packetfu 1.1.10 → 1.1.11

data/lib/packetfu/version.rb

@@ -1,51 +1,51 @@
 # -*- coding: binary -*-
 module PacketFu
 
-	# Check the repo's for version release histories
-	VERSION = "1.1.10"
+  # Check the repo's for version release histories
+  VERSION = "1.1.11"
 
-	# Returns PacketFu::VERSION
-	def self.version
-		VERSION
-	end
+  # Returns PacketFu::VERSION
+  def self.version
+    VERSION
+  end
 
-	# Returns a version string in a binary format for easy comparisons.
-	def self.binarize_version(str)
-		if(str.respond_to?(:split) && str =~ /^[0-9]+(\.([0-9]+)(\.[0-9]+)?)?\..+$/)
-			bin_major,bin_minor,bin_teeny = str.split(/\x2e/).map {|x| x.to_i}
-			bin_version = (bin_major.to_i << 16) + (bin_minor.to_i << 8) + bin_teeny.to_i
-		else
-			raise ArgumentError, "Compare version malformed. Should be \x22x.y.z\x22"
-		end
-	end
+  # Returns a version string in a binary format for easy comparisons.
+  def self.binarize_version(str)
+    if(str.respond_to?(:split) && str =~ /^[0-9]+(\.([0-9]+)(\.[0-9]+)?)?\..+$/)
+      bin_major,bin_minor,bin_teeny = str.split(/\x2e/).map {|x| x.to_i}
+      bin_version = (bin_major.to_i << 16) + (bin_minor.to_i << 8) + bin_teeny.to_i
+    else
+      raise ArgumentError, "Compare version malformed. Should be \x22x.y.z\x22"
+    end
+  end
 
-	# Returns true if the version is equal to or greater than the compare version.
-	# If the current version of PacketFu is "0.3.1" for example:
-	#
-	#   PacketFu.at_least? "0"     # => true 
-	#   PacketFu.at_least? "0.2.9" # => true 
-	#   PacketFu.at_least? "0.3"   # => true 
-	#   PacketFu.at_least? "1"     # => true after 1.0's release
-	#   PacketFu.at_least? "1.12"  # => false
-	#   PacketFu.at_least? "2"     # => false 
-	def self.at_least?(str)
-		this_version = binarize_version(self.version)
-		ask_version = binarize_version(str)
-		this_version >= ask_version
-	end
+  # Returns true if the version is equal to or greater than the compare version.
+  # If the current version of PacketFu is "0.3.1" for example:
+  #
+  #   PacketFu.at_least? "0"     # => true 
+  #   PacketFu.at_least? "0.2.9" # => true 
+  #   PacketFu.at_least? "0.3"   # => true 
+  #   PacketFu.at_least? "1"     # => true after 1.0's release
+  #   PacketFu.at_least? "1.12"  # => false
+  #   PacketFu.at_least? "2"     # => false 
+  def self.at_least?(str)
+    this_version = binarize_version(self.version)
+    ask_version = binarize_version(str)
+    this_version >= ask_version
+  end
 
-	# Returns true if the current version is older than the compare version.
-	def self.older_than?(str)
-		return false if str == self.version
-		this_version = binarize_version(self.version)
-		ask_version = binarize_version(str)
-		this_version < ask_version
-	end
+  # Returns true if the current version is older than the compare version.
+  def self.older_than?(str)
+    return false if str == self.version
+    this_version = binarize_version(self.version)
+    ask_version = binarize_version(str)
+    this_version < ask_version
+  end
 
-	# Returns true if the current version is newer than the compare version.
-	def self.newer_than?(str)
-		return false if str == self.version
-		!self.older_than?(str)
-	end
+  # Returns true if the current version is newer than the compare version.
+  def self.newer_than?(str)
+    return false if str == self.version
+    !self.older_than?(str)
+  end
 
 end

data/packetfu.gemspec

@@ -12,11 +12,22 @@ Gem::Specification.new do |s|
   s.files       = `git ls-files`.split($/)
   s.license     = 'BSD'
 
-  s.add_development_dependency('pcaprub', '>= 0.9.2')
-  s.add_development_dependency('rspec',   '>= 2.6.2')
-  s.add_development_dependency('sdoc',    '>= 0.2.0')
+  s.add_dependency('network_interface', '~> 0.0')
+  s.add_dependency('pcaprub', '~> 0.12')
+  s.add_development_dependency('rake', '~> 10.3')
+  s.add_development_dependency('rspec', '~> 3.0')
+  s.add_development_dependency('rspec-its', '~> 1.2')
+  s.add_development_dependency('sdoc', '~> 0.4.1')
 
   s.extra_rdoc_files  = %w[.document README.rdoc]
   s.test_files        = (s.files & (Dir['spec/**/*_spec.rb'] + Dir['test/test_*.rb']) )
   s.rubyforge_project = 'packetfu'
+
+  cert = File.expand_path("~/.ssh/gem-private_key_todb.pem")
+
+  if File.exist?(cert) and File.readable?(cert)
+    s.signing_key = cert
+    s.cert_chain = ['gem-public_cert.pem']
+  end
+
 end

data/spec/arp_spec.rb

@@ -0,0 +1,191 @@
+# -*- coding: binary -*-
+require 'spec_helper'
+require 'tempfile'
+
+include PacketFu
+
+describe ARPHeader do
+  context "when initializing ARPHeader" do
+    before :each do
+      @arp_header = ARPHeader.new
+    end
+
+    it "should have the correct classes for initialization values" do
+      expect(@arp_header).to be_kind_of(ARPHeader)
+      expect(@arp_header[:arp_hw]).to be_kind_of(StructFu::Int16)
+      expect(@arp_header.arp_hw).to be_kind_of(Fixnum)
+      expect(@arp_header[:arp_src_ip]).to be_kind_of(Octets)
+      expect(@arp_header.arp_src_ip).to be_kind_of(String)
+      expect(@arp_header[:arp_dst_mac]).to be_kind_of(EthMac)
+      expect(@arp_header.body).to be_kind_of(StructFu::String)
+    end
+  end
+
+  context "when parsing ARPHeader from the wire" do
+    before :each do
+      @arp_header = ARPHeader.new
+    end
+
+    it "should be able to parse an ARPHeader from string I/O" do
+      hexified_arp_header = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169"
+      raw_arp_header = hexified_arp_header.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+
+      @arp_header.read(raw_arp_header)
+      expect(@arp_header.to_s).to eql(raw_arp_header)
+      expect(@arp_header.arp_daddr_ip).to eql("192.168.1.105")
+      expect(@arp_header.arp_saddr_ip).to eql("192.168.1.2")
+      expect(@arp_header.arp_daddr_mac).to eql("00:1b:11:51:b7:ce")
+      expect(@arp_header.arp_saddr_mac).to eql("00:03:2f:1a:74:de")
+    end
+  end
+end
+
+describe ARPPacket do
+  context "when initializing ARPPacket" do
+    before :each do
+      @arp_packet = ARPPacket.new
+    end
+
+    it "should have the correct values for initialization" do
+      expect(@arp_packet).to be_kind_of(ARPPacket)
+      expect(@arp_packet.arp_saddr_ip).to eql("0.0.0.0")
+      expect(@arp_packet.arp_daddr_ip).to eql("0.0.0.0")
+      expect(@arp_packet.arp_src_ip).to eql("\x00\x00\x00\x00")
+      expect(@arp_packet.arp_dst_ip).to eql("\x00\x00\x00\x00")
+    end
+
+    it "should allow setting values at initialization" do
+      opts_hash = {
+        :arp_hw => 1,
+        :arp_proto => 0x0800,
+        :arp_opcode => 2,
+        :arp_src_ip => "\xc0\xa8\x01\x02"
+      }
+      arp = ARPPacket.new(opts_hash)
+
+      expect(@arp_packet.arp_hw).to eql(opts_hash[:arp_hw])
+      expect(@arp_packet.arp_proto).to eql(opts_hash[:arp_proto])
+
+      # TODO: Fix the bug that is preventing these values from setting
+      #expect(@arp_packet.arp_opcode).to eql(opts_hash[:arp_opcode])
+      #expect(@arp_packet.arp_src_ip).to eql(opts_hash[:arp_src_ip])
+    end
+
+    it "should have the ability to set IP addresses" do
+      @arp_packet.arp_saddr_ip = "1.2.3.4"
+      @arp_packet.arp_daddr_ip = "5.6.7.8"
+
+      expect(@arp_packet.arp_saddr_ip).to eql("1.2.3.4")
+      expect(@arp_packet.arp_daddr_ip).to eql("5.6.7.8")
+      expect(@arp_packet.arp_src_ip).to eql("\x01\x02\x03\x04")
+      expect(@arp_packet.arp_dst_ip).to eql("\x05\x06\x07\x08")
+    end
+
+    it "should support peek formatting" do
+      expect(@arp_packet.peek).to match(/A\s+60\s+00:01:ac:00:00:00\(0.0.0.0\)\->00:01:ac:00:00:00\(0\.0\.0\.0\):Requ/)
+    end
+  end
+
+  context "when setting attributes on ARPPacket" do
+    before :each do
+      @arp_packet = ARPPacket.new
+    end
+
+    it "should allow the setting of IP addresses" do
+      @arp_packet.arp_saddr_ip = "1.2.3.4"
+      @arp_packet.arp_daddr_ip = "5.6.7.8"
+
+      expect(@arp_packet.arp_saddr_ip).to eql("1.2.3.4")
+      expect(@arp_packet.arp_daddr_ip).to eql("5.6.7.8")
+      expect(@arp_packet.arp_src_ip).to eql("\x01\x02\x03\x04")
+      expect(@arp_packet.arp_dst_ip).to eql("\x05\x06\x07\x08")
+    end
+
+    it "should allow the setting of MAC addresses" do
+      @arp_packet.arp_saddr_mac = "00:01:02:03:04:05"
+      @arp_packet.arp_daddr_mac = "00:06:07:08:09:0a"
+
+      expect(@arp_packet.arp_saddr_mac).to eql("00:01:02:03:04:05")
+      expect(@arp_packet.arp_daddr_mac).to eql("00:06:07:08:09:0a")
+      expect(@arp_packet.arp_src_mac).to eql("\x00\x01\x02\x03\x04\x05")
+      expect(@arp_packet.arp_dst_mac).to eql("\x00\x06\x07\x08\x09\x0a")
+    end
+
+    it "should allow the setting of all attributes" do
+      hexified_arp_packet = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169"
+      raw_arp_packet = hexified_arp_packet.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+
+      @arp_packet.arp_hw = 1
+      @arp_packet.arp_proto = 0x0800
+      @arp_packet.arp_hw_len = 6
+      @arp_packet.arp_proto_len = 4
+      @arp_packet.arp_opcode = 2
+      @arp_packet.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
+      @arp_packet.arp_src_ip = "\xc0\xa8\x01\x02"
+      @arp_packet.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
+      @arp_packet.arp_dst_ip = "\xc0\xa8\x01\x69"
+      @arp_packet.payload = ""
+      expect(@arp_packet.to_s[14,0xffff]).to eql(raw_arp_packet)
+    end
+
+    context "when setting arp flavors" do
+      before :each do
+        @arp_packet = ARPPacket.new
+      end
+
+      it "should have a sane default" do
+        expect(@arp_packet.payload).to eql("\x00" * 18)
+      end
+
+      it "should support a Windows flavor" do
+        @arp_packet = ARPPacket.new(:flavor => "Windows")
+        expect(@arp_packet.payload).to eql("\x00" * 64)
+      end
+
+      it "should support a Linux flavor" do
+        @arp_packet = ARPPacket.new(:flavor => "Linux")
+        expect(@arp_packet.payload.size).to eql(32)
+      end
+
+      it "should support a HP Deskjet flavor" do
+        @arp_packet = ARPPacket.new(:flavor => :hp_deskjet)
+        expect(@arp_packet.payload.size).to eql(18)
+      end
+    end
+  end
+
+  context "when parsing ARPPacket from the wire" do
+    before :each do
+      @arp_packet = ARPPacket.new
+    end
+
+    it "should be able to parse an ARPPacket from string I/O" do
+      hexified_arp_packet = "001b1151b7ce00032f1a74de0806000108000604000200032f1a74dec0a80102001b1151b7cec0a80169c0a80169"
+      raw_arp_packet = hexified_arp_packet.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+
+      @arp_packet.read(raw_arp_packet)
+      expect(@arp_packet.to_s).to eql(raw_arp_packet)
+      expect(@arp_packet.payload).to eql("\xC0\xA8\x01i")
+      expect(@arp_packet.arp_daddr_ip).to eql("192.168.1.105")
+      expect(@arp_packet.arp_saddr_ip).to eql("192.168.1.2")
+      expect(@arp_packet.arp_daddr_mac).to eql("00:1b:11:51:b7:ce")
+      expect(@arp_packet.arp_saddr_mac).to eql("00:03:2f:1a:74:de")
+    end
+  end
+
+  context "when writing ARPPacket to PCAP" do
+    before :each do
+      @arp_packet = ARPPacket.new
+    end
+
+    it "should write a PCAP file to disk" do
+      @arp_packet.recalc
+      arp_pcap_file = Tempfile.new('arp_pcap')
+      expect(arp_pcap_file.read).to eql("")
+
+      @arp_packet.to_f(arp_pcap_file, 'a')
+      expect(File.exists?('arp_pcap'))
+      expect(arp_pcap_file.read.size).to be >= 76
+    end
+  end
+end

data/spec/eth_spec.rb

@@ -0,0 +1,148 @@
+# -*- coding: binary -*-
+require 'spec_helper'
+require 'tempfile'
+
+include PacketFu
+
+describe EthMac do
+  context "when creating an object from scratch" do
+    before :each do
+      @eth_mac = EthMac.new
+    end
+
+    it "should have sane defaults" do
+      expect(@eth_mac.oui).to be_kind_of(EthOui)
+      expect(@eth_mac.oui.oui).to eql(428)
+      expect(@eth_mac.nic).to be_kind_of(EthNic)
+      expect(@eth_mac.nic.to_s).to eql("\x00\x00\x00")
+    end
+  end
+
+  context "when parsing EthMac from the wire" do
+    before :each do
+      @eth_mac = EthMac.new
+    end
+
+    it "should parse from string i/o (Example 1)" do
+      dst = "\x00\x03\x2f\x1a\x74\xde"
+      @eth_mac.read(dst)
+
+      expect(@eth_mac).to be_kind_of(EthMac)
+      expect(@eth_mac.to_s).to eql(dst)
+      expect(@eth_mac.oui.oui).to eql(0x32f)
+      expect(@eth_mac.nic.to_s).to eql("\x1At\xDE".force_encoding('binary'))
+      expect(@eth_mac.nic.n2).to eql(222)
+    end
+
+    it "should parse from an ipad" do
+      dst = "\x7c\x6d\x62\x01\x02\x03"
+      @eth_mac.read(dst)
+
+      expect(@eth_mac).to be_kind_of(EthMac)
+      expect(@eth_mac.to_s).to eql(dst)
+      expect(@eth_mac.oui.oui).to eql(0x6d62)
+    end
+  end
+
+end
+
+describe EthHeader do
+  context "when creating an object from scratch" do
+    before :each do
+      @eth_header = EthHeader.new
+    end
+
+    it "should have sane defaults" do
+      expect(@eth_header).to be_kind_of(EthHeader)
+      expect(@eth_header.eth_src).to eql("\x00\x01\xAC\x00\x00\x00".force_encoding('binary'))
+      expect(@eth_header.eth_dst).to eql("\x00\x01\xAC\x00\x00\x00".force_encoding('binary'))
+      expect(@eth_header.eth_proto).to eql(2048)
+    end
+
+    it "should allow setting of the dstmac" do
+      dst = "\x00\x03\x2f\x1a\x74\xde"
+      dstmac = "00:03:2f:1a:74:de"
+
+      expect(EthHeader.str2mac(dst)).to eql(dstmac)
+      expect(EthHeader.mac2str(dstmac)).to eql(dst)
+    end
+  end
+end
+
+describe EthPacket do
+  context "when creating an object from scratch" do
+    before :each do
+      @eth_packet = EthPacket.new
+    end
+
+    it "should have sane defaults" do
+      expect(@eth_packet.eth_dst).to eql("\x00\x01\xAC\x00\x00\x00")
+      expect(@eth_packet.eth_src).to eql("\x00\x01\xAC\x00\x00\x00")
+      expect(@eth_packet.eth_proto).to eql(2048)
+    end
+
+    it "should be able to match a predefined eth_packet via string i/o" do
+      raw_header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
+
+      expect(@eth_packet).to be_kind_of(EthPacket)
+      expect(@eth_packet.headers[0]).to be_kind_of(EthHeader)
+      expect(@eth_packet.is_eth?).to be true
+      expect(@eth_packet.is_tcp?).to be false
+
+      @eth_packet.eth_dst = "\x00\x03\x2f\x1a\x74\xde"
+      @eth_packet.eth_src = "\x00\x1b\x11\x51\xb7\xce"
+      @eth_packet.eth_proto = 0x0800
+
+      expect(@eth_packet.to_s[0,14]).to eql(raw_header)
+    end
+
+    it "should be able to match a predefined eth_packet via opts" do
+      raw_header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
+
+      @eth_packet = EthPacket.new(
+                      :eth_dst => "\x00\x03\x2f\x1a\x74\xde",
+                      :eth_src => "\x00\x1b\x11\x51\xb7\xce",
+                      :eth_proto => 0x0800
+                    )
+
+      expect(@eth_packet.to_s[0,14]).to eql(raw_header)
+    end
+  end
+
+  context "when reading/writing PCAP to file" do
+    it "should write a pcap file to disk" do
+      @eth_packet = EthPacket.new(
+                      :eth_dst => "\x00\x03\x2f\x1a\x74\xde",
+                      :eth_src => "\x00\x1b\x11\x51\xb7\xce",
+                      :eth_proto => 0x0800
+                    )
+
+      @eth_packet.recalc
+      eth_pcap_file = Tempfile.new('eth_pcap')
+      expect(eth_pcap_file.read).to eql("")
+
+      @eth_packet.to_f(eth_pcap_file, 'a')
+      expect(File.exists?('eth_pcap'))
+      expect(eth_pcap_file.read.size).to be >= 30
+    end
+
+    it "should read a pcap file to create ethpacket" do
+      parsed_packets = PcapFile.read_packets("./test/sample.pcap")
+      @eth_packet = parsed_packets.first
+
+      expect(@eth_packet).to be_kind_of(EthPacket)
+      expect(@eth_packet.eth_daddr).to eql("00:03:2f:1a:74:de")
+      expect(@eth_packet.eth_saddr).to eql("00:1b:11:51:b7:ce")
+      expect(@eth_packet.size).to eql(78)
+      expect(@eth_packet.headers.first.body).to be_kind_of(PacketFu::IPHeader)
+      expect(@eth_packet.headers.first.members).to eql([:eth_dst, :eth_src, :eth_proto, :body])
+    end
+
+    it "should read a vlan encapsulated ethpacket as an invalid packet" do
+      parsed_packets = PcapFile.read_packets("./test/vlan-pcapr.cap")
+      @eth_packet = parsed_packets.first
+
+      expect(@eth_packet).to be_kind_of(InvalidPacket)
+    end
+  end
+end