packetfu 1.1.2 → 1.1.3

data/test/test_ip.rb

@@ -0,0 +1,69 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+
+class OctetsTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_octets_read
+		o = Octets.new
+		o.read("\x04\x03\x02\x01")
+		assert_equal("4.3.2.1", o.to_x)
+	end
+
+	def test_octets_read_quad
+		o = Octets.new
+		o.read_quad("1.2.3.4")
+		assert_equal("1.2.3.4", o.to_x)
+		assert_equal("\x01\x02\x03\x04", o.to_s)
+		assert_equal(0x01020304, o.to_i)
+	end
+
+end
+
+class IPTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_ip_header_new
+		i = IPHeader.new
+		assert_kind_of IPHeader, i
+		i.ip_id = 0x1234
+		i.ip_recalc :ip_sum
+		assert_equal("E\000\000\024\0224\000\000 \000\210\267\000\000\000\000\000\000\000\000", i.to_s)
+	end
+
+	def test_ip_packet_new
+		i = IPPacket.new
+		assert i.is_ip?
+	end
+
+	def test_ip_peek
+		i = IPPacket.new
+		i.ip_saddr = "1.2.3.4"
+		i.ip_daddr = "5.6.7.8"
+		i.ip_proto = 94
+		i.payload = '\x00' * 30
+		i.recalc
+		puts "\n"
+		puts "IP Peek format: "
+		puts i.peek
+		assert (i.peek.size <= 80)
+	end
+
+	def test_ip_pcap
+		i = IPPacket.new
+		assert_kind_of IPPacket, i
+		i.recalc
+		i.to_f('ip_test.pcap')
+		i.ip_saddr = "1.2.3.4"
+		i.ip_daddr = "5.6.7.8"
+		i.ip_proto = 94
+		i.payload = "\x23" * 10
+		i.recalc
+		i.to_f('ip_test.pcap','a')
+	end
+
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_ip6.rb

@@ -0,0 +1,68 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+
+class IPv6AddrTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_addr_read
+		a = AddrIpv6.new
+		addr = "\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x1a\xc5\xff\xfe\x00\x01\x52"
+		a.read(addr)
+		assert_equal(338288524927261089654170548082086773074, a.to_i)
+		assert_equal("fe80::21a:c5ff:fe00:152",a.to_x)
+	end
+
+	def test_octets_read_quad
+		a = AddrIpv6.new
+		addr = "fe80::21a:c5ff:fe00:152"
+		a.read_x(addr)
+		assert_equal(addr,a.to_x)
+	end
+
+end
+
+class IPv6Test < Test::Unit::TestCase
+	include PacketFu
+
+	def test_ipv6_header_new
+		i = IPv6Header.new
+		assert_kind_of IPv6Header, i
+		assert_equal("`\000\000\000\000\000\000\377\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", i.to_s)
+	end
+
+	def test_ipv6_packet_new
+		i = IPv6Packet.new
+		assert i.is_ipv6?
+	end
+
+	def test_ipv6_peek
+		i = IPv6Packet.new
+		i.ipv6_saddr = "fe80::1"
+		i.ipv6_daddr = "fe80::2"
+		i.ipv6_next = 0x11
+		i.payload = '\x00' * 30
+		i.recalc
+		puts "\n"
+		puts "IPv6 Peek format: "
+		puts i.peek
+		assert (i.peek.size <= 80)
+	end
+
+=begin
+	def test_ipv6_pcap
+		i = IPPacket.new
+		assert_kind_of IPPacket, i
+		i.recalc
+		i.to_f('ip_test.pcap')
+		i.ip_saddr = "1.2.3.4"
+		i.ip_daddr = "5.6.7.8"
+		i.ip_proto = 94
+		i.payload = "\x23" * 10
+		i.recalc
+		i.to_f('ip_test.pcap','a')
+	end
+=end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_octets.rb

@@ -0,0 +1,37 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+
+class OctetTest < Test::Unit::TestCase
+	include PacketFu
+
+	def setup
+		@o = Octets.new
+	end
+
+	def test_create_octets
+		assert_kind_of Octets, @o
+	end
+
+	def test_read
+		s = "\x0a\x0a\x0a\x0b"
+		@o.read s
+		assert_equal(s, @o.to_s)
+	end
+
+	def test_dotted
+		s = "\x0a\x0a\x0a\x01"
+		@o.read s
+		assert_equal("10.10.10.1", @o.to_x)
+	end
+
+	def test_numerical
+		s = "\x00\x00\x00\x80"
+		@o.read s
+		assert_equal(128, @o.to_i)
+	end
+
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_packet.rb

@@ -0,0 +1,174 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.expand_path(File.join(File.dirname(__FILE__), "..", "lib"))
+require 'packetfu'
+
+class NewPacketTest < Test::Unit::TestCase
+	include PacketFu
+	
+	def test_method_missing_and_respond_to
+		p = TCPPacket.new
+		assert p.respond_to?(:ip_len)
+		assert p.ip_len = 20
+		assert !(p.respond_to? :ip_bogus_header)
+		assert_raise NoMethodError do
+			p.bogus_header = 20
+		end
+	end
+
+	def test_more_method_missing_magic
+		p = UDPPacket.new
+		assert_kind_of(UDPPacket,p)
+		assert p.is_udp?
+		assert p.is_ip?
+		assert p.is_eth?
+		assert_equal(p.ip_hl,5)
+		assert p.layer
+		assert_raise NoMethodError do 
+			p.is_blue? 
+		end
+		assert_raise NoMethodError do
+		 	p.tcp_blue
+		end
+		assert_raise NoMethodError do 
+			p.udp_blue 
+		end
+		assert_raise NoMethodError do
+			p.blue
+		end
+	end
+end
+
+class PacketStrippingTest < Test::Unit::TestCase
+
+	include PacketFu
+
+	def test_arp_strip
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[5], :fix => true) # Really ARP request.
+		assert_kind_of(Packet,p)
+		assert_kind_of(ARPPacket,p)
+	end
+
+end
+
+class PacketParsersTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_parse_eth_packet
+		assert_equal(EthPacket.layer, 1)
+		assert_equal(EthPacket.layer_symbol, :link)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[5]) # Really ARP.
+		assert_kind_of(Packet,p)
+		assert_kind_of(EthHeader, p.headers[0])
+		assert p.is_eth?
+		assert_equal(pcaps[5],p.to_s)
+	end
+
+	def test_parse_arp_request
+		assert_equal(ARPPacket.layer, 2)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[5]) # Really ARP request.
+		assert p.is_eth?
+		assert_kind_of(EthPacket,p)
+		assert_kind_of(ARPPacket,p)
+		assert p.is_arp?
+		assert_equal(p.to_s, pcaps[5])
+		assert_equal(1, p.arp_opcode.to_i)
+		assert_equal("\x00\x01", p.headers.last[:arp_opcode].to_s)
+	end
+
+	def test_parse_arp_reply
+		assert_equal(ARPPacket.layer, 2)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[6]) # Really ARP reply.
+		assert_equal(p.to_s, pcaps[6])
+		assert_equal(2, p.arp_opcode.to_i)
+		assert_equal("\x00\x02", p.headers.last[:arp_opcode].to_s)
+	end
+
+	def test_parse_ip_packet
+		assert_equal(IPPacket.layer, 2)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[0]) # Really DNS request 
+		assert_equal(p.to_s[0,20], pcaps[0][0,20])
+		assert_equal(p.to_s, pcaps[0])
+		assert_kind_of(EthPacket,p)
+		assert_kind_of(IPPacket,p)
+	end
+
+	def test_parse_tcp_packet
+		assert_equal(TCPPacket.layer, 3)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[7]) # Really FIN/ACK
+		assert_equal(p.to_s, pcaps[7])
+		assert_kind_of(EthPacket,p)
+		assert_kind_of(IPPacket,p)
+		assert_kind_of(TCPPacket,p)
+	end
+
+	def test_parse_udp_packet
+		assert_equal(UDPPacket.layer, 3)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[0]) # Really DNS request
+		assert_equal(p.to_s, pcaps[0])
+		assert_kind_of(EthPacket,p)
+		assert_kind_of(IPPacket,p)
+		assert_kind_of(UDPPacket,p)
+	end
+
+	def test_parse_icmp_packet
+		assert_equal(ICMPPacket.layer, 3)
+		assert_equal(ICMPPacket.layer_symbol, :transport)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
+		p = Packet.parse(pcaps[3]) # Really ICMP reply
+		assert_equal(p.to_s, pcaps[3])
+		assert_kind_of(EthPacket,p)
+		assert_kind_of(IPPacket,p)
+		assert_kind_of(ICMPPacket,p)
+	end
+
+	def test_parse_invalid_packet
+		assert_equal(InvalidPacket.layer, 0)
+		assert_equal(InvalidPacket.layer_symbol, :invalid)
+		p = Packet.parse("\xff\xfe\x00\x01")
+		assert_equal(p.to_s, "\xff\xfe\x00\x01")
+		assert_kind_of(InvalidPacket,p)
+	end
+
+	def test_parse_ipv6_packet
+		assert_equal(IPv6Packet.layer, 2)
+		assert_equal(IPv6Packet.layer_symbol, :internet)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample-ipv6.pcap')
+		p = Packet.parse(pcaps[0]) # Really an IPv6 packet 
+		assert_equal(p.to_s, pcaps[0])
+		assert_kind_of(EthPacket,p)
+		assert(!p.kind_of?(IPPacket), "Misidentified as an IP Packet!")
+		assert_kind_of(IPv6Packet,p)
+	end
+
+	def test_parse_hsrp_packet
+		assert_equal(HSRPPacket.layer, 4)
+		assert_equal(HSRPPacket.layer_symbol, :application)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')
+		p = Packet.parse(pcaps[0]) # Really an HSRP Hello packet 
+		assert_equal(p.to_s, pcaps[0])
+		assert_kind_of(EthPacket,p)
+		assert_kind_of(IPPacket,p)
+		assert_kind_of(UDPPacket,p)
+		assert_kind_of(HSRPPacket,p)
+	end
+
+	def test_parse_hsrp_as_udp
+		assert_equal(:application, HSRPPacket.layer_symbol)
+		pcaps = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')
+		p = Packet.parse(pcaps[0], :parse_app => false) # Really an HSRP Hello packet 
+		assert_kind_of(UDPPacket,p)
+		assert(!p.kind_of?(HSRPPacket), "Misidentified HSRP packet when we didn't want it!" )
+	end
+
+end
+
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_pcap.rb

@@ -0,0 +1,209 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+
+class PcapHeaderTest < Test::Unit::TestCase
+	include PacketFu
+	def setup
+		@file = File.open('sample.pcap') {|f| f.read}
+		@file.force_encoding "binary" if @file.respond_to? :force_encoding
+		@file_magic = @file[0,4]
+		@file_header = @file[0,24]
+	end
+
+	def test_header_size
+		assert_equal(24, PcapHeader.new.sz)
+		assert_equal(24, PcapHeader.new.sz)
+	end
+
+	# If this fails, the rest is pretty much for naught.
+	def test_read_file
+		assert_equal("\xd4\xc3\xb2\xa1", @file_magic) # yep, it's libpcap.
+	end
+
+	def test_endian_magic
+		p = PcapHeader.new # usual case
+		assert_equal(@file_magic, p.to_s[0,4]) 
+		p = PcapHeader.new(:endian => :big)
+		assert_equal("\xa1\xb2\xc3\xd4", p.to_s[0,4])
+	end
+
+	def test_header
+		p = PcapHeader.new
+		assert_equal(@file_header, p.to_s[0,24])
+		p = PcapHeader.new(:endian => :big)
+		assert_not_equal(@file_header, p.to_s[0,24])
+		# We want to ensure our endianness is little or big.
+		assert_raise(ArgumentError) {PcapHeader.new(:endian => :just_right)}
+	end
+
+	def test_header_read
+		p = PcapHeader.new
+		p.read @file
+		assert_equal(@file_header,p.to_s)
+	end
+
+end
+
+class TimestampTest < Test::Unit::TestCase
+	include PacketFu
+	def setup
+		@file = File.open('sample.pcap') {|f| f.read}
+		@ts = @file[24,8]
+	end
+
+	def test_timestamp_size
+		assert_equal(3, Timestamp.new.size) # Number of elements
+		assert_equal(8, Timestamp.new.sz) # Length of the string (in PacketFu)
+	end
+
+	def test_timestamp_read
+		t = Timestamp.new
+		t.read(@ts)
+		assert_equal(@ts, t.to_s)
+	end
+end
+
+class PcapPacketTest < Test::Unit::TestCase
+	include PacketFu
+	def setup
+		@file = File.open('sample.pcap') {|f| f.read}
+		@file.force_encoding "binary" if @file.respond_to? :force_encoding
+		@header = @file[0,24]
+		@packet = @file[24,100] # pkt is 78 bytes + 16 bytes pcap hdr == 94
+	end
+
+	def test_pcappacket_read
+		p = PcapPacket.new :endian => :little
+		p.read(@packet)
+		assert_equal(78,@packet[8,4].unpack("V").first)
+		assert_equal(@packet[8,4].unpack("V").first,p[:incl_len].to_i)
+		assert_equal(@packet[0,94],p.to_s)
+	end
+
+end
+
+class PcapPacketsTest < Test::Unit::TestCase
+
+	include PacketFu
+	def setup
+		@file = File.open('sample.pcap') {|f| f.read}
+	end
+
+	def test_pcappackets_read
+		p = PcapPackets.new
+		p.read @file
+		assert_equal(11,p.size)
+		assert_equal(@file[24,@file.size],p.to_s)
+	end
+
+end
+
+class PcapFileTest < Test::Unit::TestCase
+	require 'digest/md5'
+
+	include PacketFu
+	def setup
+		@file = File.open('sample.pcap') {|f| f.read}
+		@md5 = '1be3b5082bb135c6f22de8801feb3495'
+	end
+
+	def test_pcapfile_read
+		p = PcapFile.new
+		p.read @file
+		assert_equal(3,p.size)
+		assert_equal(@file.size, p.sz)
+		assert_equal(@file, p.to_s)
+	end
+
+	def test_pcapfile_file_to_array
+		p = PcapFile.new.file_to_array(:filename => 'sample.pcap')
+		assert_equal(@md5.downcase, Digest::MD5.hexdigest(@file).downcase)
+		assert_instance_of(Array, p)
+		assert_instance_of(String, p[0])
+		assert_equal(11,p.size)
+		assert_equal(78,p[0].size)
+		assert_equal(94,p[1].size)
+		assert_equal(74,p[10].size)
+	end
+
+	def test_pcapfile_read_and_write
+		File.unlink('out.pcap') if File.exists? 'out.pcap'
+		p = PcapFile.new
+		p.read @file
+		p.to_file(:filename => 'out.pcap')
+		@newfile = File.open('out.pcap') {|f| f.read(f.stat.size)}
+		@newfile.force_encoding "binary" if @newfile.respond_to? :force_encoding
+		assert_equal(@file, @newfile)
+		p.to_file(:filename => 'out.pcap', :append => true)
+		packet_array = PcapFile.new.f2a(:filename => 'out.pcap')
+		assert_equal(22, packet_array.size)
+	end
+
+	def test_pcapfile_write_after_recalc
+		File.unlink('out.pcap') if File.exists? 'out.pcap'
+		pcaps = PcapFile.new.file_to_array(:filename => 'sample.pcap')
+		pcaps.each {|pkt|
+			p = Packet.parse pkt
+			p.recalc
+			p.to_f('out.pcap','a')
+		}
+		packet_array = PcapFile.new.f2a(:filename => 'out.pcap')
+		assert_equal(11, packet_array.size)
+		File.unlink('out.pcap')
+	end
+
+	def test_pcapfile_read_and_write_timestamps
+		File.unlink('out.pcap') if File.exists? 'out.pcap'
+		pf = PcapFile.new
+		arr = pf.file_to_array(:filename => 'sample.pcap')
+		assert_equal(11, arr.size)
+		pf = PcapFile.new
+		pf.a2f(:array => arr, :f => 'out.pcap', :ts_inc => 4, 
+					 :timestamp => Time.now.to_i - 1_000_000)
+		diff_time = pf.body[0].timestamp.sec.to_i - pf.body[1].timestamp.sec.to_i
+		assert_equal(-4, diff_time)
+		File.unlink('out.pcap')
+	end
+
+end
+	
+# Test the legacy Read objects.
+class ReadTest < Test::Unit::TestCase
+
+	include PacketFu
+
+	def test_read_string
+		pkts = Read.file_to_array(:file => 'sample.pcap')
+		assert_kind_of Array, pkts
+		assert_equal 11, pkts.size
+		this_packet = Packet.parse pkts[0]
+		assert_kind_of UDPPacket, this_packet
+		that_packet = Packet.parse pkts[3]
+		assert_kind_of ICMPPacket, that_packet
+	end
+
+	def test_read_hash
+		pkts = Read.file_to_array(:file => 'sample.pcap', :ts => true)
+		assert_kind_of Array, pkts
+		assert_equal 11, pkts.size
+		this_packet = Packet.parse pkts[0].values.first
+		assert_kind_of UDPPacket, this_packet
+		that_packet = Packet.parse pkts[3].values.first
+		assert_kind_of ICMPPacket, that_packet
+	end
+
+end
+
+class WriteTest < Test::Unit::TestCase
+
+	include PacketFu
+
+	def test_write
+
+	end
+
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby