packetfu 1.1.11 → 1.1.12.pre

data/lib/packetfu/protos/icmpv6.rb

@@ -0,0 +1,131 @@
+# coding: binary
+require 'packetfu/protos/eth/header'
+require 'packetfu/protos/eth/mixin'
+
+require 'packetfu/protos/ipv6/header'
+require 'packetfu/protos/ipv6/mixin'
+
+require 'packetfu/protos/icmpv6/header'
+require 'packetfu/protos/icmpv6/mixin'
+
+module PacketFu
+
+  # ICMPv6Packet is used to construct ICMPv6 Packets. They contain an EthHeader,
+  # an IPv6Header, and a ICMPv6Header.
+  #
+  # == Example
+  #
+  #  icmpv6_pkt.new
+  #  icmpv6_pkt.icmpv6_type = 8
+  #  icmpv6_pkt.icmpv6_code = 0
+  #  icmpv6_pkt.payload = "ABC, easy as 123. As simple as do-re-mi. ABC, 123, baby, you and me!"
+  #
+  #  icmpv6_pkt.ipv6_saddr="2000::1234"
+  #  icmpv6_pkt.ipv6_daddr="2000::5678"
+  #
+  #  icmpv6_pkt.recalc	
+  #  icmpv6_pkt.to_f('/tmp/icmpv6.pcap')
+  #
+  # == Parameters
+  #
+  #  :eth
+  #     A pre-generated EthHeader object.
+  #  :ipv6
+  #     A pre-generated IPv6Header object.
+  #  :icmpv6
+  #     A pre-generated ICMPv6Header object.
+  class ICMPv6Packet < Packet
+    include ::PacketFu::EthHeaderMixin
+    include ::PacketFu::IPv6HeaderMixin
+    include ::PacketFu::ICMPv6HeaderMixin
+
+    attr_accessor :eth_header, :ipv6_header, :icmpv6_header
+
+    def self.can_parse?(str)
+      return false unless str.size >= 58
+      return false unless EthPacket.can_parse? str
+      return false unless IPv6Packet.can_parse? str
+      return false unless str[20,1] == [PacketFu::ICMPv6Header::PROTOCOL_NUMBER].pack('C')
+      return true
+    end
+
+    def read(str=nil, args={})
+      raise "Cannot parse `#{str}'" unless self.class.can_parse?(str)
+      @eth_header.read(str)
+      super(args)
+      self
+    end
+
+    def initialize(args={})
+      @eth_header = EthHeader.new(args).read(args[:eth])
+      @ipv6_header = IPv6Header.new(args).read(args[:ipv6])
+      @ipv6_header.ipv6_next = PacketFu::ICMPv6Header::PROTOCOL_NUMBER
+      @icmpv6_header = ICMPv6Header.new(args).read(args[:icmpv6])
+
+      @ipv6_header.body = @icmpv6_header
+      @eth_header.body = @ipv6_header
+
+      @headers = [@eth_header, @ipv6_header, @icmpv6_header]
+      super
+      icmpv6_calc_sum
+    end
+
+    # Calculates the checksum for the object.
+    def icmpv6_calc_sum
+      checksum = 0
+
+      # Compute sum on pseudo-header
+      [ipv6_src, ipv6_dst].each do |iaddr|
+        8.times { |i| checksum += (iaddr >> (i*16)) & 0xffff }
+      end
+      checksum += PacketFu::ICMPv6Header::PROTOCOL_NUMBER
+      checksum += ipv6_len
+      # Then compute it on ICMPv6 header + payload
+      checksum += (icmpv6_type.to_i << 8) + icmpv6_code.to_i
+      chk_body = (payload.to_s.size % 2 == 0 ? payload.to_s : payload.to_s + "\x00")
+      if 1.respond_to? :ord
+        chk_body.split("").each_slice(2).map { |x| (x[0].ord << 8) + x[1].ord }.
+          each { |y| checksum += y }
+      else
+        chk_body.split("").each_slice(2).map { |x| (x[0] << 8) + x[1] }.
+          each { |y| checksum += y }
+      end
+      checksum = checksum % 0xffff
+      checksum = 0xffff - checksum
+      checksum == 0 ? 0xffff : checksum
+    end
+
+    # Recalculates the calculatable fields for ICMPv6.
+    def icmpv6_recalc(arg=:all)
+      arg = arg.intern if arg.respond_to? :intern
+      case arg
+      when :icmpv6_sum
+        self.icmpv6_sum = icmpv6_calc_sum
+      when :all
+        self.icmpv6_sum = icmpv6_calc_sum
+      else
+        raise ArgumentError, "No such field `#{arg}'"
+      end
+    end
+
+    # Peek provides summary data on packet contents.
+    def peek_format
+      peek_data = ["6C "]
+      peek_data << "%-5d" % self.to_s.size
+      type = case self.icmpv6_type.to_i
+             when 128
+               "ping"
+             when 129
+               "pong"
+             else
+               "%02x-%02x" % [self.icmpv6_type, self.icmpv6_code]
+             end
+      peek_data << "%-21s" % "#{self.ipv6_saddr}:#{type}"
+      peek_data << "->"
+      peek_data << "%21s" % "#{self.ipv6_daddr}"
+      peek_data.join
+    end
+
+  end
+
+end

data/lib/packetfu/protos/icmpv6/header.rb

@@ -0,0 +1,69 @@
+require 'packetfu/protos/ipv6/header'
+require 'packetfu/protos/ipv6/mixin'
+
+module PacketFu
+
+  # ICMPv6Header is a complete ICMPv6 struct, used in ICMPv6Packet.
+  # ICMPv6 is typically used for network administration and connectivity
+  # testing.
+  #
+  # For more on ICMP packets, see 
+  # http://www.networksorcery.com/enp/protocol/icmpv6.htm
+  # 
+  # ==== Header Definition
+  #
+  #   Int8    :icmp_type                        # Type
+  #   Int8    :icmp_code                        # Code
+  #   Int16   :icmp_sum    Default: calculated  # Checksum
+  #   String  :body
+  class ICMPv6Header < Struct.new(:icmpv6_type, :icmpv6_code, :icmpv6_sum, :body)
+    include StructFu
+
+    PROTOCOL_NUMBER = 58
+
+    def initialize(args={})
+      super(
+        Int8.new(args[:icmpv6_type]),
+        Int8.new(args[:icmpv6_code]),
+        Int16.new(args[:icmpv6_sum]),
+        StructFu::String.new.read(args[:body])
+      )
+    end
+
+    # Returns the object in string form.
+    def to_s
+      self.to_a.map {|x| x.to_s}.join
+    end
+    
+    # Reads a string to populate the object.
+    def read(str)
+      force_binary(str)
+      return self if str.nil?
+      self[:icmpv6_type].read(str[0,1])
+      self[:icmpv6_code].read(str[1,1])
+      self[:icmpv6_sum].read(str[2,2])
+      self[:body].read(str[4,str.size])
+      self
+    end
+
+    # Setter for the type.
+    def icmpv6_type=(i); typecast i; end
+    # Getter for the type.
+    def icmpv6_type; self[:icmpv6_type].to_i; end
+    # Setter for the code.
+    def icmpv6_code=(i); typecast i; end
+    # Getter for the code.
+    def icmpv6_code; self[:icmpv6_code].to_i; end
+    # Setter for the checksum. Note, this is calculated automatically with 
+    # icmpv6_calc_sum.
+    def icmpv6_sum=(i); typecast i; end
+    # Getter for the checksum.
+    def icmpv6_sum; self[:icmpv6_sum].to_i; end
+
+    def icmpv6_sum_readable
+      "0x%04x" % icmpv6_sum
+    end
+      
+  end
+
+end

data/lib/packetfu/protos/icmpv6/mixin.rb

@@ -0,0 +1,14 @@
+module PacketFu
+  # This Mixin simplifies access to the ICMPv6Headers. Mix this in with your 
+  # packet interface, and it will add methods that essentially delegate to
+  # the 'icmpv6_header' method (assuming that it is a ICMPv6Header object)
+  module ICMPv6HeaderMixin
+    def icmpv6_type=(v); self.icmpv6_header.icmpv6_type= v; end
+    def icmpv6_type; self.icmpv6_header.icmpv6_type; end
+    def icmpv6_code=(v); self.icmpv6_header.icmpv6_code= v; end
+    def icmpv6_code; self.icmpv6_header.icmpv6_code; end
+    def icmpv6_sum=(v); self.icmpv6_header.icmpv6_sum= v; end
+    def icmpv6_sum; self.icmpv6_header.icmpv6_sum; end
+    def icmpv6_sum_readable; self.icmpv6_header.icmpv6_sum_readable; end
+  end
+end

data/lib/packetfu/protos/ip.rb

@@ -1,7 +1,6 @@
 # -*- coding: binary -*-
 require 'packetfu/protos/eth/header'
 require 'packetfu/protos/eth/mixin'
-
 require 'packetfu/protos/ip/header'
 require 'packetfu/protos/ip/mixin'
 
@@ -20,7 +19,7 @@ module PacketFu
   #   ip_pkt.ip_ttl=64
   #   ip_pkt.ip_payload="\x00\x00\x12\x34\x00\x01\x00\x01"+
   #     "Lovingly hand-crafted echo responses delivered directly to your door."
-  #   ip_pkt.recalc 
+  #   ip_pkt.recalc
   #   ip_pkt.to_f('/tmp/ip.pcap')
   #
   # == Parameters
@@ -49,7 +48,7 @@ module PacketFu
         else
           ipv = str[14,1][0] >> 4
         end
-        return true if ipv == 4 
+        return true if ipv == 4
       else
         return false
       end
@@ -58,11 +57,11 @@ module PacketFu
     def read(str=nil, args={})
       raise "Cannot parse `#{str}'" unless self.class.can_parse?(str)
       @eth_header.read(str)
-      super(args) 
+      super(args)
       self
     end
 
-    # Creates a new IPPacket object. 
+    # Creates a new IPPacket object.
     def initialize(args={})
       @eth_header = EthHeader.new(args).read(args[:eth])
       @ip_header = IPHeader.new(args).read(args[:ip])

data/lib/packetfu/protos/ipv6/header.rb

@@ -1,4 +1,6 @@
 # -*- coding: binary -*-
+require 'ipaddr'
+
 module PacketFu
   # AddrIpv6 handles addressing for IPv6Header
   #

data/lib/packetfu/protos/udp.rb

@@ -55,9 +55,12 @@ module PacketFu
     def self.can_parse?(str)
       return false unless str.size >= 28
       return false unless EthPacket.can_parse? str
-      return false unless IPPacket.can_parse? str
-      return false unless str[23,1] == "\x11"
-      return true
+      if IPPacket.can_parse? str
+        return true if str[23,1] == "\x11"
+      elsif IPv6Packet.can_parse? str
+        return true if str[20,1] == "\x11"
+      end
+      false
     end
 
     def read(str=nil, args={})
@@ -157,19 +160,28 @@ module PacketFu
 
     # Peek provides summary data on packet contents.
     def peek_format
-      peek_data = ["U  "]
-      peek_data << "%-5d" % self.to_s.size
-      peek_data << "%-21s" % "#{self.ip_saddr}:#{self.udp_sport}"
-      peek_data << "->"
-      peek_data << "%21s" % "#{self.ip_daddr}:#{self.udp_dport}"
-      peek_data << "%23s" % "I:"
-      peek_data << "%04x" % self.ip_id
-      peek_data.join
+      if self.ipv6?
+        peek_data = ["6U "]
+        peek_data << "%-5d" % self.to_s.size
+        peek_data << "%-31s" % "#{self.ipv6_saddr}:#{self.udp_sport}"
+        peek_data << "->"
+        peek_data << "%31s" % "#{self.ipv6_daddr}:#{self.udp_dport}"
+        peek_data.join
+      else
+        peek_data = ["U  "]
+        peek_data << "%-5d" % self.to_s.size
+        peek_data << "%-21s" % "#{self.ip_saddr}:#{self.udp_sport}"
+        peek_data << "->"
+        peek_data << "%21s" % "#{self.ip_daddr}:#{self.udp_dport}"
+        peek_data << "%23s" % "I:"
+        peek_data << "%04x" % self.ip_id
+        peek_data.join
+      end
     end
 
     # Is that packet an UDP on IPv6 packet ?
     def ipv6?
-      @ipv6_header
+      not @ipv6_header.nil?
     end
 
   end

data/lib/packetfu/structfu.rb

@@ -165,6 +165,33 @@ module StructFu
     end
   end
 
+  # Int64 is a eight byte value.
+  class Int64 < Int
+    def initialize(v=nil, e=:big)
+      super(v, e, w=4)
+      @packstr = (self.e == :big) ? 'Q>' : 'Q<'
+    end
+
+    # Returns a eight byte value as a packed string.
+    def to_s
+      @packstr = (self.e == :big) ? 'Q>' : 'Q<'
+      [(self.v || self.d)].pack(@packstr)
+    end
+  end
+
+  # Int64be is a eight byte value in big-endian format. The endianness cannot be altered.
+  class Int64be < Int64
+    undef :endian=
+  end
+
+  # Int64le is a eight byte value in little-endian format. The endianness cannot be altered.
+  class Int64le < Int64
+    undef :endian=
+    def initialize(v=nil, e=:little)
+      super(v,e)
+    end
+  end
+
   # Strings are just like regular strings, except it comes with a read() function
   # so that it behaves like other StructFu elements.
   class String < ::String

data/lib/packetfu/utils.rb

@@ -1,7 +1,6 @@
 # -*- coding: binary -*-
 require 'singleton'
 require 'timeout'
-require 'network_interface'
 
 module PacketFu
 
@@ -23,6 +22,9 @@ module PacketFu
     #    The flavor of the ARP request. Defaults to :none.
     #   :timeout
     #    Timeout in seconds. Defaults to 3.
+    #   :no_cache
+    #    Do not query ARP cache and always send an ARP request. Defaults to
+    #    false.
     #
     #  === Example
     #    PacketFu::Utils::arp("192.168.1.1") #=> "00:18:39:01:33:70"
@@ -33,6 +35,11 @@ module PacketFu
     #  It goes without saying, spewing forged ARP packets on your network is a great way to really
     #  irritate your co-workers.
     def self.arp(target_ip,args={})
+      unless args[:no_cache]
+        cache = self.arp_cache
+        return cache[target_ip].first if cache[target_ip]
+      end
+
       iface = args[:iface] || :eth0
       args[:config] ||= whoami?(:iface => iface)
       arp_pkt = PacketFu::ARPPacket.new(:flavor => (args[:flavor] || :none), :config => args[:config])
@@ -59,6 +66,25 @@ module PacketFu
       cap_thread.value
     end
 
+    # Determine ARP cache data string
+    def self.arp_cache_raw
+      %x(/usr/sbin/arp -na)
+    end
+
+    # Get ARP cache.
+    # More rubyish than PAcketFu::Utils.arp_cache_data_string
+    def self.arp_cache
+      arp_cache = {}
+      arp_table = arp_cache_raw
+      arp_table.split(/\n/).each do |line|
+        match = line.match(/\? \((?<ip>\d+\.\d+\.\d+\.\d+)\) at (?<mac>([a-fA-F0-9]{2}:){5}[a-fA-F0-9]{2})(?: \[ether\])? on (?<int>[a-zA-Z0-9]+)/)
+        if match
+          arp_cache[match[:ip]] = [match[:mac], match[:int]]
+        end
+      end
+      arp_cache
+    end
+
     # Since 177/8 is IANA reserved (for now), this network should
     # be handled by your default gateway and default interface.
     def self.rand_routable_daddr
@@ -166,13 +192,10 @@ module PacketFu
     def self.default_int
       ip = default_ip
 
-      NetworkInterface.interfaces.each do |interface|
-        NetworkInterface.addresses(interface).values.each do |addresses|
-          addresses.each do |address|
-            next if address["addr"].nil?
-            return interface if address["addr"] == ip
-          end
-        end
+      Socket.getifaddrs.each do |ifaddr|
+        next unless ifaddr.addr.ip?
+
+        return ifaddr.name if ifaddr.addr.ip_address == ip
       end
 
       # Fall back to libpcap as last resort
@@ -182,7 +205,7 @@ module PacketFu
     # Determine the ifconfig data string for a given interface
     def self.ifconfig_data_string(iface=default_int)
       # Make sure to only get interface data for a real interface
-      unless NetworkInterface.interfaces.include?(iface)
+      unless Socket.getifaddrs.any? {|ifaddr| ifaddr.name == iface}
         raise ArgumentError, "#{iface} interface does not exist"
       end
       return %x[ifconfig #{iface}]
@@ -290,6 +313,29 @@ module PacketFu
               ret[:ip6_obj] = IPAddr.new($1)
           end
         end # freebsd
+      when /openbsd/i
+          ifconfig_data = ifconfig_data_string(iface)
+          if ifconfig_data =~ /#{iface}/
+            ifconfig_data = ifconfig_data.split(/[\s]*\n[\s]*/)
+          else
+            raise ArgumentError, "Cannot ifconfig #{iface}"
+          end
+          ret[:iface] = iface
+          ifconfig_data.each do |s|
+            case s
+            when /lladdr[\s]*([0-9a-fA-F:]{17})/
+              ret[:eth_saddr] = $1.downcase
+              ret[:eth_src] = EthHeader.mac2str(ret[:eth_saddr])
+            when /inet[\s]*([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)(.*netmask[\s]*(0x[0-9a-fA-F]{8}))?/
+              ret[:ip_saddr] = $1
+              ret[:ip_src] = [IPAddr.new($1).to_i].pack("N")
+              ret[:ip4_obj] = IPAddr.new($1)
+              ret[:ip4_obj] = ret[:ip4_obj].mask(($3.hex.to_s(2) =~ /0*$/)) if $3
+            when /inet6[\s]*([0-9a-fA-F:\x2f]+)/
+              ret[:ip6_saddr] = $1
+              ret[:ip6_obj] = IPAddr.new($1)
+          end
+        end # openbsd
       end # RUBY_PLATFORM
       ret
     end