packetgen 3.1.1 → 3.1.6

data/lib/packetgen/pcap.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+require_relative 'pcaprub_wrapper'
+
+module PacketGen
+  # Module to read PCAP files
+  # @author Sylvain Daubert
+  # @api private
+  # @since 3.1.4
+  module Pcap
+    # Read a PCAP file
+    # @param [String] filename
+    # @return [Array<Packet>]
+    # @author Kent Gruber
+    def self.read(filename)
+      packets = []
+      PCAPRUBWrapper.read_pcap(filename: filename) do |packet|
+        next unless (packet = PacketGen.parse(packet.to_s))
+
+        packets << packet
+      end
+      packets
+    end
+  end
+end

data/lib/packetgen/pcapng.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of PacketGen
 # See https://github.com/sdaubert/packetgen for more informations
 # Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 require 'stringio'
 
 module PacketGen
@@ -13,13 +13,13 @@ module PacketGen
   # @author Sylvain Daubert
   module PcapNG
     # Section Header Block type number
-    SHB_TYPE = Types::Int32.new(0x0A0D0D0A, :little)
+    SHB_TYPE = Types::Int32.new(0x0A0D0D0A, :little).freeze
     # Interface Description Block type number
-    IDB_TYPE = Types::Int32.new(1, :little)
+    IDB_TYPE = Types::Int32.new(1, :little).freeze
     # Simple Packet Block type number
-    SPB_TYPE = Types::Int32.new(3, :little)
+    SPB_TYPE = Types::Int32.new(3, :little).freeze
     # Enhanced Packet Block type number
-    EPB_TYPE = Types::Int32.new(6, :little)
+    EPB_TYPE = Types::Int32.new(6, :little).freeze
 
     # IEEE 802.3 Ethernet (10Mb, 100Mb, 1000Mb, and up)
     LINKTYPE_ETHERNET = 1
@@ -46,10 +46,10 @@ module PacketGen
   end
 end
 
-require_relative 'pcapng/block.rb'
-require_relative 'pcapng/unknown_block.rb'
-require_relative 'pcapng/shb.rb'
-require_relative 'pcapng/idb.rb'
-require_relative 'pcapng/epb.rb'
-require_relative 'pcapng/spb.rb'
-require_relative 'pcapng/file.rb'
+require_relative 'pcapng/block'
+require_relative 'pcapng/unknown_block'
+require_relative 'pcapng/shb'
+require_relative 'pcapng/idb'
+require_relative 'pcapng/epb'
+require_relative 'pcapng/spb'
+require_relative 'pcapng/file'

data/lib/packetgen/pcapng/block.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of PacketGen
 # See https://github.com/sdaubert/packetgen for more informations
 # Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen
   module PcapNG
     # @abstract Base class for all block types
@@ -34,7 +34,7 @@ module PacketGen
       # @return [Boolean]
       # @since 2.7.0
       def options?
-        @fields.key?(:options) && @fields[:options].sz > 0
+        @fields.key?(:options) && @fields[:options].sz.positive?
       end
 
       # Calculate block length and update :block_len and block_len2 fields
@@ -49,9 +49,9 @@ module PacketGen
       # @return [void]
       def pad_field(*fields)
         fields.each do |field|
-          unless (@fields[field].sz % 4).zero?
-            @fields[field] << "\x00" * (4 - (@fields[field].sz % 4))
-          end
+          obj = @fields[field]
+          pad_size = (obj.sz % 4).zero? ? 0 : (4 - (obj.sz % 4))
+          obj << "\x00" * pad_size
         end
       end
 
@@ -61,10 +61,8 @@ module PacketGen
       # Must be called by all subclass #initialize method.
       # @param [:little, :big] endian
       # @return [:little, :big] returns endian
-      def set_endianness(endian)
-        unless %i[little big].include? endian
-          raise ArgumentError, "unknown endianness for #{self.class}"
-        end
+      def endianness(endian)
+        raise ArgumentError, "unknown endianness for #{self.class}" unless %i[little big].include?(endian)
 
         @endian = endian
         @fields.each { |_f, v| v.endian = endian if v.is_a?(Types::Int) }
@@ -72,9 +70,24 @@ module PacketGen
       end
 
       def check_len_coherency
-        unless self.block_len == self.block_len2
-          raise InvalidFileError, 'Incoherency in Block length'
-        end
+        raise InvalidFileError, 'Incoherency in Block length' unless self.block_len == self.block_len2
+      end
+
+      def to_io(str_or_io)
+        return str_or_io if str_or_io.respond_to? :read
+
+        StringIO.new(force_binary(str_or_io.to_s))
+      end
+
+      def remove_padding(io, data_len)
+        data_pad_len = (4 - (data_len % 4)) % 4
+        io.read data_pad_len
+        data_pad_len
+      end
+
+      def read_blocklen2_and_check(io)
+        self[:block_len2].read io.read(4)
+        check_len_coherency
       end
     end
   end

data/lib/packetgen/pcapng/epb.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of PacketGen
 # See https://github.com/sdaubert/packetgen for more informations
 # Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen
   module PcapNG
     # {EPB} represents a Enhanced Packet Block (EPB) of a pcapng file.
@@ -73,7 +73,7 @@ module PacketGen
       # @option options [Integer] :block_len2 block total length
       def initialize(options={})
         super
-        set_endianness(options[:endian] || :little)
+        endianness(options[:endian] || :little)
         recalc_block_len
         self.type = options[:type] || PcapNG::EPB_TYPE.to_i
       end
@@ -82,29 +82,16 @@ module PacketGen
       # @param [::String,IO] str_or_io
       # @return [self]
       def read(str_or_io)
-        io = if str_or_io.respond_to? :read
-               str_or_io
-             else
-               StringIO.new(force_binary(str_or_io.to_s))
-             end
+        io = to_io(str_or_io)
         return self if io.eof?
 
-        self[:type].read io.read(4)
-        self[:block_len].read io.read(4)
-        self[:interface_id].read io.read(4)
-        self[:tsh].read io.read(4)
-        self[:tsl].read io.read(4)
-        self[:cap_len].read io.read(4)
-        self[:orig_len].read io.read(4)
+        %i[type block_len interface_id tsh tsl cap_len orig_len].each do |attr|
+          self[attr].read io.read(self[attr].sz)
+        end
         self[:data].read io.read(self.cap_len)
-        data_pad_len = (4 - (self[:cap_len].to_i % 4)) % 4
-        io.read data_pad_len
-        options_len = self.block_len - self.cap_len - data_pad_len
-        options_len -= MIN_SIZE
-        self[:options].read io.read(options_len)
-        self[:block_len2].read io.read(4)
+        read_options(io)
+        read_blocklen2_and_check(io)
 
-        check_len_coherency
         self
       end
 
@@ -114,6 +101,16 @@ module PacketGen
         Time.at((self.tsh << 32 | self.tsl) * ts_resol)
       end
 
+      # Set timestamp from a Time object
+      # @param [Time] time
+      # @return [Time] time
+      def timestamp=(time)
+        tstamp = (time.to_r / ts_resol).to_i
+        self.tsh = (tstamp & 0xffffffff00000000) >> 32
+        self.tsl = tstamp & 0xffffffff
+        time
+      end
+
       # Return the object as a String
       # @return [String]
       def to_s
@@ -131,6 +128,12 @@ module PacketGen
           @interface.ts_resol
         end
       end
+
+      def read_options(io)
+        data_pad_len = remove_padding(io, self.cap_len)
+        options_len = self.block_len - self.cap_len - data_pad_len - MIN_SIZE
+        self[:options].read io.read(options_len)
+      end
     end
   end
 end

data/lib/packetgen/pcapng/file.rb

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
+
 # This file is part of PacketGen
 # See https://github.com/sdaubert/packetgen for more informations
 # Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen
   module PcapNG
     # PcapNG::File is a complete Pcap-NG file handler.
@@ -20,6 +20,15 @@ module PacketGen
         LINKTYPE_IPV6 => 'IPv6'
       }.freeze
 
+      # @private
+      BLOCK_TYPES = Hash[
+        PcapNG.constants(false).select { |c| c.to_s.include?('_TYPE') }.map do |c|
+          type_value = PcapNG.const_get(c).to_i
+          klass = PcapNG.const_get(c.to_s[0..-6]) # @todo use delete_suffix('_TYPE') when support for Ruby 2.4 will stop
+          [type_value, klass]
+        end
+      ].freeze
+
       # Get file sections
       # @return [Array]
       attr_accessor :sections
@@ -57,24 +66,15 @@ module PacketGen
       # @return [Integer] return number of yielded blocks (only if a block is given)
       # @raise [ArgumentError] cannot read +fname+
       def readfile(fname, &blk)
-        unless ::File.readable?(fname)
-          raise ArgumentError, "cannot read file #{fname}"
-        end
-
-        ::File.open(fname, 'rb') do |f|
-          parse_section(f) until f.eof?
-        end
+        raise ArgumentError, "cannot read file #{fname}" unless ::File.readable?(fname)
 
+        ::File.open(fname, 'rb') { |f| parse_section(f) until f.eof? }
         return unless blk
 
         count = 0
-        @sections.each do |section|
-          section.interfaces.each do |intf|
-            intf.packets.each do |pkt|
-              count += 1
-              yield pkt
-            end
-          end
+        each_packet_with_interface do |pkt, _itf|
+          count += 1
+          yield pkt
         end
         count
       end
@@ -91,12 +91,10 @@ module PacketGen
       #  @return [Integer] number of packets
       # @raise [ArgumentError] cannot read +fname+
       def read_packet_bytes(fname, &blk)
-        count = 0
         packets = [] unless blk
 
-        readfile(fname) do |packet|
+        count = readfile(fname) do |packet|
           if blk
-            count += 1
             yield packet.data.to_s, packet.interface.link_type
           else
             packets << packet.data.to_s
@@ -117,19 +115,11 @@ module PacketGen
       #  @return [Integer] number of packets
       # @raise [ArgumentError] cannot read +fname+
       def read_packets(fname, &blk)
-        count = 0
         packets = [] unless blk
 
-        read_packet_bytes(fname) do |packet, link_type|
-          first_header = KNOWN_LINK_TYPES[link_type]
-          parsed_pkt = if first_header.nil?
-                         # unknown link type, try to guess
-                         Packet.parse(packet)
-                       else
-                         Packet.parse(packet, first_header: first_header)
-                       end
+        count = read_packet_bytes(fname) do |packet, link_type|
+          parsed_pkt = parse_packet(packet, link_type)
           if blk
-            count += 1
             yield parsed_pkt
           else
             packets << parsed_pkt
@@ -151,47 +141,70 @@ module PacketGen
         @sections.clear
       end
 
+      # @deprecated
+      #  Prefer use of {#to_a} or {#to_h}.
       # Translates a {File} into an array of packets.
       # @param [Hash] options
-      # @option options [String] :filename if given, object is cleared and filename
+      # @option options [String] :file if given, object is cleared and filename
       #   is analyzed before generating array. Else, array is generated from +self+
-      # @option options [String] :file same as +:filename+
       # @option options [Boolean] :keep_timestamps if +true+ (default value: +false+),
       #   generates an array of hashes, each one with timestamp as key and packet
       #   as value. There is one hash per packet.
-      # @option options [Boolean] :keep_ts same as +:keep_timestamp+
       # @return [Array<Packet>,Array<Hash>]
       def file_to_array(options={})
-        filename = options[:filename] || options[:file]
-        if filename
-          clear
-          readfile filename
+        Deprecation.deprecated(self.class, __method__)
+
+        file = options[:file] || options[:filename]
+        reread file
+
+        ary = []
+        blk = if options[:keep_timestamps] || options[:keep_ts]
+                proc { |pkt| { pkt.timestamp => pkt.data.to_s } }
+              else
+                proc { |pkt| pkt.data.to_s }
+              end
+        each_packet_with_interface do |pkt, _itf|
+          ary << blk.call(pkt)
         end
 
+        ary
+      end
+
+      # Translates a {File} into an array of packets.
+      # @return [Array<Packet>]
+      # @since 3.1.6
+      def to_a
         ary = []
-        @sections.each do |section|
-          section.interfaces.each do |itf|
-            if options[:keep_timestamps] || options[:keep_ts]
-              ary.concat(itf.packets.map { |pkt| { pkt.timestamp => pkt.data.to_s } })
-            else
-              ary.concat(itf.packets.map { |pkt| pkt.data.to_s })
-            end
-          end
+        each_packet_with_interface do |pkt, itf|
+          ary << parse_packet(pkt.data.to_s, itf.link_type)
         end
+
         ary
       end
 
+      # Translates a {File} into a hash with timestamps as keys.
+      # @note Only packets from {EPB} sections are extracted, as {SPB} ones do not have timestamp.
+      # @return [Hash{Time => Packet}]
+      # @since 3.1.6
+      def to_h
+        hsh = {}
+        each_packet_with_interface do |pkt, itf|
+          next if pkt.is_a?(SPB)
+
+          hsh[pkt.timestamp] = parse_packet(pkt.data.to_s, itf.link_type)
+        end
+
+        hsh
+      end
+
       # Writes the {File} to a file.
       # @param [Hash] options
       # @option options [Boolean] :append (default: +false+) if set to +true+,
       #   the packets are appended to the file, rather than overwriting it
       # @return [Array] array of 2 elements: filename and size written
+      # @todo for 4.0, replace +options+ by +append+ kwarg
       def to_file(filename, options={})
-        mode = if options[:append] && ::File.exist?(filename)
-                 'ab'
-               else
-                 'wb'
-               end
+        mode = (options[:append] && ::File.exist?(filename)) ? 'ab' : 'wb'
         ::File.open(filename, mode) { |f| f.write(self.to_s) }
         [filename, self.to_s.size]
       end
@@ -211,6 +224,7 @@ module PacketGen
         self.to_file(filename.to_s, append: true)
       end
 
+      # @deprecated Prefer use of {#read_array} or {#read_hash}.
       # @overload array_to_file(ary)
       #  Update {File} object with packets.
       #  @param [Array] ary as generated by {#file_to_array} or Array of Packet objects.
@@ -219,7 +233,7 @@ module PacketGen
       # @overload array_to_file(options={})
       #  Update {File} and/or write it to a file
       #  @param [Hash] options
-      #  @option options [String] :filename file written on disk only if given
+      #  @option options [String] :file file written on disk only if given
       #  @option options [Array] :array can either be an array of packet data,
       #                                 or a hash-value pair of timestamp => data.
       #  @option options [Time] :timestamp set an initial timestamp
@@ -229,53 +243,13 @@ module PacketGen
       #                                    the file
       #  @return [Array] see return value from {#to_file}
       def array_to_file(options={})
-        case options
-        when Hash
-          filename = options[:filename] || options[:file]
-          ary = options[:array] || options[:arr]
-          unless ary.is_a? Array
-            raise ArgumentError, ':array parameter needs to be an array'
-          end
-          ts = options[:timestamp] || options[:ts] || Time.now
-          ts_inc = options[:ts_inc] || 1
-          append = !options[:append].nil?
-        when Array
-          ary = options
-          ts = Time.now
-          ts_inc = 1
-          filename = nil
-          append = false
-        else
-          raise ArgumentError, 'unknown argument. Need either a Hash or Array'
-        end
+        filename, ary, ts, ts_inc, append = array_to_file_options(options)
 
-        section = SHB.new
-        @sections << section
-        itf = IDB.new(endian: section.endian)
-        classify_block section, itf
+        section = create_new_shb_section
 
-        ary.each_with_index do |pkt, i|
-          case pkt
-          when Hash
-            this_ts = pkt.keys.first.to_i
-            this_cap_len = pkt.values.first.to_s.size
-            this_data = pkt.values.first.to_s
-          else
-            this_ts = (ts + ts_inc * i).to_i
-            this_cap_len = pkt.to_s.size
-            this_data = pkt.to_s
-          end
-          this_ts = (this_ts / itf.ts_resol).to_i
-          this_tsh = this_ts >> 32
-          this_tsl = this_ts & 0xffffffff
-          this_pkt = EPB.new(endian:       section.endian,
-                             interface_id: 0,
-                             tsh:          this_tsh,
-                             tsl:          this_tsl,
-                             cap_len:      this_cap_len,
-                             orig_len:     this_cap_len,
-                             data:         this_data)
-          classify_block section, this_pkt
+        ary.each do |pkt|
+          classify_block(section, epb_from_pkt(pkt, section, ts))
+          ts += ts_inc
         end
 
         if filename
@@ -285,60 +259,104 @@ module PacketGen
         end
       end
 
+      # Update current object from an array of packets
+      # @param [Array<Packet>] packets
+      # @param [Time, nil] timestamp initial timestamp, used for first packet
+      # @param [Numeric, nil] ts_inc timestamp increment, in seconds, to increment
+      #                       initial timestamp for each packet
+      # @return [void]
+      # @note if +timestamp+ and/or +ts_inc+ are nil, {SPB} sections are created
+      #  for each packet, else {EPB} ones are used
+      # @since 3.1.6
+      def read_array(packets, timestamp: nil, ts_inc: nil)
+        ts = timestamp
+        section = create_new_shb_section
+        packets.each do |pkt|
+          block = create_block_from_pkt(pkt, section, ts, ts_inc)
+          classify_block(section, block)
+          ts = update_ts(ts, ts_inc)
+        end
+      end
+
+      # Update current object from a hash of packets and timestamps
+      # @param [Hash{Time => Packet}] hsh
+      # @return [void]
+      # @since 3.1.6
+      def read_hash(hsh)
+        section = create_new_shb_section
+        hsh.each do |ts, pkt|
+          block = create_block_from_pkt(pkt, section, ts, 0)
+          classify_block(section, block)
+        end
+      end
+
+      # @return [String]
+      # @since 3.1.6
+      def inspect
+        str = +''
+        sections.each do |section|
+          str << section.inspect
+          section.interfaces.each do |itf|
+            str << itf.inspect
+            itf.packets.each { |block| str << block.inspect }
+          end
+        end
+
+        str
+      end
+
       private
 
       # Parse a section. A section is made of at least a SHB. It than may contain
-      # others blocks, such as  IDB, SPB or EPB.
+      # others blocks, such as IDB, SPB or EPB.
       # @param [IO] io
       # @return [void]
       def parse_section(io)
-        shb = SHB.new
-        type = Types::Int32.new(0, shb.endian).read(io.read(4))
-        io.seek(-4, IO::SEEK_CUR)
-        shb = parse(type, io, shb)
+        shb = parse_shb(SHB.new, io)
         raise InvalidFileError, 'no Section header found' unless shb.is_a?(SHB)
 
-        if shb.section_len.to_i != 0xffffffffffffffff
-          # Section length is defined
-          section = StringIO.new(io.read(shb.section_len.to_i))
-          until section.eof?
-            shb = @sections.last
-            type = Types::Int32.new(0, shb.endian).read(section.read(4))
-            section.seek(-4, IO::SEEK_CUR)
-            parse(type, section, shb)
-          end
-        else
-          # section length is undefined
-          until io.eof?
-            shb = @sections.last
-            type = Types::Int32.new(0, shb.endian).read(io.read(4))
-            io.seek(-4, IO::SEEK_CUR)
-            parse(type, io, shb)
-          end
+        to_parse = if shb.section_len.to_i != 0xffffffffffffffff
+                     # Section length is defined
+                     StringIO.new(io.read(shb.section_len.to_i))
+                   else
+                     # section length is undefined
+                     io
+                   end
+
+        until to_parse.eof?
+          shb = @sections.last
+          parse_shb shb, to_parse
         end
       end
 
+      # Parse a SHB
+      # @param [SHB] shb SHB to parse
+      # @param [IO] io stream from which parse SHB
+      # @return [SHB]
+      def parse_shb(shb, io)
+        type = Types::Int32.new(0, shb.endian).read(io.read(4))
+        io.seek(-4, IO::SEEK_CUR)
+        parse(type, io, shb)
+      end
+
       # Parse a block from its type
       # @param [Types::Int32] type
       # @param [IO] io stream from which parse block
       # @param [SHB] shb header of current section
-      # @return [void]
+      # @return [Block]
       def parse(type, io, shb)
-        types = PcapNG.constants(false).select { |c| c.to_s =~ /_TYPE/ }
-                      .map { |c| [PcapNG.const_get(c).to_i, c] }
-        types = Hash[types]
-
-        if types.key?(type.to_i)
-          klass = PcapNG.const_get(types[type.to_i].to_s.gsub(/_TYPE/, '').to_sym)
-          block = klass.new(endian: shb.endian)
-        else
-          block = UnknownBlock.new(endian: shb.endian)
-        end
-
+        block = guess_block_type(type).new(endian: shb.endian)
         classify_block shb, block
         block.read(io)
       end
 
+      # Guess class to use from type
+      # @param [Types::Int] type
+      # @return [Block]
+      def guess_block_type(type)
+        BLOCK_TYPES.key?(type.to_i) ? BLOCK_TYPES[type.to_i] : UnknownBlock
+      end
+
       # Classify block from its type
       # @param [SHB] shb header of current section
       # @param [Block] block block to classify
@@ -349,18 +367,122 @@ module PacketGen
           @sections << block
         when IDB
           shb << block
-          block.section = shb
-        when EPB
-          shb.interfaces[block.interface_id] << block
-          block.interface = shb.interfaces[block.interface_id]
-        when SPB
-          shb.interfaces[0] << block
-          block.interface = shb.interfaces[0]
+        when SPB, EPB
+          ifid = block.is_a?(EPB) ? block.interface_id : 0
+          shb.interfaces[ifid] << block
+        else
+          shb.add_unknown_block(block)
+        end
+      end
+
+      def array_to_file_options(options)
+        case options
+        when Hash
+          array_to_file_options_from_hash(options)
+        when Array
+          [nil, options, Time.now, 1, false]
+        else
+          raise ArgumentError, 'unknown argument. Need either a Hash or Array'
+        end
+      end
+
+      # Extract and check options for #array_to_file
+      def array_to_file_options_from_hash(options)
+        %i[filename arr ts].each do |deprecated_opt|
+          Deprecation.deprecated_option(self.class, :array_to_file, deprecated_opt) if options[deprecated_opt]
+        end
+
+        filename = options[:filename] || options[:file]
+        ary = options[:array] || options[:arr]
+        raise ArgumentError, ':array parameter needs to be an array' unless ary.is_a? Array
+
+        ts = options[:timestamp] || options[:ts] || Time.now
+        ts_inc = options[:ts_inc] || 1
+        append = !options[:append].nil?
+
+        [filename, ary, ts, ts_inc, append]
+      end
+
+      def create_new_shb_section
+        section = SHB.new
+        @sections << section
+        itf = IDB.new(endian: section.endian)
+        classify_block section, itf
+
+        section
+      end
+
+      # Compute tsh and tsl from ts
+      def calc_ts(timeslot, ts_resol)
+        this_ts = (timeslot / ts_resol).to_i
+
+        [this_ts >> 32, this_ts & 0xffffffff]
+      end
+
+      def reread(filename)
+        return if filename.nil?
+
+        clear
+        readfile filename
+      end
+
+      def create_block_from_pkt(pkt, section, timestamp, ts_inc)
+        if timestamp.nil? || ts_inc.nil?
+          spb_from_pkt(pkt, section)
         else
-          shb.unknown_blocks << block
-          block.section = shb
+          epb_from_pkt(pkt, section, timestamp)
         end
       end
+
+      def spb_from_pkt(pkt, section)
+        pkt_s = pkt.to_s
+        size = pkt_s.size
+        SPB.new(endian: section.endian,
+                block_len: size,
+                orig_len: size,
+                data: pkt_s)
+      end
+
+      # @todo remove hash case when #array_to_file will be removed
+      def epb_from_pkt(pkt, section, timestamp)
+        this_ts, this_data = case pkt
+                             when Hash
+                               [pkt.keys.first.to_i, pkt.values.first.to_s]
+                             else
+                               [timestamp.to_r, pkt.to_s]
+                             end
+        this_cap_len = this_data.size
+        this_tsh, this_tsl = calc_ts(this_ts, section.interfaces.last.ts_resol)
+        EPB.new(endian: section.endian,
+                interface_id: 0,
+                tsh: this_tsh,
+                tsl: this_tsl,
+                cap_len: this_cap_len,
+                orig_len: this_cap_len,
+                data: this_data)
+      end
+
+      def update_ts(timestamp, ts_inc)
+        return nil if timestamp.nil? || ts_inc.nil?
+
+        timestamp + ts_inc
+      end
+
+      # Iterate over each xPB with its associated interface
+      # @return [void]
+      # @yieldparam [String] xpb
+      # @yieldparam [IDB] itf
+      def each_packet_with_interface
+        sections.each do |section|
+          section.interfaces.each do |itf|
+            itf.packets.each { |xpb| yield xpb, itf }
+          end
+        end
+      end
+
+      def parse_packet(data, link_type)
+        Packet.parse(data, first_header: KNOWN_LINK_TYPES[link_type])
+      end
     end
   end
 end