DIY-pcap 0.2.5 → 0.2.6

data/bin/pcap

@@ -1,67 +1,7 @@
 $LOAD_PATH.unshift File.join( File.dirname(__FILE__), '..', 'lib' )
 require 'rubygems'
 require 'diy-pcap'
-require 'diy/task'
 
-require 'optparse'
+$_PORT = "7878"
 
-options = {
-  :ip => "0.0.0.0:7878",
-}
-
-OptionParser.new do |opts|
-  
-  opts.on("-f file", "File will be parsed") do |v|
-    options[:file] = v
-  end
-  
-  opts.on("-i ip", "--ip ip", "client or server : 0.0.0.0 or 0.0.0.0:7878", "default is 0.0.0.0:7878") do |v|
-    options[:ip] = v
-  end
-  
-  opts.on("-n device_name", "--name device_name", "Send or Recv device name") do |v|
-    options[:device_name] = v
-  end
-  
-  opts.on_tail("--show", "Show all devices name and exit") do 
-    require 'diy/device_finder'
-    DIY::DeviceFinder.pp_devices
-    exit 0
-  end
-  
-  opts.on_tail('-v','--version', 'Show version') do
-    puts DIY::PCAP::VERSION
-    exit 0
-  end
-  
-  opts.on_tail('-V', 'detail mode') do
-    DIY::Logger.level = ::Logger::DEBUG
-  end
-  
-  opts.on_tail('-h','--help', 'Show this help') do
-    puts opts
-    exit 0
-  end
-end.parse!
-
-if options[:file]
-  require File.join( Dir.pwd, options[:file] )
-else
-  ip = options[:ip]
-  if ip.include?(':')
-    uri = "druby://#{ip}"
-  else
-    uri = "druby://#{ip}:7878"
-  end
-  
-  if options[:device_name]
-    device_name = options[:device_name]
-  else
-    require 'diy/device_finder'
-    device_name = DIY::DeviceFinder.smart_select
-  end
-  DIY::Logger.info( "Initialize Live: #{device_name}" )
-  device = DIY::Live.new(device_name) #FFI::PCap::Live.new(:dev=>device_name, :handler => FFI::PCap::Handler, :promisc => true)
-  worker = DIY::Worker.new(device)
-  DIY::WorkerKeeper.new(worker, uri).run
-end
+require 'diy/command'

data/bin/rpcap

@@ -1,68 +1,7 @@
 $LOAD_PATH.unshift File.join( File.dirname(__FILE__), '..', 'lib' )
 require 'rubygems'
 require 'diy-pcap'
-require 'diy/task'
 
-require 'optparse'
+$_PORT = "7879"
 
-options = {
-  :ip => "0.0.0.0:7879",
-}
-
-OptionParser.new do |opts|
-  
-  opts.on("-f file", "File will be parsed") do |v|
-    options[:file] = v
-  end
-  
-  opts.on("-i ip", "--ip ip", "client or server : 0.0.0.0 or 0.0.0.0:7879", "default is 0.0.0.0:7879") do |v|
-    options[:ip] = v
-  end
-  
-  opts.on("-n device_name", "--name device_name", "Send or Recv device name") do |v|
-    options[:device_name] = v
-  end
-  
-  opts.on_tail("--show", "Show all devices name and exit") do 
-    require 'diy/device_finder'
-    DIY::DeviceFinder.pp_devices
-    exit 0
-  end
-  
-  opts.on_tail('-v','--version', 'Show version') do
-    puts DIY::PCAP::VERSION
-    exit 0
-  end
-  
-  opts.on_tail('-V', 'detail mode') do
-    DIY::Logger.level = ::Logger::DEBUG
-  end
-  
-  opts.on_tail('-h','--help', 'Show this help') do
-    puts opts
-    exit 0
-  end
-end.parse!
-
-if options[:file]
-  $SERVER = true
-  require File.join( Dir.pwd, options[:file])
-else
-  ip = options[:ip]
-  if ip.include?(':')
-    uri = "druby://#{ip}"
-  else
-    uri = "druby://#{ip}:7879"
-  end
-  
-  if options[:device_name]
-    device_name = options[:device_name]
-  else
-    require 'diy/device_finder'
-    device_name = DIY::DeviceFinder.smart_select
-  end
-  DIY::Logger.info( "Initialize Live: #{device_name}" )
-  device = DIY::Live.new(device_name) #FFI::PCap::Live.new(:dev=>device_name, :handler => FFI::PCap::Handler, :promisc => true)
-  worker = DIY::Worker.new(device)
-  DIY::WorkerKeeper.new(worker, uri).run
-end
+require 'diy/command'

data/lib/diy/command.rb

@@ -0,0 +1,80 @@
+
+require 'diy/task'
+require 'optparse'
+
+pcap_port = "7878"
+rpcap_port = "7879"
+
+if ! $_PORT
+  puts "Must set $_PORT value before call me"
+  exit 1
+end
+
+options = {
+  :ip => "0.0.0.0:#{$_PORT}",
+}
+
+OptionParser.new do |opts|
+  
+  opts.on("-f file", "File will be parsed") do |v|
+    options[:file] = v
+  end
+  
+  opts.on("-i ip", "--ip ip", "client or server : 0.0.0.0 or 0.0.0.0:#{$_PORT}", "default is 0.0.0.0:#{$_PORT}") do |v|
+    options[:ip] = v
+  end
+  
+  opts.on("-n device_name", "--name device_name", "Send or Recv device name") do |v|
+    options[:device_name] = v
+  end
+  
+  opts.on_tail("--show", "Show all devices name and exit") do 
+    require 'diy/device_finder'
+    DIY::DeviceFinder.pp_devices
+    exit 0
+  end
+  
+  opts.on_tail("--timer","Use TimerIdConv module instead of DRb's default idconv") do
+    options[:timer] = true
+  end
+  
+  opts.on_tail('-v','--version', 'Show version') do
+    puts DIY::PCAP::VERSION
+    exit 0
+  end
+  
+  opts.on_tail('-V', 'detail mode') do
+    DIY::Logger.level = ::Logger::DEBUG
+    DIY::Logger.debug "Enable debug mode"
+  end
+  
+  opts.on_tail('-h','--help', 'Show this help and exit') do
+    puts opts
+    exit 0
+  end
+end.parse!
+
+if options[:file]
+  require File.join( Dir.pwd, options[:file] )
+else
+  ip = options[:ip]
+  if ip.include?(':')
+    uri = "druby://#{ip}"
+  else
+    uri = "druby://#{ip}:#{$_PORT}"
+  end
+  
+  if options[:device_name]
+    device_name = options[:device_name]
+  else
+    require 'diy/device_finder'
+    device_name = DIY::DeviceFinder.smart_select
+  end
+  device = DIY::Live.new(device_name)
+  worker = DIY::Worker.new(device)
+  worker_keeper = DIY::WorkerKeeper.new(worker, uri)
+  if options[:timer]
+    worker_keeper.use_timeridconv
+  end
+  worker_keeper.run
+end

data/lib/diy/device_finder.rb

@@ -3,7 +3,7 @@ module DIY
     class <<self
       def smart_select
         ret = devices.find do |device, net|
-          !device.match(/dialup/) && net != nil
+          !device.match(/dialup/) && net != nil && net != "0.0.0.0/0.0.0.0"
         end
         if ret
           ret[0]

data/lib/diy/dig.rb

@@ -10,4 +10,6 @@ require 'diy/strategy_builder'
 require 'diy/strategy'
 
 require 'diy/worker'
-require 'diy/worker_keeper'
+require 'diy/worker_keeper'
+
+autoload :Mu, "diy/parser/pcap"

data/lib/diy/live.rb

@@ -7,6 +7,7 @@ module DIY
     def initialize(device_name)
       DIY::Logger.info( "Initialize Live: #{device_name}" )
       @live = FFI::PCap::Live.new(:dev=>device_name, :handler => FFI::PCap::CopyHandler, :promisc => true)
+      DIY::Logger.info( "Listen on:  #{net} " )
       #~ @live.non_blocking= true
     end
     attr_reader :live
@@ -27,6 +28,10 @@ module DIY
       end
     end
     
+    def net
+      @live.network + " / " + @live.netmask
+    end
+    
   end # end of class Live
   
 end

data/lib/diy/parser/mu/fixnum_ext.rb

@@ -0,0 +1,7 @@
+if RUBY_VERSION == '1.8.6'
+  class Fixnum
+    def ord
+      self
+    end
+  end
+end

data/lib/diy/parser/mu/pcap/ethernet.rb

@@ -0,0 +1,148 @@
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+
+module Mu
+class Pcap
+
+class Ethernet < Packet
+    attr_accessor :src, :dst, :type
+    
+    ETHERTYPE_IP  = 0x0800
+    ETHERTYPE_IP6 = 0x86dd
+    ETHERTYPE_ARP = 0x0806
+    ETHERTYPE_PPPOE_SESSION = 0x8864
+    ETHERTYPE_802_1Q = 0X8100
+
+    PPP_IP   = 0x0021
+    PPP_IPV6 = 0x0057 
+
+    def initialize src=nil, dst=nil, type=0
+        super()
+        @src = src
+        @dst = dst
+        @type = type
+    end
+
+    def flow_id
+        if not @payload or @payload.is_a? String
+            return [:ethernet, @src, @dst, @type]
+        else
+            return @payload.flow_id
+        end
+    end
+
+    FMT_MAC = "C6"
+    FMT_n = 'n'
+    MAC_TEMPLATE = '%02x:%02x:%02x:%02x:%02x:%02x'
+    def self.from_bytes bytes
+        if bytes.length < 14
+            raise ParseError, "Truncated Ethernet header: expected 14 bytes, got #{bytes.length} bytes"
+        end
+
+        dst = bytes.slice!(0,6).unpack FMT_MAC
+        dst = MAC_TEMPLATE % dst
+        src = bytes.slice!(0,6).unpack FMT_MAC
+        src = MAC_TEMPLATE % src
+        type = bytes.slice!(0,2).unpack(FMT_n)[0]
+        while (type == ETHERTYPE_802_1Q)
+            # Skip 4 bytes for 802.1q vlan tag field
+            bytes.slice!(0,2)
+            type = bytes.slice!(0,2).unpack(FMT_n)[0]
+        end
+        ethernet = Ethernet.new src, dst, type
+        ethernet.payload = bytes
+        ethernet.payload_raw = bytes
+        begin
+            case type
+            when ETHERTYPE_IP
+                ethernet.payload = IPv4.from_bytes bytes
+            when ETHERTYPE_IP6
+                ethernet.payload = IPv6.from_bytes bytes
+            when ETHERTYPE_PPPOE_SESSION
+                # Remove PPPoE/PPP session layer
+                ethernet.payload = bytes
+                ethernet.remove_pppoe!
+            else
+                ethernet.payload = bytes
+            end
+        rescue ParseError => e
+            Pcap.warning e
+        end
+        return ethernet
+    end
+
+    def ip?
+        return payload.is_a?(IP)
+    end
+    
+    ADDR_TO_BYTES = {}
+    FMT_HEADER = 'a6a6n'
+    def write io
+        dst_mac = ADDR_TO_BYTES[@dst] ||= @dst.split(':').inject('') {|m, b| m << b.to_i(16).chr}
+        src_mac = ADDR_TO_BYTES[@src] ||= @src.split(':').inject('') {|m, b| m << b.to_i(16).chr}
+        bytes = [dst_mac, src_mac, @type].pack(FMT_HEADER)
+        io.write bytes
+        if @payload.is_a? String
+            io.write @payload
+        else
+            @payload.write io
+        end
+    end
+
+    # Remove the PPPoE and PPP headers.  PPPoE is documented in RFC 2516.
+    def remove_pppoe!
+        bytes = self.payload_raw
+
+        # Remove PPPoE header
+        Pcap.assert bytes.length >= 6, 'Truncated PPPoE header: ' +
+            "expected at least 6 bytes, got #{bytes.length} bytes"
+        version_type, code, session_id, length = bytes.unpack 'CCnn'
+        version = version_type >> 4 & 0b1111
+        type    = version_type      & 0b1111
+        Pcap.assert version == 1, "Unknown PPPoE version: #{version}"
+        Pcap.assert type == 1, "Unknown PPPoE type: #{type}"
+        Pcap.assert code == 0, "Unknown PPPoE code: #{code}"
+        bytes = bytes[6..-1]
+        Pcap.assert bytes.length >= length, 'Truncated PPoE packet: ' +
+            "expected #{length} bytes, got #{bytes.length} bytes"
+        
+        # Remove PPP header
+        Pcap.assert bytes.length >= 2, 'Truncated PPP packet: ' +
+            "expected at least bytes, got #{bytes.length} bytes"
+        protocol_id, = bytes.unpack 'n'
+        bytes = bytes[2..-1]
+        case protocol_id
+        when PPP_IP
+            self.payload = IPv4.from_bytes bytes
+            self.payload_raw = bytes
+            self.type = ETHERTYPE_IP
+        when PPP_IPV6
+            self.payload = IPv6.from_bytes bytes
+            self.payload_raw = bytes
+            self.type = ETHERTYPE_IP6
+        else
+            # Failed.  Don't update payload or type.
+            raise ParseError, "Unknown PPP protocol: 0x#{'%04x' % protocol_id}"
+        end
+    end
+
+    def to_s
+        if @payload.is_a? String
+            payload = @payload.inspect
+        else
+            payload = @payload.to_s
+        end
+        return "ethernet(%s, %s, %d, %s)" % [@src, @dst, @type, payload]
+    end
+
+    def == other
+        return super &&
+            self.src  == other.src &&
+            self.dst  == other.dst &&
+            self.type == other.type
+    end
+end
+
+end
+end

data/lib/diy/parser/mu/pcap/header.rb

@@ -0,0 +1,75 @@
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+
+module Mu
+class Pcap
+
+class Header
+    attr_accessor :magic, :version_major, :version_minor, :thiszone, :sigfigs,
+        :snaplen, :linktype
+
+    BIG_ENDIAN_FORMAT = 'nnNNNN'
+    LITTLE_ENDIAN_FORMAT = 'vvVVVV'
+
+    UNSUPPORTED_FORMATS =  { 
+        0x474D4255 => "NetMon", # "GMBU"
+        0x5452534E => "NA Sniffer (DOS)" # Starts with "TRSNIFF data"
+    }
+
+    def initialize
+        @magic = BIG_ENDIAN
+        @version_major = 2
+        @version_minor = 4
+        @thiszone = 0
+        @sigfigs = 0
+        @snaplen = 1500
+        @linktype = DLT_NULL
+    end
+
+    def self.read ios
+        header = Header.new
+        bytes = ios.read 24
+        Pcap.assert bytes, 'PCAP header missing'
+        Pcap.assert bytes.length == 24, 'Truncated PCAP header: ' +
+            "expected 24 bytes, got #{bytes.length} bytes"
+        header.magic, _ = bytes[0, 4].unpack 'N'
+        if header.magic == BIG_ENDIAN
+            format = BIG_ENDIAN_FORMAT
+        elsif header.magic == LITTLE_ENDIAN
+            format = LITTLE_ENDIAN_FORMAT
+        else 
+            format = UNSUPPORTED_FORMATS[header.magic]
+            if format.nil?
+                err = "Unsupported packet capture format. "
+            else
+                err = "#{format} capture files are not supported. "
+            end
+            raise ParseError, err
+        end
+        header.version_major, header.version_minor, header.thiszone,
+            header.sigfigs, header.snaplen, header.linktype = 
+            bytes[4..-1].unpack format
+        return header
+    end
+
+    def write io
+        bytes = [BIG_ENDIAN, @version_major, @version_minor, @thiszone,
+                 @sigfigs, @snaplen, DLT_EN10MB].pack('N' + BIG_ENDIAN_FORMAT)
+        io.write bytes
+    end
+
+    def == other
+        return self.class      == other.class &&
+            self.magic         == other.magic &&
+            self.version_major == other.version_major &&
+            self.version_minor == other.version_minor &&
+            self.thiszone      == other.thiszone &&
+            self.sigfigs       == other.sigfigs &&
+            self.snaplen       == other.snaplen &&
+            self.linktype      == other.linktype
+    end
+end
+
+end
+end