packetgen 1.3.0 → 1.4.0

data/lib/packetgen/header/esp.rb

@@ -48,14 +48,14 @@ module PacketGen
     #  
     #  # encrypt ESP payload
     #  cipher = OpenSSL::Cipher.new('aes-128-gcm')
-    #  cipher.encrypt
+    #  cipher.encrypt!
     #  cipher.key = 16bytes_key
     #  iv = 8bytes_iv
     #  esp.esp.encrypt! cipher, iv, salt: 4bytes_gcm_salt
     #
     # === Decrypt a ESP packet using CBC mode and HMAC-SHA-256
     #  cipher = OpenSSL::Cipher.new('aes-128-cbc')
-    #  cipher.decrypt
+    #  cipher.decrypt!
     #  cipher.key = 16bytes_key
     #  
     #  hmac = OpenSSL::HMAC.new(hmac_key, OpenSSL::Digest::SHA256.new)

data/lib/packetgen/header/eth.rb

@@ -21,7 +21,7 @@ module PacketGen
     #  pkt.eth   # => PacketGen::Header::Eth
     #
     # == Ethernet attributes
-    #  eth.dst = "00:01:02:03:04:05'
+    #  eth.dst = "00:01:02:03:04:05"
     #  eth.src        # => "00:01:01:01:01:01"
     #  eth[:src]      # => PacketGen::Header::Eth::MacAddr
     #  eth.ethertype  # => 16-bit Integer
@@ -77,13 +77,6 @@ module PacketGen
         end
       end
 
-      # @private snap length for PCAPRUB
-      PCAP_SNAPLEN = 0xffff
-      # @private promiscuous (or not) for PCAPRUB
-      PCAP_PROMISC = false
-      # @private timeout for PCAPRUB
-      PCAP_TIMEOUT = 1
-
       # @!attribute dst
       #  @return [MacAddr] Destination MAC address
       define_field :dst, MacAddr, default: '00:00:00:00:00:00'

data/lib/packetgen/header/ip.rb

@@ -107,6 +107,9 @@ module PacketGen
         end
       end
 
+      # IP Ether type
+      ETHERTYPE = 0x0800
+
       # @!attribute u8
       #  First byte of IP header. May be accessed through {#version} and {#ihl}.
       #  @return [Integer] first byte of IP header.
@@ -153,7 +156,7 @@ module PacketGen
       # @!attribute flag_df
       #   @return [Boolean] Don't Fragment flag 
       # @!attribute flag_mf
-      #   @return [Boolena] More Fragment flags
+      #   @return [Boolean] More Fragment flags
       # @!attribute fragment_offset
       #   @return [Integer] 13-bit fragment offset
       define_bit_fields_on :frag, :flag_rsv, :flag_df, :flag_mf, :fragment_offset, 13
@@ -222,11 +225,19 @@ module PacketGen
         end
         str
       end
+
+      # Check version field
+      # @see [Base#parse?]
+      def parse?
+        version == 4
+      end
     end
 
     self.add_class IP
 
-    Eth.bind_header IP, ethertype: 0x800
+    Eth.bind_header IP, ethertype: IP::ETHERTYPE
+    SNAP.bind_header IP, proto_id: IP::ETHERTYPE
+    Dot1q.bind_header IP, ethertype: IP::ETHERTYPE
     IP.bind_header IP, protocol: 4
   end
 end

data/lib/packetgen/header/ipv6.rb

@@ -114,6 +114,9 @@ module PacketGen
         end
       end
 
+      # IPv6 Ether type
+      ETHERTYPE = 0x86dd
+
       # @!attribute u32
       #  First 32-bit word of IPv6 header
       #  @return [Integer]
@@ -212,11 +215,19 @@ module PacketGen
         end
         str
       end
+
+      # Check version field
+      # @see [Base#parse?]
+      def parse?
+        version == 6
+      end
     end
 
     self.add_class IPv6
 
-    Eth.bind_header IPv6, ethertype: 0x86DD
+    Eth.bind_header IPv6, ethertype: IPv6::ETHERTYPE
+    SNAP.bind_header IPv6, proto_id: IPv6::ETHERTYPE
+    Dot1q.bind_header IPv6, ethertype: IPv6::ETHERTYPE
     IP.bind_header IPv6, protocol: 41    # 6to4
   end
 end

data/lib/packetgen/header/llc.rb

@@ -0,0 +1,56 @@
+# coding: utf-8
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+module PacketGen
+  module Header
+
+    # Logical-Link Control header
+    #
+    # A LLC header consists of:
+    # * a {#dsap} ({Types::Int8}),
+    # * a {#ssap} ({Types::Int8}),
+    # * a {#control} ({Types::Int8}),
+    # * and a {#body} (a {Types::String} or another {Base} class).
+    # @author Sylvain Daubert
+    class LLC < Base
+      # @!attribute dsap
+      #  @return [Integer] 8-bit dsap value
+      define_field :dsap, Types::Int8
+      # @!attribute ssap
+      #  @return [Integer] 8-bit ssap value
+      define_field :ssap, Types::Int8
+      # @!attribute control
+      #  @return [Integer] 8-bit control value
+      define_field :control, Types::Int8
+      # @!attribute body
+      #  @return [Types::String,Header::Base]
+      define_field :body, Types::String
+    end
+    self.add_class LLC
+    Dot11::Data.bind_header LLC, op: :and, type: 2, :wep? => false
+
+    # Sub-Network Access Protocol
+    #
+    # A SNAP header consists of:
+    # * a {#oui} ({Types::OUI}),
+    # * a {#proto_id} ({Types::Int16}),
+    # * and a {#body} (a {Types::String} or another {Base} class).
+    # @author Sylvain Daubert
+    class SNAP < Base
+      # @!attribute oui
+      #  @return [Types::OUI]
+      define_field :oui, Types::OUI
+      # @!attribute proto_id
+      #  @return [Integer] 16-bit protocol id
+      define_field :proto_id, Types::Int16
+      # @!attribute body
+      #  @return [Types::String,Header::Base]
+      define_field :body, Types::String
+    end
+    self.add_class SNAP
+    LLC.bind_header SNAP, op: :and, dsap: 170, ssap: 170, control: 3
+  end
+end

data/lib/packetgen/inspect.rb

@@ -57,7 +57,7 @@ module PacketGen
     # @param [#to_s] body
     # @return [String]
     def self.inspect_body(body)
-      return '' if body.nil?
+      return '' if body.nil? or body.empty?
       str = dashed_line('Body', 2)
       str << (0..15).to_a.map { |v| " %02d" % v}.join << "\n"
       str << '-' * INSPECT_MAX_WIDTH << "\n"

data/lib/packetgen/packet.rb

@@ -319,11 +319,14 @@ module PacketGen
       if prev_header
         bindings = prev_header.class.known_headers[header.class]
         if bindings.nil?
-          msg = "#{prev_header.class} knowns no layer association with #{protocol}. "
-          msg << "Try #{prev_header.class}.bind_layer(PacketGen::Header::#{protocol}, "
-          msg << "#{prev_header.protocol_name.downcase}_proto_field: "
-          msg << "value_for_#{protocol.downcase})"
-          raise ArgumentError, msg
+          bindings = prev_header.class.known_headers[header.class.superclass]
+          if bindings.nil?
+            msg = "#{prev_header.class} knowns no layer association with #{protocol}. "
+            msg << "Try #{prev_header.class}.bind_layer(PacketGen::Header::#{protocol}, "
+            msg << "#{prev_header.protocol_name.downcase}_proto_field: "
+            msg << "value_for_#{protocol.downcase})"
+            raise ArgumentError, msg
+          end
         end
         bindings.set(prev_header) if !bindings.empty? and !parsing
         prev_header[:body] = header
@@ -359,8 +362,9 @@ module PacketGen
         last_known_hdr = @headers.last
         search_header(last_known_hdr) do |nh|
           str = last_known_hdr.body
-          add_header nh.new, parsing: true
-          @headers[-1, 1] = @headers.last.read(str)
+          nheader = nh.new
+          nheader = nheader.read(str)
+          add_header nheader, parsing: true
         end
         decode_packet_bottom_up = (@headers.last != last_known_hdr)
       end
@@ -368,7 +372,7 @@ module PacketGen
 
     def search_header(hdr)
       hdr.class.known_headers.each do |nh, bindings|
-        if bindings.check?(hdr)
+        if bindings.check?(hdr) and hdr.parse?
           yield nh
           break
         end

data/lib/packetgen/pcapng.rb

@@ -21,6 +21,17 @@ module PacketGen
 
     # IEEE 802.3 Ethernet (10Mb, 100Mb, 1000Mb, and up)
     LINKTYPE_ETHERNET = 1
+    # Raw IP; the packet begins with an IPv4 or IPv6 header, with the "version"
+    # field of the header indicating whether it's an IPv4 or IPv6 header.
+    LINKTYPE_RAW = 101
+    # IEEE 802.11 wireless LAN
+    LINKTYPE_IEEE802_11 = 105
+    # RadioTap link layer informations + IEEE 802.11 wireless LAN
+    LINKTYPE_IEEE802_11_RADIOTAP = 127
+    # Per-Packet Information information, as specified by the Per-Packet Information
+    # Header Specification, followed by a packet with the LINKTYPE_ value specified
+    # by the +pph_dlt+ field of that header.
+    LINKTYPE_PPI = 192
     # Raw IPv4; the packet begins with an IPv4 header.
     LINKTYPE_IPV4 = 228
     # Raw IPv6; the packet begins with an IPv6 header.

data/lib/packetgen/pcapng/file.rb

@@ -12,9 +12,12 @@ module PacketGen
       # Known link types
       KNOWN_LINK_TYPES = {
         LINKTYPE_ETHERNET => 'Eth',
+        LINKTYPE_IEEE802_11 => 'Dot11',
+        LINKTYPE_IEEE802_11_RADIOTAP => 'RadioTap',
+        LINKTYPE_PPI => 'PPI',
         LINKTYPE_IPV4 => 'IP',
         LINKTYPE_IPV6 => 'IPv6'
-      }
+      }.freeze
 
       # Get file sections
       # @return [Array]
@@ -74,7 +77,7 @@ module PacketGen
         end
       end
 
-      # Give an array of parsed packets (raw data from packets).
+      # Give an array of raw packets (raw data from packets).
       # If a block is given, yield raw packet data from the given file.
       # @overload read_packet_bytes(fname)
       #  @param [String] fname pcapng file name

data/lib/packetgen/types.rb

@@ -11,3 +11,4 @@ require_relative 'types/int_string'
 require_relative 'types/fields'
 require_relative 'types/array'
 require_relative 'types/tlv'
+require_relative 'types/oui'

data/lib/packetgen/types/fields.rb

@@ -6,8 +6,84 @@
 module PacketGen
   module Types
 
-    # @abstract
-    # Set of fields
+    # @abstract Set of fields
+    # This class is a base class to define headers or anything else with a binary
+    # format containing multiple fields.
+    #
+    # == Basics
+    # A {Fields} subclass is generaly composed of multiple binary fields. These fields
+    # have each a given type. All types from {Types} module are supported, and all
+    # {Fields} subclasses may also be used as field type.
+    #
+    # To define a new subclass, it has to inherit from {Fields}. And some class
+    # methods have to be used to declare attributes/fields:
+    #   class MyBinaryStructure < PacketGen::Types::Fields
+    #     # define a first Int8 attribute, with default value: 1
+    #     define_field :attr1, PacketGen::Types::Int8, default: 1
+    #     #define a second attribute, of kind Int32
+    #     define_field :attr2, PacketGen::Types::Int32
+    #   end
+    #
+    # These defintions create 4 methods: +#attr1+, +#attr1=+, +#attr2+ and +#attr2=+.
+    # All these methods take and/or return Integers.
+    #
+    # Fields may also be accessed through {#[]} ans {#[]=}. These methods give access
+    # to type object:
+    #   mybs = MyBinaryStructure.new
+    #   mybs.attr1     # => Integer
+    #   mybs[:attr1]   # => PacketGen::Types::Int8
+    #
+    # {#initialize} accepts an option hash to populate attributes. Keys are attribute
+    # name symbols, and values are those expected by writer accessor.
+    #
+    # {#read} is able to populate object from a binary string.
+    #
+    # {#to_s} returns binary string from object.
+    #
+    # == Add Fields
+    # {.define_field} adds a field to Fields subclass. A lot of field types may be
+    # defined: integer types, string types (to handle a stream of bytes). More
+    # complex field types may be defined using others Fields subclasses:
+    #   # define a 16-bit little-endian integer field, named type
+    #   define_field :type, PacketGen::Types::Int16le
+    #   # define a string field
+    #   define_field :body, PacketGen::Types::String
+    #   # define afield using a complex type (Fields subclass)
+    #   define_field :mac_addr, PacketGen::Eth::MacAddr
+    #
+    # This example creates six methods on our Fields subclass: +#type+, +#type=+,
+    # +#body+, +#body=+, +#mac_addr+ and +#mac_addr=+.
+    #
+    # {.define_field} has many options (third optional Hash argument):
+    # * +:default+ gives default field value. It may be a simple value (an Integer
+    #   for an Int field, for example) or a lambda,
+    # * +:builder+ to give a builder/constructor lambda to create field. The lambda
+    #   takes one argument: {Fields} subclass object owning field.
+    # For example:
+    #   # 32-bit integer field defaulting to 1
+    #   define_field :type, PacketGen::Types::Int32, default: 1
+    #   # 16-bit integer field, created with a random value. Each instance of this
+    #   # object will have a different value.
+    #   define_field :id, PacketGen::Types::Int16, default: ->{ rand(65535) }
+    #   # a size field
+    #   define_field :body_size, PacketGen::Type::Int16
+    #   # String field which length is taken from body_size field
+    #   define_field :body, PacketGen::Type::String, builder: ->(obj) { PacketGen::Type::String.new('', length_from: obj[:body_size]) }
+    #
+    # {.define_field_before} and {.define_field_after} are also defined to relatively
+    # create a field from anoher one (for example, when adding a field in a subclass).
+    # == Generating bit fields
+    # {.define_bit_fields_on} creates a bit field on a previuously declared integer
+    # field. For example, +frag+ field in IP header:
+    #   define_field :frag, Types::Int16, default: 0
+    #   define_bit_fields_on :frag, :flag_rsv, :flag_df, :flag_mf, :fragment_offset, 13
+    #
+    # This example generates methods:
+    # * +#frag+ and +#frag=+ to access +frag+ field as a 16-bit integer,
+    # * +#flag_rsv?+, +#flag_rsv=+, +#flag_df?+, +#flag_df=+, +#flag_mf?+ and +#flag_mf=+
+    #   to access Boolean RSV, MF and DF flags from +frag+ field,
+    # * +#fragment_offset+ and +#fragment_offset=+ to access 13-bit integer fragment
+    #   offset subfield from +frag+ field.
     # @author Sylvain Daubert
     class Fields
 
@@ -187,7 +263,7 @@ module PacketGen
 
       # Create a new header object
       # @param [Hash] options Keys are symbols. They should have name of object
-      #   attributes, as defined by {.define_field} and by {.define_bit_field}.
+      #   attributes, as defined by {.define_field} and by {.define_bit_fields_on}.
       def initialize(options={})
         @fields = {}
         self.class.class_eval { @field_defs }.each do |field, ary|
@@ -235,12 +311,6 @@ module PacketGen
         @ordered_fields ||= self.class.class_eval { @ordered_fields }
       end
 
-      # Return header protocol name
-      # @return [String]
-      def protocol_name
-        self.class.to_s.sub(/.*::/, '')
-      end
-
       # Populate object from a binary string
       # @param [String] str
       # @return [Fields] self
@@ -283,7 +353,7 @@ module PacketGen
         fields.map { |f| force_binary @fields[f].to_s }.join
       end
 
-      # Size of object as binary strinf
+      # Size of object as binary string
       # @return [nteger]
       def sz
         to_s.size

data/lib/packetgen/types/int_string.rb

@@ -59,7 +59,7 @@ module PacketGen
         @length.read @string.length
       end
 
-      # Give binary string length
+      # Give binary string length (including +length+ field)
       # @return [Integer]
       def sz
         to_s.size

data/lib/packetgen/types/oui.rb

@@ -0,0 +1,48 @@
+# coding: utf-8
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+module PacketGen
+  module Types
+
+    # OUI type, defined as a set of 3 bytes
+    #  oui = OUI.new
+    #  oui.from_human('00:01:02')
+    #  oui.to_human   # => "00:01:02"
+    #@author Sylvain Daubert
+    class OUI < Types::Fields
+      # @attribute b2
+      #  @return [Integer] left-most byte
+      define_field :b2, Types::Int8
+      # @attribute b1
+      #  @return [Integer] center byte
+      define_field :b1, Types::Int8
+      # @attribute b0
+      #  @return [Integer] right-most byte
+      define_field :b0, Types::Int8
+
+      # Read a human-readable string to populate object
+      # @param [String] str
+      # @return [OUI] self
+      def from_human(str)
+        return self if str.nil?
+        bytes = str.split(/:/)
+        unless bytes.size == 3
+          raise ArgumentError, 'not a OUI'
+        end
+        self[:b2].read(bytes[0].to_i(16))
+        self[:b1].read(bytes[1].to_i(16))
+        self[:b0].read(bytes[2].to_i(16))
+        self
+      end
+
+      # Get OUI in human readable form (colon-separated bytes)
+      # @return [String]
+      def to_human
+        fields.map { |m| "#{'%02x' % self[m]}" }.join(':')
+      end
+    end
+  end
+end

data/lib/packetgen/types/string.rb

@@ -7,15 +7,15 @@
 module PacketGen
   module Types
 
-    # This class is just like regular String. It only adds #read and #sz methods
+    # This class is just like regular String. It only adds {#read} and {#sz} methods
     # to be compatible with others {Types}.
     # @author Sylvain Daubert
     class String < ::String
 
       # @param [String] str
       # @param [Hash] options
-      # @option options [Types::Int] :length_from object from which takes length when
-      #   reading
+      # @option options [Types::Int,Proc] :length_from object or proc from which
+      #   takes length when reading
       def initialize(str='', options={})
         super(str)
         @length_from = options[:length_from]
@@ -25,7 +25,12 @@ module PacketGen
       # @return [String] self
       def read(str)
         s = str.to_s
-        s = s[0, @length_from.to_i] unless @length_from.nil?
+        s = case @length_from
+            when Int
+              s[0, @length_from.to_i]
+            else
+              s
+            end
         self.replace s
         self
       end