RubyGems - packet_via_dmem - Versions diffs - 0.0.6 → 0.0.8 - Mend

packet_via_dmem 0.0.6 → 0.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/README.md +2 -2
data/lib/packet_via_dmem.rb +2 -1
data/lib/packet_via_dmem/cli.rb +3 -1
data/lib/packet_via_dmem/packets.rb +4 -3
data/lib/packet_via_dmem/received.rb +39 -10
data/lib/packet_via_dmem/sent.rb +2 -1
data/packet_via_dmem.gemspec +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9a5e83611fb35ed4c593d62c0c15e643bc40ff8e
-  data.tar.gz: a8b95c28a02ddcfdb38f114b736315eb36660153
+  metadata.gz: 0147a2a28aec0b7d80b8e8fc84b3ae62e228893f
+  data.tar.gz: 231b1c57cbb1902621382913c3eab7c9d86e2c57
 SHA512:
-  metadata.gz: aefcd401cb0bb61ffd7deca8a91bef83bdfbe0f44ab4dba56c89cbbb7d5660f79d321b6d31be9930144b8e87101c0fb51887bb4d3fe1430f62d1f719a8578c6e
-  data.tar.gz: e51a8739969f00208b65fa59bc0d757a4c307a8480b0117423988abc84c251d8d0d0e73c3b4d2fccef7d21e58ba99b0e21882698488b72055de7f7363cda387a
+  metadata.gz: ec74f12df72f23334e86568b15a0e20f66ac7223fbc1d3072ae34d47f619d207353bb69b9d19168db4b071c0a12c4b0ee5cc214e4ce532f6f433b49e69ac9360
+  data.tar.gz: e3772c982460028fd3d4fbc79a78cd1ce8dc4328fdb95db108cceaaeb3f2add2a32da506bd9230b853ab27c8cde1123e376f420022bdb46918ad379787a6e986

data/README.md CHANGED Viewed

@@ -98,8 +98,8 @@ To capture say packets with IP address 10.11.12.13
   * value of fift+sixth seems to sometime indicate special cases
     * 0x1fff - Packet missing everything before IPv4 TTL, yet has some extra. I saw BGP from control-plane with this and also TCP/SMB2 with Seq1, it was transit, but perhaps it was via ARP resolve/punt and thus coming from control-plane?
-    * 0x2000 - BFD frames from control-plane, missing L2
-    * 0x4220 - Was traffic for AE/802.1AX, missing ethertype, MACs changed, 2 mystery bytes
+    * 0x2000 - BFD frames from control-plane or LACP IPv4, if next byte is 1 like below, if next byte is 0 missing MACs too (+5bytes)
+    * 0x4220 - Was LACP MPLS traffic, missing ethertype, MACs changed, 2 mystery bytes
     * 0x8000 - I need to pop 14 bytes extra
   * 00 (22) (33) (44) \<src\> (66)

data/lib/packet_via_dmem.rb CHANGED Viewed

@@ -18,12 +18,13 @@ class PacketViaDMEM
   def initialize opts={}
     @received   = opts.delete :received
     @sent       = opts.delete :sent
+    @debug      = opts.delete :debug
     @received ||= HEADER_SIZE[:received]
     @sc         = StringScanner.new ''
   end
   def parse str
-    packets = Packets.new
+    packets = Packets.new @debug
     @sc.string = str
     while @sc.scan_until PACKET
       match = @sc.matched.split(/\s+/)

data/lib/packet_via_dmem/cli.rb CHANGED Viewed

@@ -20,7 +20,9 @@ class PacketViaDMEM
       rescue
         raise InvalidFile, "unable to read #{file}"
       end
-      packets = PacketViaDMEM.new(:received=>@opts[:received], :sent=>@opts[:sent]).parse file
+      packets = PacketViaDMEM.new(:received=>@opts.received?,
+                                  :sent=>@opts.sent?,
+                                  :debug=>@opts.debug?).parse file
       count = 0
       packets.each do |pkt|
         pop = false

data/lib/packet_via_dmem/packets.rb CHANGED Viewed

@@ -7,14 +7,15 @@ class PacketViaDMEM
     include Enumerable
     class InvalidType < Error; end
-    def initialize
+    def initialize debug
+      @debug   = debug
       @packets = []
     end
     def add packet, type
       packet = case type
-      when :received then Received.new packet
-      when :sent     then Sent.new packet
+      when :received then Received.new packet, @debug
+      when :sent     then Sent.new packet, @debug
       else raise InvalidType, "#{type} not valid packet type"
       end
       @packets << packet

data/lib/packet_via_dmem/received.rb CHANGED Viewed

@@ -1,7 +1,8 @@
 class PacketViaDMEM
   class Received < Packet
-    def initialize packet
+    def initialize packet, debug
+      @debug           = debug
       @type            = :received
       @original        = packet
       @header, @packet = parse_packet packet
@@ -17,25 +18,53 @@ class PacketViaDMEM
       when 0x10 then offset = 2 #1,2,3,4,7,8,5,6
       end
       pop += offset
-      case pkt[4+offset..5+offset].join.to_i(16)
-      when 0x8000 then pop+=14
+      type = pkt[4+offset..5+offset].join.to_i(16)
+      macs = pkt[6+offset].to_i(16) > 0 # macs, maybe...
+      case type
+      # these were self originated
+      when 0x8000
+        pop+=14
       # ae/802.1AX is special, I seem to have 2 bytes I don't know
       # and ethertype missing, and MAC is weird, mpls labels are present
       # i'd need example carrying IPv4/IPv6 instead of MPLS to decide those two bytes
-      when 0x4220
-        pop+=14 #pop macs and weird two bytes (return macs in push)
-        push = pkt[8+offset..19+offset] + FAKE[:etype_mpls]
-      when 0x2000 # these were BFD packets from control-plane
-        pop+=5
-        push = FAKE[:dmac] + FAKE[:smac] + FAKE[:etype_ipv4]
-      # some BGP packets like this
+      when *MAGIC::MPLS
+        pop, push = get_pop_push(pkt, pop, offset, macs, FAKE[:etype_mpls])
+      when *MAGIC::IPV4 # these were BFD packets from control-plane
+        pop, push = get_pop_push(pkt, pop, offset, macs, FAKE[:etype_ipv4])
+      # some BGP packets were like this
       # also SMB2 TCP Seq1 (maybe post ARP from control-plane?)
       # they are misssing all of ipv4 headers before TTL
       when 0x1f00
         pop+=7
         push = FAKE[:dmac] + FAKE[:smac] + FAKE[:etype_ipv4] + FAKE[:ipv4]
+      when *MAGIC::NOPOP
+        # no-op, DMAC follows immedately
+      else
+        $stderr.puts "unknown type: 0x#{type.to_s(16)}" if @debug
       end
       header_and_packet pkt, pop, push
     end
+    def get_pop_push pkt, pop, offset, macs, ether_type
+      if macs
+        pop+=14 #pop macs and weird two bytes (return macs in push)
+        push = pkt[8+offset..19+offset] + ether_type
+        [pop, push]
+      else
+        pop+=5
+        push = FAKE[:dmac] + FAKE[:smac] + ether_type
+        [pop, push]
+      end
+    end
+    module MAGIC
+      MPLS = [ 0x4220 ]
+      IPV4 = [ 0x2000 ]
+      # 4008, 8008, 8108 were ETH, MPLS, IPV4
+      # 9208 was ETH, IPv4, UDP, IPSEC/ESP
+      # 4108 was ETH, IPv4, UDP, BFD
+      # b080 was unknown just 9 bytes after header (c013c6752759644ae0)
+      NOPOP = [ 0x4008, 0x4108, 0x8008, 0x8108, 0x9208, 0xb080 ]
+    end
   end
 end

data/lib/packet_via_dmem/sent.rb CHANGED Viewed

@@ -1,7 +1,8 @@
 class PacketViaDMEM
   class Sent < Packet
-    def initialize packet
+    def initialize packet, debug
+      @debug           = debug
       @type            = :sent
       @original        = packet
       @header, @packet = parse_packet packet

data/packet_via_dmem.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name              = 'packet_via_dmem'
-  s.version           = '0.0.6'
+  s.version           = '0.0.8'
   s.licenses          = %w( Apache-2.0 )
   s.platform          = Gem::Platform::RUBY
   s.authors           = [ 'Saku Ytti' ]

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: packet_via_dmem
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.8
 platform: ruby
 authors:
 - Saku Ytti