packetfu 1.1.10 → 1.1.11

data/spec/icmp_spec.rb

@@ -0,0 +1,97 @@
+# -*- coding: binary -*-
+require 'spec_helper'
+require 'tempfile'
+
+include PacketFu
+
+describe ICMPPacket, "when read from a pcap file" do
+  before :all do
+      parsed_packets = PcapFile.read_packets(File.join(File.dirname(__FILE__),"sample.pcap"))
+      @icmp_packet = parsed_packets[3]
+
+      parsed_packets3 = PcapFile.read_packets(File.join(File.dirname(__FILE__),"sample3.pcap"))
+      @icmp_packet2 = parsed_packets3[8] # contains 0x0A byte in payload
+  end
+
+  it "should be recognized as an icmp packet" do
+      @icmp_packet.is_icmp?.should be true
+  end
+
+  it "should report the right seq number" do
+    @icmp_packet.payload[2..3].unpack("H*")[0].should eq "0003"
+  end
+
+  it "should be recognized as an icmp reply packet" do
+      @icmp_packet.icmp_type.should eq 0
+  end
+
+  it "should have the right checksum" do
+    @icmp_packet.icmp_sum.to_s(16).should eq @icmp_packet.icmp_calc_sum.to_s(16)
+  end
+
+  it "should have the right checksum even with 0xOA byte in payload" do
+    @icmp_packet2.icmp_sum.to_s(16).should eq @icmp_packet2.icmp_calc_sum.to_s(16)
+  end
+
+  context "when initializing ICMPHeader from scratch" do
+    before :each do
+      @icmp_header = ICMPHeader.new
+    end
+
+    it "should have the right instance variables" do
+      expect(@icmp_header.to_s).to eql("\x00\x00\xff\xff")
+      expect(@icmp_header.icmp_type).to eql(0)
+    end
+
+    it "should allow setting of the type" do
+      @icmp_header.icmp_type = 1
+      expect(@icmp_header.icmp_type).to eql(1)
+      @icmp_header.icmp_recalc
+      expect(@icmp_header.to_s).to eql("\x01\x00\xfe\xff")
+    end
+  end
+
+  context "when initializing ICMPPacket from scratch" do
+    before :each do
+      @icmp_packet = ICMPPacket.new
+    end
+
+    it "should support peak functionality" do
+      @icmp_packet.ip_saddr = "10.20.30.40"
+      @icmp_packet.ip_daddr = "50.60.70.80"
+      @icmp_packet.payload = "abcdefghijklmnopqrstuvwxyz"
+      @icmp_packet.recalc
+      expect(@icmp_packet.peek).to match(/IC 64\s+10.20.30.40:pong\s+->\s+50.60.70.80\s+I:[a-z0-9]{4}/)
+    end
+  end
+
+  context "when reading/writing ICMPPacket to disk" do
+    before :each do
+      @icmp_packet = ICMPPacket.new
+    end
+
+    it "should write a PCAP file to disk" do
+      @icmp_packet.ip_saddr = "10.20.30.40"
+      @icmp_packet.ip_daddr = "50.60.70.80"
+      @icmp_packet.payload = "abcdefghijklmnopqrstuvwxyz"
+      @icmp_packet.recalc
+
+      icmp_pcap_file = Tempfile.new('icmp_pcap')
+      expect(icmp_pcap_file.read).to eql("")
+
+      @icmp_packet.to_f(icmp_pcap_file, 'a')
+      expect(File.exists?('icmp_pcap'))
+      expect(icmp_pcap_file.read.size).to be >= 79
+    end
+
+    it "should read a PCAP file from disk" do
+      sample_packet = PcapFile.new.file_to_array(:f => './test/sample.pcap')[2]
+      pkt = Packet.parse(sample_packet)
+
+      expect(pkt.is_icmp?).to be true
+      expect(pkt.class).to eql(PacketFu::ICMPPacket)
+      expect(pkt.icmp_sum.to_i).to eql(0x4d58)
+      expect(pkt.icmp_type.to_i).to eql(8)
+    end
+  end
+end

data/spec/ip_spec.rb

@@ -0,0 +1,78 @@
+require 'spec_helper'
+require 'tempfile'
+
+include PacketFu
+
+describe IPHeader do
+  context "when initializing" do
+    before :each do
+      @ip_header = IPHeader.new
+    end
+
+    it "should have sane defaults" do
+      expect(@ip_header.ip_v).to eql(4)
+      expect(@ip_header.ip_hl).to eql(5)
+      expect(@ip_header.ip_tos).to eql(0)
+      expect(@ip_header.ip_len).to eql(20)
+      expect(@ip_header.ip_id).to be_kind_of(Fixnum)
+      expect(@ip_header.ip_frag).to eql(0)
+      expect(@ip_header.ip_proto).to eql(0)
+      expect(@ip_header.ip_sum).to eql(65535)
+      expect(@ip_header.ip_src).to eql(0)
+      expect(@ip_header.ip_dst).to eql(0)
+      expect(@ip_header.body).to eql("")
+    end
+  end
+end
+
+describe IPPacket do
+  context "when initializing" do
+    before :each do
+      @ip_packet = IPPacket.new
+    end
+
+    it "should have sane defaults" do
+      expect(@ip_packet.ip_v).to eql(4)
+      expect(@ip_packet.ip_hl).to eql(5)
+      expect(@ip_packet.ip_tos).to eql(0)
+      expect(@ip_packet.ip_len).to eql(20)
+      expect(@ip_packet.ip_id).to be_kind_of(Fixnum)
+      expect(@ip_packet.ip_frag).to eql(0)
+      expect(@ip_packet.ip_proto).to eql(0)
+      expect(@ip_packet.ip_sum).to eql(65535)
+      expect(@ip_packet.ip_src).to eql(0)
+      expect(@ip_packet.ip_dst).to eql(0)
+      expect(@ip_packet.payload).to eql("")
+      expect(@ip_packet.is_ip?).to be true
+    end
+
+    it "should support peek functionality" do
+      @ip_packet.ip_saddr = "1.2.3.4"
+      @ip_packet.ip_daddr = "5.6.7.8"
+      @ip_packet.ip_proto = 94
+      @ip_packet.payload = '\x00' * 30
+      @ip_packet.recalc
+
+      expect(@ip_packet.peek).to match(/I\s+154\s+1\.2\.3\.4\s+\->\s+5\.6\.7\.8\s+I:[0-9a-z]{4}/)
+    end
+  end
+
+  context "when writing a PCAP file to disk" do
+    before :each do
+      @ip_packet = IPPacket.new
+    end
+
+    it "should write a PCAP file to disk" do
+      @ip_packet.ip_saddr = "10.20.30.40"
+      @ip_packet.ip_daddr = "50.60.70.80"
+      @ip_packet.recalc
+
+      ip_pcap_file = Tempfile.new('ip_pcap')
+      expect(ip_pcap_file.read).to eql("")
+
+      @ip_packet.to_f(ip_pcap_file, 'a')
+      expect(File.exists?('ip_pcap'))
+      expect(ip_pcap_file.read.size).to be >= 50
+    end
+  end
+end

data/spec/ipv6_spec.rb

@@ -0,0 +1,81 @@
+require 'spec_helper'
+
+include PacketFu
+
+describe IPv6Header do
+  context "when initializing an IPv6Header" do
+    before :each do
+      @ipv6_header = IPv6Header.new
+    end
+
+    it "should contain sane defaults" do
+      expect(@ipv6_header.ipv6_v).to eql(6)
+      expect(@ipv6_header.ipv6_len).to eql(0)
+      expect(@ipv6_header.ipv6_src).to eql(0)
+      expect(@ipv6_header.ipv6_dst).to eql(0)
+      expect(@ipv6_header.ipv6_hop).to eql(255)
+      expect(@ipv6_header.ipv6_next).to eql(0)
+    end
+  end
+end
+
+describe AddrIpv6 do
+  context "when parsing IPv6 from wire" do
+    before :each do
+      @address_ipv6 = AddrIpv6.new
+    end
+
+    it "should parse an IPv6 address from string i/o" do
+      raw_addr_ipv6 = "\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x1a\xc5\xff\xfe\x00\x01\x52"
+      @address_ipv6.read(raw_addr_ipv6)
+
+      expect(@address_ipv6.to_i).to eql(338288524927261089654170548082086773074)
+      expect(@address_ipv6.to_x).to eql("fe80::21a:c5ff:fe00:152")
+    end
+
+    it "should parse an IPv6 address from octet string" do
+      ipv6_string = "fe80::21a:c5ff:fe00:152"
+      @address_ipv6.read_x(ipv6_string)
+
+      expect(@address_ipv6.to_x).to eql(ipv6_string)
+    end
+  end
+end
+
+describe IPv6Packet do
+  context "when initializing an IPv6Packet" do
+    before :each do
+      @ipv6_packet = IPv6Packet.new
+    end
+
+    it "should contain sane defaults" do
+      expect(@ipv6_packet.ipv6_v).to eql(6)
+      expect(@ipv6_packet.payload).to eql("")
+      expect(@ipv6_packet.is_ipv6?).to be true
+    end
+
+    it "should support peek functionality" do
+      expect(@ipv6_packet.peek).to match(/6\s+54\s+::\s+\->\s+::\s+N:0/)
+    end
+
+    it 'should set payload size on #recalc' do
+      @ipv6_packet.payload = "\0" * 14
+      @ipv6_packet.recalc
+      expect(@ipv6_packet.ipv6_len).to eq(14)
+
+      @ipv6_packet.payload = "\0" * 255
+      @ipv6_packet.recalc(:ipv6)
+      expect(@ipv6_packet.ipv6_len).to eq(255)
+    end
+
+    it 'should set payload size on #ipv6_recalc' do
+      @ipv6_packet.payload = "\0" * 3
+      @ipv6_packet.ipv6_recalc
+      expect(@ipv6_packet.ipv6_len).to eq(3)
+
+      @ipv6_packet.payload = "\xff" * 12
+      @ipv6_packet.ipv6_recalc(:ipv6_len)
+      expect(@ipv6_packet.ipv6_len).to eq(12)
+    end
+  end
+end

data/spec/packet_spec.rb

@@ -1,73 +1,75 @@
-$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
-require 'packetfu'
+require 'spec_helper'
 
 describe PacketFu::Packet, "abstract packet class behavior" do
 
-	before(:all) do
-		class PacketFu::FooPacket < PacketFu::Packet; end
-		class PacketFu::BarPacket < PacketFu::Packet; end
-	end
+  before(:all) do
+    add_fake_packets
+  end
 
-	it "should not be instantiated" do
-		expect { PacketFu::Packet.new }.to raise_error(NoMethodError)
-	end
+  after(:all) do
+    remove_fake_packets
+  end
 
-	it "should allow subclasses to instantiate" do
-		expect { PacketFu::FooPacket.new }. to be
-		PacketFu.packet_classes.include?(PacketFu::FooPacket).should be_true
-	end
+  it "should not be instantiated" do
+    expect { PacketFu::Packet.new }.to raise_error(NoMethodError)
+  end
 
-	it "should register packet classes with PacketFu" do
-		PacketFu.packet_classes {should include(FooPacket) }
-		PacketFu.packet_classes {should include(BarPacket) }
-	end
+  it "should allow subclasses to instantiate" do
+    expect(PacketFu::FooPacket.new).to be
+    PacketFu.packet_classes.include?(PacketFu::FooPacket).should be true
+  end
 
-	it "should disallow badly named subclasses" do
-		expect { 
-			class PacketFu::PacketNot < PacketFu::Packet
-			end 
-		}.to raise_error
-		PacketFu.packet_classes.include?(PacketFu::PacketNot).should be_false
-		PacketFu.packet_classes {should_not include(PacketNot) }
-	end
+  it "should register packet classes with PacketFu" do
+    PacketFu.packet_classes {should include(FooPacket) }
+    PacketFu.packet_classes {should include(BarPacket) }
+  end
 
-	before(:each) do
-		@tcp_packet = PacketFu::TCPPacket.new
-		@tcp_packet.ip_saddr = "10.10.10.10"
-	end
+  it "should disallow badly named subclasses" do
+    expect {
+      class PacketFu::PacketNot < PacketFu::Packet
+      end
+    }.to raise_error(RuntimeError, "Packet classes should be named 'ProtoPacket'")
+    PacketFu.packet_classes.include?(PacketFu::PacketNot).should be false
+    PacketFu.packet_classes {should_not include(PacketNot) }
+  end
 
-	it "should shallow copy with dup()" do
-		p2 = @tcp_packet.dup
-		p2.ip_saddr = "20.20.20.20"
-		p2.ip_saddr.should == @tcp_packet.ip_saddr
-		p2.headers[1].object_id.should == @tcp_packet.headers[1].object_id
-	end
+  before(:each) do
+    @tcp_packet = PacketFu::TCPPacket.new
+    @tcp_packet.ip_saddr = "10.10.10.10"
+  end
 
-	it "should deep copy with clone()" do
-		p3 = @tcp_packet.clone
-		p3.ip_saddr = "30.30.30.30"
-		p3.ip_saddr.should_not == @tcp_packet.ip_saddr
-		p3.headers[1].object_id.should_not == @tcp_packet.headers[1].object_id
-	end
+  it "should shallow copy with dup()" do
+    p2 = @tcp_packet.dup
+    p2.ip_saddr = "20.20.20.20"
+    p2.ip_saddr.should == @tcp_packet.ip_saddr
+    p2.headers[1].object_id.should == @tcp_packet.headers[1].object_id
+  end
 
-	it "should have senisble equality" do
-		p4 = @tcp_packet.dup
-		p4.should == @tcp_packet
-		p5 = @tcp_packet.clone
-		p5.should == @tcp_packet
-	end
+  it "should deep copy with clone()" do
+    p3 = @tcp_packet.clone
+    p3.ip_saddr = "30.30.30.30"
+    p3.ip_saddr.should_not == @tcp_packet.ip_saddr
+    p3.headers[1].object_id.should_not == @tcp_packet.headers[1].object_id
+  end
 
-	# It's actually kinda hard to manually create identical TCP packets
-	it "should be possible to manually create identical packets" do
-		p6 = @tcp_packet.clone
-		p6.should == @tcp_packet
-		p7 = PacketFu::TCPPacket.new
-		p7.ip_saddr = p6.ip_saddr
-		p7.ip_id = p6.ip_id
-		p7.tcp_seq = p6.tcp_seq
-		p7.tcp_src = p6.tcp_src
-		p7.tcp_sum = p6.tcp_sum
-		p7.should == p6
-	end
+  it "should have senisble equality" do
+    p4 = @tcp_packet.dup
+    p4.should == @tcp_packet
+    p5 = @tcp_packet.clone
+    p5.should == @tcp_packet
+  end
+
+  # It's actually kinda hard to manually create identical TCP packets
+  it "should be possible to manually create identical packets" do
+    p6 = @tcp_packet.clone
+    p6.should == @tcp_packet
+    p7 = PacketFu::TCPPacket.new
+    p7.ip_saddr = p6.ip_saddr
+    p7.ip_id = p6.ip_id
+    p7.tcp_seq = p6.tcp_seq
+    p7.tcp_src = p6.tcp_src
+    p7.tcp_sum = p6.tcp_sum
+    p7.should == p6
+  end
 
 end

data/spec/packet_subclasses_spec.rb

@@ -1,13 +1,12 @@
-$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
-require 'packetfu'
+require 'spec_helper'
 
 PacketFu.packet_classes.each do |pclass|
-	describe pclass, "peek format" do
-		it "will display sensible peek information" do
-			p = pclass.new
-			p.respond_to?(:peek).should be_true
-			p.peek.size.should be <= 80, p.peek.inspect
-			p.peek.should match(/^[A-Z0-9?]../)
-		end
-	end
+  describe pclass, "peek format" do
+    it "will display sensible peek information" do
+      p = pclass.new
+      p.respond_to?(:peek).should be true
+      p.peek.size.should be <= 80, p.peek.inspect
+      p.peek.should match(/^[A-Z0-9?]../)
+    end
+  end
 end

data/spec/packetfu_spec.rb

@@ -1,85 +1,78 @@
-$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
-require 'packetfu'
+require 'spec_helper'
 
 describe PacketFu, "version information" do
-	it "reports a version number" do
-		PacketFu::VERSION.should match /^1\.[0-9]\.[0-9]$/
-	end
-	its(:version) {should eq PacketFu::VERSION}
+  it "reports a version number" do
+    PacketFu::VERSION.should match /^1\.[0-9]+\.[0-9]+$/
+  end
+  its(:version) {should eq PacketFu::VERSION}
 
-	it "can compare version strings" do
-		PacketFu.binarize_version("1.2.3").should == 0x010203
-		PacketFu.binarize_version("3.0").should == 0x030000
-		PacketFu.at_least?("1.0").should be_true
-		PacketFu.at_least?("4.0").should be_false
-		PacketFu.older_than?("4.0").should be_true
-		PacketFu.newer_than?("1.0").should be_true
-	end
+  it "can compare version strings" do
+    PacketFu.binarize_version("1.2.3").should == 0x010203
+    PacketFu.binarize_version("3.0").should == 0x030000
+    PacketFu.at_least?("1.0").should be true
+    PacketFu.at_least?("4.0").should be false
+    PacketFu.older_than?("4.0").should be true
+    PacketFu.newer_than?("1.0").should be true
+  end
 
-	it "can handle .pre versions" do
-		PacketFu.binarize_version("1.7.6.pre").should == 0x010706
-		PacketFu.at_least?("0.9.0.pre").should be_true
-	end
+  it "can handle .pre versions" do
+    PacketFu.binarize_version("1.7.6.pre").should == 0x010706
+    PacketFu.at_least?("0.9.0.pre").should be true
+  end
 end
 
 describe PacketFu, "instance variables" do
-	it "should have a bunch of instance variables" do
-		PacketFu.instance_variable_get(:@byte_order).should == :little
-		PacketFu.instance_variable_get(:@pcaprub_loaded).should_not be_nil
-	end
+  it "should have a bunch of instance variables" do
+    PacketFu.instance_variable_get(:@byte_order).should == :little
+    PacketFu.instance_variable_get(:@pcaprub_loaded).should_not be_nil
+  end
 end
 
 describe PacketFu, "pcaprub deps" do
-	it "should check for pcaprub" do
-		begin
-			has_pcap = false
-			require 'pcaprub'
-			has_pcap = true
-		rescue LoadError
-		end
-		if has_pcap
-			PacketFu.instance_variable_get(:@pcaprub_loaded).should be_true
-		else
-			PacketFu.instance_variable_get(:@pcaprub_loaded).should be_false
-		end
-	end
+  it "should check for pcaprub" do
+    begin
+      has_pcap = false
+      require 'pcaprub'
+      has_pcap = true
+    rescue LoadError
+    end
+    if has_pcap
+      PacketFu.instance_variable_get(:@pcaprub_loaded).should be true
+    else
+      PacketFu.instance_variable_get(:@pcaprub_loaded).should be false
+    end
+  end
 end
 
 describe PacketFu, "protocol requires" do
-	it "should have some protocols defined" do
-		PacketFu::EthPacket.should_not be_nil
-		PacketFu::IPPacket.should_not be_nil
-		PacketFu::TCPPacket.should_not be_nil
-		expect { PacketFu::FakePacket }.to raise_error
-	end
+  it "should have some protocols defined" do
+    PacketFu::EthPacket.should_not be_nil
+    PacketFu::IPPacket.should_not be_nil
+    PacketFu::TCPPacket.should_not be_nil
+    expect { PacketFu::FakePacket }.to raise_error(NameError, "uninitialized constant PacketFu::FakePacket")
+  end
 end
 
 describe PacketFu, "packet class list management" do
 
-	before(:all) do
-		class PacketFu::FooPacket < PacketFu::Packet; end
-		class PacketFu::BarPacket < PacketFu::Packet; end
-		class PacketFu::PacketBaz; end
-	end
+  it "should allow packet class registration" do
+    PacketFu.add_packet_class(PacketFu::FooPacket).should be_kind_of Array
+    PacketFu.add_packet_class(PacketFu::BarPacket).should be_kind_of Array
+  end
 
-	it "should allow packet class registration" do
-		PacketFu.add_packet_class(PacketFu::FooPacket).should be_kind_of Array
-		PacketFu.add_packet_class(PacketFu::BarPacket).should be_kind_of Array
-	end
+  its(:packet_classes) {should include(PacketFu::FooPacket)}
 
-	its(:packet_classes) {should include(PacketFu::FooPacket)}
+  it "should disallow non-classes as packet classes" do
+    expect { PacketFu.add_packet_class("A String") }.to raise_error(RuntimeError, "Need a class")
+  end
 
-	it "should disallow non-classes as packet classes" do
-		expect { PacketFu.add_packet_class("A String") }.to raise_error
-	end
+  its(:packet_prefixes) {should include("bar")}
 
-	its(:packet_prefixes) {should include("bar")}
-
-	# Don't really have much utility for this right now.
-	it "should allow packet class deregistration" do
-		PacketFu.remove_packet_class(PacketFu::BarPacket)
-		PacketFu.packet_prefixes.should_not include("bar")
-		PacketFu.add_packet_class(PacketFu::BarPacket)
-	end
+  # Don't really have much utility for this right now.
+  it "should allow packet class deregistration" do
+    PacketFu.remove_packet_class(PacketFu::BarPacket)
+    PacketFu.packet_prefixes.should_not include("bar")
+    PacketFu.add_packet_class(PacketFu::BarPacket)
+  end
 
 end