packetfu 1.0.0 → 1.0.2.pre

data/lib/packetfu/{udp.rb → protos/udp.rb}

@@ -127,7 +127,31 @@ module PacketFu
 	class UDPPacket < Packet
 
 		attr_accessor :eth_header, :ip_header, :udp_header
-		
+
+		def self.can_parse?(str)
+			return false unless str.size >= 54
+			return false unless EthPacket.can_parse? str
+			return false unless IPPacket.can_parse? str
+			return false unless str[23,1] == "\x11"
+			return true
+		end
+
+		def read(str=nil, args={})
+			raise "Cannot parse `#{str}'" unless self.class.can_parse?(str)
+			@eth_header.read(str)
+			@ip_header.read(str[14,str.size])
+			@eth_header.body = @ip_header
+			if args[:strip]
+				udp_len = str[16,2].unpack("n")[0] - 20
+				@udp_header.read(str[14+(@ip_header.ip_hlen),udp_len])
+			else
+				@udp_header.read(str[14+(@ip_header.ip_hlen),str.size])
+			end
+			@ip_header.body = @udp_header
+			super(args)
+			self
+		end
+
 		def initialize(args={})
 			@eth_header = EthHeader.new(args).read(args[:eth])
 			@ip_header = IPHeader.new(args).read(args[:ip])

data/lib/packetfu/structfu.rb

@@ -2,6 +2,7 @@
 # to create meaningful binary data. 
 
 module StructFu
+	
 	# Normally, self.size and self.length will refer to the Struct
 	# size as an array. It's a hassle to redefine, so this introduces some
 	# shorthand to get at the size of the resultant string.
@@ -106,6 +107,7 @@ module StructFu
 
 		# Returns a two byte value as a packed string.
 		def to_s
+			@packstr = (self.e == :big) ? "n" : "v"
 			[(self.v || self.d)].pack(@packstr)
 	 	end
 
@@ -113,10 +115,12 @@ module StructFu
   
 	# Int16be is a two byte value in big-endian format.
 	class Int16be < Int16
+		undef :endian=
 	end
 
 	# Int16le is a two byte value in little-endian format.
 	class Int16le < Int16
+		undef :endian=
 		def initialize(v=nil, e=:little)
 			super(v,e)
 			@packstr = (self.e == :big) ? "n" : "v"
@@ -132,6 +136,7 @@ module StructFu
 
 		# Returns a four byte value as a packed string.
 		def to_s
+			@packstr = (self.e == :big) ? "N" : "V"
 			[(self.v || self.d)].pack(@packstr)
 	 	end
 
@@ -139,10 +144,12 @@ module StructFu
 
 	# Int32be is a four byte value in big-endian format.
 	class Int32be < Int32
+		undef :endian=
 	end
 
 	# Int32le is a four byte value in little-endian format.
 	class Int32le < Int32
+		undef :endian=
 		def initialize(v=nil, e=:little)
 			super(v,e)
 		end
@@ -166,11 +173,11 @@ module StructFu
 	class IntString < Struct.new(:int, :string, :mode)
 
 		def initialize(string='',int=Int8,mode=nil)
-			unless int.respond_to?(:ancestors) && int.ancestors.include?(StructFu::Int)
-				raise StandardError, "Invalid length (#{int.inspect}) associated with this String."
-			else
+			if int < Int
 				super(int.new,string,mode)
 				calc
+			else
+				raise "IntStrings need a StructFu::Int for a length."
 			end
 		end
 

data/lib/packetfu/version.rb

@@ -0,0 +1,50 @@
+module PacketFu
+
+	# Version 1.0.0 was released July 31, 2010
+	# Version 1.0.1 is unreleased.
+	VERSION = "1.0.2" 
+
+	def self.version
+		VERSION
+	end
+
+	# Returns the version in a binary format for easy comparisons.
+	def self.binarize_version(str)
+		if(str.respond_to?(:split) && str =~ /^[0-9]+(\.([0-9]+)(\.[0-9]+)?)?\..+$/)
+			bin_major,bin_minor,bin_teeny = str.split(/\x2e/).map {|x| x.to_i}
+			bin_version = (bin_major.to_i << 16) + (bin_minor.to_i << 8) + bin_teeny.to_i
+		else
+			raise ArgumentError, "Compare version malformed. Should be \x22x.y.z\x22"
+		end
+	end
+
+	# Returns true if the version is equal to or greater than the compare version.
+	# If the current version of PacketFu is "0.3.1" for example:
+	#
+	#   PacketFu.at_least? "0"     # => true 
+	#   PacketFu.at_least? "0.2.9" # => true 
+	#   PacketFu.at_least? "0.3"   # => true 
+	#   PacketFu.at_least? "1"     # => true after 1.0's release
+	#   PacketFu.at_least? "1.12"  # => false
+	#   PacketFu.at_least? "2"     # => false 
+	def self.at_least?(str)
+		this_version = binarize_version(self.version)
+		ask_version = binarize_version(str)
+		this_version >= ask_version
+	end
+
+	# Returns true if the current version is older than the compare version.
+	def self.older_than?(str)
+		return false if str == self.version
+		this_version = binarize_version(self.version)
+		ask_version = binarize_version(str)
+		this_version < ask_version
+	end
+
+	# Returns true if the current version is newer than the compare version.
+	def self.newer_than?(str)
+		return false if str == self.version
+		!self.older_than?(str)
+	end
+
+end

data/test/all_tests.rb

@@ -1,37 +1,40 @@
 #!/usr/bin/env ruby
 #
-# This test suite passes on:
-#   ruby-1.8.6-p399 [ x86_64 ]
-#   ruby-1.8.7-p174 [ x86_64 ]
-#   ruby-1.8.7-p249 [ x86_64 ]
-#   ruby-1.9.1-p378 [ x86_64 ]
-# PacketFu (but not pcaprub) passes on:
-#   ruby-1.9.2-head [ x86_64 ]
-
-require 'test/unit'
-$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
-require 'packetfu'
+# Tested on:
+#
+#   ruby-1.9.3-head [ x86_64 ]  
+#   ruby-1.9.1-p378 [ x86_64 ]  
+#   ruby-1.8.6-p399 [ x86_64 ]  
+#   ruby-1.8.7-p334 [ x86_64 ] 
+#   ruby-1.9.2-p180 [ x86_64 ] 
 
-#Note that the Ruby stock unit tester runs this all out
-#of order, does funny things with class variables, etc.
+# Okay so the regular test/unit stuff screws up some of my
+# meta magic. I need to move these over to spec and see
+# if they're any better. In the meantime, behold my
+# ghetto test exec()'er. It all passes with this,
+# so I'm just going to go ahead and assume the testing
+# methodolgy is flawed. TODO: rewrite all this for spec
+# and incidentally get the gem to test like it's supposed
+# to.
 
-require 'test_structfu'
-require 'test_pcap'
-require 'test_invalid'
-require 'test_eth' # Creates eth_test.pcap
-require 'test_octets'
-require 'test_packet'
-require 'test_arp' # Creates arp_test.pcap
-require 'test_ip' # Creates ip_test.pcap
-require 'test_icmp' # Creates icmp_test.pcap
-require 'test_udp' # Creates udp_test.pcap
-require 'test_tcp'
-require 'test_ip6'
+$:.unshift File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'packetfu'
+dir = Dir.new(File.dirname(__FILE__))
 
-if Process.euid.zero? 
-	require 'test_inject'
-else
-	$stderr.puts "** WARNING ** test_inject not tested, needs root access."
-end
+dir.each { |file|
+	next unless File.file? file
+	next unless file[/^test_.*rb$/]
+	next if file == $0
+	puts "Running #{file}..."
+	cmd = %x{ruby #{file}}
+	if cmd[/ 0 failures/] && cmd[/ 0 errors/] 
+		puts "#{file}: All passed"
+	else
+		puts "File: #{file} had failures or errors:"
+		puts "-" * 80
+		puts cmd
+		puts "-" * 80
+	end
+}
 
 # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/packetfu_spec.rb

@@ -0,0 +1,70 @@
+require File.join("..","lib","packetfu")
+
+describe PacketFu, "version information" do
+	it "reports a version number" do
+		PacketFu::VERSION.should == "1.0.2"
+	end
+	its(:version) {should eq PacketFu::VERSION} 
+
+	it "can compare version strings" do
+		PacketFu.binarize_version("1.2.3").should == 0x010203
+		PacketFu.binarize_version("3.0").should == 0x030000
+		PacketFu.at_least?("1.0").should be_true
+		PacketFu.at_least?("4.0").should be_false
+		PacketFu.older_than?("4.0").should be_true
+		PacketFu.newer_than?("1.0").should be_true
+	end
+
+	it "can handle .pre versions" do
+		PacketFu.binarize_version("1.7.6.pre").should == 0x010706
+		PacketFu.at_least?("0.9.0.pre").should be_true
+	end
+end
+
+describe PacketFu, "instance variables" do
+	it "should have a bunch of instance variables" do
+		PacketFu.instance_variable_get(:@byte_order).should == :little
+		PacketFu.instance_variable_get(:@pcaprub_loaded).should_not be_nil
+	end
+end
+
+describe PacketFu, "pcaprub deps" do
+	it "should check for pcaprub" do
+		begin
+			has_pcap = false
+			require 'pcaprub'
+			has_pcap = true
+		rescue LoadError
+		end
+		if has_pcap
+			PacketFu.instance_variable_get(:@pcaprub_loaded).should be_true
+		else
+			PacketFu.instance_variable_get(:@pcaprub_loaded).should be_false
+		end
+	end
+end
+
+describe PacketFu, "protocol requires" do
+	it "should have some protocols defined" do
+		PacketFu::EthPacket.should_not be_nil
+		PacketFu::IPPacket.should_not be_nil
+		PacketFu::TCPPacket.should_not be_nil
+		expect { PacketFu::FakePacket }.to raise_error
+	end
+end
+
+describe PacketFu, "packet class list management" do
+	class FooPacket; end
+	class BarPacket; end
+	PacketFu.add_packet_class(FooPacket)
+	PacketFu.add_packet_class(BarPacket)
+	its(:packet_classes) {should include(FooPacket) and include(BarPacket)}
+	it "should disallow non-classes as packet classes" do
+		expect { PacketFu.add_packet_class("A String") }.to raise_error
+	end
+	its(:packet_prefixes) {should include("foo") and include("bar")}
+	it "should disallow nonstandard packet class names" do
+		class PacketBaz; end
+		expect { PacketFu.add_packet_class(PacketBaz) }.to raise_error
+	end
+end

data/test/structfu_spec.rb

@@ -0,0 +1,338 @@
+require File.join("..","lib","packetfu")
+
+describe StructFu, "mixin methods" do
+
+	before :each do
+		class StructClass
+			include StructFu
+		end
+		@sc = StructClass.new
+	end
+
+	it "should provide the basic StructFu methods" do
+		@sc.respond_to?(:sz).should be_true
+		@sc.respond_to?(:len).should be_true
+		@sc.respond_to?(:typecast).should be_true
+		@sc.respond_to?(:body=).should be_true
+	end
+end	
+
+describe StructFu::Int, "basic Int class" do
+
+	before :each do
+		@int = StructFu::Int.new(8)
+	end
+
+	it "should have an initial state" do
+		new_int = StructFu::Int.new
+		new_int.value.should be_nil
+		new_int.endian.should be_nil
+		new_int.width.should be_nil
+		new_int.default.should == 0
+	end
+
+	it "should raise when to_s'ed directly" do
+		expect { @int.to_s}.to raise_error
+	end
+
+	it "should have a value of 8" do
+		@int.value.should == 8
+		@int.to_i.should == 8
+		@int.to_f.to_s.should == "8.0"
+	end
+
+	it "should read an integer" do
+		@int.read(7)
+		@int.to_i.should == 7
+	end
+
+end
+
+describe StructFu::Int8, "one byte value" do
+
+	before :each do
+		@int = StructFu::Int8.new(11)
+	end
+
+	it "should have an initial state" do
+		new_int = StructFu::Int8.new
+		new_int.value.should be_nil
+		new_int.endian.should be_nil
+		new_int.width.should == 1
+		new_int.default.should == 0
+	end
+
+	it "should print a one character packed string" do
+		@int.to_s.should == "\x0b"
+	end
+
+	it "should have a value of 11" do
+		@int.value.should == 11
+		@int.to_i.should == 11
+		@int.to_f.to_s.should == "11.0"
+	end
+
+	it "should reset with a new integer" do
+		@int.read(2)
+		@int.to_i.should == 2
+		@int.to_s.should == "\x02"
+		@int.read(254)
+		@int.to_i.should == 254
+		@int.to_s.should == "\xfe"
+	end
+
+end
+
+describe StructFu::Int16, "two byte value" do
+
+	before :each do
+		@int = StructFu::Int16.new(11)
+	end
+
+	it "should have an initial state" do
+		new_int = StructFu::Int16.new
+		new_int.value.should be_nil
+		new_int.endian.should == :big
+		new_int.width.should == 2
+		new_int.default.should == 0
+	end
+
+	it "should print a two character packed string" do
+		@int.to_s.should == "\x00\x0b"
+	end
+
+	it "should have a value of 11" do
+		@int.value.should == 11
+		@int.to_i.should == 11
+		@int.to_f.to_s.should == "11.0"
+	end
+
+	it "should reset with a new integer" do
+		@int.read(2)
+		@int.to_i.should == 2
+		@int.to_s.should == "\x00\x02"
+		@int.read(254)
+		@int.to_i.should == 254
+		@int.to_s.should == "\x00\xfe"
+	end
+
+	it "should be able to set endianness" do
+		int_be = StructFu::Int16.new(11,:big)
+		int_be.to_s.should == "\x00\x0b"
+		int_le = StructFu::Int16.new(11,:little)
+		int_le.to_s.should == "\x0b\x00"
+	end
+
+	it "should be able to switch endianness" do
+		@int.endian.should == :big
+		@int.to_s.should == "\x00\x0b"
+		@int.endian = :little
+		@int.endian.should == :little
+		@int.read(11)
+		@int.to_s.should == "\x0b\x00"
+	end
+
+end
+
+describe StructFu::Int16le, "2 byte little-endian value" do
+
+	before :each do
+		@int = StructFu::Int16le.new(11)
+	end
+
+	it "should behave pretty much like any other 16 bit int" do
+		@int.to_s.should == "\x0b\x00"
+	end
+
+	it "should raise when you try to change endianness" do
+		expect { @int.endian = :big }.to raise_error
+		expect { @int.endian = :little }.to raise_error
+	end
+
+end
+
+describe StructFu::Int16be, "2 byte big-endian value" do
+
+	before :each do
+		@int = StructFu::Int16be.new(11)
+	end
+
+	it "should behave pretty much like any other 16 bit int" do
+		@int.to_s.should == "\x00\x0b"
+	end
+
+	it "should raise when you try to change endianness" do
+		expect { @int.endian = :big }.to raise_error
+		expect { @int.endian = :little }.to raise_error
+	end
+
+end
+
+describe StructFu::Int32, "four byte value" do
+
+	before :each do
+		@int = StructFu::Int32.new(11)
+	end
+
+	it "should have an initial state" do
+		new_int = StructFu::Int32.new
+		new_int.value.should be_nil
+		new_int.endian.should == :big
+		new_int.width.should == 4
+		new_int.default.should == 0
+	end
+
+	it "should print a four character packed string" do
+		@int.to_s.should == "\x00\x00\x00\x0b"
+	end
+
+	it "should have a value of 11" do
+		@int.value.should == 11
+		@int.to_i.should == 11
+		@int.to_f.to_s.should == "11.0"
+	end
+
+	it "should reset with a new integer" do
+		@int.read(2)
+		@int.to_i.should == 2
+		@int.to_s.should == "\x00\x00\x00\x02"
+		@int.read(254)
+		@int.to_i.should == 254
+		@int.to_s.should == "\x00\x00\x00\xfe"
+	end
+
+	it "should be able to set endianness" do
+		int_be = StructFu::Int32.new(11,:big)
+		int_be.to_s.should == "\x00\x00\x00\x0b"
+		int_le = StructFu::Int32.new(11,:little)
+		int_le.to_s.should == "\x0b\x00\x00\x00"
+	end
+
+	it "should be able to switch endianness" do
+		@int.endian.should == :big
+		@int.to_s.should == "\x00\x00\x00\x0b"
+		@int.endian = :little
+		@int.endian.should == :little
+		@int.read(11)
+		@int.to_s.should == "\x0b\x00\x00\x00"
+	end
+
+end
+
+describe StructFu::Int32le, "4 byte little-endian value" do
+
+	before :each do
+		@int = StructFu::Int32le.new(11)
+	end
+
+	it "should behave pretty much like any other 32 bit int" do
+		@int.to_s.should == "\x0b\x00\x00\x00"
+	end
+
+	it "should raise when you try to change endianness" do
+		expect { @int.endian = :big }.to raise_error
+		expect { @int.endian = :little }.to raise_error
+	end
+
+end
+
+describe StructFu::Int32be, "4 byte big-endian value" do
+
+	before :each do
+		@int = StructFu::Int32be.new(11)
+	end
+
+	it "should behave pretty much like any other 32 bit int" do
+		@int.to_s.should == "\x00\x00\x00\x0b"
+	end
+
+	it "should raise when you try to change endianness" do
+		expect { @int.endian = :big }.to raise_error
+		expect { @int.endian = :little }.to raise_error
+	end
+
+end
+
+describe StructFu::String, "a sligtly more special String" do
+
+	before :each do
+		@str = StructFu::String.new("Oi, a string")
+	end
+
+	it "should behave pretty much like a string" do
+		@str.should be_kind_of(String)
+	end
+
+	it "should have a read method" do
+		@str.should respond_to(:read)
+	end
+
+	it "should read data like other StructFu things" do
+		@str.read("hello")
+		@str.should == "hello"
+	end
+
+end
+
+describe StructFu::IntString do
+
+	it "should be" do
+		StructFu::IntString.should be
+	end
+
+	it "should have a length and value" do
+		istr = StructFu::IntString.new("Avast!")
+		istr.to_s.should == "\x06Avast!"
+	end
+
+	it "should have a 16-bit length and a value" do
+		istr = StructFu::IntString.new("Avast!",StructFu::Int16)
+		istr.to_s.should == "\x00\x06Avast!"
+	end
+
+	it "should have a 32-bit length and a value" do
+		istr = StructFu::IntString.new("Avast!",StructFu::Int32)
+		istr.to_s.should == "\x00\x00\x00\x06Avast!"
+	end
+
+	before :each do
+		@istr = StructFu::IntString.new("Avast!",StructFu::Int32)
+	end
+
+	it "should report the correct length with a new string" do
+		@istr.to_s.should == "\x00\x00\x00\x06Avast!"
+		@istr.string = "Ahoy!"
+		@istr.to_s.should == "\x00\x00\x00\x05Ahoy!"
+	end
+
+	it "should report the correct length with a new string" do
+		@istr.string = "Ahoy!"
+		@istr.to_s.should == "\x00\x00\x00\x05Ahoy!"
+	end
+
+	it "should keep the old length with a new string" do
+		@istr[:string] = "Ahoy!"
+		@istr.to_s.should == "\x00\x00\x00\x06Ahoy!"
+	end
+
+	it "should allow for adjusting the length manually" do
+		@istr.len = 16
+		@istr.to_s.should == "\x00\x00\x00\x10Avast!"
+	end
+
+	it "should read in an expected string" do
+		data = "\x00\x00\x00\x09Yo ho ho!"
+		@istr.read(data)
+		@istr.to_s.should == data
+	end
+
+	it "should raise when a string is too short" do
+		data = "\x01A"
+		expect { @istr.read(data) }.to raise_error
+	end
+
+	# So far, not implemented anywhere. In fact, none of this IntString
+	# business is. Ah well.
+	it "should parse when something actually needs it"
+
+end