packetgen 0.1.0

data/lib/packetgen/pcapng/idb.rb

@@ -0,0 +1,145 @@
+module PacketGen
+  module PcapNG
+
+    # {IDB} represents a Interface Description Block (IDB) of a pcapng file.
+    #
+    # == IDB Definition
+    #   Int32   :type           Default: 0x00000001
+    #   Int32   :block_len
+    #   Int16   :link_type      Default: 1
+    #   Int16   :reserved       Default: 0
+    #   Int64   :snaplen        Default: 0 (no limit)
+    #   String  :options
+    #   Int32   :block_len2
+    class IDB < Struct.new(:type, :block_len, :link_type, :reserved,
+                           :snaplen, :options, :block_len2)
+      include StructFu
+      include Block
+
+      # @return [:little, :big]
+      attr_accessor :endian
+      # @return [SHB]
+      attr_accessor :section
+      # @return [Array<EPB,SPB>]
+      attr_accessor :packets
+
+      # Minimum IDB size
+      MIN_SIZE     = 5*4
+
+      # Option code for if_tsresol option
+      OPTION_IF_TSRESOL = 9
+
+      # @param [Hash] options
+      # @option options [:little, :big] :endian set block endianness
+      # @option options [Integer] :type
+      # @option options [Integer] :block_len block total length
+      # @option options [Integer] :link_type
+      # @option options [Integer] :reserved
+      # @option options [Integer] :snaplen maximum number of octets captured from
+      #                                    each packet
+      # @option options [::String] :options
+      # @option options [Integer] :block_len2 block total length
+      def initialize(options={})
+        @endian = set_endianness(options[:endian] || :little)
+        @packets = []
+        @options_decoded = false
+        init_fields(options)
+        super(options[:type], options[:block_len], options[:link_type], options[:reserved],
+              options[:snaplen], options[:options], options[:block_len2])
+      end
+
+      # Used by {#initialize} to set the initial fields
+      # @see #initialize possible options
+      # @param [Hash] options
+      # @return [Hash] return +options+
+      def init_fields(options={})
+        options[:type]  = @int32.new(options[:type] || PcapNG::IDB_TYPE.to_i)
+        options[:block_len] = @int32.new(options[:block_len] || MIN_SIZE)
+        options[:link_type] = @int16.new(options[:link_type] || 1)
+        options[:reserved] = @int16.new(options[:reserved] || 0)
+        options[:snaplen] = @int32.new(options[:snaplen] || 0)
+        options[:options] = StructFu::String.new(options[:options] || '')
+        options[:block_len2] = @int32.new(options[:block_len2] || MIN_SIZE)
+        options
+      end
+
+      # Reads a String or a IO to populate the object
+      # @param [::String,IO] str_or_io
+      # @return [self]
+      def read(str_or_io)
+        if str_or_io.respond_to? :read
+          io = str_or_io
+        else
+          io = StringIO.new(force_binary(str_or_io.to_s))
+        end
+        return self if io.eof?
+
+        self[:type].read io.read(4)
+        self[:block_len].read io.read(4)
+        self[:link_type].read io.read(2)
+        self[:reserved].read io.read(2)
+        self[:snaplen].read io.read(4)
+        self[:options].read io.read(self[:block_len].to_i - MIN_SIZE)
+        self[:block_len2].read io.read(4)
+
+        unless self[:block_len].to_i == self[:block_len2].to_i
+          raise InvalidFileError, 'Incoherency in Interface Description Block'
+        end
+      
+        self
+      end
+      
+      # Add a xPB to this section
+      # @param [EPB,SPB] xpb
+      # @return [self]
+      def <<(xpb)
+        @packets << xpb
+        self
+      end
+
+      # Give timestamp resolution for this interface
+      # @param [Boolean] force if +true+, force decoding even if already done
+      # @return [Float]
+      def ts_resol(force: false)
+        if @options_decoded and not force
+          @ts_resol
+        else
+          packstr = (@endian == :little) ? 'v' : 'n'
+          idx = 0
+          options = self[:options]
+          opt_code = opt_len = 0
+
+          while idx < options.length do
+            opt_code, opt_len = options[idx, 4].unpack("#{packstr}2")
+            if opt_code == OPTION_IF_TSRESOL and opt_len == 1
+              tsresol = options[idx+4, 1].unpack('C').first
+              if tsresol & 0x80 == 0
+                @ts_resol = 10 ** -tsresol
+              else
+                @ts_resol = 2 ** -(tsresol & 0x7f)
+              end
+
+              @options_decoded = true
+              return @ts_resol
+            else
+              idx += 4 + opt_len
+            end
+          end
+
+          @options_decoded = true
+          @ts_resol = 1E-6  # default value
+        end
+      end
+
+      # Return the object as a String
+      # @return [String]
+      def to_s
+        pad_field :options
+        recalc_block_len
+        to_a.map(&:to_s).join + @packets.map(&:to_s).join
+      end
+
+    end
+
+  end
+end

data/lib/packetgen/pcapng/shb.rb

@@ -0,0 +1,173 @@
+module PacketGen
+  module PcapNG
+
+    # {SHB} represents a Section Header Block (SHB) of a pcapng file.
+    #
+    # == SHB Definition
+    #   Int32   :type           Default: 0x0A0D0D0A
+    #   Int32   :block_len
+    #   Int32   :magic          Default: 0x1A2B3C4D  # :big is 0x4D3C2C1A
+    #   Int16   :ver_major      Default: 1
+    #   Int16   :ver_minor      Default: 0
+    #   Int64   :section_len
+    #   String  :options        Default: ''
+    #   Int32   :block_len2
+    class SHB < Struct.new(:type, :block_len, :magic, :ver_major, :ver_minor,
+                           :section_len, :options, :block_len2)
+      include StructFu
+      include Block
+
+      # @return [:little, :big]
+      attr_accessor :endian
+      # Get interfaces for this section
+      # @return [Array<IDB>]
+      attr_reader :interfaces
+      # Get unsupported blocks given in pcapng file as raw data
+      # @return [Array<UnknownBlock>]
+      attr_reader :unknown_blocks
+
+      # Magic value to retrieve SHB
+      MAGIC_INT32  = 0x1A2B3C4D
+      # Magic value (little endian version)
+      MAGIC_LITTLE = [MAGIC_INT32].pack('V')
+      # Magic value (big endian version)
+      MAGIC_BIG    = [MAGIC_INT32].pack('N')
+
+      # Minimum SHB size
+      MIN_SIZE     = 7*4
+      # +section_len+ value for undefined length
+      SECTION_LEN_UNDEFINED = 0xffffffff_ffffffff
+
+      # @param [Hash] options
+      # @option options [:little, :big] :endian set block endianness
+      # @option options [Integer] :type
+      # @option options [Integer] :block_len block total length
+      # @option options [Integer] :magic magic number to distinguish little endian
+      #                                  sessions and big endian ones
+      # @option options [Integer] :ver_major number of the current major version of
+      #                                      the format
+      # @option options [Integer] :ver_minor number of the current minor version of
+      #                                      the format
+      # @option options [Integer] :section_len length of following section, excluding
+      #                                        he SHB itself
+      # @option options [::String] :options
+      # @option options [Integer] :block_len2 block total length
+      def initialize(options={})
+        @endian = set_endianness(options[:endian] || :little)
+        @interfaces = []
+        @unknown_blocks = []
+        init_fields(options)
+        super(options[:type], options[:block_len], options[:magic], options[:ver_major],
+              options[:ver_minor], options[:section_len], options[:options], options[:block_len2])
+      end
+
+      # Used by {#initialize} to set the initial fields
+      # @see #initialize possible options
+      # @param [Hash] options
+      # @return [Hash] return +options+
+      def init_fields(options={})
+        options[:type]  = @int32.new(options[:type] || PcapNG::SHB_TYPE.to_i)
+        options[:block_len] = @int32.new(options[:block_len] || MIN_SIZE)
+        options[:magic] = @int32.new(options[:magic] || MAGIC_INT32)
+        options[:ver_major] = @int16.new(options[:ver_major] || 1)
+        options[:ver_minor] = @int16.new(options[:ver_minor] || 0)
+        options[:section_len] = @int64.new(options[:section_len] || SECTION_LEN_UNDEFINED)
+        options[:options] = StructFu::String.new(options[:options] || '')
+        options[:block_len2] = @int32.new(options[:block_len2] || MIN_SIZE)
+        options
+      end
+
+      # Reads a String or a IO to populate the object
+      # @param [::String,IO] str_or_io
+      # @return [self]
+      def read(str_or_io)
+        if str_or_io.respond_to? :read
+          io = str_or_io
+        else
+          io = StringIO.new(force_binary(str_or_io.to_s))
+        end
+        return self if io.eof?
+
+        type_str = io.read(4)
+        unless type_str == PcapNG::SHB_TYPE.to_s
+          type = type_str.unpack('H*').join
+          raise InvalidFileError, "Incorrect type (#{type})for Section Header Block"
+        end
+
+        block_len_str = io.read(4)
+
+        magic_str = io.read(4)
+        case @endian
+        when :little
+          case magic_str
+          when MAGIC_LITTLE
+          when MAGIC_BIG
+            force_endianness :big
+          else
+            raise InvalidFileError, 'Incorrect magic for Section Header Block'
+          end
+        when :big
+          case magic_str
+          when MAGIC_BIG
+          when MAGIC_LITTLE
+            force_endianness :little
+          else
+            raise InvalidFileError, 'Incorrect magic for Section Header Block'
+          end
+        end
+
+        self[:type].read type_str
+        self[:block_len].read block_len_str
+        self[:magic].read magic_str
+        self[:ver_major].read io.read(2)
+        self[:ver_minor].read io.read(2)
+        self[:section_len].read io.read(8)
+        self[:options].read io.read(self[:block_len].to_i - MIN_SIZE)
+        self[:block_len2].read io.read(4)
+
+        unless self[:block_len].to_i == self[:block_len2].to_i
+          raise InvalidFileError, 'Incoherency in Section Header Block'
+        end
+
+        self
+      end
+
+      # Add a IDB to this section
+      # @param [IDB] idb
+      # @return [self]
+      def <<(idb)
+        @interfaces << idb
+        self
+      end
+
+      # Return the object as a String
+      # @return [String]
+      def to_s
+        body = @interfaces.map(&:to_s).join
+        unless self[:section_len].to_i == SECTION_LEN_UNDEFINED
+          self.section_len.value = body.size
+        end
+        pad_field :options
+        recalc_block_len
+        to_a.map(&:to_s).join + body
+      end
+
+
+      private
+
+      def force_endianness(endian)
+        set_endianness endian
+        @endian = endian
+        self[:type]  = @int32.new(self[:type].to_i)
+        self[:block_len] = @int32.new(self[:block_len].to_i)
+        self[:magic] = @int32.new(self[:magic].to_i)
+        self[:ver_major] = @int16.new(self[:ver_major].to_i)
+        self[:ver_minor] = @int16.new(self[:ver_minor].to_i)
+        self[:section_len] = @int64.new(self[:section_len].to_i)
+        self[:block_len2] = @int32.new(self[:block_len2].to_i)
+      end
+
+    end
+
+  end
+end

data/lib/packetgen/pcapng/spb.rb

@@ -0,0 +1,103 @@
+module PacketGen
+  module PcapNG
+
+    # {SPB} represents a Section Simple Packet Block (SPB) of a pcapng file.
+    #
+    # == Pcapng::SPB Definition
+    #   Int32   :type           Default: 0x00000003
+    #   Int32   :block_len
+    #   Int32   :orig_len
+    #   String  :data
+    #   Int32   :block_len2
+    class SPB < Struct.new(:type, :block_len, :orig_len, :data, :block_len2)
+      include StructFu
+      include Block
+
+      # @return [:little, :big]
+      attr_accessor :endian
+      # @return [IPB]
+      attr_accessor :interface
+
+      # Minimum SPB size
+      MIN_SIZE     = 4*4
+
+      # @param [Hash] options
+      # @option options [:little, :big] :endian set block endianness
+      # @option options [Integer] :type
+      # @option options [Integer] :block_len block total length
+      # @option options [Integer] :orig_len actual length of the packet when it was
+      #                                     transmitted on the network
+      # @option options [::String] :data
+      # @option options [::String] :options
+      # @option options [Integer] :block_len2 block total length
+      def initialize(options={})
+        @endian = set_endianness(options[:endian] || :little)
+        init_fields(options)
+        super(options[:type], options[:block_len], options[:orig_len], options[:data],
+              options[:block_len2])
+      end
+
+      # Used by {#initialize} to set the initial fields
+      # @param [Hash] options
+      # @see #initialize possible options
+      # @return [Hash] return +options+
+      def init_fields(options={})
+        options[:type]  = @int32.new(options[:type] || PcapNG::SPB_TYPE.to_i)
+        options[:block_len] = @int32.new(options[:block_len] || MIN_SIZE)
+        options[:orig_len] = @int32.new(options[:orig_len] || 0)
+        options[:data] = StructFu::String.new(options[:data] || '')
+        options[:block_len2] = @int32.new(options[:block_len2] || MIN_SIZE)
+        options
+      end
+
+      # Has this block option?
+      # @return [false]
+      def has_options?
+        false
+      end
+
+      # Reads a String or a IO to populate the object
+      # @param [::String,IO] str_or_io
+      # @return [self]
+      def read(str_or_io)
+        if str_or_io.respond_to? :read
+          io = str_or_io
+        else
+          io = StringIO.new(force_binary(str_or_io.to_s))
+        end
+        return self if io.eof?
+
+        self[:type].read io.read(4)
+        self[:block_len].read io.read(4)
+        self[:orig_len].read io.read(4)
+        # Take care of IDB snaplen
+        # CAUTION: snaplen == 0 -> no capture limit
+        if interface and interface.snaplen.to_i > 0
+          data_len = [self[:orig_len].to_i, interface.snaplen.to_i].min
+        else
+          data_len = self[:orig_len].to_i
+        end
+        data_pad_len = (4 - (data_len % 4)) % 4
+        self[:data].read io.read(data_len)
+        io.read data_pad_len
+        self[:block_len2].read io.read(4)
+
+        unless self[:block_len].to_i == self[:block_len2].to_i
+          raise InvalidFileError, 'Incoherency in Simple Packet Block'
+        end
+
+        self
+      end
+
+      # Return the object as a String
+      # @return [String]
+      def to_s
+        pad_field :data
+        recalc_block_len
+        to_a.map(&:to_s).join
+      end
+
+    end
+
+  end
+end

data/lib/packetgen/pcapng/unknown_block.rb

@@ -0,0 +1,80 @@
+module PacketGen
+  module PcapNG
+
+    # {UnknownBlock} is used to handle unsupported blocks of a pcapng file.
+    class UnknownBlock < Struct.new(:type, :block_len, :body, :block_len2)
+      include StructFu
+      include Block
+
+      # @return [:little, :big]
+      attr_accessor :endian
+      # @return [SHB]
+      attr_accessor :section
+
+      # Minimum Iblock size
+      MIN_SIZE     = 12
+
+      # @option options [:little, :big] :endian set block endianness
+      # @option options [Integer] :type
+      # @option options [Integer] :block_len block total length
+      # @option options [::String] :body
+      # @option options [Integer] :block_len2 block total length
+      def initialize(options={})
+        @endian = set_endianness(options[:endian] || :little)
+        init_fields(options)
+        super(options[:type], options[:block_len], options[:body], options[:block_len2])
+      end
+
+      # Used by {#initialize} to set the initial fields
+      # @see #initialize possible options
+      # @param [Hash] options
+      # @return [Hash] return +options+
+      def init_fields(options={})
+        options[:type]  = @int32.new(options[:type] || 0)
+        options[:block_len] = @int32.new(options[:block_len] || MIN_SIZE)
+        options[:body] = StructFu::String.new(options[:body] || '')
+        options[:block_len2] = @int32.new(options[:block_len2] || MIN_SIZE)
+        options
+      end
+
+      # Has this block option?
+      # @return [false]
+      def has_options?
+        false
+      end
+
+     # Reads a String or a IO to populate the object
+      # @param [::String,IO] str_or_io
+      # @return [self]
+      def read(str_or_io)
+        if str_or_io.respond_to? :read
+          io = str_or_io
+        else
+          io = StringIO.new(force_binary(str_or_io.to_s))
+        end
+        return self if io.eof?
+
+        self[:type].read io.read(4)
+        self[:block_len].read io.read(4)
+        self[:body].read io.read(self[:block_len].to_i - MIN_SIZE)
+        self[:block_len2].read io.read(4)
+        
+        unless self[:block_len].to_i == self[:block_len2].to_i
+          raise InvalidFileError, 'Incoherency in Header Block'
+        end
+
+        self
+      end
+
+      # Return the object as a String
+      # @return [String]
+      def to_s
+        pad_field :body
+        recalc_block_len
+        to_a.map(&:to_s).join
+      end
+
+    end
+
+  end
+end