packetgen 2.1.2 → 2.1.3

data/lib/packetgen/types/fields.rb

@@ -60,7 +60,8 @@ module PacketGen
     # * +:builder+ to give a builder/constructor lambda to create field. The lambda
     #   takes one argument: {Fields} subclass object owning field,
     # * +:optional+ to define this field as optional. This option takes a lambda
-    #   parameter used to say if this field is present or not.
+    #   parameter used to say if this field is present or not,
+    # * +:enum+ to define Hash enumeration for an {Enum} type.
     # For example:
     #   # 32-bit integer field defaulting to 1
     #   define_field :type, PacketGen::Types::Int32, default: 1
@@ -71,6 +72,8 @@ module PacketGen
     #   define_field :body_size, PacketGen::Type::Int16
     #   # String field which length is taken from body_size field
     #   define_field :body, PacketGen::Type::String, builder: ->(obj) { PacketGen::Type::String.new('', length_from: obj[:body_size]) }
+    #   # 16-bit enumeration type. As :default not specified, default to first value of enum
+    #   define_field :type_class, PacketGen::Type::Int16Enum, enum: { 'class1' => 1, 'class2' => 2}
     #
     # {.define_field_before} and {.define_field_after} are also defined to relatively
     # create a field from anoher one (for example, when adding a field in a subclass).
@@ -133,16 +136,21 @@ module PacketGen
       # @option options [Lambda] :optional define this field as optional. Given lambda
       #   is used to known if this field is present or not. Parameter to this lambda is
       #   the being defined Field object.
+      # @option options [Hash] :enum mandatory option for an {Enum} type.
+      #   Define enumeration: hash's keys are +String+, and values are +Integer+.
       # @return [void]
       def self.define_field(name, type, options={})
         define = []
-        if type < Types::Int
+        if type < Types::Enum
+          define << "def #{name}; self[:#{name}].to_i; end"
+          define << "def #{name}=(val) self[:#{name}].value = val; end"
+        elsif type < Types::Int
           define << "def #{name}; self[:#{name}].to_i; end"
           define << "def #{name}=(val) self[:#{name}].read val; end"
         elsif type.instance_methods.include? :to_human and
-             type.instance_methods.include? :from_human
-          define << "def #{name}; self[:#{name}].to_human; end"
-          define << "def #{name}=(val) self[:#{name}].from_human val; end"
+           type.instance_methods.include? :from_human
+           define << "def #{name}; self[:#{name}].to_human; end"
+           define << "def #{name}=(val) self[:#{name}].from_human val; end"
         else
           define << "def #{name}; self[:#{name}]; end\n"
           define << "def #{name}=(val) self[:#{name}].read val; end"
@@ -151,8 +159,11 @@ module PacketGen
         define.delete(1) if type.instance_methods.include? "#{name}=".to_sym
         define.delete(0) if type.instance_methods.include? name
         class_eval define.join("\n")
-        @field_defs[name] = [type, options.delete(:default), options.delete(:builder),
-                             options.delete(:optional), options]
+        @field_defs[name] = [type, options.delete(:default),
+                             options.delete(:builder),
+                             options.delete(:optional),
+                             options.delete(:enum),
+                             options]
         @ordered_fields << name
       end
 
@@ -285,14 +296,23 @@ module PacketGen
           default = ary[1].is_a?(Proc) ? ary[1].call : ary[1]
           @fields[field] = if ary[2]
                              ary[2].call(self)
-                           elsif !ary[4].empty?
+                           elsif ary[4]
                              ary[0].new(ary[4])
+                           elsif !ary[5].empty?
+                             ary[0].new(ary[5])
                            else
                              ary[0].new
                            end
 
           value = options[field] || default
-          if ary[0] < Types::Int
+          if ary[0] < Types::Enum
+            case value
+            when ::String
+              @fields[field].value = value
+            else
+              @fields[field].read(value)
+            end
+          elsif ary[0] < Types::Int
             @fields[field].read(value)
           elsif ary[0] <= Types::String
             @fields[field].read(value)

data/lib/packetgen/types/int.rb

@@ -36,6 +36,10 @@ module PacketGen
         @default = default
       end
 
+      # @abstract
+      # Read an Int from a binary string or an integer
+      # @param [Integer, String] value
+      # @return [self]
       def read(value)
         @value = if value.is_a?(Integer)
                    value.to_i

data/lib/packetgen/utils.rb

@@ -0,0 +1,101 @@
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+require_relative 'config'
+require_relative 'utils/arp_spoofer'
+
+module PacketGen
+
+  # Collection of some network utilities.
+  #
+  # This module is not enabled by default. You need to:
+  #  require 'packetgen/utils'
+  # @author Sylvain Daubert
+  # @since 2.1.3
+  module Utils
+
+    # Get local ARP cache
+    # @return [Hash] key: IP address, value: array containing MAC address and
+    #    interface name
+    def self.arp_cache
+      raw_cache = %x(/usr/sbin/arp -an)
+
+      cache = {}
+      raw_cache.split(/\n/).each do |line|
+        match = line.match(/\((\d+\.\d+\.\d+\.\d+)\) at (([a-fA-F0-9]{2}:){5}[a-fA-F0-9]{2})(?: \[ether\])? on (\w+)/)
+        if match
+          cache[match[1]] = [match[2], match[4]]
+        end
+      end
+      
+      cache
+    end
+    
+    # Get MAC address from an IP address, or nil if this IP address is unknown
+    # on local network.
+    # @param [String] ipaddr dotted-octet IP address
+    # @param [Hash] options
+    # @option options [String] :iface interface name. Default to 
+    #   {PacketGen.default_iface}
+    # @option options [Boolean] :no_cache if +true+, do not query local ARP
+    #   cache and always send an ARP request on wire. Default to +false+
+    # @option options [Integer] :timeout timeout in seconds before stopping
+    #   request. Default to 2.
+    # @return [String,nil]
+    def self.arp(ipaddr, options={})
+      unless options[:no_cache]
+        local_cache = self.arp_cache
+        return local_cache[ipaddr].first if local_cache.has_key? ipaddr
+      end
+
+      iface = options[:iface] || PacketGen.default_iface
+      timeout = options[:timeout] || 1
+      my_hwaddr = Config.instance.hwaddr(iface)
+      arp_pkt = Packet.gen('Eth', dst: 'ff:ff:ff:ff:ff:ff', src: my_hwaddr)
+      arp_pkt.add('ARP', sha: @config.hwaddr, spa: @config.ipaddr, tpa: ipaddr)
+      
+      capture = Capture.new(iface: iface, timeout: timeout, max: 1,
+                            filter: "arp src #{ipaddr} and ether dst #{my_hwaddr}")
+      cap_thread = Thread.new do
+        capture.start
+      end
+
+      arp_pkt.to_w(iface)
+      cap_thread.join
+      
+      if capture.packets.size > 0
+        capture.packets.each do |pkt|
+          if pkt.arp.spa.to_s == ipaddr
+            break pkt.arp.sha.to_s
+          end
+        end
+      else
+        nil
+      end
+    end
+    
+    # Do ARP spoofing on given IP address. Call to this method blocks.
+    # @note This method is provided for test purpose.
+    # For more control, see {ARPSpoofer} class.
+    # @param [String] target_ip target IP address
+    # @param [String] spoofed_ip IP address to spoofed_ip
+    # @param [Hash] options
+    # @option options [String] :mac MAC address used to poison target
+    #   ARP cache. Default to local MAC address.
+    # @option options [Integer,nil] :for_seconds number of seconds to do ARP spoofing.
+    #   If not defined, spoof forever.
+    # @option options [Float,Integer] :interval number of seconds between 2
+    #   ARP packets (default: 1.0).
+    # @option options [String] :iface interface to use. Default to
+    #   {PacketGen.default_iface}
+    # @return [void]
+    def self.arp_spoof(target_ip, spoofed_ip, options={})
+      interval = options[:interval] || 1.0
+      as = ARPSpoofer.new(for_seconds: options[:for_seconds], interval: interval,
+                          iface: options[:iface])
+      as.start(target_ip, spoofed_ip, mac: options[:mac])
+      as.wait
+    end
+  end
+end

data/lib/packetgen/utils/arp_spoofer.rb

@@ -0,0 +1,191 @@
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+require 'thread'
+
+module PacketGen
+  module Utils
+
+    # @note This class is provided for test purpose.
+    # Utility class to make ARP spoofing.
+    #   spoofer = PacketGen::Utils::ARPSpoofer.new
+    #   # start an ARP spoof: send forged ARP packets to target to spoof spoofed_ip
+    #   spoofer.start target_ip, spoofed_ip
+    #   # start another ARP spoof. Say to target2 spoofed_ip has given MAC address
+    #   spoofer.start target2_ip, spoofed_ip, mac: '00:00:00:00:00:01'
+    #   # stop spoofing on target2
+    #   spoofer.stop target2_ip
+    #   # stop all spoofings
+    #   spoofer.stop_all
+    # @author Sylvain Daubert
+    # @since 2.1.3
+    class ARPSpoofer
+
+      # @param [Integer,Float,nil] timeout spoof will happen for this amount
+      #  of time
+      # @param [Integer,Float] interval time between 2 ARP packets
+      # @param [String,nil] iface network interface on which do spoofing.
+      #  Defaults to {PacketGen.default_iface}
+      def initialize(timeout: nil, interval: 1.0, iface: nil)
+        @timeout = timeout
+        @timeout = @timeout.to_f if @timeout
+        @interval = interval
+        @iface = iface || PacketGen.default_iface
+        @targets = {}
+        @arp_packets = {}
+        @spoof_thread = nil
+        @queue = Queue.new
+      end
+
+      # Add a target to spoofer, without starting attack. Spoofing should
+      # be enabled with {#start_all}.
+      # @param [String] target_ip target IP address
+      # @param [String] spoofed_ip spoofed IP address
+      # @param [Hash] options
+      # @option options [String] :mac attacker's MAC address. Defaults to
+      #  local MAC address.
+      # @option options [String] :target_mac target MAC address. If not given,
+      #  an ARP request is made to get it.
+      # @return [void]
+      def add(target_ip, spoofed_ip, options={})
+        @targets[target_ip] = options.merge({spoofed_ip: spoofed_ip, active: false})
+      end
+
+      # Remove target from spoofer.
+      # @param [String] target_ip target IP address
+      # @return [void]
+      def remove(target_ip)
+        @targets.delete target_ip
+        @arp_packets.delete target_ip
+      end
+
+      # Get registered targets (all targets, registered with {#add} and {#start})
+      # @return [Array<String>] list of target IP addresses
+      def registered_targets
+        @targets.keys
+      end
+
+      # Get active targets (registered with {#start}, or all after using
+      # {#start_all})
+      # @return [Array<String>] list of target IP addresses
+      def active_targets
+        @arp_packets.keys
+      end
+
+      # Start spoofing on given target
+      # @param [String] target_ip target IP address
+      # @param [String] spoofed_ip spoofed IP address
+      # @param [Hash] options
+      # @option options [String] :mac attacker's MAC address. Defaults to
+      #  local MAC address.
+      # @option options [String] :target_mac target MAC address. If not given,
+      #  an ARP request is made to get it.
+      # @return [void]
+      def start(target_ip, spoofed_ip, options={})
+        add target_ip, spoofed_ip, options
+        activate target_ip
+      end
+
+      # Stop spoofing on given target
+      # @param [String] target_ip target IP address
+      # @return [void]
+      def stop(target_ip)
+        deactivate target_ip
+        remove target_ip
+      end
+
+      # Start spoofing on all targets added with {#add}.
+      # @return [void]
+      def start_all
+        @targets.each do |target_ip, _|
+          activate target_ip
+        end
+      end
+      
+      # Stop spoofing on all targets.
+      # @return [void]
+      def stop_all
+        @targets.each do |target_ip, _|
+          deactivate target_ip
+        end
+      end
+
+      # Say if spoofing on given target is active or not
+      # @param [String] target_ip target IP address
+      # @return [Boolean,nil]
+      def active?(target_ip)
+        if @targets.has_key?(target_ip)
+          @targets[target_ip][:active]
+        else
+          nil
+        end
+      end
+
+      # Wait for spoofing to finish. Wait forever if no +timeout+ options
+      # was set on {#initialize}.
+      def wait
+        @spoof_thread.join
+      end
+
+      private
+
+      # Activate spoofing for given target
+      # @param [String] target_ip
+      # @return [void]
+      def activate(target_ip)
+        @arp_packets[target_ip] = make_arp_packet(target_ip)
+        @queue << @arp_packets.values
+        unless @spoof_thread
+          create_spoof_thread
+        end
+        @targets[target_ip][:active] = true
+      end
+      
+      # Create spoof thread
+      def create_spoof_thread
+        @spoof_thread = Thread.new(@queue, @iface, @timeout, @interval) do |queue, iface, timeout, interval|
+          while timeout.nil? or timeout > 0.0 do
+            packets = queue.pop unless queue.empty?
+            send_packets_on_wire packets
+            timeout -= interval if timeout
+            sleep interval
+          end
+        end
+      end
+
+      # send packets on wire
+      def send_packets_on_wire(packets)
+        packets.each { |pkt| pkt.to_w(iface) }
+      end
+
+      # Deactivate spoofing for given target
+      # @param [String] target_ip
+      # @return [void]
+      def deactivate(target_ip)
+        @arp_packets.delete target_ip
+        if @arp_packets.empty?
+          @spoof_thread.kill
+          @spoof_thread = nil
+        else
+          @queue << @arp_packets.values
+        end
+        @targets[target_ip][:active] = false
+      end
+
+      # Create ARP packet to spoof given target
+      # @param [String] target_ip
+      # @return [Packet]
+      def make_arp_packet(target_ip)
+        params = @targets[target_ip]
+        mac = params[:mac] || Config.instance.hwaddr(@iface)
+
+        target_mac = params[:target_mac] || Utils.arp(target_ip)
+
+        Packet.gen('Eth', dst: target_mac, src: mac).
+               add('ARP', op: 'reply', sha: mac, spa: params[:spoofed_ip],
+                   tha: target_mac, tpa: target_ip)
+      end
+    end
+  end
+end

data/lib/packetgen/version.rb

@@ -8,5 +8,5 @@
 # @author Sylvain Daubert
 module PacketGen
   # PacketGen version
-  VERSION = '2.1.2'
+  VERSION = '2.1.3'
 end

data/packetgen.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'rasn1', '~>0.3', '>= 0.3.1'
 
   spec.add_development_dependency 'bundler', '~> 1.7'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '~> 12.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'simplecov', '~> 0.12'
   spec.add_development_dependency 'yard', '~> 0.9'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: packetgen
 version: !ruby/object:Gem::Version
-  version: 2.1.2
+  version: 2.1.3
 platform: ruby
 authors:
 - Sylvain Daubert
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-09-30 00:00:00.000000000 Z
+date: 2017-11-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pcaprub
@@ -78,14 +78,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -206,12 +206,15 @@ files:
 - lib/packetgen/proto.rb
 - lib/packetgen/types.rb
 - lib/packetgen/types/array.rb
+- lib/packetgen/types/enum.rb
 - lib/packetgen/types/fields.rb
 - lib/packetgen/types/int.rb
 - lib/packetgen/types/int_string.rb
 - lib/packetgen/types/oui.rb
 - lib/packetgen/types/string.rb
 - lib/packetgen/types/tlv.rb
+- lib/packetgen/utils.rb
+- lib/packetgen/utils/arp_spoofer.rb
 - lib/packetgen/version.rb
 - packetgen.gemspec
 homepage: https://github.com/sdaubert/packetgen