packetfu 1.1.1 → 1.1.2

data/lib/packetfu/utils.rb

@@ -1,194 +0,0 @@
-require 'singleton'
-module PacketFu
-
-	# Utils is a collection of various and sundry network utilities that are useful for packet
-	# manipulation.
-	class Utils
-
-		# Returns the MAC address of an IP address, or nil if it's not responsive to arp. Takes
-		# a dotted-octect notation of the target IP address, as well as a number of parameters:
-		#
-		# === Parameters
-		#   :eth_saddr
-		#    Source MAC address. Defaults to "00:00:00:00:00:00".
-		#   :ip_saddr
-		#    Source IP address. Defaults to "0.0.0.0"
-		#   :flavor
-		#    The flavor of the ARP request. Defaults to :none.
-		#   :timeout
-		#    Timeout in seconds. Defaults to 3.
-		#
-		#  === Example
-		#    PacketFu::Utils::arp("192.168.1.1") #=> "00:18:39:01:33:70"
-		#    PacketFu::Utils::arp("192.168.1.1", :timeout => 5, :flavor => :hp_deskjet)
-		#  
-		#  === Warning
-		#  
-		#  It goes without saying, spewing forged ARP packets on your network is a great way to really
-		#  irritate your co-workers.
-		def self.arp(target_ip,args={})
-			iface = args[:iface] || :eth0
-			args[:config] ||= whoami?(:iface => iface)
-			arp_pkt = PacketFu::ARPPacket.new(:flavor => (args[:flavor] || :none), :config => args[:config])
-			arp_pkt.eth_daddr = "ff:ff:ff:ff:ff:ff"
-			arp_pkt.arp_daddr_mac = "00:00:00:00:00:00"
-			arp_pkt.arp_daddr_ip = target_ip
-			# Stick the Capture object in its own thread.
-			cap_thread = Thread.new do
-				target_mac = nil
-				cap = PacketFu::Capture.new(:iface => iface, :start => true, 
-				:filter => "arp src #{target_ip} and ether dst #{arp_pkt.eth_saddr}")
-				arp_pkt.to_w(iface) # Shorthand for sending single packets to the default interface.
-				timeout = 0
-				while target_mac.nil? && timeout <= (args[:timeout] || 3)
-					if cap.save > 0
-						arp_response = PacketFu::Packet.parse(cap.array[0])
-						target_mac = arp_response.arp_saddr_mac if arp_response.arp_saddr_ip = target_ip
-					end
-					timeout += 0.1
-					sleep 0.1 # Check for a response ten times per second.
-				end
-				target_mac
-			end # cap_thread
-			cap_thread.value
-		end
-
-		# Discovers the local IP and Ethernet address, which is useful for writing
-		# packets you expect to get a response to. Note, this is a noisy
-		# operation; a UDP packet is generated and dropped on to the default (or named)
-		# interface, and then captured (which means you need to be root to do this).
-		#
-		# whoami? returns a hash of :eth_saddr, :eth_src, :ip_saddr, :ip_src, 
-		# :ip_src_bin, :eth_dst, and :eth_daddr (the last two are usually suitable 
-		# for a gateway mac address). It's most useful as an argument to 
-		# PacketFu::Config.new, or as an argument to the many Packet constructors.
-		#
-		# Note that if you have multiple interfaces with the same route (such as when
-		# wlan0 and eth0 are associated to the same network), the "first" one
-		# according to Pcap.lookupdev will be used, regardless of which :iface you 
-		# pick.
-		#
-		# === Parameters
-		#   :iface => "eth0"
-		#    An interface to listen for packets on. Note that since we rely on the OS to send the probe packet,
-		#    you will need to specify a target which will use this interface.
-		#   :target => "1.2.3.4"
-		#    A target IP address. By default, a packet will be sent to a random address in the 177/8 network.
-		#    Since this network is IANA reserved (for now), this network should be handled by your default gateway
-		#    and default interface.
-		def self.whoami?(args={})
-			unless args.kind_of? Hash
-				raise ArgumentError, "Argument to `whoami?' must be a Hash"
-			end
-			if args[:iface].to_s =~ /^lo/ # Linux loopback more or less. Need a switch for windows loopback, too.
-				dst_host = "127.0.0.1"
-			else
-				dst_host = (args[:target] || IPAddr.new((rand(16777216) + 2969567232), Socket::AF_INET).to_s)
-			end
-
-			dst_port = rand(0xffff-1024)+1024
-			msg = "PacketFu whoami? packet #{(Time.now.to_i + rand(0xffffff)+1)}"
-			iface = (args[:iface] || ENV['IFACE'] || Pcap.lookupdev || :lo ).to_s
-			cap = PacketFu::Capture.new(:iface => iface, :promisc => false, :start => true, :filter => "udp and dst host #{dst_host} and dst port #{dst_port}")
-			udp_sock = UDPSocket.new
-			udp_sock.send(msg,0,dst_host,dst_port)
-			udp_sock = nil
-			cap.save
-			pkt = Packet.parse(cap.array[0]) unless cap.save.zero?
-			timeout = 0
-			while timeout < 1 # Sometimes packet generation can be a little pokey.
-				if pkt
-					timeout = 1.1 # Cancel the timeout
-					if pkt.payload == msg
-					my_data =	{
-						:iface => (args[:iface] || ENV['IFACE'] || Pcap.lookupdev || "lo").to_s,
-						:pcapfile => args[:pcapfile] || "/tmp/out.pcap",
-						:eth_saddr => pkt.eth_saddr,
-						:eth_src => pkt.eth_src.to_s,
-						:ip_saddr => pkt.ip_saddr,
-						:ip_src => pkt.ip_src,
-						:ip_src_bin => [pkt.ip_src].pack("N"),
-						:eth_dst => pkt.eth_dst.to_s,
-						:eth_daddr => pkt.eth_daddr
-					}
-					else raise SecurityError, 
-						"whoami() packet doesn't match sent data. Something fishy's going on."
-					end
-				else
-					sleep 0.1; timeout += 0.1
-					cap.save
-					pkt = Packet.parse(cap.array[0]) unless cap.save.zero?
-				end
-				raise SocketError, "Didn't receive the whomi() packet, can't automatically configure." if !pkt
-				cap = nil
-			end
-			my_data
-		end
-
-		# This is a brute-force approach at trying to find a suitable interface with an IP address.
-		def self.lookupdev
-			# XXX cycle through eth0-9 and wlan0-9, and if a cap start throws a RuntimeErorr (and we're
-			# root), it's not a good interface. Boy, really ought to fix lookupdev directly with another
-			# method that returns an array rather than just the first candidate.
-		end
-
-		# Handles ifconfig for various (okay, one) platforms. Mac guys, fix this and submit a patch! 
-		# Will have Windows done shortly.
-		#
-		# Takes an argument (either string or symbol) of the interface to look up, and 
-		# returns a hash which contains at least the :iface element, and if configured, 
-		# these additional elements:
-		#
-		#   :eth_saddr  # A human readable MAC address
-		#   :eth_src    # A packed MAC address
-		#   :ip_saddr   # A dotted-quad string IPv4 address
-		#   :ip_src     # A packed IPv4 address
-		#   :ip4_obj    # An IPAddr object with bitmask
-		#   :ip6_saddr  # A colon-delimited hex IPv6 address, with bitmask
-		#   :ip6_obj    # An IPAddr object with bitmask
-		#
-		# === Example
-		#   PacketFu::Utils.ifconfig :wlan0 # Not associated yet
-		#   #=> {:eth_saddr=>"00:1d:e0:73:9d:ff", :eth_src=>"\000\035\340s\235\377", :iface=>"wlan0"}
-		#   PacketFu::Utils.ifconfig("eth0") # Takes 'eth0' as default
-		#   #=> {:eth_saddr=>"00:1c:23:35:70:3b", :eth_src=>"\000\034#5p;", :ip_saddr=>"10.10.10.9", :ip4_obj=>#<IPAddr: IPv4:10.10.10.0/255.255.254.0>, :ip_src=>"\n\n\n\t", :iface=>"eth0", :ip6_saddr=>"fe80::21c:23ff:fe35:703b/64", :ip6_obj=>#<IPAddr: IPv6:fe80:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:0000:0000:0000:0000>}  
-		#   PacketFu::Utils.ifconfig :lo
-		#   #=> {:ip_saddr=>"127.0.0.1", :ip4_obj=>#<IPAddr: IPv4:127.0.0.0/255.0.0.0>, :ip_src=>"\177\000\000\001", :iface=>"lo", :ip6_saddr=>"::1/128", :ip6_obj=>#<IPAddr: IPv6:0000:0000:0000:0000:0000:0000:0000:0001/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>}
-		def self.ifconfig(iface='eth0')
-			ret = {}
-			iface = iface.to_s.scan(/[0-9A-Za-z]/).join # Sanitizing input, no spaces, semicolons, etc.
-			case RUBY_PLATFORM
-			when /linux/i
-				ifconfig_data = %x[ifconfig #{iface}]
-				if ifconfig_data =~ /#{iface}/i
-					ifconfig_data = ifconfig_data.split(/[\s]*\n[\s]*/)
-				else
-					raise ArgumentError, "Cannot ifconfig #{iface}"
-				end
-				real_iface = ifconfig_data.first
-				ret[:iface] = real_iface.split.first.downcase
-				if real_iface =~ /[\s]HWaddr[\s]+([0-9a-fA-F:]{17})/i
-					ret[:eth_saddr] = $1.downcase
-					ret[:eth_src] = EthHeader.mac2str(ret[:eth_saddr])
-				end
-				ifconfig_data.each do |s|
-					case s
-					when /inet addr:[\s]*([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)(.*Mask:([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+))?/i
-						ret[:ip_saddr] = $1
-						ret[:ip_src] = [IPAddr.new($1).to_i].pack("N")
-						ret[:ip4_obj] = IPAddr.new($1)
-						ret[:ip4_obj] = ret[:ip4_obj].mask($3) if $3
-					when /inet6 addr:[\s]*([0-9a-fA-F:\x2f]+)/
-						ret[:ip6_saddr] = $1
-						ret[:ip6_obj] = IPAddr.new($1)
-					end
-				end
-			end # linux 
-			ret
-		end
-
-	end
-
-end
-
-# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/lib/packetfu/version.rb

@@ -1,50 +0,0 @@
-module PacketFu
-
-	# Check the repo's for version release histories
-	VERSION = "1.1.1" # Fixes for 1.8 
-
-	# Returns PacketFu::VERSION
-	def self.version
-		VERSION
-	end
-
-	# Returns a version string in a binary format for easy comparisons.
-	def self.binarize_version(str)
-		if(str.respond_to?(:split) && str =~ /^[0-9]+(\.([0-9]+)(\.[0-9]+)?)?\..+$/)
-			bin_major,bin_minor,bin_teeny = str.split(/\x2e/).map {|x| x.to_i}
-			bin_version = (bin_major.to_i << 16) + (bin_minor.to_i << 8) + bin_teeny.to_i
-		else
-			raise ArgumentError, "Compare version malformed. Should be \x22x.y.z\x22"
-		end
-	end
-
-	# Returns true if the version is equal to or greater than the compare version.
-	# If the current version of PacketFu is "0.3.1" for example:
-	#
-	#   PacketFu.at_least? "0"     # => true 
-	#   PacketFu.at_least? "0.2.9" # => true 
-	#   PacketFu.at_least? "0.3"   # => true 
-	#   PacketFu.at_least? "1"     # => true after 1.0's release
-	#   PacketFu.at_least? "1.12"  # => false
-	#   PacketFu.at_least? "2"     # => false 
-	def self.at_least?(str)
-		this_version = binarize_version(self.version)
-		ask_version = binarize_version(str)
-		this_version >= ask_version
-	end
-
-	# Returns true if the current version is older than the compare version.
-	def self.older_than?(str)
-		return false if str == self.version
-		this_version = binarize_version(self.version)
-		ask_version = binarize_version(str)
-		this_version < ask_version
-	end
-
-	# Returns true if the current version is newer than the compare version.
-	def self.newer_than?(str)
-		return false if str == self.version
-		!self.older_than?(str)
-	end
-
-end

data/test/all_tests.rb

@@ -1,41 +0,0 @@
-#!/usr/bin/env ruby
-#
-# Tested on:
-#
-#   ruby-1.9.3-head [ x86_64 ]  
-#   ruby-1.9.1-p378 [ x86_64 ]  
-#   ruby-1.8.6-p399 [ x86_64 ]  
-#   ruby-1.8.7-p334 [ x86_64 ] 
-#   ruby-1.9.2-p180 [ x86_64 ] 
-
-# Okay so the regular test/unit stuff screws up some of my
-# meta magic. I need to move these over to spec and see
-# if they're any better. In the meantime, behold my
-# ghetto test exec()'er. It all passes with this,
-# so I'm just going to go ahead and assume the testing
-# methodolgy is flawed. TODO: rewrite all this for spec
-# and incidentally get the gem to test like it's supposed
-# to.
-
-$:.unshift File.expand_path(File.dirname(__FILE__) + "/../lib/")
-require 'packetfu'
-puts "Testing PacketFu v#{PacketFu::VERSION}"
-dir = Dir.new(File.dirname(__FILE__))
-
-dir.each { |file|
-	next unless File.file? file
-	next unless file[/^test_.*rb$/]
-	next if file == $0
-	puts "Running #{file}..."
-	cmd = %x{ruby #{file}}
-	if cmd[/ 0 failures/] && cmd[/ 0 errors/] 
-		puts "#{file}: All passed"
-	else
-		puts "File: #{file} had failures or errors:"
-		puts "-" * 80
-		puts cmd
-		puts "-" * 80
-	end
-}
-
-# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/ethpacket_spec.rb

@@ -1,74 +0,0 @@
-$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
-require 'packetfu'
-
-include PacketFu
-
-describe EthPacket, "when read from a pcap file" do
-
-	before :all do
-		parsed_packets = PcapFile.read_packets(File.join(".","sample.pcap"))
-		@eth_packet = parsed_packets.first
-	end
-
-	context "is a regular ethernet packet" do
-
-		subject { @eth_packet }
-
-		it "should be an EthPacket kind of packet" do
-			subject.should be_kind_of EthPacket
-		end
-
-		it "should have a dest mac address" do
-			subject.eth_daddr.should == "00:03:2f:1a:74:de"
-		end
-
-		it "should have a source mac address" do
-			subject.eth_saddr.should == "00:1b:11:51:b7:ce"
-		end
-
-		its(:size) { should == 78 }
-
-		it "should have a payload in its first header" do
-			subject.headers.first.body.should_not be_nil
-		end
-
-		context "an EthPacket's first header" do
-
-			subject { @eth_packet.headers.first }
-
-			it "should be 64 bytes" do
-				subject.body.sz.should == 64
-			end
-
-			context "EthHeader struct members" do
-				if RUBY_VERSION =~ /^1\.8/
-					its(:members) { should include :eth_dst.to_s }
-					its(:members) { should include :eth_src.to_s }
-					its(:members) { should include :eth_proto.to_s }
-					its(:members) { should include :body.to_s }
-				else
-					its(:members) { should include :eth_dst }
-					its(:members) { should include :eth_src }
-					its(:members) { should include :eth_proto }
-					its(:members) { should include :body }
-				end
-			end
-
-		end
-
-	end
-
-	context "isn't a regular Ethernet packet" do
-
-		subject {
-			parsed_packets = PcapFile.read_packets(File.join(".","vlan-pcapr.cap"))
-			parsed_packets.first
-		}
-
-		it "should not be an EthPacket" do
-			subject.should_not be_kind_of EthPacket
-		end
-
-	end
-
-end

data/test/packet_spec.rb

@@ -1,73 +0,0 @@
-$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
-require 'packetfu'
-
-describe PacketFu::Packet, "abstract packet class behavior" do
-
-	before(:all) do
-		class PacketFu::FooPacket < PacketFu::Packet; end
-		class PacketFu::BarPacket < PacketFu::Packet; end
-	end
-
-	it "should not be instantiated" do
-		expect { PacketFu::Packet.new }.to raise_error(NoMethodError)
-	end
-
-	it "should allow subclasses to instantiate" do
-		expect { PacketFu::FooPacket.new }. to be
-		PacketFu.packet_classes.include?(PacketFu::FooPacket).should be_true
-	end
-
-	it "should register packet classes with PacketFu" do
-		PacketFu.packet_classes {should include(FooPacket) }
-		PacketFu.packet_classes {should include(BarPacket) }
-	end
-
-	it "should disallow badly named subclasses" do
-		expect { 
-			class PacketFu::PacketNot < PacketFu::Packet
-			end 
-		}.to raise_error
-		PacketFu.packet_classes.include?(PacketFu::PacketNot).should be_false
-		PacketFu.packet_classes {should_not include(PacketNot) }
-	end
-
-	before(:each) do
-		@tcp_packet = PacketFu::TCPPacket.new
-		@tcp_packet.ip_saddr = "10.10.10.10"
-	end
-
-	it "should shallow copy with dup()" do
-		p2 = @tcp_packet.dup
-		p2.ip_saddr = "20.20.20.20"
-		p2.ip_saddr.should == @tcp_packet.ip_saddr
-		p2.headers[1].object_id.should == @tcp_packet.headers[1].object_id
-	end
-
-	it "should deep copy with clone()" do
-		p3 = @tcp_packet.clone
-		p3.ip_saddr = "30.30.30.30"
-		p3.ip_saddr.should_not == @tcp_packet.ip_saddr
-		p3.headers[1].object_id.should_not == @tcp_packet.headers[1].object_id
-	end
-
-	it "should have senisble equality" do
-		p4 = @tcp_packet.dup
-		p4.should == @tcp_packet
-		p5 = @tcp_packet.clone
-		p5.should == @tcp_packet
-	end
-
-	# It's actually kinda hard to manually create identical TCP packets
-	it "should be possible to manually create identical packets" do
-		p6 = @tcp_packet.clone
-		p6.should == @tcp_packet
-		p7 = PacketFu::TCPPacket.new
-		p7.ip_saddr = p6.ip_saddr
-		p7.ip_id = p6.ip_id
-		p7.tcp_seq = p6.tcp_seq
-		p7.tcp_src = p6.tcp_src
-		p7.tcp_sum = p6.tcp_sum
-		p7.should == p6
-	end
-
-end

data/test/packet_subclasses_spec.rb

@@ -1,13 +0,0 @@
-$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
-require 'packetfu'
-
-PacketFu.packet_classes.each do |pclass|
-	describe pclass, "peek format" do
-		it "will display sensible peek information" do
-			p = pclass.new
-			p.respond_to?(:peek).should be_true
-			p.peek.size.should be_<=(80), p.peek.inspect
-			p.peek.should match(/^[A-Z0-9?]../)
-		end
-	end
-end