RubyGems - packetfu - Versions diffs - 1.1.5 → 1.1.6 - Mend

packetfu 1.1.5 → 1.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

data/.document +5 -2
data/.gitignore +1 -0
data/LICENSE.txt +1 -1
data/bench/after-2012-07-28.txt +25 -0
data/bench/before-2012-07-28.txt +25 -0
data/bench/benchit.rb +68 -0
data/bench/calc_delta.rb +17 -0
data/bench/octets.rb +22 -0
data/bench/octets_after.txt +8 -0
data/bench/octets_after_refactor.txt +8 -0
data/bench/octets_before.txt +8 -0
data/lib/packetfu.rb +8 -3
data/lib/packetfu/packet.rb +2 -2
data/lib/packetfu/pcap.rb +20 -4
data/lib/packetfu/protos/arp.rb +7 -160
data/lib/packetfu/protos/arp/header.rb +160 -0
data/lib/packetfu/protos/arp/mixin.rb +38 -0
data/lib/packetfu/protos/eth.rb +5 -247
data/lib/packetfu/protos/eth/header.rb +247 -0
data/lib/packetfu/protos/eth/mixin.rb +20 -0
data/lib/packetfu/protos/hsrp.rb +13 -123
data/lib/packetfu/protos/hsrp/header.rb +120 -0
data/lib/packetfu/protos/hsrp/mixin.rb +31 -0
data/lib/packetfu/protos/icmp.rb +10 -97
data/lib/packetfu/protos/icmp/header.rb +93 -0
data/lib/packetfu/protos/icmp/mixin.rb +17 -0
data/lib/packetfu/protos/ip.rb +7 -295
data/lib/packetfu/protos/ip/header.rb +335 -0
data/lib/packetfu/protos/ip/mixin.rb +43 -0
data/lib/packetfu/protos/ipv6.rb +7 -191
data/lib/packetfu/protos/ipv6/header.rb +190 -0
data/lib/packetfu/protos/ipv6/mixin.rb +31 -0
data/lib/packetfu/protos/tcp.rb +13 -939
data/lib/packetfu/protos/tcp/ecn.rb +42 -0
data/lib/packetfu/protos/tcp/flags.rb +83 -0
data/lib/packetfu/protos/tcp/header.rb +307 -0
data/lib/packetfu/protos/tcp/hlen.rb +40 -0
data/lib/packetfu/protos/tcp/mixin.rb +48 -0
data/lib/packetfu/protos/tcp/option.rb +323 -0
data/lib/packetfu/protos/tcp/options.rb +106 -0
data/lib/packetfu/protos/tcp/reserved.rb +42 -0
data/lib/packetfu/protos/udp.rb +12 -110
data/lib/packetfu/protos/udp/header.rb +107 -0
data/lib/packetfu/protos/udp/mixin.rb +23 -0
data/lib/packetfu/utils.rb +24 -24
data/lib/packetfu/version.rb +1 -1
data/packetfu.gemspec +2 -2
data/test/test_ip.rb +0 -19
data/test/test_octets.rb +18 -21
data/test/test_tcp.rb +10 -0
data/test/test_udp.rb +17 -0
metadata +79 -50

data/lib/packetfu/protos/tcp/reserved.rb ADDED Viewed

@@ -0,0 +1,42 @@
+module PacketFu
+	# Implements the Reserved bits for TCPHeader.
+	#
+	# ==== Header Definition
+	#
+	#
+	#  Fixnum (1 bit)  :r1
+	#  Fixnum (1 bit)  :r2
+	#  Fixnum (1 bit)  :r3
+	class TcpReserved < Struct.new(:r1, :r2, :r3)
+		include StructFu
+		def initialize(args={})
+			super(
+				args[:r1] || 0,
+				args[:r2] || 0,
+				args[:r3] || 0) if args.kind_of? Hash
+		end
+		# Returns the Reserved field as an integer.
+		def to_i
+			(r1.to_i << 2) + (r2.to_i << 1) + r3.to_i
+		end
+		# Reads a string to populate the object.
+		def read(str)
+			force_binary(str)
+			return self if str.nil? || str.size.zero?
+			if 1.respond_to? :ord
+				byte = str[0].ord
+			else
+				byte = str[0]
+			end
+			self[:r1] = byte & 0b00000100 == 0b00000100 ? 1 : 0
+			self[:r2] = byte & 0b00000010 == 0b00000010 ? 1 : 0
+			self[:r3] = byte & 0b00000001 == 0b00000001 ? 1 : 0
+			self
+		end
+	end
+end

data/lib/packetfu/protos/udp.rb CHANGED Viewed

@@ -1,109 +1,13 @@
-module PacketFu
-	# UDPHeader is a complete UDP struct, used in UDPPacket. Many Internet-critical protocols
-	# rely on UDP, such as DNS and World of Warcraft.
-	#
-	# For more on UDP packets, see http://www.networksorcery.com/enp/protocol/udp.htm
-	#
-	# ==== Header Definition
-	#  Int16   :udp_src
-	#  Int16   :udp_dst
-	#  Int16   :udp_len  Default: calculated
-	#  Int16   :udp_sum  Default: 0. Often calculated.
-	#  String  :body
-	class UDPHeader < Struct.new(:udp_src, :udp_dst, :udp_len, :udp_sum, :body)
-		include StructFu
-		def initialize(args={})
-			super(
-				Int16.new(args[:udp_src]),
-				Int16.new(args[:udp_dst]),
-				Int16.new(args[:udp_len] || udp_calc_len),
-				Int16.new(args[:udp_sum]),
-				StructFu::String.new.read(args[:body])
-			)
-		end
-		# Returns the object in string form.
-		def to_s
-			self.to_a.map {|x| x.to_s}.join
-		end
-		# Reads a string to populate the object.
-		def read(str)
-			force_binary(str)
-			return self if str.nil?
-			self[:udp_src].read(str[0,2])
-			self[:udp_dst].read(str[2,2])
-			self[:udp_len].read(str[4,2])
-			self[:udp_sum].read(str[6,2])
-			self[:body].read(str[8,str.size])
-			self
-		end
-		# Setter for the UDP source port.
-		def udp_src=(i); typecast i; end
-		# Getter for the UDP source port.
-		def udp_src; self[:udp_src].to_i; end
-		# Setter for the UDP destination port.
-		def udp_dst=(i); typecast i; end
-		# Getter for the UDP destination port.
-		def udp_dst; self[:udp_dst].to_i; end
-		# Setter for the length field. Usually should be recalc()'ed instead.
-		def udp_len=(i); typecast i; end
-		# Getter for the length field.
-		def udp_len; self[:udp_len].to_i; end
-		# Setter for the checksum. Usually should be recalc()'ed instad.
-		def udp_sum=(i); typecast i; end
-		# Getter for the checksum.
-		def udp_sum; self[:udp_sum].to_i; end
-		# Returns the true length of the UDP packet.
-		def udp_calc_len
-			body.to_s.size + 8
-		end
-		# Recalculates calculated fields for UDP.
-		def udp_recalc(args=:all)
-			arg = arg.intern if arg.respond_to? :intern
-			case args
-			when :udp_len
-				self.udp_len = udp_calc_len
-			when :all
-				self.udp_recalc(:udp_len)
-			else
-				raise ArgumentError, "No such field `#{arg}'"
-			end
-		end
+require 'packetfu/protos/eth/header'
+require 'packetfu/protos/eth/mixin'
-		# Equivalent to udp_src.to_i
-		def udp_sport
-			self.udp_src
-		end
+require 'packetfu/protos/ip/header'
+require 'packetfu/protos/ip/mixin'
-		# Equivalent to udp_src=
-		def udp_sport=(arg)
-			self.udp_src=(arg)
-		end
+require 'packetfu/protos/udp/header'
+require 'packetfu/protos/udp/mixin'
-		# Equivalent to udp_dst
-		def udp_dport
-			self.udp_dst
-		end
-		# Equivalent to udp_dst=
-		def udp_dport=(arg)
-			self.udp_dst=(arg)
-		end
-		# Readability aliases
-		def udp_sum_readable
-			"0x%04x" % udp_sum
-		end
-	end
+module PacketFu
 	# UDPPacket is used to construct UDP Packets. They contain an EthHeader, an IPHeader, and a UDPHeader.
 	#
@@ -131,6 +35,9 @@ module PacketFu
 	#  :config
 	#   A hash of return address details, often the output of Utils.whoami?
 	class UDPPacket < Packet
+    include ::PacketFu::EthHeaderMixin
+    include ::PacketFu::IPHeaderMixin
+    include ::PacketFu::UDPHeaderMixin
 		attr_accessor :eth_header, :ip_header, :udp_header
@@ -145,15 +52,10 @@ module PacketFu
 		def read(str=nil, args={})
 			raise "Cannot parse `#{str}'" unless self.class.can_parse?(str)
 			@eth_header.read(str)
-			@ip_header.read(str[14,str.size])
-			@eth_header.body = @ip_header
 			if args[:strip]
-				udp_len = str[16,2].unpack("n")[0] - 20
-				@udp_header.read(str[14+(@ip_header.ip_hlen),udp_len])
-			else
-				@udp_header.read(str[14+(@ip_header.ip_hlen),str.size])
+				udp_body_len = self.ip_len - self.ip_hlen - 8
+				@udp_header.body.read(@udp_header.body.to_s[0,udp_body_len])
 			end
-			@ip_header.body = @udp_header
 			super(args)
 			self
 		end

data/lib/packetfu/protos/udp/header.rb ADDED Viewed

@@ -0,0 +1,107 @@
+module PacketFu
+	# UDPHeader is a complete UDP struct, used in UDPPacket. Many Internet-critical protocols
+	# rely on UDP, such as DNS and World of Warcraft.
+	#
+	# For more on UDP packets, see http://www.networksorcery.com/enp/protocol/udp.htm
+	#
+	# ==== Header Definition
+	#  Int16   :udp_src
+	#  Int16   :udp_dst
+	#  Int16   :udp_len  Default: calculated
+	#  Int16   :udp_sum  Default: 0. Often calculated.
+	#  String  :body
+	class UDPHeader < Struct.new(:udp_src, :udp_dst, :udp_len, :udp_sum, :body)
+		include StructFu
+		def initialize(args={})
+			super(
+				Int16.new(args[:udp_src]),
+				Int16.new(args[:udp_dst]),
+				Int16.new(args[:udp_len] || udp_calc_len),
+				Int16.new(args[:udp_sum]),
+				StructFu::String.new.read(args[:body])
+			)
+		end
+		# Returns the object in string form.
+		def to_s
+			self.to_a.map {|x| x.to_s}.join
+		end
+		# Reads a string to populate the object.
+		def read(str)
+			force_binary(str)
+			return self if str.nil?
+			self[:udp_src].read(str[0,2])
+			self[:udp_dst].read(str[2,2])
+			self[:udp_len].read(str[4,2])
+			self[:udp_sum].read(str[6,2])
+			self[:body].read(str[8,str.size])
+			self
+		end
+		# Setter for the UDP source port.
+		def udp_src=(i); typecast i; end
+		# Getter for the UDP source port.
+		def udp_src; self[:udp_src].to_i; end
+		# Setter for the UDP destination port.
+		def udp_dst=(i); typecast i; end
+		# Getter for the UDP destination port.
+		def udp_dst; self[:udp_dst].to_i; end
+		# Setter for the length field. Usually should be recalc()'ed instead.
+		def udp_len=(i); typecast i; end
+		# Getter for the length field.
+		def udp_len; self[:udp_len].to_i; end
+		# Setter for the checksum. Usually should be recalc()'ed instad.
+		def udp_sum=(i); typecast i; end
+		# Getter for the checksum.
+		def udp_sum; self[:udp_sum].to_i; end
+		# Returns the true length of the UDP packet.
+		def udp_calc_len
+			body.to_s.size + 8
+		end
+		# Recalculates calculated fields for UDP.
+		def udp_recalc(args=:all)
+			arg = arg.intern if arg.respond_to? :intern
+			case args
+			when :udp_len
+				self.udp_len = udp_calc_len
+			when :all
+				self.udp_recalc(:udp_len)
+			else
+				raise ArgumentError, "No such field `#{arg}'"
+			end
+		end
+		# Equivalent to udp_src.to_i
+		def udp_sport
+			self.udp_src
+		end
+		# Equivalent to udp_src=
+		def udp_sport=(arg)
+			self.udp_src=(arg)
+		end
+		# Equivalent to udp_dst
+		def udp_dport
+			self.udp_dst
+		end
+		# Equivalent to udp_dst=
+		def udp_dport=(arg)
+			self.udp_dst=(arg)
+		end
+		# Readability aliases
+		def udp_sum_readable
+			"0x%04x" % udp_sum
+		end
+	end
+end

data/lib/packetfu/protos/udp/mixin.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module PacketFu
+	# This Mixin simplifies access to the UDPHeaders. Mix this in with your
+	# packet interface, and it will add methods that essentially delegate to
+	# the 'udp_header' method (assuming that it is a UDPHeader object)
+  module UDPHeaderMixin
+    def udp_src=(v); self.udp_header.udp_src= v; end
+    def udp_src; self.udp_header.udp_src; end
+    def udp_dst=(v); self.udp_header.udp_dst= v; end
+    def udp_dst; self.udp_header.udp_dst; end
+    def udp_len=(v); self.udp_header.udp_len= v; end
+    def udp_len; self.udp_header.udp_len; end
+    def udp_sum=(v); self.udp_header.udp_sum= v; end
+    def udp_sum; self.udp_header.udp_sum; end
+    def udp_calc_len; self.udp_header.udp_calc_len; end
+    def udp_recalc(*v); self.udp_header.udp_recalc(*v); end
+    def udp_sport; self.udp_header.udp_sport; end
+    def udp_sport=(v); self.udp_header.udp_sport= v; end
+    def udp_dport; self.udp_header.udp_dport; end
+    def udp_dport=(v); self.udp_header.udp_dport= v; end
+    def udp_sum_readable; self.udp_header.udp_sum_readable; end
+  end
+end

data/lib/packetfu/utils.rb CHANGED Viewed

@@ -183,30 +183,30 @@ module PacketFu
 						ret[:ip6_obj] = IPAddr.new($1)
 					end
 				end # linux
-      when /darwin/i
-        ifconfig_data = %x[ifconfig #{iface}]
-        if ifconfig_data =~ /#{iface}/i
-          ifconfig_data = ifconfig_data.split(/[\s]*\n[\s]*/)
-        else
-          raise ArgumentError, "Cannot ifconfig #{iface}"
-        end
-        real_iface = ifconfig_data.first
-        ret[:iface] = real_iface.split(':')[0]
-        ifconfig_data.each do |s|
-          case s
-          when /ether[\s]([0-9a-fA-F:]{17})/i
-            ret[:eth_saddr] = $1
-            ret[:eth_src] = EthHeader.mac2str(ret[:eth_saddr])
-          when /inet[\s]*([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)(.*Mask:([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+))?/i
-            ret[:ip_saddr] = $1
-            ret[:ip_src] = [IPAddr.new($1).to_i].pack("N")
-            ret[:ip4_obj] = IPAddr.new($1)
-            ret[:ip4_obj] = ret[:ip4_obj].mask($3) if $3
-          when /inet6[\s]*([0-9a-fA-F:\x2f]+)/
-            ret[:ip6_saddr] = $1
-            ret[:ip6_obj] = IPAddr.new($1)
-          end
-        end # darwin
+			when /darwin/i
+				ifconfig_data = %x[ifconfig #{iface}]
+				if ifconfig_data =~ /#{iface}/i
+					ifconfig_data = ifconfig_data.split(/[\s]*\n[\s]*/)
+				else
+					raise ArgumentError, "Cannot ifconfig #{iface}"
+				end
+				real_iface = ifconfig_data.first
+				ret[:iface] = real_iface.split(':')[0]
+				ifconfig_data.each do |s|
+					case s
+					when /ether[\s]([0-9a-fA-F:]{17})/i
+						ret[:eth_saddr] = $1
+						ret[:eth_src] = EthHeader.mac2str(ret[:eth_saddr])
+					when /inet[\s]*([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)(.*Mask:([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+))?/i
+						ret[:ip_saddr] = $1
+						ret[:ip_src] = [IPAddr.new($1).to_i].pack("N")
+						ret[:ip4_obj] = IPAddr.new($1)
+						ret[:ip4_obj] = ret[:ip4_obj].mask($3) if $3
+					when /inet6[\s]*([0-9a-fA-F:\x2f]+)/
+						ret[:ip6_saddr] = $1
+						ret[:ip6_obj] = IPAddr.new($1)
+					end
+				end # darwin
 			end # RUBY_PLATFORM
 			ret
 		end

data/lib/packetfu/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module PacketFu
 	# Check the repo's for version release histories
-	VERSION = "1.1.5" # Unscrewing the 1.1.4 gem
+	VERSION = "1.1.6"
 	# Returns PacketFu::VERSION
 	def self.version

data/packetfu.gemspec CHANGED Viewed

@@ -2,9 +2,9 @@ require 'rake'
 Gem::Specification.new do |s|
   s.name        = 'packetfu'
-  s.version     = '1.1.5'
+  s.version     = '1.1.6'
   s.authors     = ['Tod Beardsley']
-  s.email       = 'todb@planb-security.net'
+  s.email       = 'todb@packetfu.com'
   s.summary     = 'PacketFu is a mid-level packet manipulation library.'
   s.homepage    = 'https://github.com/todb/packetfu'
   s.description = %q{PacketFu is a mid-level packet manipulation library for Ruby. With it, users can read, parse, and write network packets with the level of ease and fun they expect from Ruby. Note that this gem does not automatically require pcaprub, since users may install pcaprub through non-gem means.}

data/test/test_ip.rb CHANGED Viewed

@@ -3,25 +3,6 @@ require 'test/unit'
 $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
 require 'packetfu'
-class OctetsTest < Test::Unit::TestCase
-	include PacketFu
-	def test_octets_read
-		o = Octets.new
-		o.read("\x04\x03\x02\x01")
-		assert_equal("4.3.2.1", o.to_x)
-	end
-	def test_octets_read_quad
-		o = Octets.new
-		o.read_quad("1.2.3.4")
-		assert_equal("1.2.3.4", o.to_x)
-		assert_equal("\x01\x02\x03\x04", o.to_s)
-		assert_equal(0x01020304, o.to_i)
-	end
-end
 class IPTest < Test::Unit::TestCase
 	include PacketFu

data/test/test_octets.rb CHANGED Viewed

@@ -3,33 +3,30 @@ require 'test/unit'
 $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
 require 'packetfu'
-class OctetTest < Test::Unit::TestCase
+class OctetsTest < Test::Unit::TestCase
 	include PacketFu
-	def setup
-		@o = Octets.new
+	def test_octets_read
+		o = Octets.new
+		o.read("\x04\x03\x02\x01")
+		assert_equal("4.3.2.1", o.to_x)
 	end
-	def test_create_octets
-		assert_kind_of Octets, @o
+	def test_octets_read_quad
+		o = Octets.new
+		o.read_quad("1.2.3.4")
+		assert_equal("1.2.3.4", o.to_x)
+		assert_equal("\x01\x02\x03\x04", o.to_s)
+		assert_equal(0x01020304, o.to_i)
 	end
-	def test_read
-		s = "\x0a\x0a\x0a\x0b"
-		@o.read s
-		assert_equal(s, @o.to_s)
-	end
-	def test_dotted
-		s = "\x0a\x0a\x0a\x01"
-		@o.read s
-		assert_equal("10.10.10.1", @o.to_x)
-	end
-	def test_numerical
-		s = "\x00\x00\x00\x80"
-		@o.read s
-		assert_equal(128, @o.to_i)
+	def test_octets_single_octet
+		o = Octets.new
+		o.read("ABCD")
+		assert_equal(o.o1, 0x41)
+		assert_equal(o.o2, 0x42)
+		assert_equal(o.o3, 0x43)
+		assert_equal(o.o4, 0x44)
 	end
 end