packetman 0.1.0 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: d179b4712440f17879c705887caeec69fd857517
-  data.tar.gz: 7879478eab7e6ecca5d75bff051a5dcad4006465
+SHA256:
+  metadata.gz: 2820eacc8a12d33ab3ce8799c4c37d350457775f741173b86766fe5e8236951e
+  data.tar.gz: e977ac8d6076e95671ac2ccf0539c14d38653b01395e9fe838bcfdf2c55d76b7
 SHA512:
-  metadata.gz: 59f189ec8d961cc829938163d21daffea43b4ce14f5b0487d49339ad59abf6cbefabfbb5254e2b949132987ee06df4b584664d9e0d1f7973c33835c1328cd59a
-  data.tar.gz: 4e6b9134085f93800d07dd8a5e218c48d1c25260832b837c4f2e4fc365545234589232e0af344b8e1687eb90f6aa93d91875a341cfcf1165c1bec3d2341fd3a5
+  metadata.gz: '06068e575d4aa980070dadb455f1032910e43d03c39fcc28416eb66517d0b4ba120c595110ece205b478ddd9d18d5ada0a26980276f1d02f1ad7327778323128'
+  data.tar.gz: f64e896df598544f0f3174cda71dc430189de8a735f6d0c2639dcbef9877cfa2f4b596fe00fa4bfbd7f0102e4b9a87e529f66a5078598b85fd4118e5e5d84e79

data/.circleci/config.yml

@@ -0,0 +1,55 @@
+version: 2.1
+jobs:
+  build:
+    parameters:
+      ruby_version:
+        description: Version of ruby to test
+        type: string
+    environment:
+      GEM_HOME: vendor/bundle
+    docker:
+      - image: circleci/ruby:<< parameters.ruby_version >>
+    working_directory: /tmp/project
+    steps:
+      - checkout
+      - restore_cache:
+          keys:
+            - v1-bundle-{{ .Environment.CIRCLE_JOB }}-{{ .Environment.CIRCLE_SHA1 }}
+            - v1-bundle-{{ .Environment.CIRCLE_JOB }}-
+      - run:
+          name: Bundle install
+          command: >
+            gem install bundler -i vendor/bundle
+            && bundle install --path vendor/bundle
+      - run:
+          name: Prepare CodeClimate
+          command: >
+            curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
+            && chmod +x ./cc-test-reporter
+      - save_cache:
+          key: v1-bundle-{{ .Environment.CIRCLE_JOB }}-{{ .Environment.CIRCLE_SHA1 }}
+          paths:
+            - /tmp/project/vendor
+      - run:
+          name: Run Tests
+          command: >
+            ./cc-test-reporter before-build
+            bundle exec rake spec
+            ./cc-test-reporter after-build
+
+workflows:
+  version: 2
+  build:
+    jobs:
+      - build:
+          name: ruby_2_3_8
+          ruby_version: 2.3.8
+      - build:
+          name: ruby_2_4_10
+          ruby_version: 2.4.10
+      - build:
+          name: ruby_2_5_8
+          ruby_version: 2.5.8
+      - build:
+          name: ruby_2_6_6
+          ruby_version: 2.6.6

data/.gitignore

@@ -7,3 +7,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+/vendor/

data/README.md

@@ -1,8 +1,12 @@
 # Packetman
 
-Advanced tcpdump and Wireshark capture generator.
+Advanced tcpdump and Wireshark filter string generator.
 
-[![Code Climate](https://codeclimate.com/github/jescholl/packetman/badges/gpa.svg)](https://codeclimate.com/github/jescholl/packetman) [![Test Coverage](https://codeclimate.com/github/jescholl/packetman/badges/coverage.svg)](https://codeclimate.com/github/jescholl/packetman/coverage) [![Circle CI](https://circleci.com/gh/jescholl/packetman.svg?style=svg)](https://circleci.com/gh/jescholl/packetman)
+[![Gem Version](https://badge.fury.io/rb/packetman.svg)](http://badge.fury.io/rb/packetman)
+[![Test Coverage](https://codeclimate.com/github/jescholl/packetman/badges/coverage.svg)](https://codeclimate.com/github/jescholl/packetman/coverage)
+[![Inline docs](http://inch-ci.org/github/jescholl/packetman.svg?branch=master)](http://inch-ci.org/github/jescholl/packetman)
+[![Circle CI](https://circleci.com/gh/jescholl/packetman.svg?style=svg)](https://circleci.com/gh/jescholl/packetman)
+[![Code Climate](https://codeclimate.com/github/jescholl/packetman/badges/gpa.svg)](https://codeclimate.com/github/jescholl/packetman)
 
 Packetman is a packet capture filter generator modeled after [Wireshark's String-Matching Capture Filter Generator](https://www.wireshark.org/tools/string-cf.html) but with a lot more features allowing much finer control over the packets you see.
 
@@ -34,7 +38,40 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+    $ packetman -h
+    
+    Usage: packetman [OPTIONS] FILTER_STRING
+        -p, --protocol PROTO             Transport Protocol (tcp,udp,icmp)
+        -t, --transport                  OFFSET starts at transport header instead of data payload
+        -r, --radix RADIX                Treat FILTER_STRING as RADIX instead of String
+        -o, --offset OFFSET              Offset in bits
+        -b, --byte-offset                Use 8-bit bytes instead of bits for offset
+        -w, --wildcard [CHARACTER=?]     Treat CHARACTER as single-character wildcard
+        -v, --version                    Show version
+
+Create and use a filter string to capture all HTTP GET requests to `/foo/bar`
+
+    $ sudo tcpdump -nA `packetman GET /foo/bar`
+    tcpdump: data link type PKTAP
+    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
+    listening on pktap, link-type PKTAP (Packet Tap), capture size 262144 bytes
+    16:49:04.516409 IP 127.0.0.1.54662 > 127.0.0.1.80: Flags [P.], seq 1488105913:1488105994, ack 1397163988, win 4121, options [nop,nop,TS val 875380202 ecr 2751916352], length 81: HTTP: GET /foo/bar HTTP/1.1
+    .....b....j...E.....@.@..S..
+    ..:.....PX...SG......75.....
+    4-=....@GET /foo/bar HTTP/1.1
+    Host: localhost
+    User-Agent: curl/7.43.0
+    Accept: */*
+
+Hexadecimal string with wildcards
+
+    $ packetman -r 16 -w '?' "A8C401???C200A"
+    tcp[((tcp[12:1] & 0xf0) >> 2) + 0:4] & 0xffffff00 = 0xa8c40100 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:2] & 0x0fff = 0x0c20 && tcp[((tcp[12:1] & 0xf0) >> 2) + 6:1] & 0xff = 0x0a
+
+Base 4 string with wildcards and offset beginning at start of the TCP header
+
+    $ packetman -t -o 3 -r 4 -w i 1223iiii2212
+    tcp[0:4] & 0x1fe01fe0 = 0x0d6014c0
 
 ## Development
 

data/config/applications.yml

@@ -0,0 +1,7 @@
+---
+dns: # packetman -tbo 21 -p udp -w '.' 'google.com'
+  :offset: 21
+  :start_with_transport: true
+  :offset_type: :bytes
+  :wildcard: .
+  :transport: udp

data/config/protocols.yml

@@ -1,35 +1,56 @@
 ---
-transport:
-  tcp:
-    table:
-      Source Port: 16
-      Destination Port: 16
-      Sequence Number: 32
-      Acknowledgement Number: 32
-      Data Offset: 4
-      RESERVED: 3
-      ECN: 3
-      Control Bits: 6
-      Window: 16
-      Checksum: 16
-      Urgent Pointer: 16
-      Options and Padding: 32
-    payload_query: '((tcp[12:1] & 0xf0) >> 2)'
-  udp:
-    table:
-      Source Port: 16
-      Destination Port: 16
-      Length: 16
-      Checksum: 16
-    payload_query: 8
-  icmp:
-    table:
-      Type: 8
-      Code: 8
-      Checksum: 16
-      Type Specific Options: 32
-application:
-  http:
-    transport_protocol: tcp
-  dns:
-    transport_protocol: tcp
+tcp:
+  table:
+  - - :value: Source Port
+      :colspan: 16
+    - :value: Destination Port
+      :colspan: 16
+  - :separator
+  - - :value: Sequence Number
+      :colspan: 32
+  - :separator
+  - - :value: Acknowledgement Number
+      :colspan: 32
+  - :separator
+  - - :value: Data Offset
+      :colspan: 4
+    - :value: RESERVED
+      :colspan: 3
+    - :value: ECN
+      :colspan: 3
+    - :value: Control Bits
+      :colspan: 6
+    - :value: Window
+      :colspan: 16
+  - :separator
+  - - :value: Checksum
+      :colspan: 16
+    - :value: Urgent Pointer
+      :colspan: 16
+  - :separator
+  - - :value: Options and Padding
+      :colspan: 32
+  payload_query: '((tcp[12:1] & 0xf0) >> 2)'
+udp:
+  table:
+  - - :value: Source Port
+      :colspan: 16
+    - :value: Destination Port
+      :colspan: 16
+  - :separator
+  - - :value: Length
+      :colspan: 16
+    - :value: Checksum
+      :colspan: 16
+  payload_query: 8
+icmp:
+  table:
+  - - :value: Type
+      :colspan: 8
+    - :value: Code
+      :colspan: 8
+    - :value: Checksum
+      :colspan: 16
+  - :separator
+  - - :value: Type Specific Options
+      :colspan: 32

data/exe/packetman

@@ -1,6 +1,8 @@
 #!/usr/bin/env ruby
 require 'packetman'
 
-search_str = Packetman.config.parse_opts
+catch :exit do
+  search_str = Packetman.config.parse_opts
 
-puts Packetman::Compose.new(search_str)
+  puts Packetman::Filter.new(search_str)
+end

data/lib/packetman.rb

@@ -3,7 +3,8 @@ require "packetman/version"
 require "packetman/config"
 require "packetman/config_methods"
 require "packetman/table"
-require "packetman/compose"
+require "packetman/filter"
+require "packetman/clause"
 
 module Packetman
   class << self
@@ -16,9 +17,5 @@ module Packetman
       @config = Config.new
     end
 
-    def user_input(prompt)
-      puts prompt
-      gets
-    end
   end
 end

data/lib/packetman/clause.rb

@@ -0,0 +1,33 @@
+module Packetman
+  class Clause
+    include ConfigMethods
+
+    attr_accessor :search, :mask, :start_bit
+
+    def initialize(search, mask, start_bit)
+      self.search = search
+      self.mask = mask
+      self.start_bit = start_bit
+    end
+
+    # Address of first byte
+    def start_byte
+      [config.payload_query, (config.offset_bits + start_bit)/8].compact.join(' + ')
+    end
+
+    def num_bytes
+      Filter.bit_length(search)/8
+    end
+
+    # Full address of the query data (eg. `tcp[0:4]`)
+    def data_address
+      "#{config.transport}[#{start_byte}:#{num_bytes}]"
+    end
+
+    # The whole filter clause fully assembled
+    def to_s
+      "#{data_address} & #{mask} = #{search}"
+    end
+
+  end
+end

data/lib/packetman/config.rb

@@ -2,69 +2,63 @@ require 'optparse'
 
 module Packetman
   class Config
-    attr_accessor :transport, :application, :offset_units, :offset_type, :allow_wildcards, :radix
-    attr_writer :offset
+    attr_accessor :transport, :application, :offset_type, :radix, :start_with_transport, :offset, :wildcard
 
     def initialize
-      @transport = "tcp"
-      @application = "http"
-      @offset = 0
-      @offset_units = "bits"
-      @offset_type = "application"
-      @allow_wildcards = true
+      self.transport = "tcp"
+      self.offset = 0
+      self.offset_type = :bits
     end
 
     def protocols
       @protocols ||= YAML.load(File.read(File.expand_path('../../../config/protocols.yml', __FILE__)))
     end
 
+    def applications
+      @applications ||= YAML.load(File.read(File.expand_path('../../../config/applications.yml', __FILE__)))
+    end
+
     def payload_query
-      case offset_type
-      when "application"
-        protocols['transport'][transport.to_s]['payload_query']
+      protocols[transport]['payload_query'] unless start_with_transport
+    end
+
+    def offset_bits
+      if offset_type == :bytes
+        offset*8
       else
-        "0"
+        offset
       end
     end
 
-    def offset
-      case offset_units
-      when "bytes"
-        @offset*8
-      else
-        @offset
+    # FIXME figure out a way to do defaults so this can just set defaults
+    def application_override(app_name)
+      applications[app_name].each do |key, value|
+        __send__("#{key}=", value)
       end
     end
 
-    def parse_opts
+    def opts
       @opts ||= OptionParser.new do |opt|
         opt.banner = "Usage: #{File.basename($PROGRAM_NAME)} [OPTIONS] FILTER_STRING"
-        opt.on("-t", "--transport [PROTO]", protocols['transport'].keys, "Transport Protocol (#{protocols['transport'].keys.join(',')})") {|v| self.transport = v }
-        opt.on("-a", "--application [PROTO]", protocols['application'].keys, "Application protocol (#{protocols['application'].keys.join(',')})") { |v| self.application = v }
-        #opt.on("-a", "--application [PROTO]", String, "Application Protocol (http|dns|icmp)") {|v| self.application = v }
-        opt.on("-r", "--radix [RADIX]", Integer, "Treat FILTER_STRING as RADIX instead of String") {|v| self.radix = v; }
-        opt.on("-o", "--offset [OFFSET]", Integer, "Offset in bits") {|v| self.offset = v; }
-        opt.on("-b", "--byte-offset", "Use 8-bit bytes instead of bits for offset") { |v| self.offset_units = "bytes" }
-        opt.on("-O", "--offset-type [TYPE]", ["application", "transport"], "Begin offset at the application/transport header.") { |v|  self.offset_type = v }
-        opt.on("--[no-]wildcards", "Allow '?' wildcards") { |v| self.allow_wildcards = v }
+        opt.on("-p", "--protocol PROTO", protocols.keys, "Transport Protocol (#{protocols.keys.join(',')})") { |v| self.transport = v }
+        opt.on("-a", "--application APPLICATION", applications.keys, "Application Protocol (#{applications.keys.join(',')}) OVERRIDES ALL OTHER SETTINGS") { |v| application_override(v) }
+        opt.on("-t", "--transport", "OFFSET starts at transport header instead of data payload") { |v| self.start_with_transport = v }
+        opt.on("-r", "--radix RADIX", Integer, "Treat FILTER_STRING as RADIX instead of String") { |v| self.radix = v }
+        opt.on("-o", "--offset OFFSET", Integer, "Offset in bits") { |v| self.offset = v }
+        opt.on("-b", "--byte-offset", "Use 8-bit bytes instead of bits for offset") { |v| self.offset_type = :bytes if v }
+        opt.on("-w", "--wildcard CHARACTER", "Treat CHARACTER as single-character wildcard") { |v| raise "invalid wildcard" if v.to_s.length > 1; self.wildcard = v }
+        opt.on("--table", "Show transport header table") { puts Packetman::Table.new; throw :exit }
+        opt.on("-v", "--version", "Show version") { puts Packetman::VERSION; throw :exit }
       end
+    end
 
-      @opts.parse!
-
-      raise "Invalid command line arguments" if ARGV.size != 1
-
-      ARGV.pop
-
-
-#      if transport !~ /tcp|udp/i ||
-#        application !~ /http|dns|icmp/i
-#        raise "invalid options"
-#      end
-#
-#      if offset_units == :bits
-#        offset /= 8.to_f
-#        offset_units = :octets
-#      end
+    def parse_opts
+      unparsed_opts = opts.parse!
+      if unparsed_opts.length < 1
+        puts opts
+        throw :exit
+      end
+      unparsed_opts.join(" ")
     end
 
   end

data/lib/packetman/config_methods.rb

@@ -7,5 +7,9 @@ module Packetman
     def config
       Packetman.config
     end
+
+    def protocols
+      config.protocols
+    end
   end
 end

data/lib/packetman/filter.rb

@@ -0,0 +1,101 @@
+module Packetman
+  class Filter
+    include ConfigMethods
+
+    attr_accessor :input
+
+    def initialize(input)
+      self.input = input
+      yield config if block_given?
+    end
+
+    def self.bit_length(num)
+      case num
+      when /^0x/
+        $'.length * bit_density(16)
+      else
+        nil
+      end
+    end
+
+    def self.bit_density(radix=config.radix)
+      (radix.nil?) ? 8 : Math.log2(radix).ceil
+    end
+
+    def map_chr
+      shift_and_pad(input.scan(/./).map{ |chr| yield chr }.join)
+    end
+
+    def shift_and_pad(bin_str)
+      #shift
+      bin_str.ljust(target_bit_length, '0').
+      #pad
+        rjust(target_bit_length + config.offset_bits % 8, '0')
+    end
+
+    def target_bit_length
+      ((input.length*self.class.bit_density + config.offset_bits)/8.to_f).ceil*8 - config.offset_bits
+    end
+
+    # Mask for 1 character of current radix
+    def radix_mask
+      ("1"*self.class.bit_density).to_i(2)
+    end
+
+    # Mask string for _chr_ substituting wildcards as necessary
+    def mask_chr(chr)
+      if chr == config.wildcard
+        0
+      else
+        radix_mask
+      end.to_s(2).rjust(self.class.bit_density, '0')
+    end
+
+    # Converts the `chr` from `config.radix` to binary, substituting wildcards as necessary
+    #
+    # @param chr [String] character to convert to binary
+    # @return [String] binary string
+    def bin_chr(chr)
+      chr = '0' if chr == config.wildcard
+
+      if config.radix
+        raise "invalid character '#{chr}' for radix=#{config.radix}" if chr.downcase != chr.to_i(config.radix).to_s(config.radix).downcase
+        chr.to_i(config.radix)
+      else
+        chr.ord
+      end.to_s(2).rjust(self.class.bit_density, '0')
+    end
+
+    def mask_hex
+      hex_encode(map_chr{ |c| mask_chr(c) })
+    end
+
+    def search_hex
+      hex_encode(map_chr{ |c| bin_chr(c) })
+    end
+
+    # Transform _bin_str_ to array of 32, 16, and 8 bit hex encoded strings
+    def hex_encode(bin_str)
+      bin_str.reverse.scan(/.{1,4}/).map{ |chunk|
+        chunk.reverse.to_i(2).to_s(16)
+      }.reverse.join.scan(/.{8}|.{4}|.{2}/).map{ |hex|
+        hex.prepend('0x')
+      }
+    end
+
+    def clauses
+      start_bit = 0
+      [].tap do |filter|
+        search_hex.zip(mask_hex).each do |search, mask|
+          filter << Packetman::Clause.new(search, mask, start_bit)
+          start_bit += self.class.bit_length(search)
+        end
+      end
+    end
+
+    def to_s
+      clauses.map{ |clause| clause.to_s }.join(' && ')
+    end
+
+  end
+end

data/lib/packetman/table.rb

@@ -1,57 +1,28 @@
+require 'terminal-table'
+
 module Packetman
   class Table
     include ConfigMethods
 
-    attr_reader :line_h, :line_v
-    attr_accessor :columns
-
-    def initialize(cols = 32)
-      @line_v = '|'
-      @line_h = '-'
-      @columns = cols
-    end
-
-    def line_h=(value)
-      raise "Invalid character" if value.length != 1
-      @line_h = value
-    end
-
-    def line_v=(value)
-      raise "Invalid character" if value.length != 1
-      @line_v = value
-    end
-
-    def column_width
-      (columns-1).to_s.length
-    end
+    def initialize
 
-    def horizontal_bar
-      line_v + line_h*(table_width - 2) + line_v + "\n"
+      @term_table = Terminal::Table.new(headings: headings, rows: rows, style: style)
     end
 
-    def table_width
-      columns*(column_width + 1) + 1
+    def headings
+      [*0..31].map{ |c| "%02d" % c }
     end
 
-    def cell_size(field_size)
-      field_size*(column_width + 1) - 1
+    def rows
+      protocols[config.transport]['table']
     end
 
-    def header_row
-      line_v + columns.times.map{ |n| sprintf "%0#{column_width}d", n }.join(line_v) + line_v + "\n"
+    def style
+      { alignment: :center, padding_left: 0, padding_right: 0}
     end
 
     def to_s
-      output = horizontal_bar + header_row + horizontal_bar
-
-      config.protocols['transport'][config.transport]['table'].each do |label, size|
-        output += sprintf "%s%.#{cell_size(size)}s", line_v, label.center(cell_size(size))
-        if output.split("\n").last.length == (table_width - 1)
-          output += line_v + "\n"
-          output += horizontal_bar
-        end
-      end
-      output
+      @term_table.to_s
     end
 
   end

data/lib/packetman/version.rb

@@ -1,3 +1,3 @@
 module Packetman
-  VERSION = "0.1.0"
+  VERSION = "0.1.5"
 end

data/packetman.gemspec

@@ -19,9 +19,10 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.3"
-  spec.add_development_dependency "pry", "~> 0.10"
-  spec.add_development_dependency "codeclimate-test-reporter"
+  spec.add_dependency "terminal-table", "~> 1.8"
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec", "~> 3.9"
+  spec.add_development_dependency "simplecov", "~> 0.17"
+  spec.add_development_dependency "pry", "~> 0.12"
 end

metadata

@@ -1,85 +1,99 @@
 --- !ruby/object:Gem::Specification
 name: packetman
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.5
 platform: ruby
 authors:
 - Jason Scholl
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2015-09-20 00:00:00.000000000 Z
+date: 2020-08-03 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.3'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.3'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.17'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.17'
 - !ruby/object:Gem::Dependency
-  name: codeclimate-test-reporter
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.12'
 description: Simple tool for creating advanced tcpdump queries, because manually writing
   `tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420` is no fun.
 email:
@@ -89,9 +103,10 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".bundle/config"
+- ".circleci/config.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - NOTES.md
@@ -100,17 +115,17 @@ files:
 - TODO.md
 - bin/console
 - bin/setup
-- circle.yml
+- config/applications.yml
 - config/protocols.yml
 - exe/packetman
 - lib/packetman.rb
-- lib/packetman/compose.rb
+- lib/packetman/clause.rb
 - lib/packetman/config.rb
 - lib/packetman/config_methods.rb
+- lib/packetman/filter.rb
 - lib/packetman/table.rb
 - lib/packetman/version.rb
 - packetman.gemspec
-- packetman_notes
 homepage: https://github.com/jescholl/packetman
 licenses:
 - MIT
@@ -131,7 +146,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.7.6.2
 signing_key: 
 specification_version: 4
 summary: Advanced tcpdump and Wiresharp filter generator.

data/.travis.yml

@@ -1,4 +0,0 @@
-language: ruby
-rvm:
-  - 2.2.2
-before_install: gem install bundler -v 1.10.5

data/circle.yml

@@ -1,3 +0,0 @@
-machine:
-  ruby:
-    version: 2.1.6

data/lib/packetman/compose.rb

@@ -1,97 +0,0 @@
-module Packetman
-  class Compose
-    include ConfigMethods
-
-    def initialize(input, radix=config.radix)
-      @input = input
-      @radix = radix
-    end
-    
-    def desired_length
-      ((@input.length + config.offset)/8.to_f).ceil*8 - config.offset
-    end
-
-    def bit_density(radix=@radix)
-      (radix.nil?) ? 8 : Math.log2(radix).to_i
-    end
-
-    def mask
-      shift(@input.scan(/./).map{ |c| mask_chr(c) }.join)
-    end
-
-    def radix_mask
-      ("1"*bit_density).to_i(2)
-    end
-
-    def shift(input)
-      input.ljust(desired_length, '0')
-    end
-
-    def search
-      shift(@input.scan(/./).map{ |c| bin_chr(c) }.join)
-    end
-
-    def mask_chr(chr)
-      if chr == '?'
-        raise "wildcards not allowed" unless config.allow_wildcards
-        0
-      else
-        radix_mask
-      end.to_s(2).rjust(bit_density, '0')
-    end
-
-    def bin_chr(chr)
-      if chr == '?'
-        raise "wildcards not allowed" unless config.allow_wildcards
-        chr = '0'
-      end
-
-      if @radix
-        chr.to_i(@radix)
-      else
-        chr.ord
-      end.to_s(2).rjust(bit_density, '0')
-    end
-
-    def mask_hex
-      hex_encode(mask)
-    end
-
-    def search_hex
-      hex_encode(search)
-    end
-
-    def hex_encode(bin_str)
-      bin_str.reverse.scan(/.{1,4}/).map{ |chunk| chunk.reverse.to_i(2).to_s(16) }.reverse.join.scan(/.{1,8}/).map{ |hex| hex.prepend('0x') }
-    end
-
-    def full_bit_length(num, radix=nil)
-      return num.to_i(radix).to_s(radix).length * bit_density(radix) if radix
-      
-      case num
-      when /^0x/
-        $'.length * bit_density(16)
-      when /^0b/
-        $'.length * bit_density(2)
-      else
-        nil
-      end
-    end
-
-    def start_byte(position)
-      "#{config.payload_query} + #{(config.offset + position)/8}"
-    end
-
-    def to_s
-      clauses = []
-      position = 0
-      search_hex.zip(mask_hex).each_with_index do |(hex_search, hex_mask),i|
-        search_bit_length = full_bit_length(hex_search)
-        clauses << "#{config.transport}[#{start_byte(position)}:#{search_bit_length/8}] & #{hex_mask} = #{hex_search}"
-        position += search_bit_length
-      end
-
-      clauses.join(' && ')
-    end
-  end
-end

data/packetman_notes

@@ -1,156 +0,0 @@
-7a 
-1111010
-
-#NOTE: I think this is wrong
-# also, maybe I don't need to worry about the bits bing aligned on the byte, just on the bit, as long as it's what the user asked for
-
-hex and string need to be 0 padded on the left
-binary needs to fill to the right to hex encode, starting at the offset bit
-
-Packetman.compose3("0b1111", 3)
-1111
-(fill right to ((4+3)/8.to_f).ceil*8 = 8 )
-11110000
-(shift mask and search >> 3)
-00011110
-00011110
-(sample byte sequence)
-00011111
-
-Packetman.compose3("0b1111010", 3)
-1111010
-(fill right to ((7+3)/8.to_f).ceil*8 = 16)
-11110100 00000000
-(shift mask and search >> 3)
-00011111 11000000
-00011110 10000000
-(sample byte sequence)
-00011110 10101010
-
-
-Packetman.compose3("0b1111010????????", 3)
-1111010? ???????
-(fill right to ((15+3)/8.to_f).ceil*8 = 24)
-1111010? ???????0 00000000
-(shift mask and search >> 3)
-00011111 11000000 00000000
-00011110 10000000 00000000
-(sample byte sequence)
-00011110 10101010 10101010
-
-Packetman.compose3("0x123",3)
-100100011
-(left fill to 12 first, or manual right fill with 16-12)
-(fill right to ((3*4)+3)/8.to_f).ceil*8 = 16)
-00010010 00110000
-(shift mask and search >> 3)
-00000011 11111110
-00000010 01000110
-(sample byte sequence)
-00000010 01000111
-
-
-
-
-Packetman.compose3("0xa",3)
-"((tcp[0:1] & 0xa) >>  1) = 0xa"
-1010
-(generate shifted mask)
-00011110
-(generate shifted search)
-00010100
-(sample byte sequence)
-10010101
-
-0b00011110 & 0b10010101 == 0x14
-
-
-
-
-
-
-Packetman.compose3("0b001010010", 3)
-"((tcp[0:2] & 0x1ff0) >> 4 = 0x52"
-001010010
-(generate shifted mask)
-(turn preceding 0s to 1s)
-(left shift (((binlen)+3)/8.to_f).ceil*8 - binlen - 3)
-1111111110000
-(generate shifted search - same as above)
-0010100100000
-(sample byte sequence)
-0010100101010
-
-0b0010100101010 & 1111111110000 == 0b0010100100000
-
-
-Packetman.compose3("0b00??1010?111?00010101??10101010?????1010111110???111110101001111010101??????????10100101010100011???????", 5)
-00??1010?111?00010101??10101010?????1010111110???111110101001111010101??????????10100101010100011???????
-(generate search str - replace ?s with 0s)
-00001010011100001010100101010100000010101111100001111101010011110101010000000000101001010101000110000000
-(generate shifted mask)
-(turn preceding 0s to 1s)
-(left shift (((binlen)+5)/8.to_f).ceil*8 - binlen - 5)
-11001111011101111111100111111110000011111111110001111111111111111111110000000000111111111111111110000000000
-11001111011101111111100111111110000011111111110001111111111111111111110000000000111111111111111110000000
-(generate shifted search - same as above)
-00001010011100001010100101010100000010101111100001111101010011110101010000000000101001010101000110000000000
-(sample byte sequence)
-00011010011100001010111101010101100110101111100101111101010011110101010010101001101001010101000110110100101
-
-00011010011100001010111101010101100110101111100101111101010011110101010010101001101001010101000110110100101 &
-11001111011101111111100111111110000011111111110001111111111111111111110000000000111111111111111110000000000 ==
-00001010011100001010100101010100000010101111100001111101010011110101010000000000101001010101000110000000000
-
-
-# NOTE
-
-instead of shifting the product of (mask & input), shift search
-this makes the form
-"tcp[0:1] & mask = shifted_search"
-
-
-Packetman.compose3("0xa",1)
-"((tcp[0:1] & 0x78) >> 3) = 0xa"
-1010
-(generate shifted mask)
-(left shift (((hexlen*4)+1)/8.to_f).ceil*8 - hexlen*4 - 1)
-(use length of mask to determine how much data to take)
-01111000
-(sample byte sequence)
-11010101
-
-(0b01111000 & 0b11010101) >> 3 == 0xa
-
-
-Packetman.compose3("0x123", 3)
-"((tcp[0:2] & 0x1ffe) >> 1) = 0x123"
-100100011
-(hex: left fill with 1s to hexlen*4) 
-111100100011
-(generate shifted mask)
-(left shift (((hexlen*4)+3)/8.to_f).ceil*8 - hexlen*4 - 3)
-(use length of mask to determine how much data to take)
-0001111111111110
-(sample byte sequence)
-1000001001000111
-
-(0b1000001001000111 & 0b0001111111111110) >> 1 == 0x123
-
-Packetman.compose3("abc", 3)
-"((tcp[0:4] & 0x1fffffe0 >> 5) = 0x616263"
-11000010110001001100011
-(str: left fill with 1s to len*8)
-111000010110001001100011
-(generate shifted mask)
-(left shift (((strlen*8)+3)/8.to_f).ceil*8 - strlen*8 - 3)
-(use length of mask to determine how much data to take)
-00011111 11111111 11111111 11100000
-(sample byte sequence)
-10101100 00101100 01001100 01110101
-
-(0b10101100001011000100110001110101 & 0b00011111111111111111111111100000) >> 5 == 0b11000010110001001100011
-
-
-
-