ios
|
14
|
+
@reader = reader
|
15
|
+
# parse state for reader
|
16
|
+
@state = {}
|
17
|
+
# read off of underlying io but not yet processed by @reader
|
18
|
+
@unread = ""
|
19
|
+
end
|
20
|
+
|
21
|
+
# Impose upper limit to protect against memory exhaustion.
|
22
|
+
MAX_RECEIVE_SIZE = 1048576 # 1MB
|
23
|
+
|
24
|
+
# Returns next higher level protocol message.
|
25
|
+
def read
|
26
|
+
until message = @reader.read_message!(@unread, @state)
|
27
|
+
bytes = @ios.read
|
28
|
+
if bytes and not bytes.empty?
|
29
|
+
@unread << bytes
|
30
|
+
else
|
31
|
+
return nil
|
32
|
+
end
|
33
|
+
if @unread.size > MAX_RECEIVE_SIZE
|
34
|
+
raise "Maximum message size (#{MAX_RECEIVE_SIZE}) exceeded"
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
return message
|
39
|
+
end
|
40
|
+
|
41
|
+
# Parser may need to see requests to understand responses.
|
42
|
+
def record_write bytes
|
43
|
+
@reader.record_write bytes, @state
|
44
|
+
end
|
45
|
+
|
46
|
+
def write bytes, *args
|
47
|
+
w = @ios.write bytes, *args
|
48
|
+
record_write bytes
|
49
|
+
w
|
50
|
+
end
|
51
|
+
|
52
|
+
def write_to bytes, *args
|
53
|
+
w = @ios.write_to bytes, *args
|
54
|
+
record_write bytes
|
55
|
+
w
|
56
|
+
end
|
57
|
+
|
58
|
+
def open
|
59
|
+
if block_given?
|
60
|
+
@ios.open { yield }
|
61
|
+
else
|
62
|
+
@ios.open
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
def open?
|
67
|
+
@ios.open?
|
68
|
+
end
|
69
|
+
|
70
|
+
def close
|
71
|
+
@ios.close
|
72
|
+
end
|
73
|
+
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
@@ -1,61 +1,61 @@
|
|
1
|
-
# http://www.mudynamics.com
|
2
|
-
# http://labs.mudynamics.com
|
3
|
-
# http://www.pcapr.net
|
4
|
-
|
5
|
-
module Mu
|
6
|
-
class Pcap
|
7
|
-
|
8
|
-
class IP < Packet
|
9
|
-
IPPROTO_TCP = 6
|
10
|
-
IPPROTO_UDP = 17
|
11
|
-
IPPROTO_HOPOPTS = 0
|
12
|
-
IPPROTO_ROUTING = 43
|
13
|
-
IPPROTO_FRAGMENT = 44
|
14
|
-
IPPROTO_AH = 51
|
15
|
-
IPPROTO_NONE = 59
|
16
|
-
IPPROTO_DSTOPTS = 60
|
17
|
-
IPPROTO_SCTP = 132
|
18
|
-
|
19
|
-
attr_accessor :src, :dst
|
20
|
-
|
21
|
-
def initialize src=nil, dst=nil
|
22
|
-
super()
|
23
|
-
@src = src
|
24
|
-
@dst = dst
|
25
|
-
end
|
26
|
-
|
27
|
-
def v4?
|
28
|
-
return false
|
29
|
-
end
|
30
|
-
|
31
|
-
def v6?
|
32
|
-
return false
|
33
|
-
end
|
34
|
-
|
35
|
-
def proto
|
36
|
-
raise NotImplementedError
|
37
|
-
end
|
38
|
-
|
39
|
-
def pseudo_header payload_length
|
40
|
-
raise NotImplementedError
|
41
|
-
end
|
42
|
-
|
43
|
-
def == other
|
44
|
-
return super &&
|
45
|
-
self.src == other.src &&
|
46
|
-
self.dst == other.dst
|
47
|
-
end
|
48
|
-
|
49
|
-
def self.checksum bytes
|
50
|
-
if bytes.size & 1 == 1
|
51
|
-
bytes = bytes + "\0"
|
52
|
-
end
|
53
|
-
sum = 0
|
54
|
-
bytes.unpack("n*").each {|n| sum += n }
|
55
|
-
sum = (sum & 0xffff) + (sum >> 16 & 0xffff)
|
56
|
-
~sum & 0xffff
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
end
|
61
|
-
end
|
1
|
+
# http://www.mudynamics.com
|
2
|
+
# http://labs.mudynamics.com
|
3
|
+
# http://www.pcapr.net
|
4
|
+
|
5
|
+
module Mu
|
6
|
+
class Pcap
|
7
|
+
|
8
|
+
class IP < Packet
|
9
|
+
IPPROTO_TCP = 6
|
10
|
+
IPPROTO_UDP = 17
|
11
|
+
IPPROTO_HOPOPTS = 0
|
12
|
+
IPPROTO_ROUTING = 43
|
13
|
+
IPPROTO_FRAGMENT = 44
|
14
|
+
IPPROTO_AH = 51
|
15
|
+
IPPROTO_NONE = 59
|
16
|
+
IPPROTO_DSTOPTS = 60
|
17
|
+
IPPROTO_SCTP = 132
|
18
|
+
|
19
|
+
attr_accessor :src, :dst
|
20
|
+
|
21
|
+
def initialize src=nil, dst=nil
|
22
|
+
super()
|
23
|
+
@src = src
|
24
|
+
@dst = dst
|
25
|
+
end
|
26
|
+
|
27
|
+
def v4?
|
28
|
+
return false
|
29
|
+
end
|
30
|
+
|
31
|
+
def v6?
|
32
|
+
return false
|
33
|
+
end
|
34
|
+
|
35
|
+
def proto
|
36
|
+
raise NotImplementedError
|
37
|
+
end
|
38
|
+
|
39
|
+
def pseudo_header payload_length
|
40
|
+
raise NotImplementedError
|
41
|
+
end
|
42
|
+
|
43
|
+
def == other
|
44
|
+
return super &&
|
45
|
+
self.src == other.src &&
|
46
|
+
self.dst == other.dst
|
47
|
+
end
|
48
|
+
|
49
|
+
def self.checksum bytes
|
50
|
+
if bytes.size & 1 == 1
|
51
|
+
bytes = bytes + "\0"
|
52
|
+
end
|
53
|
+
sum = 0
|
54
|
+
bytes.unpack("n*").each {|n| sum += n }
|
55
|
+
sum = (sum & 0xffff) + (sum >> 16 & 0xffff)
|
56
|
+
~sum & 0xffff
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
end
|