packetfu 1.0.0

data/test/test_eth.rb

@@ -0,0 +1,90 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'packetfu'
+
+class EthTest < Test::Unit::TestCase
+
+	def test_ethmac
+		dst = "\x00\x03\x2f\x1a\x74\xde"
+		e = PacketFu::EthMac.new
+		e.read dst
+		assert_equal(dst, e.to_s)
+		assert_equal(0x32f, e.oui.oui)
+		assert_equal("\x1a\x74\xde", e.nic.to_s)
+		assert_equal(222, e.nic.n2)
+	end
+
+	def test_ethmac_ipad
+		dst = "\x7c\x6d\x62\x01\x02\x03"
+		e = PacketFu::EthMac.new
+		e.read dst
+		assert_equal(dst, e.to_s)
+		assert_equal(0x6d62, e.oui.oui)
+	end
+
+	def test_ethmac_class
+		src = "\x00\x1b\x11\x51\xb7\xce"
+		e = PacketFu::EthMac.new
+		e.read src
+		assert_instance_of(PacketFu::EthMac, e)
+	end
+
+	def test_eth
+		header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
+		src = "\x00\x1b\x11\x51\xb7\xce"
+		dst = "\x00\x03\x2f\x1a\x74\xde"
+		e = PacketFu::EthHeader.new
+		e.eth_dst = dst
+		e.eth_src = src
+		e.eth_proto = "\x08\x00"
+		assert_equal(header, e.to_s)
+		assert_equal(header, PacketFu::EthHeader.new.read(header).to_s)
+	end
+
+	def test_macaddr
+		dst = "\x00\x03\x2f\x1a\x74\xde"
+		dstmac = "00:03:2f:1a:74:de"
+		assert_equal(dstmac,PacketFu::EthHeader.str2mac(dst))
+		assert_equal(dst, PacketFu::EthHeader.mac2str(dstmac))
+	end
+
+end
+
+class EthPacketTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_eth_create
+		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
+		e = EthPacket.new
+		header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
+		assert_kind_of EthPacket, e
+		assert_kind_of EthHeader, e.headers[0]
+		assert e.is_eth?
+		assert !e.is_tcp?
+		e.eth_dst = "\x00\x03\x2f\x1a\x74\xde"
+		e.eth_src = "\x00\x1b\x11\x51\xb7\xce"
+		e.eth_proto = 0x0800
+		assert_equal header, e.to_s[0,14]
+	end
+
+	def test_eth_new
+		p = EthPacket.new(
+		:eth_dst => "\x00\x03\x2f\x1a\x74\xde",
+		:eth_src => "\x00\x1b\x11\x51\xb7\xce",
+		:eth_proto => 0x0800)
+		header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
+		assert_equal header, p.to_s[0,14]
+	end
+
+	def test_eth_write
+		p = EthPacket.new(
+		:eth_dst => "\x00\x03\x2f\x1a\x74\xde",
+		:eth_src => "\x00\x1b\x11\x51\xb7\xce",
+		:eth_proto => 0x0800)
+		p.to_f('eth_test.pcap')
+	end
+
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_icmp.rb

@@ -0,0 +1,54 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'packetfu'
+
+class ICMPTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_icmp_header_new
+		i = ICMPHeader.new
+		assert_kind_of ICMPHeader, i
+		assert_equal("\x00\x00\xff\xff", i.to_s)
+		i.icmp_type = 1
+		i.icmp_recalc :icmp_sum
+		assert_equal("\x01\x00\xfe\xff", i.to_s)
+	end
+
+	def test_icmp_peek
+		i = ICMPPacket.new
+		i.ip_saddr = "10.20.30.40"
+		i.ip_daddr = "50.60.70.80"
+		i.payload = "abcdefghijklmnopqrstuvwxyz"
+		i.recalc
+		puts "\n"
+		puts "ICMP Peek format: "
+		puts i.peek
+		assert_equal 78,i.peek.size
+	end
+
+	def test_icmp_pcap
+		i = ICMPPacket.new
+		assert_kind_of ICMPPacket, i
+		i.recalc
+		i.to_f('icmp_test.pcap')
+		i.ip_saddr = "10.20.30.40"
+		i.ip_daddr = "50.60.70.80"
+		i.payload = "\x00\x01\x00\01abcdefghijklmnopqrstuvwxyz"
+		i.icmp_code = 8
+		i.recalc
+		i.to_f('icmp_test.pcap','a')
+		assert File.exists?('icmp_test.pcap')
+	end
+
+	def test_icmp_read
+		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[2]
+		pkt = Packet.parse(sample_packet)
+		assert_kind_of ICMPPacket, pkt
+		assert_equal(0x4d58, pkt.icmp_sum.to_i)
+		assert_equal(8, pkt.icmp_type.to_i)
+	end
+
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_inject.rb

@@ -0,0 +1,33 @@
+#!/usr/bin/env ruby
+$:.unshift File.expand_path(File.dirname(__FILE__) + "/../lib/")
+
+require 'test/unit'
+
+# Needed if you're using the gem version of pcaprub. Obviated in 1.9.
+require 'packetfu'
+
+class InjectTest < Test::Unit::TestCase
+
+	def test_cap
+		assert_nothing_raised { PacketFu::Capture }
+	end
+
+	def test_whoami
+		assert_nothing_raised { PacketFu::Utils.whoami?(:iface => (ENV['IFACE'] || 'lo')) }
+	end
+
+	def test_to_w
+		assert_equal(Process.euid, 0, "TEST FAIL: This test must be run as root")
+		conf = PacketFu::Utils.whoami?(:iface => (ENV['IFACE'] || 'lo'))
+		p = PacketFu::UDPPacket.new(:config => conf)
+		p.udp_dport = 12345
+		p.udp_sport = 12345
+		p.payload = "PacketFu test packet"
+		p.recalc
+		assert p.to_w
+	end
+
+end
+
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_invalid.rb

@@ -0,0 +1,28 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'packetfu'
+
+class InvalidTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_create_invalid
+		p = InvalidPacket.new
+		assert_kind_of InvalidPacket, p
+		assert_kind_of Packet, p
+		assert p.is_invalid?
+		assert_equal false, p.is_eth?
+		assert_not_equal EthPacket, p.class
+	end
+
+	# Sadly, the only way to generate an "InvalidPacket" is
+	# to read a packet that's less than 14 bytes. Otherwise,
+	# it's presumed to be an EthPacket. TODO: Fix this assumption!
+	def test_parse_invalid
+		p = Packet.parse("A" * 13)
+		assert_kind_of InvalidPacket, p
+	end
+
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_ip.rb

@@ -0,0 +1,69 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'packetfu'
+
+class OctetsTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_octets_read
+		o = Octets.new
+		o.read("\x04\x03\x02\x01")
+		assert_equal("4.3.2.1", o.to_x)
+	end
+
+	def test_octets_read_quad
+		o = Octets.new
+		o.read_quad("1.2.3.4")
+		assert_equal("1.2.3.4", o.to_x)
+		assert_equal("\x01\x02\x03\x04", o.to_s)
+		assert_equal(0x01020304, o.to_i)
+	end
+
+end
+
+class IPTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_ip_header_new
+		i = IPHeader.new
+		assert_kind_of IPHeader, i
+		i.ip_id = 0x1234
+		i.ip_recalc :ip_sum
+		assert_equal("E\000\000\024\0224\000\000 \000\210\267\000\000\000\000\000\000\000\000", i.to_s)
+	end
+
+	def test_ip_packet_new
+		i = IPPacket.new
+		assert i.is_ip?
+	end
+
+	def test_ip_peek
+		i = IPPacket.new
+		i.ip_saddr = "1.2.3.4"
+		i.ip_daddr = "5.6.7.8"
+		i.ip_proto = 94
+		i.payload = '\x00' * 30
+		i.recalc
+		puts "\n"
+		puts "IP Peek format: "
+		puts i.peek
+		assert_equal 78,i.peek.size
+	end
+
+	def test_ip_pcap
+		i = IPPacket.new
+		assert_kind_of IPPacket, i
+		i.recalc
+		i.to_f('ip_test.pcap')
+		i.ip_saddr = "1.2.3.4"
+		i.ip_daddr = "5.6.7.8"
+		i.ip_proto = 94
+		i.payload = "\x23" * 10
+		i.recalc
+		i.to_f('ip_test.pcap','a')
+	end
+
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_ip6.rb

@@ -0,0 +1,68 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'packetfu'
+
+class IPv6AddrTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_addr_read
+		a = AddrIpv6.new
+		addr = "\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x1a\xc5\xff\xfe\x00\x01\x52"
+		a.read(addr)
+		assert_equal(338288524927261089654170548082086773074, a.to_i)
+		assert_equal("fe80::21a:c5ff:fe00:152",a.to_x)
+	end
+
+	def test_octets_read_quad
+		a = AddrIpv6.new
+		addr = "fe80::21a:c5ff:fe00:152"
+		a.read_x(addr)
+		assert_equal(addr,a.to_x)
+	end
+
+end
+
+class IPv6Test < Test::Unit::TestCase
+	include PacketFu
+
+	def test_ipv6_header_new
+		i = IPv6Header.new
+		assert_kind_of IPv6Header, i
+		assert_equal("`\000\000\000\000\000\000\377\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", i.to_s)
+	end
+
+	def test_ipv6_packet_new
+		i = IPv6Packet.new
+		assert i.is_ipv6?
+	end
+
+	def test_ipv6_peek
+		i = IPv6Packet.new
+		i.ipv6_saddr = "fe80::1"
+		i.ipv6_daddr = "fe80::2"
+		i.ipv6_next = 0x11
+		i.payload = '\x00' * 30
+		i.recalc
+		puts "\n"
+		puts "IPv6 Peek format: "
+		puts i.peek
+		assert_equal 78, i.peek.size
+	end
+
+=begin
+	def test_ipv6_pcap
+		i = IPPacket.new
+		assert_kind_of IPPacket, i
+		i.recalc
+		i.to_f('ip_test.pcap')
+		i.ip_saddr = "1.2.3.4"
+		i.ip_daddr = "5.6.7.8"
+		i.ip_proto = 94
+		i.payload = "\x23" * 10
+		i.recalc
+		i.to_f('ip_test.pcap','a')
+	end
+=end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_octets.rb

@@ -0,0 +1,37 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'packetfu'
+
+class OctetTest < Test::Unit::TestCase
+	include PacketFu
+
+	def setup
+		@o = Octets.new
+	end
+
+	def test_create_octets
+		assert_kind_of Octets, @o
+	end
+
+	def test_read
+		s = "\x0a\x0a\x0a\x0b"
+		@o.read s
+		assert_equal(s, @o.to_s)
+	end
+
+	def test_dotted
+		s = "\x0a\x0a\x0a\x01"
+		@o.read s
+		assert_equal("10.10.10.1", @o.to_x)
+	end
+
+	def test_numerical
+		s = "\x00\x00\x00\x80"
+		@o.read s
+		assert_equal(128, @o.to_i)
+	end
+
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_packet.rb

@@ -0,0 +1,41 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'packetfu'
+
+class EthPacketTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_parse_eth_packet
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[5]) # Really ARP.
+		assert_kind_of(Packet,p)
+		assert_kind_of(EthHeader, p.headers[0])
+		assert p.is_eth?
+		assert p.is_ethernet?
+		assert_equal(pcaps[5],p.to_s)
+	end
+
+	def test_parse_arp_request
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[5]) # Really ARP request.
+		assert p.is_eth?
+		assert_kind_of(ARPPacket,p)
+		assert p.is_arp?
+		assert_equal(p.to_s, pcaps[5])
+		assert_equal(1, p.arp_opcode.to_i)
+		assert_equal("\x00\x01", p.headers.last[:arp_opcode].to_s)
+	end
+
+	def test_parse_arp_reply
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[6]) # Really ARP reply.
+		assert_equal(p.to_s, pcaps[6])
+		assert_equal(2, p.arp_opcode.to_i)
+		assert_equal("\x00\x02", p.headers.last[:arp_opcode].to_s)
+	end
+
+end
+
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_pcap.rb

@@ -0,0 +1,210 @@
+#!/usr/bin/env ruby
+
+require 'test/unit'
+$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'packetfu'
+
+class PcapHeaderTest < Test::Unit::TestCase
+	include PacketFu
+	def setup
+		@file = File.open('sample.pcap') {|f| f.read}
+		@file.force_encoding "binary" if @file.respond_to? :force_encoding
+		@file_magic = @file[0,4]
+		@file_header = @file[0,24]
+	end
+
+	def test_header_size
+		assert_equal(24, PcapHeader.new.sz)
+		assert_equal(24, PcapHeader.new.sz)
+	end
+
+	# If this fails, the rest is pretty much for naught.
+	def test_read_file
+		assert_equal("\xd4\xc3\xb2\xa1", @file_magic) # yep, it's libpcap.
+	end
+
+	def test_endian_magic
+		p = PcapHeader.new # usual case
+		assert_equal(@file_magic, p.to_s[0,4]) 
+		p = PcapHeader.new(:endian => :big)
+		assert_equal("\xa1\xb2\xc3\xd4", p.to_s[0,4])
+	end
+
+	def test_header
+		p = PcapHeader.new
+		assert_equal(@file_header, p.to_s[0,24])
+		p = PcapHeader.new(:endian => :big)
+		assert_not_equal(@file_header, p.to_s[0,24])
+		# We want to ensure our endianness is little or big.
+		assert_raise(ArgumentError) {PcapHeader.new(:endian => :just_right)}
+	end
+
+	def test_header_read
+		p = PcapHeader.new
+		p.read @file
+		assert_equal(@file_header,p.to_s)
+	end
+
+end
+
+class TimestampTest < Test::Unit::TestCase
+	include PacketFu
+	def setup
+		@file = File.open('sample.pcap') {|f| f.read}
+		@ts = @file[24,8]
+	end
+
+	def test_timestamp_size
+		assert_equal(3, Timestamp.new.size) # Number of elements
+		assert_equal(8, Timestamp.new.sz) # Length of the string (in PacketFu)
+	end
+
+	def test_timestamp_read
+		t = Timestamp.new
+		t.read(@ts)
+		assert_equal(@ts, t.to_s)
+	end
+end
+
+class PcapPacketTest < Test::Unit::TestCase
+	include PacketFu
+	def setup
+		@file = File.open('sample.pcap') {|f| f.read}
+		@file.force_encoding "binary" if @file.respond_to? :force_encoding
+		@header = @file[0,24]
+		@packet = @file[24,100] # pkt is 78 bytes + 16 bytes pcap hdr == 94
+	end
+
+	def test_pcappacket_read
+		p = PcapPacket.new :endian => :little
+		p.read(@packet)
+		assert_equal(78,@packet[8,4].unpack("V").first)
+		assert_equal(@packet[8,4].unpack("V").first,p[:incl_len].to_i)
+		assert_equal(@packet[0,94],p.to_s)
+	end
+
+end
+
+class PcapPacketsTest < Test::Unit::TestCase
+
+	include PacketFu
+	def setup
+		@file = File.open('sample.pcap') {|f| f.read}
+	end
+
+	def test_pcappackets_read
+		p = PcapPackets.new
+		p.read @file
+		assert_equal(11,p.size)
+		assert_equal(@file[24,@file.size],p.to_s)
+	end
+
+end
+
+class PcapFileTest < Test::Unit::TestCase
+	require 'digest/md5'
+
+	include PacketFu
+	def setup
+		@file = File.open('sample.pcap') {|f| f.read}
+		@md5 = '1be3b5082bb135c6f22de8801feb3495'
+	end
+
+	def test_pcapfile_read
+		p = PcapFile.new
+		p.read @file
+		assert_equal(3,p.size)
+		assert_equal(@file.size, p.sz)
+		assert_equal(@file, p.to_s)
+	end
+
+	def test_pcapfile_file_to_array
+		p = PcapFile.new.file_to_array(:filename => 'sample.pcap')
+		assert_equal(@md5.downcase, Digest::MD5.hexdigest(@file).downcase)
+		assert_instance_of(Array, p)
+		assert_instance_of(String, p[0])
+		assert_equal(11,p.size)
+		assert_equal(78,p[0].size)
+		assert_equal(94,p[1].size)
+		assert_equal(74,p[10].size)
+	end
+
+	def test_pcapfile_read_and_write
+		File.unlink('out.pcap') if File.exists? 'out.pcap'
+		p = PcapFile.new
+		p.read @file
+		p.to_file(:filename => 'out.pcap')
+		@newfile = File.open('out.pcap') {|f| f.read(f.stat.size)}
+		@newfile.force_encoding "binary" if @newfile.respond_to? :force_encoding
+		assert_equal(@file, @newfile)
+		p.to_file(:filename => 'out.pcap', :append => true)
+		packet_array = PcapFile.new.f2a(:filename => 'out.pcap')
+		assert_equal(22, packet_array.size)
+	end
+
+	def test_pcapfile_write_after_recalc
+		File.unlink('out.pcap') if File.exists? 'out.pcap'
+		pcaps = PcapFile.new.file_to_array(:filename => 'sample.pcap')
+		pcaps.each {|pkt|
+			p = Packet.parse pkt
+			p.recalc
+			p.to_f('out.pcap','a')
+		}
+		packet_array = PcapFile.new.f2a(:filename => 'out.pcap')
+		assert_equal(11, packet_array.size)
+		File.unlink('out.pcap')
+	end
+
+	def test_pcapfile_read_and_write_timestamps
+		File.unlink('out.pcap') if File.exists? 'out.pcap'
+		pf = PcapFile.new
+		arr = pf.file_to_array(:filename => 'sample.pcap')
+		assert_equal(11, arr.size)
+		pf = PcapFile.new
+		pf.a2f(:array => arr, :f => 'out.pcap', :ts_inc => 4, 
+					 :timestamp => Time.now.to_i - 1_000_000)
+		diff_time = pf.body[0].timestamp.sec.to_i - pf.body[1].timestamp.sec.to_i
+		assert_equal(-4, diff_time)
+		File.unlink('out.pcap')
+	end
+
+end
+	
+# Test the legacy Read objects.
+class ReadTest < Test::Unit::TestCase
+
+	include PacketFu
+
+	def test_read_string
+		pkts = Read.file_to_array(:file => 'sample.pcap')
+		assert_kind_of Array, pkts
+		assert_equal 11, pkts.size
+		this_packet = Packet.parse pkts[0]
+		assert_kind_of UDPPacket, this_packet
+		that_packet = Packet.parse pkts[3]
+		assert_kind_of ICMPPacket, that_packet
+	end
+
+	def test_read_hash
+		pkts = Read.file_to_array(:file => 'sample.pcap', :ts => true)
+		assert_kind_of Array, pkts
+		assert_equal 11, pkts.size
+		this_packet = Packet.parse pkts[0].values.first
+		assert_kind_of UDPPacket, this_packet
+		that_packet = Packet.parse pkts[3].values.first
+		assert_kind_of ICMPPacket, that_packet
+	end
+
+end
+
+class WriteTest < Test::Unit::TestCase
+
+	include PacketFu
+
+	def test_write
+
+	end
+
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby