dot11 0.1.0

data/lib/dot11/macaddress.rb

@@ -0,0 +1,51 @@
+module Dot11
+  class MACAddress
+    include Comparable
+  
+    attr_accessor :prefix_length  
+  
+    def initialize(address)
+      if address.kind_of?(Integer)
+        @address = [address].pack("Q").unpack("C8")[0, 6].reverse
+      elsif address.kind_of?(String) && address =~ /^(.*?)(?:\/(.*))?$/
+        @prefix_length = $2.to_i
+        
+        @address = $1.split(":").map {|octet| octet.to_i(16)}
+      elsif address.kind_of?(Array)
+        @address = address
+      end 
+    end
+  
+    def to_i
+      ("\x00\x00" + @address.pack("C6")).reverse.unpack("Q")[0]
+    end
+  
+    def to_s
+      @address.map{|byte| "%02x" % byte}.join(":") + (@prefix_length == 0 ? "" : "/#{@prefix_length}")
+    end
+  
+    def inspect
+      to_s
+    end
+  
+    def to_arr
+      @address
+    end
+  
+    def [](*index)
+      @address[*index]
+    end
+  
+    def eql?(other)
+      to_i == other.to_i
+    end
+  
+    def ==(other)
+      eql?(other)
+    end
+  
+    def hash
+      to_i.hash
+    end
+  end
+end

data/lib/dot11/packet.rb

@@ -0,0 +1,45 @@
+require File.expand_path(File.join(File.dirname(__FILE__), 'packetset'))
+
+module Dot11
+  class Packet
+    class <<self
+      alias older_new new
+    
+      def new(parameters = {})
+        # Maybe we shouldn't do it this way, but it looks prettier
+        if !parameters.kind_of?(String) && parameters.values.any? {|v| v.kind_of?(Array) || v.kind_of?(Range)}
+          PacketSet.new(self, parameters)
+        else
+          older_new(parameters)
+        end
+      end
+    end
+    
+    def initialize(parameters = {})
+      if parameters.kind_of?(String)
+        dissect(parameters)
+      elsif parameters.kind_of?(Hash)
+        parameters.each_pair do |key, value|
+          send((key.to_s + "=").intern, value)
+        end
+      end
+    end
+  
+    def =~(other)
+      if other.kind_of?(Hash)
+        other.each_pair do |key, value|
+          return false if self.send(key) != value
+        end
+      
+        return true
+      end
+    end
+    
+    def to_filter
+      PacketSet.new(self.class, self.instance_variables.inject({}) do |accum, var| 
+        accum[var[1..-1].intern] = self.instance_variable_get(var).kind_of?(MACAddress) ? self.instance_variable_get(var).to_s : self.instance_variable_get(var).to_s
+        accum
+      end).to_filter
+    end
+  end
+end

data/lib/dot11/packetset.rb

@@ -0,0 +1,253 @@
+module Dot11
+  class PacketSet
+    Pair = Struct.new(:name, :value)
+  
+    attr_accessor :packet_class
+    attr_reader   :fields
+  
+    def initialize(klass, parameters)
+      @fields = []
+
+      @packet_class = klass
+
+      parameters.each_pair do |key, value|
+        @fields << Pair.new(key, value)
+      end
+        
+      @field_sizes = @fields.map do |field|
+        if field.value.respond_to?(:size) && !(field.value.kind_of?(String) || field.value.kind_of?(Numeric))
+          field.value.size
+        elsif field.value.respond_to?(:entries)
+          field.value.entries.size
+        else
+          field.value = [field.value]
+          1
+        end
+      end
+    end
+  
+    def [](index)          
+      indices = @field_sizes.inject([]) do |accumulator, size|
+        remainder = index % size 
+        index /= size # yeah textmate isn't perfect and that's why I need this slash: /      
+        accumulator << remainder
+      end
+    
+      field_hash = {}
+    
+      indices.each_with_index do |index, i|  
+        value = @fields[i].value
+      
+        if value.kind_of?(Array) or value.kind_of?(Range)
+          field_hash[@fields[i].name] = @fields[i].value.entries[index]
+        else
+          field_hash[@fields[i].name] = @fields[i].value
+        end      
+      end
+    
+      out = @packet_class.new(field_hash)
+    
+      out
+    end
+  
+    def size
+      @field_sizes.inject(1) { |product, size| size * product }
+    end
+  
+    def each(prefix = [])
+      size.times do |i|
+        yield self[i]
+      end
+    end
+    
+    def each_with_index
+      size.times do |i|
+        yield self[i], i
+      end
+    end
+
+    def include?(packet)
+      # This is horrrrrribly inefficient. FIXME
+      each do |pkt|
+        return true if packet == pkt
+      end
+    
+      false
+    end
+  
+    def bitrange_to_filter(offset, size, bitrange, desired, negated = false)
+      # TODO: Take bitrange.exclude_end? into account
+      mask = ((2 << (bitrange.end - bitrange.begin)) - 1) << bitrange.begin
+      
+      value = "(ether[#{offset}:#{size}] & #{'%#x' % mask}) >> #{bitrange.begin}"
+      
+      case desired
+      when Range
+        "(#{value} >= #{'%#x' % desired.begin} && #{value} #{desired.exclude_end? ? "<" : "<="} #{'%#x' % desired.end})"
+      when Array
+        # TODO: deal with arrays of ranges
+        '(' + desired.map {|d| "#{value} = #{'%#x' % d}"}.join(" || ") + ')'
+      when Numeric, String
+        "#{value} #{negated ? '!' : ''}= #{'%#x' % desired.to_i}"
+      else
+        raise "unknown"
+      end
+    end
+    
+    def int_to_filter(offset, size, desired, negated = false)
+      value = "ether[#{offset}:#{size}]"
+      
+      case desired
+      when Range
+        "(#{value} >= #{'%#x' % desired.begin} && #{value} #{desired.exclude_end? ? "<" : "<="} #{'%#x' % desired.end})"
+      when Array
+        # TODO: deal with arrays of ranges
+        desired.map {|d| "#{value} #{negated ? '!' : ''}= #{'%#x' % d}"}.join(" || ")
+      when Numeric
+        "#{value} #{negated ? '!' : ''}= #{'%#x' % desired}"
+      else
+        raise "unknown desired: #{desired.inspect}"  
+      end      
+    end
+    
+    def mac_to_filter(offset, size, desired, negated = false)      
+      case desired
+      when Range
+        raise "Range of MAC addresses in filter not yet implemented"
+      when Array
+        '(' + desired.map do |d| 
+          desired = MACAddress.new(desired) if desired.kind_of?(String)
+          first_four = desired[0, 4].pack("CCCC").unpack("N")[0]
+          second_two = desired[4, 2].pack("CC").unpack("n")[0]
+
+          "(ether[#{offset}:2] = #{'%#x' % first_four} && ether[#{offset + 4}:2] = #{'%#x' % second_two})"
+        end.join(" || ") + ')'
+      when Numeric
+
+      when MACAddress, String
+        desired = MACAddress.new(desired) if desired.kind_of?(String)
+        first_four = desired[0, 4].pack("CCCC").unpack("N")[0]
+        second_two = desired[4, 2].pack("CC").unpack("n")[0]
+        
+        
+        if desired.prefix_length == 32
+          "ether[#{offset}:4] = #{'%#x' % first_four}"
+        elsif desired.prefix_length == 48 || desired.prefix_length == 0
+          "(ether[#{offset}:4] = #{'%#x' % first_four} && ether[#{offset + 4}:2] = #{'%#x' % second_two})"
+        else
+          raise "unsupport prefix length #{desired.prefix_length}"  
+        end
+      else
+        raise "unknown"  
+      end
+    end
+    
+    def decode_condition(fields, condition)
+      case condition
+      when Array
+        condition.map{|x| decode_condition(fields, x)}.join(" || ")
+      when Hash
+        condition.map do |key, value|
+          # Decode the nasty negation syntax
+          negated, value = value.kind_of?(Array) && value.size == 1 ? [true, value[0]] : [false, value]
+
+          field_info = fields.find{|x| key == x[0]}[1]
+          
+          case field_info[:type]
+          when :int
+            if field_info.has_key?(:bitrange)
+              bitrange_to_filter(field_info[:offset], field_info[:size], field_info[:bitrange], value, negated)
+            else
+              int_to_filter(field_info[:offset], field_info[:size], value, negated)
+            end
+          when :mac
+            mac_to_filter(field_info[:offset], field_info[:size], value, negated)
+          else
+            raise "unknown"  
+          end
+        end.join(" && ")
+      end
+    end
+  
+    def to_filter
+      fields = @packet_class.fields
+
+      @fields.map do |field|
+        '(' + begin
+          field_info = fields.find{|x| field.name == x[0]}
+          
+          if field_info.nil?
+            raise "nil field_info"
+          end
+          
+          field_info = field_info[1]
+          
+          # We don't really want to do this
+          if field_info.nil?
+            raise "nil field_info 2"
+          end
+                
+          if field_info.has_key?(:condition)
+            if !field_info[:offset].kind_of?(Numeric)
+              field_info[:offset].map do |key, value|
+                '(' + begin
+                  if key == :else
+                    field_info[:offset].keys.reject{|k| k == :else}.map do |k|
+                      '!(' + decode_condition(fields, k) + ')'
+                    end.join(" && ")
+                  else
+                    '(' + decode_condition(fields, key) + ') && (' + begin
+                      case field_info[:type]
+                      when :int
+                        if field_info.has_key?(:bitrange)
+                          bitrange_to_filter(value, field_info[:size], field_info[:bitrange], field.value)
+                        else
+                          int_to_filter(value, field_info[:size], field.value)
+                        end
+                      when :mac
+                        mac_to_filter(value, field_info[:size], field.value)
+                      else
+                        raise "unknown"  
+                      end
+                    end
+                  end
+                end + ')'
+              end.join(" && ")
+            else
+              '((' + decode_condition(fields, field_info[:condition]) +') && ('+ case field_info[:type]
+              when :int
+                if field_info.has_key?(:bitrange)
+                  bitrange_to_filter(field_info[:offset], field_info[:size], field_info[:bitrange], field.value)
+                else
+                  int_to_filter(field_info[:offset], field_info[:size], field.value)
+                end
+              when :mac
+                mac_to_filter(field_info[:offset], field_info[:size], field.value)
+              else
+                raise "unknown"  
+              end + '))'
+            end
+          else
+            if !field_info[:offset].kind_of?(Numeric)
+              p "moo"
+              "can"
+            else
+              case field_info[:type]
+              when :int
+                if field_info.has_key?(:bitrange)
+                  bitrange_to_filter(field_info[:offset], field_info[:size], field_info[:bitrange], field.value)
+                else
+                  int_to_filter(field_info[:offset], field_info[:size], field.value)
+                end
+              when :mac
+                mac_to_filter(field_info[:offset], field_info[:size], field.value)
+              else
+                raise "unknown"  
+              end
+            end
+          end
+        end + ')'
+      end.join(" && ")
+    end
+  end
+end

data/lib/dot11/radiotap.rb

@@ -0,0 +1,37 @@
+require File.expand_path(File.join(File.dirname(__FILE__), 'packet'))
+
+module Dot11
+  class Radiotap < Packet
+    attr_accessor :revision, :pad, :stuff_length, :stuff
+  
+    def data
+      raise "This space intentionally left blank"
+    end
+  
+    def to_s
+      "Radiotap\n" + 
+      "-------------\n" + 
+      "payload:\n" +
+      payload.to_s.indent(6)
+    end
+  
+    def payload
+      return @payload if @payload
+
+      @payload = Dot11.new(@rest)
+    end
+  
+    private
+  
+    def dissect(data)
+      fields = data.unpack("CCv")
+    
+      @data = data
+      @revision = fields[0]
+      @pad = fields[1]
+      @stuff_length = fields[2]
+    
+      @rest = data[@stuff_length..-1]
+    end
+  end
+end

data/lib/dot11/raw.rb

@@ -0,0 +1,19 @@
+require File.expand_path(File.join(File.dirname(__FILE__), 'packet'))
+
+module Dot11
+  class Raw < Packet
+    attr_accessor :data
+  
+    def to_s
+      "Raw\n" +
+      "------\n" +
+      "data: #{data.inspect}\n"
+    end
+  
+    private
+  
+    def dissect(data)
+      @data = data
+    end
+  end
+end

data/tests/dot11_test.rb

@@ -0,0 +1,133 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'dot11', 'dot11'))
+
+include Dot11
+
+def test(klass, raw, packet, test_desc)
+  dissector = (klass.new(raw) == packet)
+  builder = (packet.data == raw)
+  
+  puts "#{klass} dissector #{dissector ? 'passed' : 'failed'} on #{test_desc}"
+  puts "#{klass} builder #{builder ? 'passed' : 'failed'} on #{test_desc}"
+end
+
+#####################################################################################
+
+beacon_raw = "\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x00\x01\xe3\x41\xbd\x6e\x00\x01\xe3\x41\xbd\x6e\x00\x0e"
+beacon = Dot11.new(:type => 0, 
+                   :subtype => 8, 
+                   :version => 0, 
+                   :flags => 0, 
+                   :duration => 0, 
+                   :addr1 => "ff:ff:ff:ff:ff:ff",
+                   :addr2 => "00:01:e3:41:bd:6e",
+                   :addr3 => "00:01:e3:41:bd:6e",
+                   :sc => 0x0e00)
+
+test(Dot11, beacon_raw, beacon, "beacon frame")
+
+#####################################################################################
+
+data_raw = "\x08\x42\x00\x00\xff\xff\xff\xff\xff\xff\x00\x01\xe3\x41\xbd\x6e\x00\x01\xe3\x42\x9e\x2b\x40\x07"
+data = Dot11.new(:type => 2,
+                 :subtype => 0,
+                 :version => 0,
+                 :flags => 0x42,
+                 :duration => 0,
+                 :addr1 => "ff:ff:ff:ff:ff:ff",
+                 :addr2 => "00:01:e3:41:bd:6e",
+                 :addr3 => "00:01:e3:42:9e:2b",
+                 :sc => 0x0740)
+
+test(Dot11, data_raw, data, "data frame")
+
+#####################################################################################
+
+complete_beacon_raw = "\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x00\x01\xe3\x41\xbd\x6e" + 
+                      "\x00\x01\xe3\x41\xbd\x6e\xf0\x02\x86\xf1\x1b\x6a\x02\x00\x00\x00" + 
+                      "\x64\x00\x11\x04\x00\x09\x6d\x61\x72\x74\x69\x6e\x65\x74\x33\x01" + 
+                      "\x08\x82\x84\x8b\x96\x24\x30\x48\x6c\x03\x01\x0b\x05\x04\x00\x01" + 
+                      "\x00\x00\x2a\x01\x04\x2f\x01\x04\x32\x04\x0c\x12\x18\x60\xdd\x06" + 
+                      "\x00\x10\x18\x01\x01\x00\xdd\x16\x00\x50\xf2\x01\x01\x00\x00\x50" + 
+                      "\xf2\x02\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02"
+complete_beacon = Dot11.new(:type => 0,
+                            :subtype => 8,
+                            :version => 0,
+                            :flags => 0,
+                            :duration => 0,
+                            :addr1 => "ff:ff:ff:ff:ff:ff",
+                            :addr2 => "00:01:e3:41:bd:6e",
+                            :addr3 => "00:01:e3:41:bd:6e",
+                            :sc => 0x02f0) /
+                  Dot11Beacon.new(:timestamp => 0x26a1bf186,
+                                  :beacon_interval => 0x64,
+                                  :capabilities => 0x1104) / 
+                  Dot11Elt.new(:id => 0,
+                               :info_length => 9,
+                               :info => "martinet3") / 
+                  Dot11Elt.new(:id => 1,
+                               :info_length => 8,
+                               :info => "\x82\x84\x8b\x96\x24\x30\x48\x6c") / 
+                  Dot11Elt.new(:id => 3,
+                               :info_length => 1,
+                               :info => "\x0b") / 
+                  Dot11Elt.new(:id => 5,
+                               :info_length => 4,
+                               :info => "\x00\x01\x00\x00") / 
+                  Dot11Elt.new(:id => 42,
+                               :info_length => 1,
+                               :info => "\x04") / 
+                  Dot11Elt.new(:id => 47,
+                               :info_length => 1,
+                               :info => "\x04") / 
+                  Dot11Elt.new(:id => 50,
+                               :info_length => 4,
+                               :info => "\x0c\x12\x18\x60") / 
+                  Dot11Elt.new(:id => 221,
+                               :info_length => 6,
+                               :info => "\x00\x10\x18\x01\x01\x00") / 
+                  Dot11Elt.new(:id => 221,
+                               :info_length => 22,
+                               :info => "\x00\x50\xf2\x01\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02")
+ 
+test(Dot11, complete_beacon_raw, complete_beacon, "complete beacon frame")
+p complete_beacon
+
+#####################################################################################
+
+acknowledgement_raw = "\xd4\x00\x00\x00\x00\x15\x00\x34\x18\x52"
+acknowledgement = Dot11.new(:type => 1,
+                            :subtype => 13,
+                            :version => 0,
+                            :flags => 0,
+                            :duration => 0,
+                            :addr1 => "00:15:00:34:18:52")
+
+test(Dot11, acknowledgement_raw, acknowledgement, "acknowledgement frame")
+puts("Passed to_i test") if acknowledgement.addr1.to_i == 0x1500341852
+p acknowledgement
+
+#####################################################################################
+
+probereq_raw = "\x40\x00\x00\x00\xff\xff\xff\xff\xff\xff\x00\x16\xbc\x3d\xaa\x57\xff" + 
+               "\xff\xff\xff\xff\xff\xb0\x00\x00\x09\x6d\x61\x72\x74\x69\x6e\x65\x74" + 
+               "\x33\x01\x08\x82\x84\x8b\x96\x0c\x12\x18\x24\x03\x01\x09\x32\x04\x30" + 
+               "\x48\x60\x6c"
+probereq = Dot11.new(:type => 0,
+                     :subtype => 4,
+                     :version => 0,
+                     :flags => 0,
+                     :duration => 0,
+                     :addr1 => "ff:ff:ff:ff:ff:ff",
+                     :addr2 => "00:16:bc:3d:aa:57",
+                     :addr3 => "ff:ff:ff:ff:ff:ff",
+                     :sc => 0x00b0) / 
+           Dot11ProbeReq.new() /
+           Dot11Elt.new(:id => 0, :info_length => 9, :info => "martinet3") / 
+           Dot11Elt.new(:id => 1, :info_length => 8, :info => "\x82\x84\x8b\x96\x0c\x12\x18\x24") / 
+           Dot11Elt.new(:id => 3, :info_length => 1, :info => "\x09") /
+           Dot11Elt.new(:id => 50, :info_length => 4, :info => "\x30\x48\x60\x6c")
+
+test(Dot11, probereq_raw, probereq, "probe request frame")
+p probereq
+
+#####################################################################################