packetfu 1.0.2.pre → 1.0.3.pre

data/examples/dissect_thinger.rb

@@ -0,0 +1,22 @@
+#!/usr/bin/env ruby
+# This just allows you to eyeball the dissection stuff to make sure it's all right.
+# Some day, there will be a proper test for it.
+
+fname = ARGV[0] || "../test/sample.pcap"
+sleep_interval = ARGV[1] || 1
+
+require File.join("..","lib","packetfu")
+puts "Loaded: PacketFu v#{PacketFu.version}"
+# $: << File.join(File.expand_path(File.dirname(__FILE__)),"..","lib")
+
+include PacketFu
+
+packets = PcapFile.file_to_array fname
+packets.each do |packet|
+	puts "_" * 75
+	puts packet.inspect
+	puts "_" * 75
+	pkt = Packet.parse(packet)
+	puts pkt.dissect
+	sleep sleep_interval
+end

data/lib/packetfu.rb

@@ -60,6 +60,13 @@ module PacketFu
 		@packet_classes.sort! {|x,y| x.name <=> y.name}
 	end
 
+	def self.remove_packet_class(klass)
+		raise "Need a class" unless klass.kind_of? Class
+		@packet_classes ||= []
+		@packet_classes.delete klass
+		@packet_classes 
+	end
+
 	def self.packet_classes
 		@packet_classes || []
 	end

data/lib/packetfu/packet.rb

@@ -162,11 +162,71 @@ module PacketFu
 			end
 		end
 
+		# Packets are bundles of lots of objects, so copying them
+		# is a little complicated -- a dup of a packet is actually
+		# full of pass-by-reference stuff in the @headers, so 
+		# if you change one, you're changing all this copies, too.
+		#
+		# Normally, this doesn't seem to be a big deal, and it's
+		# a pretty decent performance tradeoff. But, if you're going
+		# to be creating a template packet to base a bunch of slightly
+		# different ones off of (like a fuzzer might), you'll want
+		# to use clone()
+		def clone
+			Marshal.load(Marshal.dump(self))
+		end
+
+		# If two packets are represented as the same binary string, and
+		# they're both actually PacketFu packets of the same sort, they're equal.
+		#
+		# The intuitive result is that a packet of a higher layer (like DNSPacket)
+		# can be equal to a packet of a lower level (like UDPPacket) as long as
+		# the bytes are equal (this can come up if a transport-layer packet has
+		# a hand-crafted payload that is identical to what would have been created
+		# by using an application layer packet)
+		def ==(other)
+			return false unless other.kind_of? self.class
+			return false unless other.respond_to? :to_s
+			self.to_s == other.to_s
+		end
+
 		# Peek provides summary data on packet contents.
-		# Each packet type should provide its own peek method, and shouldn't exceed 80 characters wide (for
-		# easy reading in normal irb shells). If they don't, this default summary will step in.
+		#
+		# Each packet type should provide a peek_format.
 		def peek(args={})
-			peek_data = ["? "]
+			idx = @headers.reverse.map {|h| h.respond_to? peek_format}.index(true)
+			if idx
+				@headers.reverse[idx].peek_format
+			else
+				peek_format
+			end
+		end
+
+		# The peek_format is used to display a single line
+		# of packet data useful for eyeballing. It should not exceed
+		# 80 characters. The Packet superclass defines an example
+		# peek_format, but it should hardly ever be triggered, since
+		# peek traverses the @header list in reverse to find a suitable
+		# format.
+		#
+		# == Format
+		# 
+		#   * A one or two character protocol initial. It should be unique
+		#   * The packet size
+		#   * Useful data in a human-usable form.
+		#
+		# Ideally, related peek_formats will all line up with each other
+		# when printed to the screen.
+		#
+		# == Example
+		#
+		#    tcp_packet.peek
+		#    #=> "T  1054 10.10.10.105:55000   ->   192.168.145.105:80 [......] S:adc7155b|I:8dd0"
+		#    tcp_packet.peek.size
+		#    #=> 79
+		#   
+		def peek_format
+			peek_data = ["?  "]
 			peek_data << "%-5d" % self.to_s.size
 			peek_data << "%68s" % self.to_s[0,34].unpack("H*")[0]
 			peek_data.join
@@ -281,6 +341,67 @@ module PacketFu
 			end
 		end
 
+		def dissection_table
+			table = []
+			@headers.each_with_index do |header,table_idx|
+				proto = header.class.name.sub(/^.*::/,"")
+				table << [proto]
+				header.class.members.each do |elem|
+					elem_sym = RUBY_VERSION[/^1\.8/] ? elem.to_sym : elem
+					next if elem_sym == :body 
+					elem_type_value = []
+					elem_type_value[0] = elem
+					readable_element = "#{elem}_readable"
+					if header.respond_to? readable_element
+						elem_type_value[1] = header.send(readable_element)
+					else
+						elem_type_value[1] = header.send(elem)
+					end
+					elem_type_value[2] = header[elem.to_sym].class.name 
+					table[table_idx] ||= []
+					table[table_idx] << elem_type_value
+				end
+			end
+			table
+		end
+
+		# Renders the dissection_table suitable for screen printing. Can take
+		# one or two arguments. If just the one, only that layer will be displayed
+		# take either a range or a number -- if a range, only protos within
+		# that range will be rendered. If an integer, only that proto
+		# will be rendered.
+		def dissect(min=nil,max=nil)
+			table = self.dissection_table
+			widest = (0..2).map {|i| table.map {|x| x.map {|y| y[i].size}}.flatten.sort.last}
+			table_formatted = ""
+			begin
+				if min
+					layer_min = min.to_i
+					layer_max = max ? max.to_i : layer_min
+					table_range = (layer_min..layer_max)
+				else
+					layer_min = min
+				end
+			rescue => e
+				raise ArgumentError, "Method `dissect' accepts one or two to_i-able arguments"
+			end
+			header_line_width = widest.inject {|sum,i| sum ? sum + i : i} + 2
+			table.each_with_index do |proto_table,proto_idx|
+				if layer_min
+					next unless table_range.member? proto_idx
+				end
+				table_formatted << "--#{proto_table.first}"
+				table_formatted << "-" * (header_line_width - proto_table.first.size) << "\n"
+				proto_table[1,proto_table.size].each do |elem,value,type|
+					table_formatted << "  %-#{widest[0]}s " % elem
+					table_formatted << "%-#{widest[1]}s " % value.to_s
+					table_formatted << type << "\n"
+				end
+			end
+			table_formatted << ("-" * header_line_width)
+			table_formatted
+		end
+
 		alias :orig_kind_of? :kind_of?
 
 		def kind_of?(klass)
@@ -330,7 +451,13 @@ module PacketFu
 		alias_method :protocol, :proto
 		alias_method :length, :size
 
+		# the Packet class should not be instantiated directly, since it's an 
+		# abstract class that real packet types inherit from. Sadly, this
+		# makes the Packet class more difficult to test directly.
 		def initialize(args={})
+			if self.class.name =~ /(::|^)PacketFu::Packet$/
+				raise NoMethodError, "method `new' called for abstract class #{self.class.name}"
+			end
 			if args[:config]
 				args[:config].each_pair do |k,v|
 					case k
@@ -385,10 +512,10 @@ module PacketFu
 
 	end # class Packet
 
-	@@inspect_style = :pretty
+	@inspect_style = :pretty
 
-	# If @@inspect_style is :ugly, set the inspect method to the usual inspect. 
-	# By default, @@inspect_style is :pretty. This default may change if people
+	# If @inspect_style is :ugly, set the inspect method to the usual inspect. 
+	# By default, @inspect_style is :pretty. This default may change if people
 	# hate it.
 	# Since PacketFu is designed with irb in mind, the normal inspect is way too
 	# verbose when new packets are created, and it ruins the aesthetics of the
@@ -416,12 +543,12 @@ module PacketFu
 	#  => #<PacketFu::TCPPacket:0xb7aaf96c @ip_header=#<struct PacketFu::IPHeader ip_v=4, ip_hl=5, ip_tos=#<struct StructFu::Int8 value=nil, endian=nil, width=1, default=0>, ip_len=#<struct StructFu::Int16 value=20, endian=:big, width=2, default=0>, ip_id=#<struct StructFu::Int16 value=58458, endian=:big, width=2, default=0>, ip_frag=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, ip_ttl=#<struct StructFu::Int8 value=32, endian=nil, width=1, default=0>, ip_proto=#<struct StructFu::Int8 value=6, endian=nil, width=1, default=0>, ip_sum=#<struct StructFu::Int16 value=65535, endian=:big, width=2, default=0>, ip_src=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, ip_dst=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, body=#<struct PacketFu::TCPHeader tcp_src=#<struct StructFu::Int16 value=17222, endian=:big, width=2, default=0>, tcp_dst=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_seq=#<struct StructFu::Int32 value=1528113240, endian=:big, width=4, default=0>, tcp_ack=#<struct StructFu::Int32 value=nil, endian=:big, width=4, default=0>, tcp_hlen=#<struct PacketFu::TcpHlen hlen=5>, tcp_reserved=#<struct PacketFu::TcpReserved r1=0, r2=0, r3=0>, tcp_ecn=#<struct PacketFu::TcpEcn n=nil, c=nil, e=nil>, tcp_flags=#<struct PacketFu::TcpFlags urg=0, ack=0, psh=0, rst=0, syn=0, fin=0>, tcp_win=#<struct StructFu::Int16 value=16384, endian=:big, width=2, default=0>, tcp_sum=#<struct StructFu::Int16 value=43333, endian=:big, width=2, default=0>, tcp_urg=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_opts=[], body="">>, @tcp_header=#<struct PacketFu::TCPHeader tcp_src=#<struct StructFu::Int16 value=17222, endian=:big, width=2, default=0>, tcp_dst=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_seq=#<struct StructFu::Int32 value=1528113240, endian=:big, width=4, default=0>, tcp_ack=#<struct StructFu::Int32 value=nil, endian=:big, width=4, default=0>, tcp_hlen=#<struct PacketFu::TcpHlen hlen=5>, tcp_reserved=#<struct PacketFu::TcpReserved r1=0, r2=0, r3=0>, tcp_ecn=#<struct PacketFu::TcpEcn n=nil, c=nil, e=nil>, tcp_flags=#<struct PacketFu::TcpFlags urg=0, ack=0, psh=0, rst=0, syn=0, fin=0>, tcp_win=#<struct StructFu::Int16 value=16384, endian=:big, width=2, default=0>, tcp_sum=#<struct StructFu::Int16 value=43333, endian=:big, width=2, default=0>, tcp_urg=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_opts=[], body="">, @eth_header=#<struct PacketFu::EthHeader eth_dst=#<struct PacketFu::EthMac oui=#<struct PacketFu::EthOui b0=nil, b1=nil, b2=nil, b3=nil, b4=nil, b5=nil, local=0, multicast=nil, oui=428>, nic=#<struct PacketFu::EthNic n0=nil, n1=nil, n2=nil>>, eth_src=#<struct PacketFu::EthMac oui=#<struct PacketFu::EthOui b0=nil, b1=nil, b2=nil, b3=nil, b4=nil, b5=nil, local=0, multicast=nil, oui=428>, nic=#<struct PacketFu::EthNic n0=nil, n1=nil, n2=nil>>, eth_proto=#<struct StructFu::Int16 value=2048, endian=:big, width=2, default=0>, body=#<struct PacketFu::IPHeader ip_v=4, ip_hl=5, ip_tos=#<struct StructFu::Int8 value=nil, endian=nil, width=1, default=0>, ip_len=#<struct StructFu::Int16 value=20, endian=:big, width=2, default=0>, ip_id=#<struct StructFu::Int16 value=58458, endian=:big, width=2, default=0>, ip_frag=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, ip_ttl=#<struct StructFu::Int8 value=32, endian=nil, width=1, default=0>, ip_proto=#<struct StructFu::Int8 value=6, endian=nil, width=1, default=0>, ip_sum=#<struct StructFu::Int16 value=65535, endian=:big, width=2, default=0>, ip_src=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, ip_dst=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, body=#<struct PacketFu::TCPHeader tcp_src=#<struct StructFu::Int16 value=17222, endian=:big, width=2, default=0>, tcp_dst=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_seq=#<struct StructFu::Int32 value=1528113240, endian=:big, width=4, default=0>, tcp_ack=#<struct StructFu::Int32 value=nil, endian=:big, width=4, default=0>, tcp_hlen=#<struct PacketFu::TcpHlen hlen=5>, tcp_reserved=#<struct PacketFu::TcpReserved r1=0, r2=0, r3=0>, tcp_ecn=#<struct PacketFu::TcpEcn n=nil, c=nil, e=nil>, tcp_flags=#<struct PacketFu::TcpFlags urg=0, ack=0, psh=0, rst=0, syn=0, fin=0>, tcp_win=#<struct StructFu::Int16 value=16384, endian=:big, width=2, default=0>, tcp_sum=#<struct StructFu::Int16 value=43333, endian=:big, width=2, default=0>, tcp_urg=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_opts=[], body="">>>, @headers=[#<struct PacketFu::EthHeader eth_dst=#<struct PacketFu::EthMac oui=#<struct PacketFu::EthOui b0=nil, b1=nil, b2=nil, b3=nil, b4=nil, b5=nil, local=0, multicast=nil, oui=428>, nic=#<struct PacketFu::EthNic n0=nil, n1=nil, n2=nil>>, eth_src=#<struct PacketFu::EthMac oui=#<struct PacketFu::EthOui b0=nil, b1=nil, b2=nil, b3=nil, b4=nil, b5=nil, local=0, multicast=nil, oui=428>, nic=#<struct PacketFu::EthNic n0=nil, n1=nil, n2=nil>>, eth_proto=#<struct StructFu::Int16 value=2048, endian=:big, width=2, default=0>, body=#<struct PacketFu::IPHeader ip_v=4, ip_hl=5, ip_tos=#<struct StructFu::Int8 value=nil, endian=nil, width=1, default=0>, ip_len=#<struct StructFu::Int16 value=20, endian=:big, width=2, default=0>, ip_id=#<struct StructFu::Int16 value=58458, endian=:big, width=2, default=0>, ip_frag=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, ip_ttl=#<struct StructFu::Int8 value=32, endian=nil, width=1, default=0>, ip_proto=#<struct StructFu::Int8 value=6, endian=nil, width=1, default=0>, ip_sum=#<struct StructFu::Int16 value=65535, endian=:big, width=2, default=0>, ip_src=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, ip_dst=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, body=#<struct PacketFu::TCPHeader tcp_src=#<struct StructFu::Int16 value=17222, endian=:big, width=2, default=0>, tcp_dst=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_seq=#<struct StructFu::Int32 value=1528113240, endian=:big, width=4, default=0>, tcp_ack=#<struct StructFu::Int32 value=nil, endian=:big, width=4, default=0>, tcp_hlen=#<struct PacketFu::TcpHlen hlen=5>, tcp_reserved=#<struct PacketFu::TcpReserved r1=0, r2=0, r3=0>, tcp_ecn=#<struct PacketFu::TcpEcn n=nil, c=nil, e=nil>, tcp_flags=#<struct PacketFu::TcpFlags urg=0, ack=0, psh=0, rst=0, syn=0, fin=0>, tcp_win=#<struct StructFu::Int16 value=16384, endian=:big, width=2, default=0>, tcp_sum=#<struct StructFu::Int16 value=43333, endian=:big, width=2, default=0>, tcp_urg=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_opts=[], body="">>>, #<struct PacketFu::IPHeader ip_v=4, ip_hl=5, ip_tos=#<struct StructFu::Int8 value=nil, endian=nil, width=1, default=0>, ip_len=#<struct StructFu::Int16 value=20, endian=:big, width=2, default=0>, ip_id=#<struct StructFu::Int16 value=58458, endian=:big, width=2, default=0>, ip_frag=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, ip_ttl=#<struct StructFu::Int8 value=32, endian=nil, width=1, default=0>, ip_proto=#<struct StructFu::Int8 value=6, endian=nil, width=1, default=0>, ip_sum=#<struct StructFu::Int16 value=65535, endian=:big, width=2, default=0>, ip_src=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, ip_dst=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, body=#<struct PacketFu::TCPHeader tcp_src=#<struct StructFu::Int16 value=17222, endian=:big, width=2, default=0>, tcp_dst=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_seq=#<struct StructFu::Int32 value=1528113240, endian=:big, width=4, default=0>, tcp_ack=#<struct StructFu::Int32 value=nil, endian=:big, width=4, default=0>, tcp_hlen=#<struct PacketFu::TcpHlen hlen=5>, tcp_reserved=#<struct PacketFu::TcpReserved r1=0, r2=0, r3=0>, tcp_ecn=#<struct PacketFu::TcpEcn n=nil, c=nil, e=nil>, tcp_flags=#<struct PacketFu::TcpFlags urg=0, ack=0, psh=0, rst=0, syn=0, fin=0>, tcp_win=#<struct StructFu::Int16 value=16384, endian=:big, width=2, default=0>, tcp_sum=#<struct StructFu::Int16 value=43333, endian=:big, width=2, default=0>, tcp_urg=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_opts=[], body="">>, #<struct PacketFu::TCPHeader tcp_src=#<struct StructFu::Int16 value=17222, endian=:big, width=2, default=0>, tcp_dst=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_seq=#<struct StructFu::Int32 value=1528113240, endian=:big, width=4, default=0>, tcp_ack=#<struct StructFu::Int32 value=nil, endian=:big, width=4, default=0>, tcp_hlen=#<struct PacketFu::TcpHlen hlen=5>, tcp_reserved=#<struct PacketFu::TcpReserved r1=0, r2=0, r3=0>, tcp_ecn=#<struct PacketFu::TcpEcn n=nil, c=nil, e=nil>, tcp_flags=#<struct PacketFu::TcpFlags urg=0, ack=0, psh=0, rst=0, syn=0, fin=0>, tcp_win=#<struct StructFu::Int16 value=16384, endian=:big, width=2, default=0>, tcp_sum=#<struct StructFu::Int16 value=43333, endian=:big, width=2, default=0>, tcp_urg=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_opts=[], body="">]>
 	#  irb(main):004:0> 
 	def toggle_inspect
-		if @@inspect_style == :pretty
+		if @inspect_style == :pretty
 			eval("class Packet; def inspect; super; end; end")
-			@@inspect_style = :ugly
+			@inspect_style = :ugly
 		else
 			eval("class Packet; def inspect; self.proto.join('|') + \"\n\" + self.inspect_hex; end; end")
-			@@inspect_style = :pretty
+			@inspect_style = :pretty
 		end
 	end
 

data/lib/packetfu/pcap.rb

@@ -274,9 +274,6 @@ module PacketFu
 		# Note that this strips out pcap timestamps -- if you'd like to retain
 		# timestamps and other libpcap file information, you will want to 
 		# use read() instead.
-		#
-		# Note, invoking this requires the somewhat clumsy sytax of,
-		# PcapFile.new.file_to_array(:f => 'filename.pcap')
 		def file_to_array(args={})
 			filename = args[:filename] || args[:file] || args[:f]
 			if filename
@@ -291,6 +288,10 @@ module PacketFu
 
 		alias_method :f2a, :file_to_array
 
+		def self.file_to_array(fname)
+			PcapFile.new.file_to_array(:f => fname)
+		end
+
 		# Takes an array of packets (as generated by file_to_array), and writes them
 		# to a file. Valid arguments are:
 		#

data/lib/packetfu/protos/arp.rb

@@ -77,7 +77,7 @@ module PacketFu
 		# Setter for the ARP protocol length.
 		def arp_proto_len=(i); typecast i; end
 		# Getter for the ARP protocol length.
-		def arp_proto; self[:arp_proto].to_i; end
+		def arp_proto_len; self[:arp_proto_len].to_i; end
 		# Setter for the ARP opcode. 
 		def arp_opcode=(i); typecast i; end
 		# Getter for the ARP opcode. 
@@ -143,6 +143,17 @@ module PacketFu
 			self[:arp_dst_ip].to_x
 		end
 
+		# Readability aliases
+
+		alias :arp_src_mac_readable :arp_saddr_mac
+		alias :arp_dst_mac_readable :arp_daddr_mac
+		alias :arp_src_ip_readable :arp_saddr_ip
+		alias :arp_dst_ip_readable :arp_daddr_ip
+
+		def arp_proto_readable
+			"0x%04x" % arp_proto
+		end
+
 	end # class ARPHeader
 
 	# ARPPacket is used to construct ARP packets. They contain an EthHeader and an ARPHeader.
@@ -216,8 +227,8 @@ module PacketFu
 		end
 
 		# Generates summary data for ARP packets.
-		def peek(args={})
-			peek_data = ["A "]
+		def peek_format
+			peek_data = ["A  "]
 			peek_data << "%-5d" % self.to_s.size
 			peek_data << arp_saddr_mac
 			peek_data << "(#{arp_saddr_ip})"

data/lib/packetfu/protos/eth.rb

@@ -229,6 +229,15 @@ module PacketFu
 			EthHeader.str2mac(self[:eth_dst].to_s)
 		end
 
+		# Readability aliases
+
+		alias :eth_dst_readable :eth_daddr
+		alias :eth_src_readable :eth_saddr
+
+		def eth_proto_readable
+			"0x%04x" % eth_proto
+		end
+
 	end
 
 	# EthPacket is used to construct Ethernet packets. They contain an

data/lib/packetfu/protos/hsrp.rb

@@ -109,6 +109,13 @@ module PacketFu
 			self[:hsrp_vip].to_x
 		end
 
+		# Readability aliases
+
+		alias :hsrp_vip_readable :hsrp_addr
+
+		def hsrp_password_readable
+			hsrp_password.to_s.inspect
+		end
 
 	end
 
@@ -182,14 +189,13 @@ module PacketFu
 		end
 
 		# Peek provides summary data on packet contents.
-		def peek(args={})
-			peek_data = ["H "]
+		def peek_format
+			peek_data = ["UH "]
 			peek_data << "%-5d" % self.to_s.size
-			peek_data << "%-21s" % "#{self.hsrp_vip}:#{self.hsrp_group}:#{self.hsrp_password}"
-			peek_data << "%23s" % "U:"
-			peek_data << "%-21s" % "#{self.ip_saddr}:#{self.udp_sport}"
-			peek_data << "->"
-			peek_data << "%21s" % "#{self.ip_daddr}:#{self.udp_dport}"
+			peek_data << "%-16s" % self.hsrp_addr
+			peek_data << "%-4d" % self.hsrp_group
+			peek_data << "%-35s" % self.hsrp_password_readable
+			peek_data << "%-15s" % self.ip_saddr
 			peek_data.join
 		end
 

data/lib/packetfu/protos/icmp.rb

@@ -83,6 +83,12 @@ module PacketFu
 			end
 		end
 
+		# Readability aliases
+
+		def icmp_sum_readable
+			"0x%04x" % icmp_sum
+		end
+
 	end
 
 	# ICMPPacket is used to construct ICMP Packets. They contain an EthHeader, an IPHeader, and a ICMPHeader.
@@ -148,8 +154,8 @@ module PacketFu
 		end
 
 		# Peek provides summary data on packet contents.
-		def peek(args={})
-			peek_data = ["C "] # I is taken by IP
+		def peek_format
+			peek_data = ["IC "] # I is taken by IP
 			peek_data << "%-5d" % self.to_s.size
 			type = case self.icmp_type.to_i
 						 when 8

data/lib/packetfu/protos/ip.rb

@@ -261,6 +261,19 @@ module PacketFu
 			end
 		end
 
+		# Readability aliases
+
+		alias :ip_src_readable :ip_saddr
+		alias :ip_dst_readable :ip_daddr
+
+		def ip_id_readable
+			"0x%04x" % ip_id
+		end
+
+		def ip_sum_readable
+			"0x%04x" % ip_sum
+		end
+
 	end
 
 	# IPPacket is used to construct IP packets. They contain an EthHeader, an IPHeader, and usually
@@ -329,8 +342,8 @@ module PacketFu
 		end
 
 		# Peek provides summary data on packet contents.
-		def peek(args={})
-			peek_data = ["I "]
+		def peek_format
+			peek_data = ["I  "]
 			peek_data << "%-5d" % to_s.size
 			peek_data << "%-21s" % "#{ip_saddr}"
 			peek_data << "->"

data/lib/packetfu/protos/ipv6.rb

@@ -182,6 +182,11 @@ module PacketFu
 			self[:ipv6_dst].read_x(str)
 		end
 
+		# Readability aliases
+
+		alias :ipv6_src_readable :ipv6_saddr
+		alias :ipv6_dst_readable :ipv6_daddr
+
 	end # class IPv6Header
 
 	# IPv6Packet is used to construct IPv6 Packets. They contain an EthHeader and an IPv6Header, and in
@@ -230,7 +235,7 @@ module PacketFu
 
 		# Peek provides summary data on packet contents.
 		def peek(args={})
-			peek_data = ["6 "]
+			peek_data = ["6  "]
 			peek_data << "%-5d" % self.to_s.size
 			peek_data << "%-31s" % self.ipv6_saddr
 			peek_data << "-> "

data/lib/packetfu/protos/tcp.rb

@@ -842,6 +842,15 @@ module PacketFu
 		 self[:tcp_opts].decode
 		end
 
+		# Gets a more readable flags list
+		def tcp_flags_dotmap
+			dotmap = tcp_flags.members.map do |flag|
+				status = self.tcp_flags.send flag
+				status == 0 ? "." : flag.to_s.upcase[0]
+			end
+			dotmap.join
+		end
+
 		# Sets a more readable option list.
 		def tcp_options=(arg)
 			self[:tcp_opts].encode arg
@@ -887,6 +896,26 @@ module PacketFu
 			end
 		end
 
+		# Readability aliases
+
+		alias :tcp_flags_readable :tcp_flags_dotmap
+
+		def tcp_ack_readable
+			"0x%08x" % tcp_ack
+		end
+
+		def tcp_seq_readable
+			"0x%08x" % tcp_seq
+		end
+
+		def tcp_sum_readable
+			"0x%04x" % tcp_sum
+		end
+
+		def tcp_opts_readable
+			tcp_options
+		end
+
 	end
 
 	# TCPPacket is used to construct TCP packets. They contain an EthHeader, an IPHeader, and a TCPHeader.
@@ -1057,20 +1086,17 @@ module PacketFu
 			end
 		end
 
-		# Peek provides summary data on packet contents.
-		def peek(args={})
-			peek_data = ["T "]
+		# TCP packets are denoted by a "T  ", followed by size,
+		# source and dest information, packet flags, sequence
+		# number, and IPID.
+		def peek_format
+			peek_data = ["T  "]
 			peek_data << "%-5d" % self.to_s.size
 			peek_data << "%-21s" % "#{self.ip_saddr}:#{self.tcp_src}"
 			peek_data << "->"
 			peek_data << "%21s" % "#{self.ip_daddr}:#{self.tcp_dst}"
 			flags = ' ['
-			flags << (self.tcp_flags.urg.zero? ? "." : "U")
-			flags << (self.tcp_flags.ack.zero? ? "." : "A")
-			flags << (self.tcp_flags.psh.zero? ? "." : "P")
-			flags << (self.tcp_flags.rst.zero? ? "." : "R")
-			flags << (self.tcp_flags.syn.zero? ? "." : "S")
-			flags << (self.tcp_flags.fin.zero? ? "." : "F")
+			flags << self.tcp_flags_dotmap
 			flags << '] '
 			peek_data << flags
 			peek_data << "S:"

data/lib/packetfu/protos/udp.rb

@@ -97,6 +97,12 @@ module PacketFu
 			self.udp_dst=(arg)
 		end
 
+		# Readability aliases
+
+		def udp_sum_readable
+			"0x%04x" % udp_sum
+		end
+
 	end
 
 	# UDPPacket is used to construct UDP Packets. They contain an EthHeader, an IPHeader, and a UDPHeader.
@@ -216,8 +222,8 @@ module PacketFu
 		end
 
 		# Peek provides summary data on packet contents.
-		def peek(args={})
-			peek_data = ["U "]
+		def peek_format
+			peek_data = ["U  "]
 			peek_data << "%-5d" % self.to_s.size
 			peek_data << "%-21s" % "#{self.ip_saddr}:#{self.udp_sport}"
 			peek_data << "->"

data/lib/packetfu/structfu.rb

@@ -33,6 +33,11 @@ module StructFu
 		end
 	end
 
+	# Handle deep copies correctly
+	def clone
+		Marshal.load(Marshal.dump(self))
+	end
+
 	# Ints all have a value, an endianness, and a default value.
 	# Note that the signedness of Int values are implicit as
 	# far as the subclasses are concerned; to_i and to_f will 

data/lib/packetfu/version.rb

@@ -1,8 +1,7 @@
 module PacketFu
 
-	# Version 1.0.0 was released July 31, 2010
-	# Version 1.0.1 is unreleased.
-	VERSION = "1.0.2" 
+	# Check the repo's for version release histories
+	VERSION = "1.0.3" 
 
 	def self.version
 		VERSION

data/test/dissect_thinger.rb

@@ -0,0 +1,15 @@
+# This just allows you to eyeball the dissection stuff to make sure it's all right.
+
+require File.join("..","lib","packetfu")
+puts "Loaded: PacketFu v#{PacketFu.version}"
+# $: << File.join(File.expand_path(File.dirname(__FILE__)),"..","lib")
+
+include PacketFu
+
+packets = PcapFile.file_to_array "test/sample2.pcap"
+packets.each do |packet|
+	puts packet.inspect
+	pkt = Packet.parse(packet)
+	puts pkt.dissect
+	sleep 1
+end

data/test/packet_spec.rb

@@ -0,0 +1,72 @@
+require File.join("..","lib","packetfu")
+
+describe PacketFu::Packet, "abstract packet class behavior" do
+
+	before(:all) do
+		class PacketFu::FooPacket < PacketFu::Packet; end
+		class PacketFu::BarPacket < PacketFu::Packet; end
+	end
+
+	it "should not be instantiated" do
+		expect { PacketFu::Packet.new }.to raise_error(NoMethodError)
+	end
+
+	it "should allow subclasses to instantiate" do
+		expect { PacketFu::FooPacket.new }. to be
+		PacketFu.packet_classes.include?(PacketFu::FooPacket).should be_true
+	end
+
+	it "should register packet classes with PacketFu" do
+		PacketFu.packet_classes {should include(FooPacket) }
+		PacketFu.packet_classes {should include(BarPacket) }
+	end
+
+	it "should disallow badly named subclasses" do
+		expect { 
+			class PacketFu::PacketNot < PacketFu::Packet
+			end 
+		}.to raise_error
+		PacketFu.packet_classes.include?(PacketFu::PacketNot).should be_false
+		PacketFu.packet_classes {should_not include(PacketNot) }
+	end
+
+	before(:each) do
+		@tcp_packet = PacketFu::TCPPacket.new
+		@tcp_packet.ip_saddr = "10.10.10.10"
+	end
+
+	it "should shallow copy with dup()" do
+		p2 = @tcp_packet.dup
+		p2.ip_saddr = "20.20.20.20"
+		p2.ip_saddr.should == @tcp_packet.ip_saddr
+		p2.headers[1].object_id.should == @tcp_packet.headers[1].object_id
+	end
+
+	it "should deep copy with clone()" do
+		p3 = @tcp_packet.clone
+		p3.ip_saddr = "30.30.30.30"
+		p3.ip_saddr.should_not == @tcp_packet.ip_saddr
+		p3.headers[1].object_id.should_not == @tcp_packet.headers[1].object_id
+	end
+
+	it "should have senisble equality" do
+		p4 = @tcp_packet.dup
+		p4.should == @tcp_packet
+		p5 = @tcp_packet.clone
+		p5.should == @tcp_packet
+	end
+
+	# It's actually kinda hard to manually create identical TCP packets
+	it "should be possible to manually create identical packets" do
+		p6 = @tcp_packet.clone
+		p6.should == @tcp_packet
+		p7 = PacketFu::TCPPacket.new
+		p7.ip_saddr = p6.ip_saddr
+		p7.ip_id = p6.ip_id
+		p7.tcp_seq = p6.tcp_seq
+		p7.tcp_src = p6.tcp_src
+		p7.tcp_sum = p6.tcp_sum
+		p7.should == p6
+	end
+
+end

data/test/packet_subclasses_spec.rb

@@ -0,0 +1,12 @@
+require File.join("..","lib","packetfu")
+
+PacketFu.packet_classes.each do |pclass|
+	describe pclass, "peek format" do
+		it "will display sensible peek information" do
+			p = pclass.new
+			p.respond_to?(:peek).should be_true
+			p.peek.size.should be_<=(80), p.peek.inspect
+			p.peek.should match(/^[A-Z0-9?]../)
+		end
+	end
+end

data/test/packetfu_spec.rb

@@ -54,17 +54,31 @@ describe PacketFu, "protocol requires" do
 end
 
 describe PacketFu, "packet class list management" do
-	class FooPacket; end
-	class BarPacket; end
-	PacketFu.add_packet_class(FooPacket)
-	PacketFu.add_packet_class(BarPacket)
-	its(:packet_classes) {should include(FooPacket) and include(BarPacket)}
+
+	before(:all) do
+		class PacketFu::FooPacket < PacketFu::Packet; end
+		class PacketFu::BarPacket < PacketFu::Packet; end
+		class PacketFu::PacketBaz; end
+	end
+
+	it "should allow packet class registration" do
+		PacketFu.add_packet_class(PacketFu::FooPacket).should be_kind_of Array
+		PacketFu.add_packet_class(PacketFu::BarPacket).should be_kind_of Array
+	end
+
+	its(:packet_classes) {should include(PacketFu::FooPacket)}
+
 	it "should disallow non-classes as packet classes" do
 		expect { PacketFu.add_packet_class("A String") }.to raise_error
 	end
-	its(:packet_prefixes) {should include("foo") and include("bar")}
-	it "should disallow nonstandard packet class names" do
-		class PacketBaz; end
-		expect { PacketFu.add_packet_class(PacketBaz) }.to raise_error
+
+	its(:packet_prefixes) {should include("bar")}
+
+	# Don't really have much utility for this right now.
+	it "should allow packet class deregistration" do
+		PacketFu.remove_packet_class(PacketFu::BarPacket)
+		PacketFu.packet_prefixes.should_not include("bar")
+		PacketFu.add_packet_class(PacketFu::BarPacket)
 	end
+
 end

data/test/ptest.rb

@@ -4,7 +4,13 @@ require 'pcaprub'
 require 'packetfu'
 include PacketFu
 
-puts Pcap.lookupdev
+if Process.euid.zero? 
+	puts ">> Interface: " << Pcap.lookupdev
+else
+	puts ">> No interface access"
+end	
+puts ">> Version: " << PacketFu.version
+
 # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
 
 

data/test/structfu_spec.rb

@@ -331,8 +331,4 @@ describe StructFu::IntString do
 		expect { @istr.read(data) }.to raise_error
 	end
 
-	# So far, not implemented anywhere. In fact, none of this IntString
-	# business is. Ah well.
-	it "should parse when something actually needs it"
-
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification 
 name: packetfu
 version: !ruby/object:Gem::Version 
-  hash: 1344461223
+  hash: -1237194367
   prerelease: 6
   segments: 
   - 1
   - 0
-  - 2
+  - 3
   - pre
-  version: 1.0.2.pre
+  version: 1.0.3.pre
 platform: ruby
 authors: 
 - Tod Beardsley
@@ -88,6 +88,7 @@ files:
 - test/udp_test.pcap
 - test/sample2.pcap
 - test/sample.pcap
+- test/dissect_thinger.rb
 - test/test_ip6.rb
 - test/all_tests.rb
 - test/test_invalid.rb
@@ -103,6 +104,7 @@ files:
 - test/arp_test.pcap
 - test/test_inject.rb
 - test/test_eth.rb
+- test/packet_spec.rb
 - test/sample-ipv6.pcap
 - test/test_hsrp.rb
 - test/test_structfu.rb
@@ -111,8 +113,10 @@ files:
 - test/eth_test.pcap
 - test/test_ip.rb
 - test/structfu_spec.rb
+- test/packet_subclasses_spec.rb
 - examples/oui.txt
 - examples/uniqpcap.rb
+- examples/dissect_thinger.rb
 - examples/examples.rb
 - examples/simple-stats.rb
 - examples/arphood.rb