packetfu 1.1.10 → 1.1.11

data/lib/packetfu/protos/tcp/options.rb

@@ -3,105 +3,105 @@ require 'packetfu/protos/tcp/option'
 
 module PacketFu
 
-	class TcpOptions < Array
+  class TcpOptions < Array
 
-		include StructFu
+    include StructFu
 
-		# If args[:pad] is set, the options line is automatically padded out
-		# with NOPs. 
-		def to_s(args={})
-			opts = self.map {|x| x.to_s}.join
-			if args[:pad]
-				unless (opts.size % 4).zero?
-					(4 - (opts.size % 4)).times { opts << "\x01" }
-				end
-			end
-			opts
-		end
+    # If args[:pad] is set, the options line is automatically padded out
+    # with NOPs. 
+    def to_s(args={})
+      opts = self.map {|x| x.to_s}.join
+      if args[:pad]
+        unless (opts.size % 4).zero?
+          (4 - (opts.size % 4)).times { opts << "\x01" }
+        end
+      end
+      opts
+    end
 
-		# Reads a string to populate the object.
-		def read(str)
-			self.clear 
-			PacketFu.force_binary(str)
-			return self if(!str.respond_to? :to_s || str.nil?)
-			i = 0
-			while i < str.to_s.size
-				this_opt = case str[i,1].unpack("C").first
-									 when 0; ::PacketFu::TcpOption::EOL.new
-									 when 1; ::PacketFu::TcpOption::NOP.new
-									 when 2; ::PacketFu::TcpOption::MSS.new
-									 when 3; ::PacketFu::TcpOption::WS.new
-									 when 4; ::PacketFu::TcpOption::SACKOK.new
-									 when 5; ::PacketFu::TcpOption::SACK.new
-									 when 6; ::PacketFu::TcpOption::ECHO.new
-									 when 7; ::PacketFu::TcpOption::ECHOREPLY.new
-									 when 8; ::PacketFu::TcpOption::TS.new
-									 else; ::PacketFu::TcpOption.new
-									 end
-				this_opt.read str[i,str.size]
-				unless this_opt.has_optlen?
-					this_opt.value = nil
-					this_opt.optlen = nil
-				end
-				self << this_opt
-				i += this_opt.sz
-			end
-			self
-		end
+    # Reads a string to populate the object.
+    def read(str)
+      self.clear 
+      PacketFu.force_binary(str)
+      return self if(!str.respond_to? :to_s || str.nil?)
+      i = 0
+      while i < str.to_s.size
+        this_opt = case str[i,1].unpack("C").first
+                   when 0; ::PacketFu::TcpOption::EOL.new
+                   when 1; ::PacketFu::TcpOption::NOP.new
+                   when 2; ::PacketFu::TcpOption::MSS.new
+                   when 3; ::PacketFu::TcpOption::WS.new
+                   when 4; ::PacketFu::TcpOption::SACKOK.new
+                   when 5; ::PacketFu::TcpOption::SACK.new
+                   when 6; ::PacketFu::TcpOption::ECHO.new
+                   when 7; ::PacketFu::TcpOption::ECHOREPLY.new
+                   when 8; ::PacketFu::TcpOption::TS.new
+                   else; ::PacketFu::TcpOption.new
+                   end
+        this_opt.read str[i,str.size]
+        unless this_opt.has_optlen?
+          this_opt.value = nil
+          this_opt.optlen = nil
+        end
+        self << this_opt
+        i += this_opt.sz
+      end
+      self
+    end
 
-		# Decode parses the TcpOptions object's member options, and produces a
-		# human-readable string by iterating over each element's decode() function.
-		# If TcpOptions elements were not initially created as TcpOptions, an
-		# attempt will be made to convert them. 
-		#
-		# The output of decode is suitable as input for TcpOptions#encode.
-		def decode
-			decoded = self.map do |x| 
-				if x.kind_of? TcpOption
-					x.decode
-				else
-					x = TcpOptions.new.read(x).decode
-				end
-			end
-			decoded.join(",")
-		end
+    # Decode parses the TcpOptions object's member options, and produces a
+    # human-readable string by iterating over each element's decode() function.
+    # If TcpOptions elements were not initially created as TcpOptions, an
+    # attempt will be made to convert them. 
+    #
+    # The output of decode is suitable as input for TcpOptions#encode.
+    def decode
+      decoded = self.map do |x| 
+        if x.kind_of? TcpOption
+          x.decode
+        else
+          x = TcpOptions.new.read(x).decode
+        end
+      end
+      decoded.join(",")
+    end
 
-		# Encode takes a human-readable string and appends the corresponding
-		# binary options to the TcpOptions object. To completely replace the contents
-		# of the object, use TcpOptions#encode! instead.
-		# 
-		# Options are comma-delimited, and are identical to the output of the
-		# TcpOptions#decode function. Note that the syntax can be unforgiving, so
-		# it may be easier to create the subclassed TcpOptions themselves directly,
-		# but this method can be less typing if you know what you're doing.
-		# 
-		# Note that by using TcpOptions#encode, strings supplied as values which
-		# can be converted to numbers will be converted first.
-		#
-		# === Example
-		#
-		#   t = TcpOptions.new
-		#   t.encode("MS:1460,WS:6")
-		#		t.to_s # => "\002\004\005\264\002\003\006"
-		#		t.encode("NOP")
-		#		t.to_s # => "\002\004\005\264\002\003\006\001"
-		def encode(str)
-			opts = str.split(/[\s]*,[\s]*/)
-			opts.each do |o|
-				kind,value = o.split(/[\s]*:[\s]*/)
-				klass = TcpOption.const_get(kind.upcase)
-				value = value.to_i if value =~ /^[0-9]+$/
-				this_opt = klass.new
-				this_opt.encode(value)
-				self << this_opt
-			end
-			self
-		end
+    # Encode takes a human-readable string and appends the corresponding
+    # binary options to the TcpOptions object. To completely replace the contents
+    # of the object, use TcpOptions#encode! instead.
+    # 
+    # Options are comma-delimited, and are identical to the output of the
+    # TcpOptions#decode function. Note that the syntax can be unforgiving, so
+    # it may be easier to create the subclassed TcpOptions themselves directly,
+    # but this method can be less typing if you know what you're doing.
+    # 
+    # Note that by using TcpOptions#encode, strings supplied as values which
+    # can be converted to numbers will be converted first.
+    #
+    # === Example
+    #
+    #   t = TcpOptions.new
+    #   t.encode("MS:1460,WS:6")
+    #		t.to_s # => "\002\004\005\264\002\003\006"
+    #		t.encode("NOP")
+    #		t.to_s # => "\002\004\005\264\002\003\006\001"
+    def encode(str)
+      opts = str.split(/[\s]*,[\s]*/)
+      opts.each do |o|
+        kind,value = o.split(/[\s]*:[\s]*/)
+        klass = TcpOption.const_get(kind.upcase)
+        value = value.to_i if value =~ /^[0-9]+$/
+        this_opt = klass.new
+        this_opt.encode(value)
+        self << this_opt
+      end
+      self
+    end
 
-		# Like TcpOption#encode, except the entire contents are replaced.
-		def encode!(str)
-			self.clear if self.size > 0
-			encode(str)
-		end
-	end
+    # Like TcpOption#encode, except the entire contents are replaced.
+    def encode!(str)
+      self.clear if self.size > 0
+      encode(str)
+    end
+  end
 end

data/lib/packetfu/protos/tcp/reserved.rb

@@ -1,43 +1,43 @@
 # -*- coding: binary -*-
 module PacketFu
-	# Implements the Reserved bits for TCPHeader.
-	#
-	# ==== Header Definition
-	#
-	#
-	#  Fixnum (1 bit)  :r1
-	#  Fixnum (1 bit)  :r2
-	#  Fixnum (1 bit)  :r3
-	class TcpReserved < Struct.new(:r1, :r2, :r3)
+  # Implements the Reserved bits for TCPHeader.
+  #
+  # ==== Header Definition
+  #
+  #
+  #  Fixnum (1 bit)  :r1
+  #  Fixnum (1 bit)  :r2
+  #  Fixnum (1 bit)  :r3
+  class TcpReserved < Struct.new(:r1, :r2, :r3)
 
-		include StructFu
+    include StructFu
 
-		def initialize(args={})
-			super(
-				args[:r1] || 0,
-				args[:r2] || 0,
-				args[:r3] || 0) if args.kind_of? Hash
-		end
+    def initialize(args={})
+      super(
+        args[:r1] || 0,
+        args[:r2] || 0,
+        args[:r3] || 0) if args.kind_of? Hash
+    end
 
-		# Returns the Reserved field as an integer.
-		def to_i
-			(r1.to_i << 2) + (r2.to_i << 1) + r3.to_i
-		end
+    # Returns the Reserved field as an integer.
+    def to_i
+      (r1.to_i << 2) + (r2.to_i << 1) + r3.to_i
+    end
 
-		# Reads a string to populate the object.
-		def read(str)
-			force_binary(str)
-			return self if str.nil? || str.size.zero?
-			if 1.respond_to? :ord
-				byte = str[0].ord
-			else
-				byte = str[0]
-			end
-			self[:r1] = byte & 0b00000100 == 0b00000100 ? 1 : 0
-			self[:r2] = byte & 0b00000010 == 0b00000010 ? 1 : 0
-			self[:r3] = byte & 0b00000001 == 0b00000001 ? 1 : 0
-			self
-		end
+    # Reads a string to populate the object.
+    def read(str)
+      force_binary(str)
+      return self if str.nil? || str.size.zero?
+      if 1.respond_to? :ord
+        byte = str[0].ord
+      else
+        byte = str[0]
+      end
+      self[:r1] = byte & 0b00000100 == 0b00000100 ? 1 : 0
+      self[:r2] = byte & 0b00000010 == 0b00000010 ? 1 : 0
+      self[:r3] = byte & 0b00000001 == 0b00000001 ? 1 : 0
+      self
+    end
 
-	end
+  end
 end

data/lib/packetfu/protos/udp.rb

@@ -5,138 +5,174 @@ require 'packetfu/protos/eth/mixin'
 require 'packetfu/protos/ip/header'
 require 'packetfu/protos/ip/mixin'
 
+require 'packetfu/protos/ipv6/header'
+require 'packetfu/protos/ipv6/mixin'
+
 require 'packetfu/protos/udp/header'
 require 'packetfu/protos/udp/mixin'
 
 module PacketFu
 
-	# UDPPacket is used to construct UDP Packets. They contain an EthHeader, an IPHeader, and a UDPHeader.
-	#
-	# == Example
-	#
-	#   udp_pkt = PacketFu::UDPPacket.new
-	#   udp_pkt.udp_src=rand(0xffff-1024) + 1024
-	#   udp_pkt.udp_dst=53
-	# 
-	#   udp_pkt.ip_saddr="1.2.3.4"
-	#   udp_pkt.ip_daddr="10.20.30.40"
-	#
-	#   udp_pkt.recalc
-	#   udp_pkt.to_f('/tmp/udp.pcap')
-	#
-	# == Parameters
-	#
-	#  :eth
-	#    A pre-generated EthHeader object.
-	#  :ip
-	#    A pre-generated IPHeader object.
-	#  :flavor
-	#    TODO: Sets the "flavor" of the UDP packet. UDP packets don't tend have a lot of
-	#    flavor, but their underlying ip headers do.
-	#  :config
-	#   A hash of return address details, often the output of Utils.whoami?
-	class UDPPacket < Packet
+  # UDPPacket is used to construct UDP Packets. They contain an EthHeader, an IPHeader, and a UDPHeader.
+  #
+  # == Example
+  #
+  #   udp_pkt = PacketFu::UDPPacket.new
+  #   udp_pkt.udp_src=rand(0xffff-1024) + 1024
+  #   udp_pkt.udp_dst=53
+  #   udp_pkt.ip_saddr="1.2.3.4"
+  #   udp_pkt.ip_daddr="10.20.30.40"
+  #   udp_pkt.recalc
+  #   udp_pkt.to_f('/tmp/udp.pcap')
+  #
+  #   udp6_pkt = PacketFu::UDPPacket.new(:on_ipv6 => true)
+  #   udp6_pkt.udp_src=rand(0xffff-1024) + 1024
+  #   udp6_pkt.udp_dst=53
+  #   udp6_pkt.ip6_saddr="4::1"
+  #   udp6_pkt.ip6_daddr="12:3::4567"
+  #   udp6_pkt.recalc
+  #   udp6_pkt.to_f('/tmp/udp.pcap')
+  #
+  # == Parameters
+  #
+  #  :eth
+  #    A pre-generated EthHeader object.
+  #  :ip
+  #    A pre-generated IPHeader object.
+  #  :flavor
+  #    TODO: Sets the "flavor" of the UDP packet. UDP packets don't tend have a lot of
+  #    flavor, but their underlying ip headers do.
+  #  :config
+  #   A hash of return address details, often the output of Utils.whoami?
+  class UDPPacket < Packet
     include ::PacketFu::EthHeaderMixin
     include ::PacketFu::IPHeaderMixin
+    include ::PacketFu::IPv6HeaderMixin
     include ::PacketFu::UDPHeaderMixin
 
-		attr_accessor :eth_header, :ip_header, :udp_header
-
-		def self.can_parse?(str)
-			return false unless str.size >= 28
-			return false unless EthPacket.can_parse? str
-			return false unless IPPacket.can_parse? str
-			return false unless str[23,1] == "\x11"
-			return true
-		end
-
-		def read(str=nil, args={})
-			raise "Cannot parse `#{str}'" unless self.class.can_parse?(str)
-			@eth_header.read(str)
-			if args[:strip]
-				udp_body_len = self.ip_len - self.ip_hlen - 8
-				@udp_header.body.read(@udp_header.body.to_s[0,udp_body_len])
-			end
-			super(args)
-			self
-		end
-
-		def initialize(args={})
-			@eth_header = EthHeader.new(args).read(args[:eth])
-			@ip_header = IPHeader.new(args).read(args[:ip])
-			@ip_header.ip_proto=0x11
-			@udp_header = UDPHeader.new(args).read(args[:icmp])
-			@ip_header.body = @udp_header
-			@eth_header.body = @ip_header
-			@headers = [@eth_header, @ip_header, @udp_header]
-			super
-			udp_calc_sum
-		end
-
-		# udp_calc_sum() computes the UDP checksum, and is called upon intialization. 
-		# It usually should be called just prior to dropping packets to a file or on the wire. 
-		def udp_calc_sum
-			# This is /not/ delegated down to @udp_header since we need info
-			# from the IP header, too.
-			checksum = (ip_src.to_i >> 16)
-			checksum += (ip_src.to_i & 0xffff)
-			checksum += (ip_dst.to_i >> 16)
-			checksum += (ip_dst.to_i & 0xffff)
-			checksum += 0x11
-			checksum += udp_len.to_i
-			checksum += udp_src.to_i
-			checksum += udp_dst.to_i
-			checksum += udp_len.to_i
-			if udp_len.to_i >= 8
-				# For IP trailers. This isn't very reliable. :/
-				real_udp_payload = payload.to_s[0,(udp_len.to_i-8)] 
-			else
-				# I'm not going to mess with this right now.
-				real_udp_payload = payload 
-			end
-			chk_payload = (real_udp_payload.size % 2 == 0 ? real_udp_payload : real_udp_payload + "\x00")
-			chk_payload.unpack("n*").each {|x| checksum = checksum+x}
-			checksum = checksum % 0xffff
-			checksum = 0xffff - checksum
-			checksum == 0 ? 0xffff : checksum
-			@udp_header.udp_sum = checksum
-		end
-
-		# udp_recalc() recalculates various fields of the UDP packet. Valid arguments are:
-		#
-		#   :all
-		#     Recomputes all calculated fields.
-		#   :udp_sum
-		#     Recomputes the UDP checksum.
-		#   :udp_len
-		#     Recomputes the UDP length.
-		def udp_recalc(args=:all)
-			case args
-			when :udp_len
-				@udp_header.udp_recalc
-			when :udp_sum
-				udp_calc_sum
-			when :all
-				@udp_header.udp_recalc
-				udp_calc_sum
-			else
-				raise ArgumentError, "No such field `#{arg}'"
-			end
-		end
-
-		# Peek provides summary data on packet contents.
-		def peek_format
-			peek_data = ["U  "]
-			peek_data << "%-5d" % self.to_s.size
-			peek_data << "%-21s" % "#{self.ip_saddr}:#{self.udp_sport}"
-			peek_data << "->"
-			peek_data << "%21s" % "#{self.ip_daddr}:#{self.udp_dport}"
-			peek_data << "%23s" % "I:"
-			peek_data << "%04x" % self.ip_id
-			peek_data.join
-		end
-
-	end
+    attr_accessor :eth_header, :ip_header, :ipv6_header, :udp_header
+
+    def self.can_parse?(str)
+      return false unless str.size >= 28
+      return false unless EthPacket.can_parse? str
+      return false unless IPPacket.can_parse? str
+      return false unless str[23,1] == "\x11"
+      return true
+    end
+
+    def read(str=nil, args={})
+      raise "Cannot parse `#{str}'" unless self.class.can_parse?(str)
+      @eth_header.read(str)
+      if args[:strip]
+        udp_body_len = self.ip_len - self.ip_hlen - 8
+        @udp_header.body.read(@udp_header.body.to_s[0,udp_body_len])
+      end
+      super(args)
+      self
+    end
+
+    def initialize(args={})
+      if args[:on_ipv6] or args[:ipv6]
+        @eth_header = EthHeader.new(args.merge(:eth_proto => 0x86dd)).read(args[:eth])
+        @ipv6_header = IPv6Header.new(args).read(args[:ipv6])
+        @ipv6_header.ipv6_next=0x11
+      else
+        @eth_header = EthHeader.new(args).read(args[:eth])
+        @ip_header = IPHeader.new(args).read(args[:ip])
+        @ip_header.ip_proto=0x11
+      end
+      @udp_header = UDPHeader.new(args).read(args[:udp])
+      if args[:on_ipv6] or args[:ipv6]
+        @ipv6_header.body = @udp_header
+        @eth_header.body = @ipv6_header
+        @headers = [@eth_header, @ipv6_header, @udp_header]
+      else
+        @ip_header.body = @udp_header
+        @eth_header.body = @ip_header
+        @headers = [@eth_header, @ip_header, @udp_header]
+      end
+      super
+      udp_calc_sum
+    end
+
+    # udp_calc_sum() computes the UDP checksum, and is called upon intialization. 
+    # It usually should be called just prior to dropping packets to a file or on the wire. 
+    def udp_calc_sum
+      # This is /not/ delegated down to @udp_header since we need info
+      # from the IP header, too.
+      checksum = 0
+      if @ipv6_header
+        [ipv6_src, ipv6_dst].each do |iaddr|
+          8.times do |i|
+            checksum += (iaddr >> (i * 16)) & 0xffff
+          end
+        end
+      else
+        checksum += (ip_src.to_i >> 16)
+        checksum += (ip_src.to_i & 0xffff)
+        checksum += (ip_dst.to_i >> 16)
+        checksum += (ip_dst.to_i & 0xffff)
+      end
+      checksum += 0x11
+      checksum += udp_len.to_i
+      checksum += udp_src.to_i
+      checksum += udp_dst.to_i
+      checksum += udp_len.to_i
+      if udp_len.to_i >= 8
+        # For IP trailers. This isn't very reliable. :/
+        real_udp_payload = payload.to_s[0,(udp_len.to_i-8)] 
+      else
+        # I'm not going to mess with this right now.
+        real_udp_payload = payload 
+      end
+      chk_payload = (real_udp_payload.size % 2 == 0 ? real_udp_payload : real_udp_payload + "\x00")
+      chk_payload.unpack("n*").each {|x| checksum = checksum+x}
+      checksum = checksum % 0xffff
+      checksum = 0xffff - checksum
+      checksum == 0 ? 0xffff : checksum
+      @udp_header.udp_sum = checksum
+    end
+
+    # udp_recalc() recalculates various fields of the UDP packet. Valid arguments are:
+    #
+    #   :all
+    #     Recomputes all calculated fields.
+    #   :udp_sum
+    #     Recomputes the UDP checksum.
+    #   :udp_len
+    #     Recomputes the UDP length.
+    def udp_recalc(args=:all)
+      case args
+      when :udp_len
+        @udp_header.udp_recalc
+      when :udp_sum
+        udp_calc_sum
+      when :all
+        @udp_header.udp_recalc
+        udp_calc_sum
+      else
+        raise ArgumentError, "No such field `#{arg}'"
+      end
+    end
+
+    # Peek provides summary data on packet contents.
+    def peek_format
+      peek_data = ["U  "]
+      peek_data << "%-5d" % self.to_s.size
+      peek_data << "%-21s" % "#{self.ip_saddr}:#{self.udp_sport}"
+      peek_data << "->"
+      peek_data << "%21s" % "#{self.ip_daddr}:#{self.udp_dport}"
+      peek_data << "%23s" % "I:"
+      peek_data << "%04x" % self.ip_id
+      peek_data.join
+    end
+
+    # Is that packet an UDP on IPv6 packet ?
+    def ipv6?
+      @ipv6_header
+    end
+
+  end
 
 end