DIY-pcap 0.4.1 → 0.4.3

data/lib/diy/parser/mu/pcap/pkthdr.rb

@@ -1,155 +1,155 @@
-# http://www.mudynamics.com
-# http://labs.mudynamics.com
-# http://www.pcapr.net
-
-module Mu
-class Pcap
-
-class Pkthdr
-    attr_accessor :endian, :ts_sec, :ts_usec, :caplen, :len, :pkt, :pkt_raw
-
-    def initialize endian=BIG_ENDIAN, ts_sec=0, ts_usec=0, caplen=0, len=0, pkt=nil
-        @endian = endian
-        @ts_sec = ts_sec
-        @ts_usec = ts_usec
-        @caplen = caplen
-        @len = len
-        @pkt = pkt
-        @pkt_raw = pkt
-    end
-
-    FMT_NNNN = 'NNNN'
-    FMT_VVVV = 'VVVV'
-    def self.read io, endian=BIG_ENDIAN
-        if endian == BIG_ENDIAN
-            format = FMT_NNNN
-        elsif endian == LITTLE_ENDIAN
-            format = FMT_VVVV
-        end
-        bytes = io.read 16
-        if not bytes 
-            raise EOFError, 'Missing PCAP packet header'
-        end
-        if not bytes.length == 16
-            raise ParseError, "Truncated PCAP packet header: expected 16 bytes, got #{bytes.length} bytes"
-        end
-        ts_sec, ts_usec, caplen, len = bytes.unpack format
-        pkt = io.read(caplen)
-        if not pkt 
-            raise ParseError, 'Missing PCAP packet header packet'
-        end
-        if not pkt.length == caplen
-            raise ParseError, "Truncated PCAP packet header: expected #{pkthdr.caplen} bytes, got #{pkthdr.pkt.length} bytes"
-        end
-        pkthdr = Pkthdr.new endian, ts_sec, ts_usec, caplen, len, pkt
-        return pkthdr
-    end
-
-    def write io
-        if @pkt.is_a? String
-            pkt = @pkt
-        else
-            string_io = StringIO.new
-            @pkt.write string_io
-            pkt = string_io.string
-        end
-        len = pkt.length
-        bytes = [@ts_sec, @ts_usec, len, len].pack FMT_NNNN
-        io.write bytes
-        io.write pkt
-    end
-
-    def decode! endian, linktype
-        @pkt = case linktype
-        when DLT_NULL;      Pkthdr.decode_null endian, @pkt
-        when DLT_EN10MB;    Pkthdr.decode_en10mb @pkt
-        when DLT_RAW;       raise NotImplementedError
-        when DLT_LINUX_SLL; Pkthdr.decode_linux_sll @pkt
-        else raise ParseError, "Unknown PCAP linktype: #{linktype}"
-        end
-    end
-
-    # See http://wiki.wireshark.org/NullLoopback
-    # and epan/aftypes.h in wireshark code.
-    BSD_AF_INET6 = [
-        OPENBSD_AF_INET6 = 24,
-        FREEBSD_AF_INET6 = 28,
-        DARWIN_AF_INET6 = 30
-    ]
-
-    def self.decode_null endian, bytes
-        Pcap.assert bytes.length >= 4, 'Truncated PCAP packet header: ' +
-            "expected at least 4 bytes, got #{bytes.length} bytes"
-        if endian == BIG_ENDIAN
-            format = 'N'
-        elsif endian == LITTLE_ENDIAN
-            format = 'V'
-        end
-        family = bytes[0, 4].unpack(format)[0]
-        bytes = bytes[4..-1]
-        ethernet = Ethernet.new
-        ethernet.src = '00:01:01:00:00:01'
-        ethernet.dst = '00:01:01:00:00:02'
-        ethernet.payload = ethernet.payload_raw = bytes
-        if family != Socket::AF_INET and family != Socket::AF_INET6 and
-                not BSD_AF_INET6.include?(family)
-            raise ParseError, "Unknown PCAP packet header family: #{family}"
-        end
-        begin
-            case family
-            when Socket::AF_INET
-                ethernet.type = Ethernet::ETHERTYPE_IP
-                ethernet.payload = IPv4.from_bytes ethernet.payload
-            when Socket::AF_INET6, FREEBSD_AF_INET6, OPENBSD_AF_INET6, DARWIN_AF_INET6
-                ethernet.type = Ethernet::ETHERTYPE_IP6
-                ethernet.payload = IPv6.from_bytes ethernet.payload
-            else
-                raise NotImplementedError
-            end
-        rescue ParseError => e
-            Pcap.warning e
-        end
-        return ethernet
-    end
-
-    def self.decode_en10mb bytes
-        return Ethernet.from_bytes(bytes)
-    end
-
-    def self.decode_linux_sll bytes
-        Pcap.assert bytes.length >= 16, 'Truncated PCAP packet header: ' +
-            "expected at least 16 bytes, got #{bytes.length} bytes"
-        packet_type, link_type, addr_len = bytes.unpack('nnn')
-        type = bytes[14, 2].unpack('n')[0]
-        bytes = bytes[16..-1]
-        ethernet = Ethernet.new
-        ethernet.type = type
-        ethernet.src = '00:01:01:00:00:01'
-        ethernet.dst = '00:01:01:00:00:02'
-        ethernet.payload = ethernet.payload_raw = bytes 
-        begin
-            case type
-            when Ethernet::ETHERTYPE_IP
-                ethernet.payload = IPv4.from_bytes ethernet.payload
-            when Ethernet::ETHERTYPE_IP6
-                ethernet.payload = IPv6.from_bytes ethernet.payload
-            end
-        rescue ParseError => e
-            Pcap.warning e
-        end
-        return ethernet
-    end
-
-    def == other
-        return self.class == other.class &&
-            self.endian   == other.endian &&
-            self.ts_sec   == other.ts_sec &&
-            self.ts_usec  == other.ts_usec &&
-            self.caplen   == other.caplen &&
-            self.len      == other.len &&
-            self.pkt      == other.pkt
-    end
-end
-
-end
-end
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+
+module Mu
+class Pcap
+
+class Pkthdr
+    attr_accessor :endian, :ts_sec, :ts_usec, :caplen, :len, :pkt, :pkt_raw
+
+    def initialize endian=BIG_ENDIAN, ts_sec=0, ts_usec=0, caplen=0, len=0, pkt=nil
+        @endian = endian
+        @ts_sec = ts_sec
+        @ts_usec = ts_usec
+        @caplen = caplen
+        @len = len
+        @pkt = pkt
+        @pkt_raw = pkt
+    end
+
+    FMT_NNNN = 'NNNN'
+    FMT_VVVV = 'VVVV'
+    def self.read io, endian=BIG_ENDIAN
+        if endian == BIG_ENDIAN
+            format = FMT_NNNN
+        elsif endian == LITTLE_ENDIAN
+            format = FMT_VVVV
+        end
+        bytes = io.read 16
+        if not bytes 
+            raise EOFError, 'Missing PCAP packet header'
+        end
+        if not bytes.length == 16
+            raise ParseError, "Truncated PCAP packet header: expected 16 bytes, got #{bytes.length} bytes"
+        end
+        ts_sec, ts_usec, caplen, len = bytes.unpack format
+        pkt = io.read(caplen)
+        if not pkt 
+            raise ParseError, 'Missing PCAP packet header packet'
+        end
+        if not pkt.length == caplen
+            raise ParseError, "Truncated PCAP packet header: expected #{pkthdr.caplen} bytes, got #{pkthdr.pkt.length} bytes"
+        end
+        pkthdr = Pkthdr.new endian, ts_sec, ts_usec, caplen, len, pkt
+        return pkthdr
+    end
+
+    def write io
+        if @pkt.is_a? String
+            pkt = @pkt
+        else
+            string_io = StringIO.new
+            @pkt.write string_io
+            pkt = string_io.string
+        end
+        len = pkt.length
+        bytes = [@ts_sec, @ts_usec, len, len].pack FMT_NNNN
+        io.write bytes
+        io.write pkt
+    end
+
+    def decode! endian, linktype
+        @pkt = case linktype
+        when DLT_NULL;      Pkthdr.decode_null endian, @pkt
+        when DLT_EN10MB;    Pkthdr.decode_en10mb @pkt
+        when DLT_RAW;       raise NotImplementedError
+        when DLT_LINUX_SLL; Pkthdr.decode_linux_sll @pkt
+        else raise ParseError, "Unknown PCAP linktype: #{linktype}"
+        end
+    end
+
+    # See http://wiki.wireshark.org/NullLoopback
+    # and epan/aftypes.h in wireshark code.
+    BSD_AF_INET6 = [
+        OPENBSD_AF_INET6 = 24,
+        FREEBSD_AF_INET6 = 28,
+        DARWIN_AF_INET6 = 30
+    ]
+
+    def self.decode_null endian, bytes
+        Pcap.assert bytes.length >= 4, 'Truncated PCAP packet header: ' +
+            "expected at least 4 bytes, got #{bytes.length} bytes"
+        if endian == BIG_ENDIAN
+            format = 'N'
+        elsif endian == LITTLE_ENDIAN
+            format = 'V'
+        end
+        family = bytes[0, 4].unpack(format)[0]
+        bytes = bytes[4..-1]
+        ethernet = Ethernet.new
+        ethernet.src = '00:01:01:00:00:01'
+        ethernet.dst = '00:01:01:00:00:02'
+        ethernet.payload = ethernet.payload_raw = bytes
+        if family != Socket::AF_INET and family != Socket::AF_INET6 and
+                not BSD_AF_INET6.include?(family)
+            raise ParseError, "Unknown PCAP packet header family: #{family}"
+        end
+        begin
+            case family
+            when Socket::AF_INET
+                ethernet.type = Ethernet::ETHERTYPE_IP
+                ethernet.payload = IPv4.from_bytes ethernet.payload
+            when Socket::AF_INET6, FREEBSD_AF_INET6, OPENBSD_AF_INET6, DARWIN_AF_INET6
+                ethernet.type = Ethernet::ETHERTYPE_IP6
+                ethernet.payload = IPv6.from_bytes ethernet.payload
+            else
+                raise NotImplementedError
+            end
+        rescue ParseError => e
+            Pcap.warning e
+        end
+        return ethernet
+    end
+
+    def self.decode_en10mb bytes
+        return Ethernet.from_bytes(bytes)
+    end
+
+    def self.decode_linux_sll bytes
+        Pcap.assert bytes.length >= 16, 'Truncated PCAP packet header: ' +
+            "expected at least 16 bytes, got #{bytes.length} bytes"
+        packet_type, link_type, addr_len = bytes.unpack('nnn')
+        type = bytes[14, 2].unpack('n')[0]
+        bytes = bytes[16..-1]
+        ethernet = Ethernet.new
+        ethernet.type = type
+        ethernet.src = '00:01:01:00:00:01'
+        ethernet.dst = '00:01:01:00:00:02'
+        ethernet.payload = ethernet.payload_raw = bytes 
+        begin
+            case type
+            when Ethernet::ETHERTYPE_IP
+                ethernet.payload = IPv4.from_bytes ethernet.payload
+            when Ethernet::ETHERTYPE_IP6
+                ethernet.payload = IPv6.from_bytes ethernet.payload
+            end
+        rescue ParseError => e
+            Pcap.warning e
+        end
+        return ethernet
+    end
+
+    def == other
+        return self.class == other.class &&
+            self.endian   == other.endian &&
+            self.ts_sec   == other.ts_sec &&
+            self.ts_usec  == other.ts_usec &&
+            self.caplen   == other.caplen &&
+            self.len      == other.len &&
+            self.pkt      == other.pkt
+    end
+end
+
+end
+end

data/lib/diy/parser/mu/pcap/reader.rb

@@ -1,61 +1,61 @@
-# http://www.mudynamics.com
-# http://labs.mudynamics.com
-# http://www.pcapr.net
-
-module Mu
-class Pcap
-
-class Reader
-    attr_accessor :pcap2scenario
-
-    FAMILY_TO_READER = {}
-
-    # Returns a reader instance of specified family. Returns nil when family is :none.
-    def self.reader family
-        if family == :none
-            return nil
-        end
-
-        if klass = FAMILY_TO_READER[family]
-            return klass.new
-        end
-
-        raise ArgumentError, "Unknown protocol family: '#{family}'"
-    end
-
-    # Returns family name 
-    def family
-        raise NotImplementedError
-    end
-
-    # Notify parser of bytes written. Parser may update state
-    # to serve as a hint for subsequent reads.
-    def record_write bytes, state=nil
-        begin
-            do_record_write bytes, state
-        rescue
-            nil
-        end
-    end
-
-    # Returns next complete message from byte stream or nil. 
-    def read_message bytes, state=nil
-        read_message! bytes.dup, state
-    end
-
-    # Mutating form of read_message. Removes a complete message
-    # from input stream. Returns the message or nil if there. 
-    # is not a complete message.
-    def read_message! bytes, state=nil
-        begin
-            do_read_message! bytes, state
-        rescue
-            nil
-        end
-    end
-
-end
-end
-end
-
-require 'mu/pcap/reader/http_family'
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+
+module Mu
+class Pcap
+
+class Reader
+    attr_accessor :pcap2scenario
+
+    FAMILY_TO_READER = {}
+
+    # Returns a reader instance of specified family. Returns nil when family is :none.
+    def self.reader family
+        if family == :none
+            return nil
+        end
+
+        if klass = FAMILY_TO_READER[family]
+            return klass.new
+        end
+
+        raise ArgumentError, "Unknown protocol family: '#{family}'"
+    end
+
+    # Returns family name 
+    def family
+        raise NotImplementedError
+    end
+
+    # Notify parser of bytes written. Parser may update state
+    # to serve as a hint for subsequent reads.
+    def record_write bytes, state=nil
+        begin
+            do_record_write bytes, state
+        rescue
+            nil
+        end
+    end
+
+    # Returns next complete message from byte stream or nil. 
+    def read_message bytes, state=nil
+        read_message! bytes.dup, state
+    end
+
+    # Mutating form of read_message. Removes a complete message
+    # from input stream. Returns the message or nil if there. 
+    # is not a complete message.
+    def read_message! bytes, state=nil
+        begin
+            do_read_message! bytes, state
+        rescue
+            nil
+        end
+    end
+
+end
+end
+end
+
+require 'mu/pcap/reader/http_family'

data/lib/diy/parser/mu/pcap/reader/http_family.rb

@@ -1,170 +1,170 @@
-# http://www.mudynamics.com
-# http://labs.mudynamics.com
-# http://www.pcapr.net
-
-require 'mu/pcap/reader'
-require 'stringio'
-require 'zlib'
-
-module Mu
-class Pcap
-class Reader
-
-# Reader for HTTP family of protocols (HTTP/SIP/RTSP).
-# Handles message boundaries and decompressing/dechunking payloads.
-class HttpFamily < Reader
-    FAMILY = :http
-    FAMILY_TO_READER[FAMILY] = self
-    CRLF = "\r\n"
-    def family
-        FAMILY
-    end
-
-    def do_record_write bytes, state=nil
-        return if not state
-        if bytes =~ RE_REQUEST_LINE
-            method  = $1
-            requests = state[:requests] ||= []
-            requests << method
-        end
-    end
-    private :do_record_write
-
-    RE_CONTENT_ENCODING = /^content-encoding:\s*(gzip|deflate)/i
-    RE_CHUNKED = /Transfer-Encoding:\s*chunked/i
-    RE_HEADERS_COMPLETE = /.*?\r\n\r\n/m
-    # Request line e.g. GET /index.html HTTP/1.1
-    RE_REQUEST_LINE = /\A([^ \t\r\n]+)[ \t]+([^ \t\r\n]+)[ \t]+(HTTP|SIP|RTSP)\/[\d.]+.*\r\n/
-    # Status line e.g. SIP/2.0 404 Authorization required
-    RE_STATUS_LINE = /\A((HTTP|SIP|RTSP)\/[\d.]+[ \t]+(\d+))\b.*\r\n/
-
-    RE_CONTENT_LENGTH = /^(Content-Length)(:\s*)(\d+)\r\n/i
-    RE_CONTENT_LENGTH_SIP = /^(Content-Length|l)(:\s*)(\d+)\r\n/i
-
-
-    def do_read_message! bytes, state=nil
-        case bytes
-        when RE_REQUEST_LINE
-            proto = $3
-        when RE_STATUS_LINE
-            proto = $2
-            status = $3.to_i
-            if state
-                requests = state[:requests] ||= []
-                if requests[0] == "HEAD"
-                    reply_to_head = true
-                end
-                if status > 199
-                    # We have a final response. Forget about request.
-                    requests.shift
-                end
-            end
-        else
-            return nil # Not http family.
-        end
-
-        # Read headers
-        if bytes =~ RE_HEADERS_COMPLETE
-            headers = $&
-            rest = $'
-        else
-            return nil
-        end
-        message = [headers]
-
-        # Read payload.
-        if proto == 'SIP'
-            re_content_length = RE_CONTENT_LENGTH_SIP
-        else
-            re_content_length = RE_CONTENT_LENGTH
-        end
-        if reply_to_head
-            length = 0
-        elsif headers =~ RE_CHUNKED
-            # Read chunks, dechunking in runtime case.
-            raw, dechunked = get_chunks(rest)
-            if raw
-                length = raw.length
-                payload =  raw 
-            else
-                return nil # Last chunk not received.
-            end
-        elsif headers =~ re_content_length
-            length = $3.to_i
-            if rest.length >= length
-                payload = rest.slice(0,length)
-            else
-                return nil # Not enough bytes.
-            end
-        else
-            # XXX. When there is a payload and no content-length
-            # header HTTP RFC says to read until connection close.
-            length = 0
-        end
-
-        message << payload
-
-        # Consume message from input bytes.
-        message_len = headers.length + length
-        if bytes.length >= message_len
-            bytes.slice!(0, message_len)
-            return message.join
-        else
-            return nil # Not enough bytes.
-        end
-    end
-    private :do_read_message!
-
-    # Returns array containing raw and dechunked payload. Returns nil
-    # if payload cannot be completely read.
-    RE_CHUNK_SIZE_LINE = /\A([[:xdigit:]]+)\r\n?/
-    def get_chunks bytes
-        raw = []
-        dechunked = []
-        io = StringIO.new bytes
-        until io.eof?
-            # Read size line
-            size_line = io.readline 
-            raw << size_line
-            if size_line =~ RE_CHUNK_SIZE_LINE
-                chunk_size = $1.to_i(16)
-            else
-                # Malformed chunk size line
-                $stderr.puts "malformed size line : #{size_line.inspect}"
-                return nil
-            end
-
-            # Read chunk data
-            chunk = io.read(chunk_size)
-            if chunk.size < chunk_size
-                # malformed/incomplete
-                $stderr.puts "malformed/incomplete #{chunk_size}"
-                return nil
-            end
-            raw << chunk
-            dechunked << chunk
-            # Get end-of-chunk CRLF
-            crlf = io.read(2)
-            if crlf == CRLF
-                raw << crlf
-            else
-                # CRLF has not arrived or, if this is the last chunk,
-                # we might be looking at the first two bytes of a trailer
-                # and we don't support trailers (see rfc 2616 sec3.6.1).
-                return nil
-            end
-
-            if chunk_size == 0
-                # Done. Return raw and dechunked payloads.
-                return raw.join, dechunked.join
-            end
-        end
-
-        # EOF w/out reaching last chunk.
-        return nil
-    end
-end
-
-end
-end
-end
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+
+require 'mu/pcap/reader'
+require 'stringio'
+require 'zlib'
+
+module Mu
+class Pcap
+class Reader
+
+# Reader for HTTP family of protocols (HTTP/SIP/RTSP).
+# Handles message boundaries and decompressing/dechunking payloads.
+class HttpFamily < Reader
+    FAMILY = :http
+    FAMILY_TO_READER[FAMILY] = self
+    CRLF = "\r\n"
+    def family
+        FAMILY
+    end
+
+    def do_record_write bytes, state=nil
+        return if not state
+        if bytes =~ RE_REQUEST_LINE
+            method  = $1
+            requests = state[:requests] ||= []
+            requests << method
+        end
+    end
+    private :do_record_write
+
+    RE_CONTENT_ENCODING = /^content-encoding:\s*(gzip|deflate)/i
+    RE_CHUNKED = /Transfer-Encoding:\s*chunked/i
+    RE_HEADERS_COMPLETE = /.*?\r\n\r\n/m
+    # Request line e.g. GET /index.html HTTP/1.1
+    RE_REQUEST_LINE = /\A([^ \t\r\n]+)[ \t]+([^ \t\r\n]+)[ \t]+(HTTP|SIP|RTSP)\/[\d.]+.*\r\n/
+    # Status line e.g. SIP/2.0 404 Authorization required
+    RE_STATUS_LINE = /\A((HTTP|SIP|RTSP)\/[\d.]+[ \t]+(\d+))\b.*\r\n/
+
+    RE_CONTENT_LENGTH = /^(Content-Length)(:\s*)(\d+)\r\n/i
+    RE_CONTENT_LENGTH_SIP = /^(Content-Length|l)(:\s*)(\d+)\r\n/i
+
+
+    def do_read_message! bytes, state=nil
+        case bytes
+        when RE_REQUEST_LINE
+            proto = $3
+        when RE_STATUS_LINE
+            proto = $2
+            status = $3.to_i
+            if state
+                requests = state[:requests] ||= []
+                if requests[0] == "HEAD"
+                    reply_to_head = true
+                end
+                if status > 199
+                    # We have a final response. Forget about request.
+                    requests.shift
+                end
+            end
+        else
+            return nil # Not http family.
+        end
+
+        # Read headers
+        if bytes =~ RE_HEADERS_COMPLETE
+            headers = $&
+            rest = $'
+        else
+            return nil
+        end
+        message = [headers]
+
+        # Read payload.
+        if proto == 'SIP'
+            re_content_length = RE_CONTENT_LENGTH_SIP
+        else
+            re_content_length = RE_CONTENT_LENGTH
+        end
+        if reply_to_head
+            length = 0
+        elsif headers =~ RE_CHUNKED
+            # Read chunks, dechunking in runtime case.
+            raw, dechunked = get_chunks(rest)
+            if raw
+                length = raw.length
+                payload =  raw 
+            else
+                return nil # Last chunk not received.
+            end
+        elsif headers =~ re_content_length
+            length = $3.to_i
+            if rest.length >= length
+                payload = rest.slice(0,length)
+            else
+                return nil # Not enough bytes.
+            end
+        else
+            # XXX. When there is a payload and no content-length
+            # header HTTP RFC says to read until connection close.
+            length = 0
+        end
+
+        message << payload
+
+        # Consume message from input bytes.
+        message_len = headers.length + length
+        if bytes.length >= message_len
+            bytes.slice!(0, message_len)
+            return message.join
+        else
+            return nil # Not enough bytes.
+        end
+    end
+    private :do_read_message!
+
+    # Returns array containing raw and dechunked payload. Returns nil
+    # if payload cannot be completely read.
+    RE_CHUNK_SIZE_LINE = /\A([[:xdigit:]]+)\r\n?/
+    def get_chunks bytes
+        raw = []
+        dechunked = []
+        io = StringIO.new bytes
+        until io.eof?
+            # Read size line
+            size_line = io.readline 
+            raw << size_line
+            if size_line =~ RE_CHUNK_SIZE_LINE
+                chunk_size = $1.to_i(16)
+            else
+                # Malformed chunk size line
+                $stderr.puts "malformed size line : #{size_line.inspect}"
+                return nil
+            end
+
+            # Read chunk data
+            chunk = io.read(chunk_size)
+            if chunk.size < chunk_size
+                # malformed/incomplete
+                $stderr.puts "malformed/incomplete #{chunk_size}"
+                return nil
+            end
+            raw << chunk
+            dechunked << chunk
+            # Get end-of-chunk CRLF
+            crlf = io.read(2)
+            if crlf == CRLF
+                raw << crlf
+            else
+                # CRLF has not arrived or, if this is the last chunk,
+                # we might be looking at the first two bytes of a trailer
+                # and we don't support trailers (see rfc 2616 sec3.6.1).
+                return nil
+            end
+
+            if chunk_size == 0
+                # Done. Return raw and dechunked payloads.
+                return raw.join, dechunked.join
+            end
+        end
+
+        # EOF w/out reaching last chunk.
+        return nil
+    end
+end
+
+end
+end
+end