RubyGems - packetfu - Versions diffs - 1.0.4.pre → 1.0.5.pre - Mend

packetfu 1.0.4.pre → 1.0.5.pre

Files changed (10) hide show

data/.document CHANGED Viewed

@@ -1,3 +1,4 @@
 lib/packetfu.rb
 lib/packetfu/
 README
+LICENSE

data/examples/new-simple-stats.rb CHANGED Viewed

@@ -20,6 +20,7 @@ end
 def count_packet_types(file)
 	stats = {}
 	count = 0
+	elapsed = 0
 	start_time = Time.now
 	PacketFu::PcapFile.read_packets(file) do |pkt|
 		kind = pkt.proto.last.to_sym

data/lib/packetfu.rb CHANGED Viewed

@@ -1,8 +1,6 @@
 # :title: PacketFu Documentation
-# :main: ../README
-# :include: ../README
-# :include: ../LICENSE
+# :main: README
 cwd = File.expand_path(File.dirname(__FILE__))

data/lib/packetfu/packet.rb CHANGED Viewed

@@ -9,6 +9,7 @@ module PacketFu
 		attr_reader :flavor # Packet Headers are responsible for their own specific flavor methods.
 		attr_accessor :headers # All packets have a header collection, useful for determining protocol trees.
 		attr_accessor :iface # Default inferface to send packets to
+		attr_accessor :inspect_style # Default is :dissect, can also be :hex or :default
 		# Register subclasses in PacketFu.packet_class to do all kinds of neat things
 		# that obviates those long if/else trees for parsing. It's pretty sweet.
@@ -293,34 +294,17 @@ module PacketFu
 			ret.join("\n")
 		end
-		# Returns a hex-formatted representation of the packet.
+		# If @inspect_style is :default (or :ugly), the inspect output is the usual
+		# inspect.
 		#
-		# ==== Arguments
+		# If @inspect_style is :hex (or :pretty), the inspect output is
+		# a much more compact hexdump-style, with a shortened set of packet header
+		# names at the top.
 		#
-		# 0..9 : If a number is given only the layer in @header[arg] will be displayed. Note that this will include all @headers included in that header.
-		# :layers : If :layers is specified, the dump will return an array of headers by layer level.
-		# :all : An alias for arg=0.
+		# If @inspect_style is :dissect (or :verbose), the inspect output is the
+		# longer, but more readable, dissection of the packet. This is the default.
 		#
-		# ==== Examples
-		#
-		#   irb(main):003:0> pkt = TCPPacket.new
-		#   irb(main):003:0> puts pkt.inspect_hex(:layers)
-		#   00 1a c5 00 00 00 00 1a c5 00 00 00 08 00 45 00   ..............E.
-		#   00 28 83 ce 00 00 ff 06 38 02 00 00 00 00 00 00   .(......8.......
-		#   00 00 a6 0f 00 00 ac 89 7b 26 00 00 00 00 50 00   ........{&....P.
-		#   40 00 a2 25 00 00                                 @..%..
-		#   45 00 00 28 83 ce 00 00 ff 06 38 02 00 00 00 00   E..(......8.....
-		#   00 00 00 00 a6 0f 00 00 ac 89 7b 26 00 00 00 00   ..........{&....
-		#   50 00 40 00 a2 25 00 00                           P.@..%..
-		#   a6 0f 00 00 ac 89 7b 26 00 00 00 00 50 00 40 00   ......{&....P.@.
-		#   a2 25 00 00                                       .%..
-		#   => nil
-		#   irb(main):004:0> puts pkt.inspect_hex(:layers)[2]
-		#   a6 0f 00 00 ac 89 7b 26 00 00 00 00 50 00 40 00   ......{&....P.@.
-		#   a2 25 00 00                                       .%..
-		#   => nil
-		#
-		# TODO: Colorize this! Everyone loves colorized irb output.
+		# TODO: Have an option for colors. Everyone loves colorized irb output.
 		def inspect_hex(arg=0)
 			case arg
 			when :layers
@@ -344,9 +328,9 @@ module PacketFu
 			table = []
 			@headers.each_with_index do |header,table_idx|
 				proto = header.class.name.sub(/^.*::/,"")
-				table << [proto]
+				table << [proto,[]]
 				header.class.members.each do |elem|
-					elem_sym = RUBY_VERSION[/^1\.8/] ? elem.to_sym : elem
+					elem_sym = elem.to_sym # to_sym needed for 1.8
 					next if elem_sym == :body
 					elem_type_value = []
 					elem_type_value[0] = elem
@@ -357,11 +341,14 @@ module PacketFu
 						elem_type_value[1] = header.send(elem)
 					end
 					elem_type_value[2] = header[elem.to_sym].class.name
-					table[table_idx] ||= []
-					table[table_idx] << elem_type_value
+					table[table_idx][1] << elem_type_value
 				end
 			end
 			table
+			if @headers.last.members.include? :body
+				body_part = [:body, self.payload, @headers.last.body.class.name]
+			end
+			table << body_part
 		end
 		# Renders the dissection_table suitable for screen printing. Can take
@@ -369,36 +356,52 @@ module PacketFu
 		# take either a range or a number -- if a range, only protos within
 		# that range will be rendered. If an integer, only that proto
 		# will be rendered.
-		def dissect(min=nil,max=nil)
-			table = self.dissection_table
-			widest = (0..2).map {|i| table.map {|x| x.map {|y| y[i].size}}.flatten.sort.last}
-			table_formatted = ""
-			begin
-				if min
-					layer_min = min.to_i
-					layer_max = max ? max.to_i : layer_min
-					table_range = (layer_min..layer_max)
-				else
-					layer_min = min
+		def dissect
+			dtable = self.dissection_table
+			hex_body = nil
+			if dtable.last.kind_of?(Array) and dtable.last.first == :body
+				body = dtable.pop
+				hex_body = hexify(body[1])
+			end
+			elem_widths = [0,0,0]
+			dtable.each do |proto_table|
+				proto_table[1].each do |elems|
+					elems.each_with_index do |e,i|
+						width = e.size
+						elem_widths[i] = width if width > elem_widths[i]
+					end
 				end
-			rescue => e
-				raise ArgumentError, "Method `dissect' accepts one or two to_i-able arguments"
 			end
-			header_line_width = widest.inject {|sum,i| sum ? sum + i : i} + 2
-			table.each_with_index do |proto_table,proto_idx|
-				if layer_min
-					next unless table_range.member? proto_idx
+			total_width = elem_widths.inject(0) {|sum,x| sum+x}
+			table = ""
+			dtable.each do |proto|
+				table << "--"
+				table << proto[0]
+				if total_width > proto[0].size
+					table << ("-" * (total_width - proto[0].size + 2))
+				else
+					table << ("-" * (total_width + 2))
 				end
-				table_formatted << "--#{proto_table.first}"
-				table_formatted << "-" * (header_line_width - proto_table.first.size) << "\n"
-				proto_table[1,proto_table.size].each do |elem,value,type|
-					table_formatted << "  %-#{widest[0]}s " % elem
-					table_formatted << "%-#{widest[1]}s " % value.to_s
-					table_formatted << type << "\n"
+				table << "\n"
+				proto[1].each do |elems|
+					table << "  "
+					elems_table = []
+					(0..2).each do |i|
+						elems_table << ("%-#{elem_widths[i]}s" % elems[i])
+					end
+					table << elems_table.join("\s")
+					table << "\n"
 				end
 			end
-			table_formatted << ("-" * header_line_width)
-			table_formatted
+			if hex_body && !hex_body.empty?
+				table << "-" * 66
+				table << "\n"
+				table << "00-01-02-03-04-05-06-07-08-09-0a-0b-0c-0d-0e-0f---0123456789abcdef\n"
+				table << "-" * 66
+				table << "\n"
+				table << hex_body
+			end
+			table
 		end
 		alias :orig_kind_of? :kind_of?
@@ -423,7 +426,14 @@ module PacketFu
 		# If you hate this, you can run PacketFu.toggle_inspect to return
 		# to the typical (and often unreadable) Object#inspect format.
 		def inspect
-			self.proto.join("|") + "\n" + self.inspect_hex
+			case @inspect_style
+			when :dissect
+				self.dissect
+			when :hex
+				self.proto.join("|") + "\n" + self.inspect_hex
+			else
+				super
+			end
 		end
 		# Returns the size of the packet (as a binary string)
@@ -457,6 +467,11 @@ module PacketFu
 			if self.class.name =~ /(::|^)PacketFu::Packet$/
 				raise NoMethodError, "method `new' called for abstract class #{self.class.name}"
 			end
+			if args[:inspect_style]
+				@inspect_style = args[:inspect_style]
+			else
+				@inspect_style = :dissect
+			end
 			if args[:config]
 				args[:config].each_pair do |k,v|
 					case k
@@ -511,43 +526,17 @@ module PacketFu
 	end # class Packet
-	@inspect_style = :pretty
-	# If @inspect_style is :ugly, set the inspect method to the usual inspect.
-	# By default, @inspect_style is :pretty. This default may change if people
-	# hate it.
-	# Since PacketFu is designed with irb in mind, the normal inspect is way too
-	# verbose when new packets are created, and it ruins the aesthetics of the
-	# PacketFu console or quick hping-like exercises in irb.
-	#
-	# However, there are cases where knowing things like object id numbers, the complete
-	# @header array, etc. is useful (especially in debugging). So, toggle_inspect
-	# provides a means for a script to declar which style of inspect to use.
-	#
-	# This method may be an even worse idea than the original monkeypatch to Packet.inspect,
-	# since it would almost certainly be better to redefine inspect just in the PacketFu console.
-	# We'll see what happens.
-	#
-	# == Example
-	#
-	#  irb(main):001:0> p = PacketFu::TCPPacket.new
-	#  => Eth|IP|TCP
-	#  00 1a c5 00 00 00 00 1a c5 00 00 00 08 00 45 00   ..............E.
-	#  00 28 ea d7 00 00 ff 06 d0 f8 00 00 00 00 00 00   .(..............
-	#  00 00 a9 76 00 00 f9 28 7e 95 00 00 00 00 50 00   ...v...(~.....P.
-	#  40 00 4e b0 00 00                                 @.N...
-	#  irb(main):002:0> PacketFu.toggle_inspect
-	#  => :ugly
-	#  irb(main):003:0> p = PacketFu::TCPPacket.new
-	#  => #<PacketFu::TCPPacket:0xb7aaf96c @ip_header=#<struct PacketFu::IPHeader ip_v=4, ip_hl=5, ip_tos=#<struct StructFu::Int8 value=nil, endian=nil, width=1, default=0>, ip_len=#<struct StructFu::Int16 value=20, endian=:big, width=2, default=0>, ip_id=#<struct StructFu::Int16 value=58458, endian=:big, width=2, default=0>, ip_frag=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, ip_ttl=#<struct StructFu::Int8 value=32, endian=nil, width=1, default=0>, ip_proto=#<struct StructFu::Int8 value=6, endian=nil, width=1, default=0>, ip_sum=#<struct StructFu::Int16 value=65535, endian=:big, width=2, default=0>, ip_src=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, ip_dst=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, body=#<struct PacketFu::TCPHeader tcp_src=#<struct StructFu::Int16 value=17222, endian=:big, width=2, default=0>, tcp_dst=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_seq=#<struct StructFu::Int32 value=1528113240, endian=:big, width=4, default=0>, tcp_ack=#<struct StructFu::Int32 value=nil, endian=:big, width=4, default=0>, tcp_hlen=#<struct PacketFu::TcpHlen hlen=5>, tcp_reserved=#<struct PacketFu::TcpReserved r1=0, r2=0, r3=0>, tcp_ecn=#<struct PacketFu::TcpEcn n=nil, c=nil, e=nil>, tcp_flags=#<struct PacketFu::TcpFlags urg=0, ack=0, psh=0, rst=0, syn=0, fin=0>, tcp_win=#<struct StructFu::Int16 value=16384, endian=:big, width=2, default=0>, tcp_sum=#<struct StructFu::Int16 value=43333, endian=:big, width=2, default=0>, tcp_urg=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_opts=[], body="">>, @tcp_header=#<struct PacketFu::TCPHeader tcp_src=#<struct StructFu::Int16 value=17222, endian=:big, width=2, default=0>, tcp_dst=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_seq=#<struct StructFu::Int32 value=1528113240, endian=:big, width=4, default=0>, tcp_ack=#<struct StructFu::Int32 value=nil, endian=:big, width=4, default=0>, tcp_hlen=#<struct PacketFu::TcpHlen hlen=5>, tcp_reserved=#<struct PacketFu::TcpReserved r1=0, r2=0, r3=0>, tcp_ecn=#<struct PacketFu::TcpEcn n=nil, c=nil, e=nil>, tcp_flags=#<struct PacketFu::TcpFlags urg=0, ack=0, psh=0, rst=0, syn=0, fin=0>, tcp_win=#<struct StructFu::Int16 value=16384, endian=:big, width=2, default=0>, tcp_sum=#<struct StructFu::Int16 value=43333, endian=:big, width=2, default=0>, tcp_urg=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_opts=[], body="">, @eth_header=#<struct PacketFu::EthHeader eth_dst=#<struct PacketFu::EthMac oui=#<struct PacketFu::EthOui b0=nil, b1=nil, b2=nil, b3=nil, b4=nil, b5=nil, local=0, multicast=nil, oui=428>, nic=#<struct PacketFu::EthNic n0=nil, n1=nil, n2=nil>>, eth_src=#<struct PacketFu::EthMac oui=#<struct PacketFu::EthOui b0=nil, b1=nil, b2=nil, b3=nil, b4=nil, b5=nil, local=0, multicast=nil, oui=428>, nic=#<struct PacketFu::EthNic n0=nil, n1=nil, n2=nil>>, eth_proto=#<struct StructFu::Int16 value=2048, endian=:big, width=2, default=0>, body=#<struct PacketFu::IPHeader ip_v=4, ip_hl=5, ip_tos=#<struct StructFu::Int8 value=nil, endian=nil, width=1, default=0>, ip_len=#<struct StructFu::Int16 value=20, endian=:big, width=2, default=0>, ip_id=#<struct StructFu::Int16 value=58458, endian=:big, width=2, default=0>, ip_frag=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, ip_ttl=#<struct StructFu::Int8 value=32, endian=nil, width=1, default=0>, ip_proto=#<struct StructFu::Int8 value=6, endian=nil, width=1, default=0>, ip_sum=#<struct StructFu::Int16 value=65535, endian=:big, width=2, default=0>, ip_src=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, ip_dst=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, body=#<struct PacketFu::TCPHeader tcp_src=#<struct StructFu::Int16 value=17222, endian=:big, width=2, default=0>, tcp_dst=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_seq=#<struct StructFu::Int32 value=1528113240, endian=:big, width=4, default=0>, tcp_ack=#<struct StructFu::Int32 value=nil, endian=:big, width=4, default=0>, tcp_hlen=#<struct PacketFu::TcpHlen hlen=5>, tcp_reserved=#<struct PacketFu::TcpReserved r1=0, r2=0, r3=0>, tcp_ecn=#<struct PacketFu::TcpEcn n=nil, c=nil, e=nil>, tcp_flags=#<struct PacketFu::TcpFlags urg=0, ack=0, psh=0, rst=0, syn=0, fin=0>, tcp_win=#<struct StructFu::Int16 value=16384, endian=:big, width=2, default=0>, tcp_sum=#<struct StructFu::Int16 value=43333, endian=:big, width=2, default=0>, tcp_urg=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_opts=[], body="">>>, @headers=[#<struct PacketFu::EthHeader eth_dst=#<struct PacketFu::EthMac oui=#<struct PacketFu::EthOui b0=nil, b1=nil, b2=nil, b3=nil, b4=nil, b5=nil, local=0, multicast=nil, oui=428>, nic=#<struct PacketFu::EthNic n0=nil, n1=nil, n2=nil>>, eth_src=#<struct PacketFu::EthMac oui=#<struct PacketFu::EthOui b0=nil, b1=nil, b2=nil, b3=nil, b4=nil, b5=nil, local=0, multicast=nil, oui=428>, nic=#<struct PacketFu::EthNic n0=nil, n1=nil, n2=nil>>, eth_proto=#<struct StructFu::Int16 value=2048, endian=:big, width=2, default=0>, body=#<struct PacketFu::IPHeader ip_v=4, ip_hl=5, ip_tos=#<struct StructFu::Int8 value=nil, endian=nil, width=1, default=0>, ip_len=#<struct StructFu::Int16 value=20, endian=:big, width=2, default=0>, ip_id=#<struct StructFu::Int16 value=58458, endian=:big, width=2, default=0>, ip_frag=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, ip_ttl=#<struct StructFu::Int8 value=32, endian=nil, width=1, default=0>, ip_proto=#<struct StructFu::Int8 value=6, endian=nil, width=1, default=0>, ip_sum=#<struct StructFu::Int16 value=65535, endian=:big, width=2, default=0>, ip_src=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, ip_dst=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, body=#<struct PacketFu::TCPHeader tcp_src=#<struct StructFu::Int16 value=17222, endian=:big, width=2, default=0>, tcp_dst=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_seq=#<struct StructFu::Int32 value=1528113240, endian=:big, width=4, default=0>, tcp_ack=#<struct StructFu::Int32 value=nil, endian=:big, width=4, default=0>, tcp_hlen=#<struct PacketFu::TcpHlen hlen=5>, tcp_reserved=#<struct PacketFu::TcpReserved r1=0, r2=0, r3=0>, tcp_ecn=#<struct PacketFu::TcpEcn n=nil, c=nil, e=nil>, tcp_flags=#<struct PacketFu::TcpFlags urg=0, ack=0, psh=0, rst=0, syn=0, fin=0>, tcp_win=#<struct StructFu::Int16 value=16384, endian=:big, width=2, default=0>, tcp_sum=#<struct StructFu::Int16 value=43333, endian=:big, width=2, default=0>, tcp_urg=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_opts=[], body="">>>, #<struct PacketFu::IPHeader ip_v=4, ip_hl=5, ip_tos=#<struct StructFu::Int8 value=nil, endian=nil, width=1, default=0>, ip_len=#<struct StructFu::Int16 value=20, endian=:big, width=2, default=0>, ip_id=#<struct StructFu::Int16 value=58458, endian=:big, width=2, default=0>, ip_frag=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, ip_ttl=#<struct StructFu::Int8 value=32, endian=nil, width=1, default=0>, ip_proto=#<struct StructFu::Int8 value=6, endian=nil, width=1, default=0>, ip_sum=#<struct StructFu::Int16 value=65535, endian=:big, width=2, default=0>, ip_src=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, ip_dst=#<struct PacketFu::Octets o1=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o2=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o3=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>, o4=#<struct StructFu::Int8 value=0, endian=nil, width=1, default=0>>, body=#<struct PacketFu::TCPHeader tcp_src=#<struct StructFu::Int16 value=17222, endian=:big, width=2, default=0>, tcp_dst=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_seq=#<struct StructFu::Int32 value=1528113240, endian=:big, width=4, default=0>, tcp_ack=#<struct StructFu::Int32 value=nil, endian=:big, width=4, default=0>, tcp_hlen=#<struct PacketFu::TcpHlen hlen=5>, tcp_reserved=#<struct PacketFu::TcpReserved r1=0, r2=0, r3=0>, tcp_ecn=#<struct PacketFu::TcpEcn n=nil, c=nil, e=nil>, tcp_flags=#<struct PacketFu::TcpFlags urg=0, ack=0, psh=0, rst=0, syn=0, fin=0>, tcp_win=#<struct StructFu::Int16 value=16384, endian=:big, width=2, default=0>, tcp_sum=#<struct StructFu::Int16 value=43333, endian=:big, width=2, default=0>, tcp_urg=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_opts=[], body="">>, #<struct PacketFu::TCPHeader tcp_src=#<struct StructFu::Int16 value=17222, endian=:big, width=2, default=0>, tcp_dst=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_seq=#<struct StructFu::Int32 value=1528113240, endian=:big, width=4, default=0>, tcp_ack=#<struct StructFu::Int32 value=nil, endian=:big, width=4, default=0>, tcp_hlen=#<struct PacketFu::TcpHlen hlen=5>, tcp_reserved=#<struct PacketFu::TcpReserved r1=0, r2=0, r3=0>, tcp_ecn=#<struct PacketFu::TcpEcn n=nil, c=nil, e=nil>, tcp_flags=#<struct PacketFu::TcpFlags urg=0, ack=0, psh=0, rst=0, syn=0, fin=0>, tcp_win=#<struct StructFu::Int16 value=16384, endian=:big, width=2, default=0>, tcp_sum=#<struct StructFu::Int16 value=43333, endian=:big, width=2, default=0>, tcp_urg=#<struct StructFu::Int16 value=nil, endian=:big, width=2, default=0>, tcp_opts=[], body="">]>
-	#  irb(main):004:0>
+	# Switches inspect styles between :dissect, :default, and :hex
 	def toggle_inspect
-		if @inspect_style == :pretty
-			eval("class Packet; def inspect; super; end; end")
-			@inspect_style = :ugly
+		case @inspect_style
+		when :hex, :pretty
+			@inspect_style = :dissect
+		when :dissect, :verbose
+			@inspect_style = :default
+		when :default, :ugly
+			@inspect_style = :hex
 		else
-			eval("class Packet; def inspect; self.proto.join('|') + \"\n\" + self.inspect_hex; end; end")
-			@inspect_style = :pretty
+			@inspect_style = :dissect
 		end
 	end

data/lib/packetfu/pcap.rb CHANGED Viewed

@@ -228,9 +228,95 @@ module PacketFu
 	# PcapHeader and PcapPackets.
 	#
 	# See http://wiki.wireshark.org/Development/LibpcapFileFormat
+	#
+	# PcapFile also can behave as a singleton class, which is usually the better
+	# way to handle pcap files of really any size, since it doesn't require
+	# storing packets before handing them off to a given block. This is really
+	# the way to go.
 	class PcapFile < Struct.new(:endian, :head, :body)
 		include StructFu
+		class << self
+			# Takes a given file and returns an array of the packet bytes. Here
+			# for backwards compatibilty.
+			def file_to_array(fname)
+				PcapFile.new.file_to_array(:f => fname)
+			end
+			# Takes a given file name, and reads out the packets. If given a block,
+			# it will yield back a PcapPacket object per packet found.
+			def read(fname,&block)
+				begin
+					file_handle = File.open(fname, "rb")
+					pcap_packets = PcapPackets.new unless block
+					file_header = PcapHeader.new
+					file_header.read file_handle.read(24)
+					packet_count = 0
+					pcap_packet = PcapPacket.new(:endian => file_header.endian)
+					while pcap_packet.read file_handle.read(16) do
+						len = pcap_packet.incl_len
+						pcap_packet.data = StructFu::String.new.read(file_handle.read(len.to_i))
+						packet_count += 1
+						if pcap_packet.data.size < len.to_i
+							warn "Packet ##{packet_count} is corrupted: expected #{len.to_i}, got #{pcap_packet.data.size}. Exiting."
+							break
+						end
+						if block
+							yield pcap_packet
+						else
+							pcap_packets << pcap_packet
+						end
+					end
+					unless block
+						return pcap_packets
+					end
+				ensure
+					file_handle.close
+				end
+			end
+			# Takes a filename, and an optional block. If a block is given,
+			# yield back the raw packet data from the given file. Otherwise,
+			# return an array of parsed packets.
+			def read_packet_bytes(fname,&block)
+				count = 0
+				packets = [] unless block
+				read(fname) do |packet|
+					if block
+						count += 1
+						yield packet.data.to_s
+					else
+						packets << packet.data.to_s
+					end
+				end
+				block ? count : packets
+			end
+			alias :file_to_array :read_packet_bytes
+			# Takes a filename, and an optional block. If a block is given,
+			# yield back parsed packets from the given file. Otherwise, return
+			# an array of parsed packets.
+			#
+			# This is a brazillian times faster than the old methods of extracting
+			# packets from files.
+			def read_packets(fname,&block)
+				count = 0
+				packets = [] unless block
+				read_packet_bytes(fname) do |packet|
+					if block
+						count += 1
+						yield Packet.parse(packet)
+					else
+						packets << Packet.parse(packet)
+					end
+				end
+				block ? count : packets
+			end
+		end
 		def initialize(args={})
 			init_fields(args)
 			super(args[:endian], args[:head], args[:body])
@@ -265,6 +351,7 @@ module PacketFu
 		# Clears the contents of the PcapFile prior to reading in a new string.
 		def read!(str)
 			clear
+			force_binary(str)
 			self.read str
 		end
@@ -399,94 +486,6 @@ module PacketFu
 	end
-	# PcapFile also can behave as a singleton class, which is usually the better
-	# way to handle pcap files of really any size, since it doesn't require
-	# storing packets before handing them off to a given block. This is really
-	# the way to go.
-	class PcapFile
-		class << self
-			# Takes a given file and returns an array of the packet bytes. Here
-			# for backwards compatibilty.
-			def file_to_array(fname)
-				PcapFile.new.file_to_array(:f => fname)
-			end
-			# Takes a given file name, and reads out the packets. If given a block,
-			# it will yield back a PcapPacket object per packet found.
-			def read(fname,&block)
-				begin
-					file_handle = File.open(fname, "rb")
-					pcap_packets = PcapPackets.new unless block
-					file_header = PcapHeader.new
-					file_header.read file_handle.read(24)
-					packet_count = 0
-					pcap_packet = PcapPacket.new(:endian => file_header.endian)
-					while pcap_packet.read file_handle.read(16) do
-						len = pcap_packet.incl_len
-						pcap_packet.data = StructFu::String.new.read(file_handle.read(len.to_i))
-						packet_count += 1
-						if pcap_packet.data.size < len.to_i
-							warn "Packet ##{packet_count} is corrupted: expected #{len.to_i}, got #{pcap_packet.data.size}. Exiting."
-							break
-						end
-						if block
-							yield pcap_packet
-						else
-							pcap_packets << pcap_packet
-						end
-					end
-					unless block
-						return pcap_packets
-					end
-				ensure
-					file_handle.close
-				end
-			end
-			# Takes a filename, and an optional block. If a block is given,
-			# yield back the raw packet data from the given file. Otherwise,
-			# return an array of parsed packets.
-			def read_packet_bytes(fname,&block)
-				count = 0
-				packets = [] unless block
-				read(fname) do |packet|
-					if block
-						count += 1
-						yield packet.data.to_s
-					else
-						packets << packet.data.to_s
-					end
-				end
-				block ? count : packets
-			end
-			alias :file_to_array :read_packet_bytes
-			# Takes a filename, and an optional block. If a block is given,
-			# yield back parsed packets from the given file. Otherwise, return
-			# an array of parsed packets.
-			#
-			# This is a brazillian times faster than the old methods of extracting
-			# packets from files.
-			def read_packets(fname,&block)
-				count = 0
-				packets = [] unless block
-				read_packet_bytes(fname) do |packet|
-					if block
-						count += 1
-						yield Packet.parse(packet)
-					else
-						packets << Packet.parse(packet)
-					end
-				end
-				block ? count : packets
-			end
-		end
-	end
 end
 module PacketFu

data/test/icmp_test.pcap CHANGED Viewed

Binary file

data/test/ip_test.pcap CHANGED Viewed

Binary file

data/test/tcp_test.pcap CHANGED Viewed

Binary file

data/test/udp_test.pcap CHANGED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: packetfu
 version: !ruby/object:Gem::Version
-  hash: 199653271
+  hash: -1329738657
   prerelease: 6
   segments:
   - 1
   - 0
-  - 4
+  - 5
   - pre
-  version: 1.0.4.pre
+  version: 1.0.5.pre
 platform: ruby
 authors:
 - Tod Beardsley
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-05-22 00:00:00 -05:00
+date: 2011-06-06 00:00:00 -05:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -35,20 +35,6 @@ dependencies:
         version: 0.9.2
   type: :development
   version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: rspec
-  prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
-  type: :development
-  version_requirements: *id002
 description: PacketFu is a mid-level packet manipulation library for Ruby. With it, users can read, parse, and write network packets with the level of ease and fun they expect from Ruby. Note that this gem does not automatically require pcaprub, since users may install pcaprub through non-gem means.
 email: todb@planb-security.net
 executables: []
@@ -129,8 +115,8 @@ files:
 - examples/new-simple-stats.rb
 has_rdoc: true
 homepage: http://code.google.com/p/packetfu/
-licenses: []
+licenses:
+- BSD
 post_install_message:
 rdoc_options: []
@@ -156,8 +142,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       - 3
       - 1
       version: 1.3.1
-requirements: []
+requirements:
+- sdoc, for generating local documentation
+- rspec, v2.6.2 or later, for testing
+- pcaprub v0.9.2 or later, for packet capture/inject
 rubyforge_project: packetfu
 rubygems_version: 1.4.2
 signing_key: