packetfu 1.1.9 → 1.1.10

data/lib/packetfu/config.rb

@@ -1,59 +1,59 @@
 # -*- coding: binary -*-
 module PacketFu
 
-  # The Config class holds various bits of useful default information 
-  # for packet creation. If initialized without arguments, @iface will be 
-  # set to ENV['IFACE'] or Pcap.lookupdev (or lo), and the @pcapfile will
-  # be set to "/tmp/out.pcap" # (yes, it's Linux-biased, sorry, fixing 
-  # this is a TODO.)
-  #
-  # Any number of instance variables can be passed in to the intialize function (as a
-  # hash), though only the expected network-related variables will be readable and
-  # writeable directly.
-  #
-  # == Examples
-  #
-  #   PacketFu::Config.new(:ip_saddr => "1.2.3.4").ip_saddr #=> "1.2.3.4"
-  #   PacketFu::Config.new(:foo=>"bar").foo #=> NomethodError: undefined method `foo'...
-  #
-  # The config() function, however, does provide access to custom variables:
-  #
-  #   PacketFu::Config.new(:foo=>"bar").config[:foo] #=> "bar"
-  #   obj = PacketFu::Config.new(:foo=>"bar")
-  #   obj.config(:baz => "bat")
-  #   obj.config #=> {:iface=>"eth0", :baz=>"bat", :pcapfile=>"/tmp/out.pcap", :foo=>"bar"}
-  class Config
-    attr_accessor :eth_saddr,	# The discovered eth_saddr 
-      :eth_daddr,							# The discovered eth_daddr (ie, the gateway)
-      :eth_src,								# The discovered eth_src in binary form.
-      :eth_dst,								# The discovered eth_dst (gateway) in binary form.
-      :ip_saddr,							# The discovered ip_saddr
-      :ip_src,								# The discovered ip_src in binary form.
-      :iface,									# The declared interface.
-      :pcapfile								# A declared default file to write to.
-  
-    def initialize(args={})
-      if Process.euid.zero?
-        @iface = args[:iface] || ENV['IFACE'] || Pcap.lookupdev || "lo" 
-      end	
-      @pcapfile = "/tmp/out.pcap"
-      args.each_pair { |k,v| self.instance_variable_set(("@#{k}"),v) }
-    end
+	# The Config class holds various bits of useful default information 
+	# for packet creation. If initialized without arguments, @iface will be 
+	# set to ENV['IFACE'] or Pcap.lookupdev (or lo), and the @pcapfile will
+	# be set to "/tmp/out.pcap" # (yes, it's Linux-biased, sorry, fixing 
+	# this is a TODO.)
+	#
+	# Any number of instance variables can be passed in to the intialize function (as a
+	# hash), though only the expected network-related variables will be readable and
+	# writeable directly.
+	#
+	# == Examples
+	#
+	#   PacketFu::Config.new(:ip_saddr => "1.2.3.4").ip_saddr #=> "1.2.3.4"
+	#   PacketFu::Config.new(:foo=>"bar").foo #=> NomethodError: undefined method `foo'...
+	#
+	# The config() function, however, does provide access to custom variables:
+	#
+	#   PacketFu::Config.new(:foo=>"bar").config[:foo] #=> "bar"
+	#   obj = PacketFu::Config.new(:foo=>"bar")
+	#   obj.config(:baz => "bat")
+	#   obj.config #=> {:iface=>"eth0", :baz=>"bat", :pcapfile=>"/tmp/out.pcap", :foo=>"bar"}
+	class Config
+		attr_accessor :eth_saddr,	# The discovered eth_saddr 
+			:eth_daddr,							# The discovered eth_daddr (ie, the gateway)
+			:eth_src,								# The discovered eth_src in binary form.
+			:eth_dst,								# The discovered eth_dst (gateway) in binary form.
+			:ip_saddr,							# The discovered ip_saddr
+			:ip_src,								# The discovered ip_src in binary form.
+			:iface,									# The declared interface.
+			:pcapfile								# A declared default file to write to.
+	
+		def initialize(args={})
+			if Process.euid.zero?
+				@iface = args[:iface] || ENV['IFACE'] || Pcap.lookupdev || "lo" 
+			end	
+			@pcapfile = "/tmp/out.pcap"
+			args.each_pair { |k,v| self.instance_variable_set(("@#{k}"),v) }
+		end
 
-    # Returns all instance variables as a hash (including custom variables set at initialization).
-    def config(arg=nil)
-      if arg
-        arg.each_pair {|k,v| self.instance_variable_set(("@" + k.to_s).intern, v)}
-      else
-        config_hash = {}
-        self.instance_variables.each do |v| 
-          key = v.to_s.gsub(/^@/,"").to_sym
-          config_hash[key] = self.instance_variable_get(v) 
-        end
-        config_hash
-      end
-    end
+		# Returns all instance variables as a hash (including custom variables set at initialization).
+		def config(arg=nil)
+			if arg
+				arg.each_pair {|k,v| self.instance_variable_set(("@" + k.to_s).intern, v)}
+			else
+				config_hash = {}
+				self.instance_variables.each do |v| 
+					key = v.to_s.gsub(/^@/,"").to_sym
+					config_hash[key] = self.instance_variable_get(v) 
+				end
+				config_hash
+			end
+		end
 
-  end
+	end
 
 end

data/lib/packetfu/inject.rb

@@ -1,66 +1,66 @@
 # -*- coding: binary -*-
 module PacketFu
 
-  # The Inject class handles injecting arrays of binary data on the wire.
-  #
-  # To inject single packets, use PacketFu::Packet.to_w() instead.
-  class Inject 
-    attr_accessor :array, :stream, :show_live # Leave these public and open.
-    attr_reader :iface, :snaplen, :promisc, :timeout # Cant change after the init.
+	# The Inject class handles injecting arrays of binary data on the wire.
+	#
+	# To inject single packets, use PacketFu::Packet.to_w() instead.
+	class Inject 
+		attr_accessor :array, :stream, :show_live # Leave these public and open.
+		attr_reader :iface, :snaplen, :promisc, :timeout # Cant change after the init.
 
-    def initialize(args={})
-      @array = [] # Where the packet array goes.
-      @stream = [] # Where the stream goes.
-      @iface = args[:iface] || ENV['IFACE'] || Pcap.lookupdev || "lo" 
-      @snaplen = args[:snaplen] || 0xffff
-      @promisc = args[:promisc] || false # Sensible for some Intel wifi cards
-      @timeout = args[:timeout] || 1
-      @show_live = nil
-    end
+		def initialize(args={})
+			@array = [] # Where the packet array goes.
+			@stream = [] # Where the stream goes.
+			@iface = args[:iface] || ENV['IFACE'] || Pcap.lookupdev || "lo" 
+			@snaplen = args[:snaplen] || 0xffff
+			@promisc = args[:promisc] || false # Sensible for some Intel wifi cards
+			@timeout = args[:timeout] || 1
+			@show_live = nil
+		end
 
-    # Takes an array, and injects them onto an interface. Note that
-    # complete packets (Ethernet headers on down) are expected. 
-    #
-    # === Parameters
-    #
-    #   :array || arr
-    #    An array of binary data (usually packet.to_s style).
-    #   :int || sleep
-    #    Number of seconds to sleep between injections (in float format)
-    #   :show_live || :live
-    #    If true, puts data about what was injected to stdout.
-    #
-    # === Example
-    #
-    #  inj = PacketFu::Inject.new
-    #  inj.array_to_wire(:array => [pkt1, pkt2, pkt3], :sleep => 0.1)
-    #
-    def array_to_wire(args={})
-      pkt_array = args[:array] || args[:arr] || @array
-      interval = args[:int] || args[:sleep]
-      show_live = args[:show_live] || args[:live] || @show_live
+		# Takes an array, and injects them onto an interface. Note that
+		# complete packets (Ethernet headers on down) are expected. 
+		#
+		# === Parameters
+		#
+		#   :array || arr
+		#    An array of binary data (usually packet.to_s style).
+		#   :int || sleep
+		#    Number of seconds to sleep between injections (in float format)
+		#   :show_live || :live
+		#    If true, puts data about what was injected to stdout.
+		#
+		# === Example
+		#
+		#  inj = PacketFu::Inject.new
+		#  inj.array_to_wire(:array => [pkt1, pkt2, pkt3], :sleep => 0.1)
+		#
+		def array_to_wire(args={})
+			pkt_array = args[:array] || args[:arr] || @array
+			interval = args[:int] || args[:sleep]
+			show_live = args[:show_live] || args[:live] || @show_live
 
-      @stream = Pcap.open_live(@iface,@snaplen,@promisc,@timeout)
-      pkt_count = 0
-      pkt_array.each do |pkt|
-        @stream.inject(pkt)
-        sleep interval if interval
-        pkt_count +=1
-        puts "Sent Packet \##{pkt_count} (#{pkt.size})" if show_live
-      end
-      # Return # of packets sent, array size, and array total size 
-      [pkt_count, pkt_array.size, pkt_array.join.size]
-    end
+			@stream = Pcap.open_live(@iface,@snaplen,@promisc,@timeout)
+			pkt_count = 0
+			pkt_array.each do |pkt|
+				@stream.inject(pkt)
+				sleep interval if interval
+				pkt_count +=1
+				puts "Sent Packet \##{pkt_count} (#{pkt.size})" if show_live
+			end
+			# Return # of packets sent, array size, and array total size 
+			[pkt_count, pkt_array.size, pkt_array.join.size]
+		end
 
-    # Equivalent to array_to_wire
-    def a2w(args={})
-      array_to_wire(args)
-    end
+		# Equivalent to array_to_wire
+		def a2w(args={})
+			array_to_wire(args)
+		end
 
-    # Equivalent to array_to_wire
-    def inject(args={})
-      array_to_wire(args)
-    end
+		# Equivalent to array_to_wire
+		def inject(args={})
+			array_to_wire(args)
+		end
 
-  end
+	end
 end

data/lib/packetfu/packet.rb

@@ -1,534 +1,534 @@
 # -*- coding: binary -*-
 module PacketFu
 
-  # Packet is the parent class of EthPacket, IPPacket, UDPPacket, TCPPacket, and all
-  # other packets. It acts as both a singleton class, so things like
-  # Packet.parse can happen, and as an abstract class to provide 
-  # subclasses some structure.
-  class Packet
-
-    attr_reader :flavor # Packet Headers are responsible for their own specific flavor methods.
-    attr_accessor :headers # All packets have a header collection, useful for determining protocol trees.
-    attr_accessor :iface # Default inferface to send packets to
-    attr_accessor :inspect_style # Default is :dissect, can also be :hex or :default
-
-    # Register subclasses in PacketFu.packet_class to do all kinds of neat things
-    # that obviates those long if/else trees for parsing. It's pretty sweet.
-    def self.inherited(subclass)
-      PacketFu.add_packet_class(subclass)
-    end
-
-    # Force strings into binary.
-    def self.force_binary(str)
-      str.force_encoding Encoding::BINARY if str.respond_to? :force_encoding
-    end
-
-    # Parse() creates the correct packet type based on the data, and returns the apporpiate
-    # Packet subclass object. 
-    #
-    # There is an assumption here that all incoming packets are either EthPacket
-    # or InvalidPacket types. This will be addressed pretty soon.
-    #
-    # If application-layer parsing is /not/ desired, that should be indicated explicitly
-    # with an argument of  :parse_app => false. Otherwise, app-layer parsing will happen.
-    #
-    # It is no longer neccisary to manually add packet types here.
-    def self.parse(packet=nil,args={})
-      parse_app = true if(args[:parse_app].nil? or args[:parse_app])
-      force_binary(packet)
-      if parse_app
-        classes = PacketFu.packet_classes.select {|pclass| pclass.can_parse? packet}
-      else
-        classes = PacketFu.packet_classes.select {|pclass| pclass.can_parse? packet}.reject {|pclass| pclass.layer_symbol == :application}
-      end
-      p = classes.sort {|x,y| x.layer <=> y.layer}.last.new
-      parsed_packet = p.read(packet,args)
-    end
-
-    def handle_is_identity(ptype)
-      idx = PacketFu.packet_prefixes.index(ptype.to_s.downcase)
-      if idx
-        self.kind_of? PacketFu.packet_classes[idx]
-      else
-        raise NoMethodError, "Undefined method `is_#{ptype}?' for #{self.class}."
-      end
-    end
-
-    # Get the binary string of the entire packet.
-    def to_s
-      @headers[0].to_s
-    end
-
-    # In the event of no proper decoding, at least send it to the inner-most header.
-    def write(io)
-      @headers[0].write(io)
-    end
-
-    # Get the outermost payload (body) of the packet; this is why all packet headers
-    # should have a body type.
-    def payload
-      @headers.last.body
-    end
-
-    # Set the outermost payload (body) of the packet.
-    def payload=(args)
-      @headers.last.body=(args)
-    end
-
-    # Converts a packet to libpcap format. Bit of a hack?
-    def to_pcap(args={})
-      p = PcapPacket.new(:endian => args[:endian],
-                        :timestamp => Timestamp.new.to_s,
-                        :incl_len => self.to_s.size,
-                        :orig_len => self.to_s.size,
-                        :data => self)
-    end
-
-    # Put the entire packet into a libpcap file. XXX: this is a
-    # hack for now just to confirm that packets are getting created
-    # correctly. Now with append! XXX: Document this!
-    def to_f(filename=nil,mode='w')
-      filename ||= 'out.pcap'
-      mode = mode.to_s[0,1] + "b"
-      raise ArgumentError, "Unknown mode: #{mode.to_s}" unless mode =~ /^[wa]/
-      if(mode == 'w' || !(File.exists?(filename)))
-        data = [PcapHeader.new, self.to_pcap].map {|x| x.to_s}.join
-      else
-        data = self.to_pcap
-      end
-      File.open(filename, mode) {|f| f.write data}
-      return [filename, 1, data.size]
-    end
-
-    # Put the entire packet on the wire by creating a temporary PacketFu::Inject object.
-    # TODO: Do something with auto-checksumming?
-    def to_w(iface=nil)
-      iface = (iface || self.iface || PacketFu::Config.new.config[:iface]).to_s
-      inj = PacketFu::Inject.new(:iface => iface)
-      inj.array = [@headers[0].to_s]
-      inj.inject
-    end
-    
-    # Recalculates all the calcuated fields for all headers in the packet.
-    # This is important since read() wipes out all the calculated fields
-    # such as length and checksum and what all.
-    def recalc(arg=:all)
-      case arg
-      when :ip
-        ip_recalc(:all)
-      when :icmp
-        icmp_recalc(:all)
-      when :udp
-        udp_recalc(:all)
-      when :tcp
-        tcp_recalc(:all)
-      when :all
-        ip_recalc(:all) if @ip_header
-        icmp_recalc(:all) if @icmp_header
-        udp_recalc(:all) if @udp_header
-        tcp_recalc(:all) if @tcp_header
-      else
-        raise ArgumentError, "Recalculating `#{arg}' unsupported. Try :all"
-      end
-      @headers[0]
-    end
-
-    # Read() takes (and trusts) the io input and shoves it all into a well-formed Packet.
-    # Note that read is a destructive process, so any existing data will be lost.
-    #
-    # A note on the :strip => true argument: If :strip is set, defined lengths of data will
-    # be believed, and any trailers (such as frame check sequences) will be chopped off. This
-    # helps to ensure well-formed packets, at the cost of losing perhaps important FCS data.
-    # 
-    # If :strip is false, header lengths are /not/ believed, and all data will be piped in.
-    # When capturing from the wire, this is usually fine, but recalculating the length before
-    # saving or re-transmitting will absolutely change the data payload; FCS data will become
-    # part of the TCP data as far as tcp_len is concerned. Some effort has been made to preserve
-    # the "real" payload for the purposes of checksums, but currently, it's impossible to seperate
-    # new payload data from old trailers, so things like pkt.payload += "some data" will not work
-    # correctly.
-    #
-    # So, to summarize; if you intend to alter the data, use :strip. If you don't, don't. Also,
-    # this is a horrid hack. Stripping is useful (and fun!), but the default behavior really
-    # should be to create payloads correctly, and /not/ treat extra FCS data as a payload.
-    #
-    # Finally, packet subclasses should take two arguments: the string that is the data
-    # to be transmuted into a packet, as well as args. This superclass method is merely
-    # concerned with handling args common to many packet formats (namely, fixing packets
-    # on the fly)
-    def read(args={})
-      if args[:fix] || args[:recalc]
-        ip_recalc(:ip_sum) if self.is_ip?
-        recalc(:tcp) if self.is_tcp?
-        recalc(:udp) if self.is_udp?
-      end
-    end
-
-    # Packets are bundles of lots of objects, so copying them
-    # is a little complicated -- a dup of a packet is actually
-    # full of pass-by-reference stuff in the @headers, so 
-    # if you change one, you're changing all this copies, too.
-    #
-    # Normally, this doesn't seem to be a big deal, and it's
-    # a pretty decent performance tradeoff. But, if you're going
-    # to be creating a template packet to base a bunch of slightly
-    # different ones off of (like a fuzzer might), you'll want
-    # to use clone()
-    def clone
-      Packet.parse(self.to_s)
-    end
-
-    # If two packets are represented as the same binary string, and
-    # they're both actually PacketFu packets of the same sort, they're equal.
-    #
-    # The intuitive result is that a packet of a higher layer (like DNSPacket)
-    # can be equal to a packet of a lower level (like UDPPacket) as long as
-    # the bytes are equal (this can come up if a transport-layer packet has
-    # a hand-crafted payload that is identical to what would have been created
-    # by using an application layer packet)
-    def ==(other)
-      return false unless other.kind_of? self.class
-      return false unless other.respond_to? :to_s
-      self.to_s == other.to_s
-    end
-
-    # Peek provides summary data on packet contents.
-    #
-    # Each packet type should provide a peek_format.
-    def peek(args={})
-      idx = @headers.reverse.map {|h| h.respond_to? peek_format}.index(true)
-      if idx
-        @headers.reverse[idx].peek_format
-      else
-        peek_format
-      end
-    end
-
-    # The peek_format is used to display a single line
-    # of packet data useful for eyeballing. It should not exceed
-    # 80 characters. The Packet superclass defines an example
-    # peek_format, but it should hardly ever be triggered, since
-    # peek traverses the @header list in reverse to find a suitable
-    # format.
-    #
-    # === Format
-    # 
-    #   * A one or two character protocol initial. It should be unique
-    #   * The packet size
-    #   * Useful data in a human-usable form.
-    #
-    # Ideally, related peek_formats will all line up with each other
-    # when printed to the screen.
-    #
-    # === Example
-    #
-    #    tcp_packet.peek
-    #    #=> "T  1054 10.10.10.105:55000   ->   192.168.145.105:80 [......] S:adc7155b|I:8dd0"
-    #    tcp_packet.peek.size
-    #    #=> 79
-    #   
-    def peek_format
-      peek_data = ["?  "]
-      peek_data << "%-5d" % self.to_s.size
-      peek_data << "%68s" % self.to_s[0,34].unpack("H*")[0]
-      peek_data.join
-    end
-
-    # Defines the layer this packet type lives at, based on the number of headers it 
-    # requires. Note that this has little to do with the OSI model, since TCP/IP
-    # doesn't really have Session and Presentation layers. 
-    #
-    # Ethernet and the like are layer 1, IP, IPv6, and ARP are layer 2,
-    # TCP, UDP, and other transport protocols are layer 3, and application
-    # protocols are at layer 4 or higher. InvalidPackets have an arbitrary
-    # layer 0 to distinguish them.
-    #
-    # Because these don't change much, it's cheaper just to case through them,
-    # and only resort to counting headers if we don't have a match -- this
-    # makes adding protocols somewhat easier, but of course you can just
-    # override this method over there, too. This is merely optimized
-    # for the most likely protocols you see on the Internet.
-    def self.layer
-      case self.name # Lol ran into case's fancy treatment of classes
-      when /InvalidPacket$/; 0
-      when /EthPacket$/; 1
-      when /IPPacket$/, /ARPPacket$/, /LLDPPacket$/, /IPv6Packet$/; 2
-      when /TCPPacket$/, /UDPPacket$/, /ICMPPacket$/; 3
-      when /HSRPPacket$/; 4
-      else; self.new.headers.size
-      end
-    end
-
-    def layer
-      self.class.layer
-    end
-
-    def self.layer_symbol
-      case self.layer
-      when 0; :invalid
-      when 1; :link
-      when 2; :internet
-      when 3; :transport
-      else; :application
-      end
-    end
-
-    def layer_symbol
-      self.class.layer_symbol
-    end
-
-    # Packet subclasses must override this, since the Packet superclass
-    # can't actually parse anything.
-    def self.can_parse?(str)
-      false
-    end
-
-    # Hexify provides a neatly-formatted dump of binary data, familar to hex readers.
-    def hexify(str)
-      str.force_encoding(Encoding::BINARY) if str.respond_to? :force_encoding
-      hexascii_lines = str.to_s.unpack("H*")[0].scan(/.{1,32}/)
-      regex = Regexp.new('[\x00-\x1f\x7f-\xff]', nil, 'n')
-      chars = str.to_s.gsub(regex,'.')
-      chars_lines = chars.scan(/.{1,16}/)
-      ret = []
-      hexascii_lines.size.times {|i| ret << "%-48s  %s" % [hexascii_lines[i].gsub(/(.{2})/,"\\1 "),chars_lines[i]]}
-      ret.join("\n")
-    end
-
-    # If @inspect_style is :default (or :ugly), the inspect output is the usual
-    # inspect. 
-    #
-    # If @inspect_style is :hex (or :pretty), the inspect output is
-    # a much more compact hexdump-style, with a shortened set of packet header
-    # names at the top.
-    #
-    # If @inspect_style is :dissect (or :verbose), the inspect output is the
-    # longer, but more readable, dissection of the packet. This is the default.
-    #
-    # TODO: Have an option for colors. Everyone loves colorized irb output.
-    def inspect_hex(arg=0)
-      case arg
-      when :layers
-        ret = []
-        @headers.size.times do |i|
-          ret << hexify(@headers[i])
-        end
-        ret
-      when (0..9)
-        if @headers[arg]
-          hexify(@headers[arg])
-        else
-          nil
-        end
-      when :all
-        inspect_hex(0)
-      end
-    end
-
-    def dissection_table
-      table = []
-      @headers.each_with_index do |header,table_idx|
-        proto = header.class.name.sub(/^.*::/,"")
-        table << [proto,[]]
-        header.class.members.each do |elem|
-          elem_sym = elem.to_sym # to_sym needed for 1.8
-          next if elem_sym == :body 
-          elem_type_value = []
-          elem_type_value[0] = elem
-          readable_element = "#{elem}_readable"
-          if header.respond_to? readable_element
-            elem_type_value[1] = header.send(readable_element)
-          else
-            elem_type_value[1] = header.send(elem)
-          end
-          elem_type_value[2] = header[elem.to_sym].class.name 
-          table[table_idx][1] << elem_type_value
-        end
-      end
-      table
-      if @headers.last.members.map {|x| x.to_sym }.include? :body
-        body_part = [:body, self.payload, @headers.last.body.class.name]
-      end
-      table << body_part
-    end
-
-    # Renders the dissection_table suitable for screen printing. Can take
-    # one or two arguments. If just the one, only that layer will be displayed
-    # take either a range or a number -- if a range, only protos within
-    # that range will be rendered. If an integer, only that proto
-    # will be rendered.
-    def dissect
-      dtable = self.dissection_table
-      hex_body = nil
-      if dtable.last.kind_of?(Array) and dtable.last.first == :body
-        body = dtable.pop 
-        hex_body = hexify(body[1])
-      end
-      elem_widths = [0,0,0]
-      dtable.each do |proto_table|
-        proto_table[1].each do |elems|
-          elems.each_with_index do |e,i|
-            width = e.size
-            elem_widths[i] = width if width > elem_widths[i]
-          end
-        end
-      end
-      total_width = elem_widths.inject(0) {|sum,x| sum+x} 
-      table = ""
-      dtable.each do |proto|
-        table << "--"
-        table << proto[0] 
-        if total_width > proto[0].size
-          table << ("-" * (total_width - proto[0].size + 2))
-        else
-          table << ("-" * (total_width + 2))
-        end
-        table << "\n"
-        proto[1].each do |elems|
-          table << "  "
-          elems_table = []
-          (0..2).each do |i|
-            elems_table << ("%-#{elem_widths[i]}s" % elems[i])
-          end
-          table << elems_table.join("\s")
-          table << "\n"
-        end
-      end
-      if hex_body && !hex_body.empty?
-        table << "-" * 66
-        table << "\n"
-        table << "00-01-02-03-04-05-06-07-08-09-0a-0b-0c-0d-0e-0f---0123456789abcdef\n"
-        table << "-" * 66
-        table << "\n"
-        table << hex_body
-      end
-      table
-    end
-
-    alias :orig_kind_of? :kind_of?
-
-    def kind_of?(klass)
-      return true if orig_kind_of? klass
-      packet_types = proto.map {|p| PacketFu.const_get("#{p}Packet")}
-      match = false
-      packet_types.each do |p|
-        if p.ancestors.include? klass
-          match =  true
-          break
-        end
-      end
-      return match
-    end
-
-    # For packets, inspect is overloaded as inspect_hex(0).
-    # Not sure if this is a great idea yet, but it sure makes
-    # the irb output more sane.
-    #
-    # If you hate this, you can run PacketFu.toggle_inspect to return
-    # to the typical (and often unreadable) Object#inspect format.
-    def inspect
-      case @inspect_style
-      when :dissect
-        self.dissect
-      when :hex
-        self.proto.join("|") + "\n" + self.inspect_hex
-      else
-        super
-      end
-    end
-
-    # Returns the size of the packet (as a binary string)
-    def size
-      self.to_s.size
-    end
-
-    # Returns an array of protocols contained in this packet. For example:
-    #
-    #   t = PacketFu::TCPPacket.new
-    #   => 00 1a c5 00 00 00 00 1a c5 00 00 00 08 00 45 00   ..............E.
-    #   00 28 3c ab 00 00 ff 06 7f 25 00 00 00 00 00 00   .(<......%......
-    #   00 00 93 5e 00 00 ad 4f e4 a4 00 00 00 00 50 00   ...^...O......P.
-    #   40 00 4a 92 00 00                                 @.J...
-    #   t.proto
-    #   => ["Eth", "IP", "TCP"]
-    #
-    def proto
-      type_array = []
-      self.headers.each {|header| type_array << header.class.to_s.split('::').last.gsub(/Header$/,'')}
-      type_array
-    end
-
-    alias_method :protocol, :proto
-    alias_method :length, :size
-
-    # the Packet class should not be instantiated directly, since it's an 
-    # abstract class that real packet types inherit from. Sadly, this
-    # makes the Packet class more difficult to test directly.
-    def initialize(args={})
-      if self.class.name =~ /(::|^)PacketFu::Packet$/
-        raise NoMethodError, "method `new' called for abstract class #{self.class.name}"
-      end
-      @inspect_style = args[:inspect_style] || PacketFu.inspect_style || :dissect
-      if args[:config]
-        args[:config].each_pair do |k,v|
-          case k
-          when :eth_daddr; @eth_header.eth_daddr=v if @eth_header
-          when :eth_saddr; @eth_header.eth_saddr=v if @eth_header
-          when :ip_saddr; @ip_header.ip_saddr=v		 if @ip_header
-          when :iface; @iface = v
-          end
-        end
-      end
-    end
-
-    # Delegate to PacketFu's inspect_style, since the
-    # class variable name is the same. Yay for namespace
-    # pollution!
-    def inspect_style=()
-      PacketFu.inspect_style(arg)
-    end
-
-    #method_missing() delegates protocol-specific field actions to the apporpraite
-    #class variable (which contains the associated packet type)
-    #This register-of-protocols style switch will work for the 
-    #forseeable future (there aren't /that/ many packet types), and it's a handy
-    #way to know at a glance what packet types are supported.
-    def method_missing(sym, *args, &block)
-      case sym.to_s
-      when /^is_([a-zA-Z0-9]+)\?/
-        ptype = $1
-        if PacketFu.packet_prefixes.index(ptype)
-          self.send(:handle_is_identity, $1)
-        else
-          super
-        end
-      when /^([a-zA-Z0-9]+)_.+/
-        ptype = $1
-        if PacketFu.packet_prefixes.index(ptype)
-          self.instance_variable_get("@#{ptype}_header").send(sym,*args, &block)
-        else
-          super
-        end
-      else
-        super
-      end
-    end
-
-    def respond_to?(sym, include_private = false)
-      if sym.to_s =~ /^(invalid|eth|arp|ip|icmp|udp|hsrp|tcp|ipv6)_/
-        self.instance_variable_get("@#{$1}_header").respond_to? sym
-      elsif sym.to_s =~ /^is_([a-zA-Z0-9]+)\?/
-        if PacketFu.packet_prefixes.index($1)
-          true
-        else
-          super
-        end
-      else
-        super
-      end
-    end
-
-  end # class Packet
+	# Packet is the parent class of EthPacket, IPPacket, UDPPacket, TCPPacket, and all
+	# other packets. It acts as both a singleton class, so things like
+	# Packet.parse can happen, and as an abstract class to provide 
+	# subclasses some structure.
+	class Packet
+
+		attr_reader :flavor # Packet Headers are responsible for their own specific flavor methods.
+		attr_accessor :headers # All packets have a header collection, useful for determining protocol trees.
+		attr_accessor :iface # Default inferface to send packets to
+		attr_accessor :inspect_style # Default is :dissect, can also be :hex or :default
+
+		# Register subclasses in PacketFu.packet_class to do all kinds of neat things
+		# that obviates those long if/else trees for parsing. It's pretty sweet.
+		def self.inherited(subclass)
+			PacketFu.add_packet_class(subclass)
+		end
+
+		# Force strings into binary.
+		def self.force_binary(str)
+			str.force_encoding Encoding::BINARY if str.respond_to? :force_encoding
+		end
+
+		# Parse() creates the correct packet type based on the data, and returns the apporpiate
+		# Packet subclass object. 
+		#
+		# There is an assumption here that all incoming packets are either EthPacket
+		# or InvalidPacket types. This will be addressed pretty soon.
+		#
+		# If application-layer parsing is /not/ desired, that should be indicated explicitly
+		# with an argument of  :parse_app => false. Otherwise, app-layer parsing will happen.
+		#
+		# It is no longer neccisary to manually add packet types here.
+		def self.parse(packet=nil,args={})
+			parse_app = true if(args[:parse_app].nil? or args[:parse_app])
+			force_binary(packet)
+			if parse_app
+				classes = PacketFu.packet_classes.select {|pclass| pclass.can_parse? packet}
+			else
+				classes = PacketFu.packet_classes.select {|pclass| pclass.can_parse? packet}.reject {|pclass| pclass.layer_symbol == :application}
+			end
+			p = classes.sort {|x,y| x.layer <=> y.layer}.last.new
+			parsed_packet = p.read(packet,args)
+		end
+
+		def handle_is_identity(ptype)
+			idx = PacketFu.packet_prefixes.index(ptype.to_s.downcase)
+			if idx
+				self.kind_of? PacketFu.packet_classes[idx]
+			else
+				raise NoMethodError, "Undefined method `is_#{ptype}?' for #{self.class}."
+			end
+		end
+
+		# Get the binary string of the entire packet.
+		def to_s
+			@headers[0].to_s
+		end
+
+		# In the event of no proper decoding, at least send it to the inner-most header.
+		def write(io)
+			@headers[0].write(io)
+		end
+
+		# Get the outermost payload (body) of the packet; this is why all packet headers
+		# should have a body type.
+		def payload
+			@headers.last.body
+		end
+
+		# Set the outermost payload (body) of the packet.
+		def payload=(args)
+			@headers.last.body=(args)
+		end
+
+		# Converts a packet to libpcap format. Bit of a hack?
+		def to_pcap(args={})
+			p = PcapPacket.new(:endian => args[:endian],
+												:timestamp => Timestamp.new.to_s,
+												:incl_len => self.to_s.size,
+												:orig_len => self.to_s.size,
+												:data => self)
+		end
+
+		# Put the entire packet into a libpcap file. XXX: this is a
+		# hack for now just to confirm that packets are getting created
+		# correctly. Now with append! XXX: Document this!
+		def to_f(filename=nil,mode='w')
+			filename ||= 'out.pcap'
+			mode = mode.to_s[0,1] + "b"
+			raise ArgumentError, "Unknown mode: #{mode.to_s}" unless mode =~ /^[wa]/
+			if(mode == 'w' || !(File.exists?(filename)))
+				data = [PcapHeader.new, self.to_pcap].map {|x| x.to_s}.join
+			else
+				data = self.to_pcap
+			end
+			File.open(filename, mode) {|f| f.write data}
+			return [filename, 1, data.size]
+		end
+
+		# Put the entire packet on the wire by creating a temporary PacketFu::Inject object.
+		# TODO: Do something with auto-checksumming?
+		def to_w(iface=nil)
+			iface = (iface || self.iface || PacketFu::Config.new.config[:iface]).to_s
+			inj = PacketFu::Inject.new(:iface => iface)
+			inj.array = [@headers[0].to_s]
+			inj.inject
+		end
+		
+		# Recalculates all the calcuated fields for all headers in the packet.
+		# This is important since read() wipes out all the calculated fields
+		# such as length and checksum and what all.
+		def recalc(arg=:all)
+			case arg
+			when :ip
+				ip_recalc(:all)
+			when :icmp
+				icmp_recalc(:all)
+			when :udp
+				udp_recalc(:all)
+			when :tcp
+				tcp_recalc(:all)
+			when :all
+				ip_recalc(:all) if @ip_header
+				icmp_recalc(:all) if @icmp_header
+				udp_recalc(:all) if @udp_header
+				tcp_recalc(:all) if @tcp_header
+			else
+				raise ArgumentError, "Recalculating `#{arg}' unsupported. Try :all"
+			end
+			@headers[0]
+		end
+
+		# Read() takes (and trusts) the io input and shoves it all into a well-formed Packet.
+		# Note that read is a destructive process, so any existing data will be lost.
+		#
+		# A note on the :strip => true argument: If :strip is set, defined lengths of data will
+		# be believed, and any trailers (such as frame check sequences) will be chopped off. This
+		# helps to ensure well-formed packets, at the cost of losing perhaps important FCS data.
+		# 
+		# If :strip is false, header lengths are /not/ believed, and all data will be piped in.
+		# When capturing from the wire, this is usually fine, but recalculating the length before
+		# saving or re-transmitting will absolutely change the data payload; FCS data will become
+		# part of the TCP data as far as tcp_len is concerned. Some effort has been made to preserve
+		# the "real" payload for the purposes of checksums, but currently, it's impossible to seperate
+		# new payload data from old trailers, so things like pkt.payload += "some data" will not work
+		# correctly.
+		#
+		# So, to summarize; if you intend to alter the data, use :strip. If you don't, don't. Also,
+		# this is a horrid hack. Stripping is useful (and fun!), but the default behavior really
+		# should be to create payloads correctly, and /not/ treat extra FCS data as a payload.
+		#
+		# Finally, packet subclasses should take two arguments: the string that is the data
+		# to be transmuted into a packet, as well as args. This superclass method is merely
+		# concerned with handling args common to many packet formats (namely, fixing packets
+		# on the fly)
+		def read(args={})
+			if args[:fix] || args[:recalc]
+				ip_recalc(:ip_sum) if self.is_ip?
+				recalc(:tcp) if self.is_tcp?
+				recalc(:udp) if self.is_udp?
+			end
+		end
+
+		# Packets are bundles of lots of objects, so copying them
+		# is a little complicated -- a dup of a packet is actually
+		# full of pass-by-reference stuff in the @headers, so 
+		# if you change one, you're changing all this copies, too.
+		#
+		# Normally, this doesn't seem to be a big deal, and it's
+		# a pretty decent performance tradeoff. But, if you're going
+		# to be creating a template packet to base a bunch of slightly
+		# different ones off of (like a fuzzer might), you'll want
+		# to use clone()
+		def clone
+			Packet.parse(self.to_s)
+		end
+
+		# If two packets are represented as the same binary string, and
+		# they're both actually PacketFu packets of the same sort, they're equal.
+		#
+		# The intuitive result is that a packet of a higher layer (like DNSPacket)
+		# can be equal to a packet of a lower level (like UDPPacket) as long as
+		# the bytes are equal (this can come up if a transport-layer packet has
+		# a hand-crafted payload that is identical to what would have been created
+		# by using an application layer packet)
+		def ==(other)
+			return false unless other.kind_of? self.class
+			return false unless other.respond_to? :to_s
+			self.to_s == other.to_s
+		end
+
+		# Peek provides summary data on packet contents.
+		#
+		# Each packet type should provide a peek_format.
+		def peek(args={})
+			idx = @headers.reverse.map {|h| h.respond_to? peek_format}.index(true)
+			if idx
+				@headers.reverse[idx].peek_format
+			else
+				peek_format
+			end
+		end
+
+		# The peek_format is used to display a single line
+		# of packet data useful for eyeballing. It should not exceed
+		# 80 characters. The Packet superclass defines an example
+		# peek_format, but it should hardly ever be triggered, since
+		# peek traverses the @header list in reverse to find a suitable
+		# format.
+		#
+		# === Format
+		# 
+		#   * A one or two character protocol initial. It should be unique
+		#   * The packet size
+		#   * Useful data in a human-usable form.
+		#
+		# Ideally, related peek_formats will all line up with each other
+		# when printed to the screen.
+		#
+		# === Example
+		#
+		#    tcp_packet.peek
+		#    #=> "T  1054 10.10.10.105:55000   ->   192.168.145.105:80 [......] S:adc7155b|I:8dd0"
+		#    tcp_packet.peek.size
+		#    #=> 79
+		#   
+		def peek_format
+			peek_data = ["?  "]
+			peek_data << "%-5d" % self.to_s.size
+			peek_data << "%68s" % self.to_s[0,34].unpack("H*")[0]
+			peek_data.join
+		end
+
+		# Defines the layer this packet type lives at, based on the number of headers it 
+		# requires. Note that this has little to do with the OSI model, since TCP/IP
+		# doesn't really have Session and Presentation layers. 
+		#
+		# Ethernet and the like are layer 1, IP, IPv6, and ARP are layer 2,
+		# TCP, UDP, and other transport protocols are layer 3, and application
+		# protocols are at layer 4 or higher. InvalidPackets have an arbitrary
+		# layer 0 to distinguish them.
+		#
+		# Because these don't change much, it's cheaper just to case through them,
+		# and only resort to counting headers if we don't have a match -- this
+		# makes adding protocols somewhat easier, but of course you can just
+		# override this method over there, too. This is merely optimized
+		# for the most likely protocols you see on the Internet.
+		def self.layer
+			case self.name # Lol ran into case's fancy treatment of classes
+			when /InvalidPacket$/; 0
+			when /EthPacket$/; 1
+			when /IPPacket$/, /ARPPacket$/, /LLDPPacket$/, /IPv6Packet$/; 2
+			when /TCPPacket$/, /UDPPacket$/, /ICMPPacket$/; 3
+			when /HSRPPacket$/; 4
+			else; self.new.headers.size
+			end
+		end
+
+		def layer
+			self.class.layer
+		end
+
+		def self.layer_symbol
+			case self.layer
+			when 0; :invalid
+			when 1; :link
+			when 2; :internet
+			when 3; :transport
+			else; :application
+			end
+		end
+
+		def layer_symbol
+			self.class.layer_symbol
+		end
+
+		# Packet subclasses must override this, since the Packet superclass
+		# can't actually parse anything.
+		def self.can_parse?(str)
+			false
+		end
+
+		# Hexify provides a neatly-formatted dump of binary data, familar to hex readers.
+		def hexify(str)
+			str.force_encoding(Encoding::BINARY) if str.respond_to? :force_encoding
+			hexascii_lines = str.to_s.unpack("H*")[0].scan(/.{1,32}/)
+			regex = Regexp.new('[\x00-\x1f\x7f-\xff]', nil, 'n')
+			chars = str.to_s.gsub(regex,'.')
+			chars_lines = chars.scan(/.{1,16}/)
+			ret = []
+			hexascii_lines.size.times {|i| ret << "%-48s  %s" % [hexascii_lines[i].gsub(/(.{2})/,"\\1 "),chars_lines[i]]}
+			ret.join("\n")
+		end
+
+		# If @inspect_style is :default (or :ugly), the inspect output is the usual
+		# inspect. 
+		#
+		# If @inspect_style is :hex (or :pretty), the inspect output is
+		# a much more compact hexdump-style, with a shortened set of packet header
+		# names at the top.
+		#
+		# If @inspect_style is :dissect (or :verbose), the inspect output is the
+		# longer, but more readable, dissection of the packet. This is the default.
+		#
+		# TODO: Have an option for colors. Everyone loves colorized irb output.
+		def inspect_hex(arg=0)
+			case arg
+			when :layers
+				ret = []
+				@headers.size.times do |i|
+					ret << hexify(@headers[i])
+				end
+				ret
+			when (0..9)
+				if @headers[arg]
+					hexify(@headers[arg])
+				else
+					nil
+				end
+			when :all
+				inspect_hex(0)
+			end
+		end
+
+		def dissection_table
+			table = []
+			@headers.each_with_index do |header,table_idx|
+				proto = header.class.name.sub(/^.*::/,"")
+				table << [proto,[]]
+				header.class.members.each do |elem|
+					elem_sym = elem.to_sym # to_sym needed for 1.8
+					next if elem_sym == :body 
+					elem_type_value = []
+					elem_type_value[0] = elem
+					readable_element = "#{elem}_readable"
+					if header.respond_to? readable_element
+						elem_type_value[1] = header.send(readable_element)
+					else
+						elem_type_value[1] = header.send(elem)
+					end
+					elem_type_value[2] = header[elem.to_sym].class.name 
+					table[table_idx][1] << elem_type_value
+				end
+			end
+			table
+			if @headers.last.members.map {|x| x.to_sym }.include? :body
+				body_part = [:body, self.payload, @headers.last.body.class.name]
+			end
+			table << body_part
+		end
+
+		# Renders the dissection_table suitable for screen printing. Can take
+		# one or two arguments. If just the one, only that layer will be displayed
+		# take either a range or a number -- if a range, only protos within
+		# that range will be rendered. If an integer, only that proto
+		# will be rendered.
+		def dissect
+			dtable = self.dissection_table
+			hex_body = nil
+			if dtable.last.kind_of?(Array) and dtable.last.first == :body
+				body = dtable.pop 
+				hex_body = hexify(body[1])
+			end
+			elem_widths = [0,0,0]
+			dtable.each do |proto_table|
+				proto_table[1].each do |elems|
+					elems.each_with_index do |e,i|
+						width = e.size
+						elem_widths[i] = width if width > elem_widths[i]
+					end
+				end
+			end
+			total_width = elem_widths.inject(0) {|sum,x| sum+x} 
+			table = ""
+			dtable.each do |proto|
+				table << "--"
+				table << proto[0] 
+				if total_width > proto[0].size
+					table << ("-" * (total_width - proto[0].size + 2))
+				else
+					table << ("-" * (total_width + 2))
+				end
+				table << "\n"
+				proto[1].each do |elems|
+					table << "  "
+					elems_table = []
+					(0..2).each do |i|
+						elems_table << ("%-#{elem_widths[i]}s" % elems[i])
+					end
+					table << elems_table.join("\s")
+					table << "\n"
+				end
+			end
+			if hex_body && !hex_body.empty?
+				table << "-" * 66
+				table << "\n"
+				table << "00-01-02-03-04-05-06-07-08-09-0a-0b-0c-0d-0e-0f---0123456789abcdef\n"
+				table << "-" * 66
+				table << "\n"
+				table << hex_body
+			end
+			table
+		end
+
+		alias :orig_kind_of? :kind_of?
+
+		def kind_of?(klass)
+			return true if orig_kind_of? klass
+			packet_types = proto.map {|p| PacketFu.const_get("#{p}Packet")}
+			match = false
+			packet_types.each do |p|
+				if p.ancestors.include? klass
+					match =  true
+					break
+				end
+			end
+			return match
+		end
+
+		# For packets, inspect is overloaded as inspect_hex(0).
+		# Not sure if this is a great idea yet, but it sure makes
+		# the irb output more sane.
+		#
+		# If you hate this, you can run PacketFu.toggle_inspect to return
+		# to the typical (and often unreadable) Object#inspect format.
+		def inspect
+			case @inspect_style
+			when :dissect
+				self.dissect
+			when :hex
+				self.proto.join("|") + "\n" + self.inspect_hex
+			else
+				super
+			end
+		end
+
+		# Returns the size of the packet (as a binary string)
+		def size
+			self.to_s.size
+		end
+
+		# Returns an array of protocols contained in this packet. For example:
+		#
+		#   t = PacketFu::TCPPacket.new
+		#   => 00 1a c5 00 00 00 00 1a c5 00 00 00 08 00 45 00   ..............E.
+		#   00 28 3c ab 00 00 ff 06 7f 25 00 00 00 00 00 00   .(<......%......
+		#   00 00 93 5e 00 00 ad 4f e4 a4 00 00 00 00 50 00   ...^...O......P.
+		#   40 00 4a 92 00 00                                 @.J...
+		#   t.proto
+		#   => ["Eth", "IP", "TCP"]
+		#
+		def proto
+			type_array = []
+			self.headers.each {|header| type_array << header.class.to_s.split('::').last.gsub(/Header$/,'')}
+			type_array
+		end
+
+		alias_method :protocol, :proto
+		alias_method :length, :size
+
+		# the Packet class should not be instantiated directly, since it's an 
+		# abstract class that real packet types inherit from. Sadly, this
+		# makes the Packet class more difficult to test directly.
+		def initialize(args={})
+			if self.class.name =~ /(::|^)PacketFu::Packet$/
+				raise NoMethodError, "method `new' called for abstract class #{self.class.name}"
+			end
+			@inspect_style = args[:inspect_style] || PacketFu.inspect_style || :dissect
+			if args[:config]
+				args[:config].each_pair do |k,v|
+					case k
+					when :eth_daddr; @eth_header.eth_daddr=v if @eth_header
+					when :eth_saddr; @eth_header.eth_saddr=v if @eth_header
+					when :ip_saddr; @ip_header.ip_saddr=v		 if @ip_header
+					when :iface; @iface = v
+					end
+				end
+			end
+		end
+
+		# Delegate to PacketFu's inspect_style, since the
+		# class variable name is the same. Yay for namespace
+		# pollution!
+		def inspect_style=()
+			PacketFu.inspect_style(arg)
+		end
+
+		#method_missing() delegates protocol-specific field actions to the apporpraite
+		#class variable (which contains the associated packet type)
+		#This register-of-protocols style switch will work for the 
+		#forseeable future (there aren't /that/ many packet types), and it's a handy
+		#way to know at a glance what packet types are supported.
+		def method_missing(sym, *args, &block)
+			case sym.to_s
+			when /^is_([a-zA-Z0-9]+)\?/
+				ptype = $1
+				if PacketFu.packet_prefixes.index(ptype)
+					self.send(:handle_is_identity, $1)
+				else
+					super
+				end
+			when /^([a-zA-Z0-9]+)_.+/
+				ptype = $1
+				if PacketFu.packet_prefixes.index(ptype)
+					self.instance_variable_get("@#{ptype}_header").send(sym,*args, &block)
+				else
+					super
+				end
+			else
+				super
+			end
+		end
+
+		def respond_to?(sym, include_private = false)
+			if sym.to_s =~ /^(invalid|eth|arp|ip|icmp|udp|hsrp|tcp|ipv6)_/
+				self.instance_variable_get("@#{$1}_header").respond_to? sym
+			elsif sym.to_s =~ /^is_([a-zA-Z0-9]+)\?/
+				if PacketFu.packet_prefixes.index($1)
+					true
+				else
+					super
+				end
+			else
+				super
+			end
+		end
+
+	end # class Packet
 end
 
 # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby