RubyGems - redhound - Versions diffs - 0.2.0 → 1.0.1 - Mend

redhound 0.2.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +16 -3
data/Dockerfile +1 -1
data/README.md +2 -2
data/Rakefile +12 -1
data/Steepfile +4 -0
data/lib/redhound/analyzer.rb +19 -15
data/lib/redhound/builder/packet_mreq.rb +56 -0
data/lib/redhound/builder/socket.rb +35 -0
data/lib/redhound/builder.rb +4 -0
data/lib/redhound/command.rb +6 -1
data/lib/redhound/l2/ether.rb +68 -0
data/lib/redhound/l2/protocol.rb +33 -0
data/lib/redhound/l2.rb +4 -0
data/lib/redhound/l3/arp.rb +114 -0
data/lib/redhound/l3/base.rb +49 -0
data/lib/redhound/{header → l3}/ipv4.rb +27 -44
data/lib/redhound/l3/ipv6.rb +69 -0
data/lib/redhound/l3/protocol.rb +173 -0
data/lib/redhound/l3/resolver.rb +30 -0
data/lib/redhound/l3.rb +9 -0
data/lib/redhound/l4/base.rb +31 -0
data/lib/redhound/{header → l4}/icmp.rb +20 -26
data/lib/redhound/l4/resolver.rb +28 -0
data/lib/redhound/{header → l4}/udp.rb +19 -19
data/lib/redhound/l4.rb +6 -0
data/lib/redhound/receiver.rb +17 -5
data/lib/redhound/resolver.rb +22 -0
data/lib/redhound/source/socket.rb +18 -0
data/lib/redhound/source.rb +3 -0
data/lib/redhound/version.rb +2 -1
data/lib/redhound/writer.rb +9 -2
data/lib/redhound.rb +6 -3
data/rbs_collection.lock.yaml +20 -0
data/rbs_collection.yaml +17 -0
data/sig/generated/redhound/analyzer.rbs +14 -0
data/sig/generated/redhound/builder/packet_mreq.rbs +39 -0
data/sig/generated/redhound/builder/socket.rbs +24 -0
data/sig/generated/redhound/command.rbs +19 -0
data/sig/generated/redhound/l2/ether.rbs +41 -0
data/sig/generated/redhound/l2/protocol.rbs +15 -0
data/sig/generated/redhound/l3/arp.rbs +57 -0
data/sig/generated/redhound/l3/base.rbs +28 -0
data/sig/generated/redhound/l3/ipv4.rbs +53 -0
data/sig/generated/redhound/l3/ipv6.rbs +38 -0
data/sig/generated/redhound/l3/protocol.rbs +16 -0
data/sig/generated/redhound/l3/resolver.rbs +16 -0
data/sig/generated/redhound/l4/base.rbs +19 -0
data/sig/generated/redhound/l4/icmp.rbs +33 -0
data/sig/generated/redhound/l4/resolver.rbs +16 -0
data/sig/generated/redhound/l4/udp.rbs +36 -0
data/sig/generated/redhound/receiver.rbs +19 -0
data/sig/generated/redhound/resolver.rbs +11 -0
data/sig/generated/redhound/source/socket.rbs +13 -0
data/sig/generated/redhound/version.rbs +5 -0
data/sig/generated/redhound/writer.rbs +25 -0
metadata +48 -11
data/lib/redhound/header/ether.rb +0 -67
data/lib/redhound/header.rb +0 -6
data/lib/redhound/packet_mreq.rb +0 -46
data/lib/redhound/socket_builder.rb +0 -30
data/sig/redhound.rbs +0 -4

data/lib/redhound/l3/ipv6.rb ADDED Viewed

@@ -0,0 +1,69 @@
+# rbs_inline: enabled
+# frozen_string_literal: true
+module Redhound
+  class L3
+    class Ipv6 < Base
+      class << self
+        # @rbs (bytes: Array[Integer]) -> Redhound::L3::Ipv6
+        def generate(bytes:)
+          new(bytes:).generate
+        end
+      end
+      attr_reader :protocol #: Protocol
+      # @rbs (bytes: Array[Integer]) -> void
+      def initialize(bytes:)
+        raise ArgumentError, "bytes must be bigger than #{size} bytes" unless bytes.size >= size
+        @bytes = bytes
+      end
+      # @rbs () -> Integer
+      def size = 40
+      # @rbs () -> Redhound::L3::Ipv6
+      def generate
+        version_traffic_flow = @bytes[0..3].join.to_i(16)
+        @version = (version_traffic_flow >> 28) & 0xF
+        @traffic_class = (version_traffic_flow >> 20) & 0xFF
+        @flow_label = version_traffic_flow & 0xFFFFF
+        @payload_length = @bytes[4..5]
+        @next_header = @bytes[6]
+        @hop_limit = @bytes[7]
+        @saddr = @bytes[8..23]
+        @daddr = @bytes[24..39]
+        @protocol = Protocol.new(protocol: @next_header)
+        self
+      end
+      # @rbs () -> String
+      def to_s
+        " └─ IPv6 Ver: #{@version} Traffic Class: #{@traffic_class} Flow Label: #{@flow_label} Payload Length: #{payload_length} Next Header: #{@protocol} Hop Limit: #{@hop_limit} Src: #{saddr} Dst: #{daddr}"
+      end
+      # @rbs () -> bool
+      def supported_protocol?
+        @protocol.udp? # steep:ignore
+      end
+      private
+      # @rbs () -> Integer
+      def payload_length
+        @payload_length.map { |b| b.to_s(16).rjust(2, '0') }.join.to_i(16)
+      end
+      # @rbs () -> Integer
+      def saddr
+        @saddr.map { |b| b.to_s(16).rjust(2, '0') }.join(':')
+      end
+      # @rbs () -> Integer
+      def daddr
+        @daddr.map { |b| b.to_s(16).rjust(2, '0') }.join(':')
+      end
+    end
+  end
+end

data/lib/redhound/l3/protocol.rb ADDED Viewed

@@ -0,0 +1,173 @@
+# rbs_inline: enabled
+# frozen_string_literal: true
+module Redhound
+  class L3
+    class Protocol
+      # refs: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml#protocol-numbers-1
+      PROTO_TABLE = {
+        0 => 'HOPOPT',
+        1 => 'ICMP',
+        2 => 'IGMP',
+        3 => 'GGP',
+        4 => 'IP-in-IP',
+        5 => 'ST',
+        6 => 'TCP',
+        7 => 'CBT',
+        8 => 'EGP',
+        9 => 'IGP',
+        10 => 'BBN-RCC-MON',
+        11 => 'NVP-II',
+        12 => 'PUP',
+        13 => 'ARGUS',
+        14 => 'EMCON',
+        15 => 'XNET',
+        16 => 'CHAOS',
+        17 => 'UDP',
+        18 => 'MUX',
+        19 => 'DCN-MEAS',
+        20 => 'HMP',
+        21 => 'PRM',
+        22 => 'XNS-IDP',
+        23 => 'TRUNK-1',
+        24 => 'TRUNK-2',
+        25 => 'LEAF-1',
+        26 => 'LEAF-2',
+        27 => 'RDP',
+        28 => 'IRTP',
+        29 => 'ISO-TP4',
+        30 => 'NETBLT',
+        31 => 'MFE-NSP',
+        32 => 'MERIT-INP',
+        33 => 'DCCP',
+        34 => '3PC',
+        35 => 'IDPR',
+        36 => 'XTP',
+        37 => 'DDP',
+        38 => 'IDPR-CMTP',
+        39 => 'TP++',
+        40 => 'IL',
+        41 => 'IPv6',
+        42 => 'SDRP',
+        43 => 'IPv6-Route',
+        44 => 'IPv6-Frag',
+        45 => 'IDRP',
+        46 => 'RSVP',
+        47 => 'GRE',
+        48 => 'DSR',
+        49 => 'BNA',
+        50 => 'ESP',
+        51 => 'AH',
+        52 => 'I-NLSP',
+        53 => 'SWIPE',
+        54 => 'NARP',
+        55 => 'MOBILE',
+        56 => 'TLSP',
+        57 => 'SKIP',
+        58 => 'IPv6-ICMP',
+        59 => 'IPv6-NoNxt',
+        60 => 'IPv6-Opts',
+        61 => 'Any host internal protocol',
+        62 => 'CFTP',
+        63 => 'Any local network',
+        64 => 'SAT-EXPAK',
+        65 => 'KRYPTOLAN',
+        66 => 'RVD',
+        67 => 'IPPC',
+        68 => 'Any distributed file system',
+        69 => 'SAT-MON',
+        70 => 'VISA',
+        71 => 'IPCV',
+        72 => 'CPNX',
+        73 => 'CPHB',
+        74 => 'WSN',
+        75 => 'PVP',
+        76 => 'BR-SAT-MON',
+        77 => 'SUN-ND',
+        78 => 'WB-MON',
+        79 => 'WB-EXPAK',
+        80 => 'ISO-IP',
+        81 => 'VMTP',
+        82 => 'SECURE-VMTP',
+        83 => 'VINES',
+        84 => 'TTP',
+        85 => 'NSFNET-IGP',
+        86 => 'DGP',
+        87 => 'TCF',
+        88 => 'EIGRP',
+        89 => 'OSPFIGP',
+        90 => 'Sprite-RPC',
+        91 => 'LARP',
+        92 => 'MTP',
+        93 => 'AX.25',
+        94 => 'IPIP',
+        95 => 'MICP',
+        96 => 'SCC-SP',
+        97 => 'ETHERIP',
+        98 => 'ENCAP',
+        99 => 'Any private encryption scheme',
+        100 => 'GMTP',
+        101 => 'IFMP',
+        102 => 'PNNI',
+        103 => 'PIM',
+        104 => 'ARIS',
+        105 => 'SCPS',
+        106 => 'QNX',
+        107 => 'A/N',
+        108 => 'IPComp',
+        109 => 'SNP',
+        110 => 'Compaq-Peer',
+        111 => 'IPX-in-IP',
+        112 => 'VRRP',
+        113 => 'PGM',
+        114 => 'Any 0-hop protocol',
+        115 => 'L2TP',
+        116 => 'DDX',
+        117 => 'IATP',
+        118 => 'STP',
+        119 => 'SRP',
+        120 => 'UTI',
+        121 => 'SMP',
+        122 => 'SM',
+        123 => 'PTP',
+        124 => 'IS-IS over IPv4',
+        125 => 'FIRE',
+        126 => 'CRTP',
+        127 => 'CRUDP',
+        128 => 'SSCOPMCE',
+        129 => 'IPLT',
+        130 => 'SPS',
+        131 => 'PIPE',
+        132 => 'SCTP',
+        133 => 'FC',
+        134 => 'RSVP-E2E-IGNORE',
+        135 => 'Mobility Header',
+        136 => 'UDPLite',
+        137 => 'MPLS-in-IP',
+        138 => 'manet',
+        139 => 'HIP',
+        140 => 'Shim6',
+        141 => 'WESP',
+        142 => 'ROHC',
+        255 => 'Reserved'
+      }.freeze
+      # @rbs (protocol: Integer) -> void
+      def initialize(protocol:)
+        @protocol = protocol
+      end
+      # @rbs () -> String
+      def to_s
+        PROTO_TABLE[@protocol] || 'Unknown'
+      end
+      PROTO_TABLE.each do |code, name|
+        method_name = name.downcase.gsub(/[ \-]/, '_') + '?'
+        define_method(method_name) do
+          @protocol == code
+        end
+      end
+    end
+  end
+end

data/lib/redhound/l3/resolver.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# rbs_inline: enabled
+# frozen_string_literal: true
+module Redhound
+  class L3
+    class Resolver
+      # @rbs (bytes: Array[Integer], l2: Redhound::L2::Ether) -> Redhound::L3::Base?
+      def self.resolve(bytes:, l2:)
+        new(bytes:, l2:).resolve
+      end
+      # @rbs (bytes: Array[Integer], l2: Redhound::L2::Ether) -> void
+      def initialize(bytes:, l2:)
+        @bytes = bytes
+        @l2 = l2
+      end
+      # @rbs () -> Redhound::L3::Base?
+      def resolve
+        if @l2.type.ipv4?
+          Ipv4.generate(bytes: @bytes)
+        elsif @l2.type.ipv6?
+          Ipv6.generate(bytes: @bytes)
+        elsif @l2.type.arp?
+          Arp.generate(bytes: @bytes)
+        end
+      end
+    end
+  end
+end

data/lib/redhound/l3.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+require_relative 'l3/base'
+require_relative 'l3/arp'
+require_relative 'l3/ipv4'
+require_relative 'l3/ipv6'
+require_relative 'l3/protocol'
+require_relative 'l3/resolver'

data/lib/redhound/l4/base.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# rbs_inline: enabled
+# frozen_string_literal: true
+module Redhound
+  class L4
+    class Base
+      class << self
+        # @rbs (bytes: Array[Integer]) -> Redhound::L4::Base
+        def generate(bytes:)
+          new(bytes:).generate
+        end
+      end
+      # @rbs (bytes: Array[Integer]) -> void
+      def initialize(bytes:)
+        warn 'initialize method must be implemented'
+      end
+      # @rbs () -> Redhound::L4::Base
+      def generate
+        warn 'generate method must be implemented'
+        self
+      end
+      # @rbs () -> void
+      def dump
+        puts self
+      end
+    end
+  end
+end

data/lib/redhound/{header → l4}/icmp.rb RENAMED Viewed

@@ -1,20 +1,17 @@
+# rbs_inline: enabled
 # frozen_string_literal: true
 module Redhound
-  class Header
-    class Icmp
-      class << self
-        def generate(bytes:)
-          new(bytes:).generate
-        end
-      end
+  class L4
+    class Icmp < Base
+      # @rbs (bytes: Array[Integer]) -> void
       def initialize(bytes:)
-        raise ArgumentError, 'bytes must be bigger than 8 bytes' unless bytes.size >= 8
+        raise ArgumentError, "bytes must be bigger than #{size} bytes" unless bytes.size >= size
         @bytes = bytes
       end
+      # @rbs () -> Redhound::L4::Icmp
       def generate
         @type = @bytes[0]
         @code = @bytes[1]
@@ -30,47 +27,44 @@ module Redhound
         self
       end
-      def dump
-        puts 'ICMP HEADER----------------'
-        puts self
-      end
+      # @rbs () -> Integer
+      def size = 8
+      # @rbs () -> String
       def to_s
         if @type.zero? || @type == 8
-          <<~ICMP
-            Type: #{@type}
-            Code: #{@code}
-            Checksum: #{check}
-            ID: #{id}
-            Sequence: #{seq}
-            Data: #{data}
+          <<-ICMP.chomp
+    └─ ICMP Type: #{@type} Code: #{@code} Checksum: #{check} ID: #{id} Sequence: #{seq}
+        └─ Payload: #{data}
           ICMP
         else
-          <<~ICMP
-            Type: #{@type}
-            Code: #{@code}
-            Checksum: #{check}
-            Data: #{data}
+          <<-ICMP.chomp
+    └─ ICMP Type: #{@type} Code: #{@code} Checksum: #{check}
+        └─ Payload: #{data}
           ICMP
         end
       end
       private
+      # @rbs () -> Integer
       def check
         @check.map { |b| b.to_s(16).rjust(2, '0') }.join
       end
+      # @rbs () -> Integer
       def id
         @id.map { |b| b.to_s(16).rjust(2, '0') }.join.to_i(16)
       end
+      # @rbs () -> Integer
       def seq
         @seq.map { |b| b.to_s(16).rjust(2, '0') }.join.to_i(16)
       end
+      # @rbs () -> String
       def data
-        @data.map(&:chr).join
+        @data.map(&:chr).join.force_encoding("UTF-8")
       end
     end
   end

data/lib/redhound/l4/resolver.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# rbs_inline: enabled
+# frozen_string_literal: true
+module Redhound
+  class L4
+    class Resolver
+      # @rbs (bytes: Array[Integer], l3: Redhound::L3::Base) -> Redhound::L4::Base?
+      def self.resolve(bytes:, l3:)
+        new(bytes:, l3:).resolve
+      end
+      # @rbs (bytes: Array[Integer], l3: Redhound::L3::Base) -> void
+      def initialize(bytes:, l3:)
+        @bytes = bytes
+        @l3 = l3
+      end
+      # @rbs () -> Redhound::L4::Base?
+      def resolve
+        if @l3.protocol.udp?
+          Udp.generate(bytes: @bytes)
+        elsif @l3.protocol.icmp?
+          Icmp.generate(bytes: @bytes)
+        end
+      end
+    end
+  end
+end

data/lib/redhound/{header → l4}/udp.rb RENAMED Viewed

@@ -1,20 +1,17 @@
+# rbs_inline: enabled
 # frozen_string_literal: true
 module Redhound
-  class Header
-    class Udp
-      class << self
-        def generate(bytes:)
-          new(bytes:).generate
-        end
-      end
+  class L4
+    class Udp < Base
+      # @rbs (bytes: Array[Integer]) -> void
       def initialize(bytes:)
-        raise ArgumentError, 'bytes must be bigger than 8 bytes' unless bytes.size >= 8
+        raise ArgumentError, "bytes must be bigger than #{size} bytes" unless bytes.size >= size
         @bytes = bytes
       end
+      # @rbs () -> Redhound::L4::Udp
       def generate
         @sport = @bytes[0..1]
         @dport = @bytes[2..3]
@@ -24,37 +21,40 @@ module Redhound
         self
       end
-      def dump
-        puts 'UDP HEADER----------------'
-        puts self
-      end
+      # @rbs () -> Integer
+      def size = 8
+      # @rbs () -> String
       def to_s
-        <<~UDP
-          Source Port: #{sport}
-          Destination Port: #{dport}
-          Length: #{len}
-          Checksum: #{check}
-          Data: #{data}
+        <<-UDP
+    └─ UDP Src: #{sport} Dst: #{dport} Len: #{len} Checksum: #{check}
+        └─ Payload: #{data}
         UDP
       end
+      private
+      # @rbs () -> Integer
       def sport
         @sport.map { |b| b.to_s(16).rjust(2, '0') }.join.to_i(16)
       end
+      # @rbs () -> Integer
       def dport
         @dport.map { |b| b.to_s(16).rjust(2, '0') }.join.to_i(16)
       end
+      # @rbs () -> Integer
       def len
         @len.map { |b| b.to_s(16).rjust(2, '0') }.join.to_i(16)
       end
+      # @rbs () -> Integer
       def check
         @check.map { |b| b.to_s(16).rjust(2, '0') }.join.to_i(16)
       end
+      # @rbs () -> String
       def data
         @data.map(&:chr).join
       end

data/lib/redhound/l4.rb ADDED Viewed

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+require_relative 'l4/base'
+require_relative 'l4/icmp'
+require_relative 'l4/resolver'
+require_relative 'l4/udp'

data/lib/redhound/receiver.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# rbs_inline: enabled
 # frozen_string_literal: true
 require 'socket'
@@ -5,29 +6,40 @@ require 'socket'
 module Redhound
   class Receiver
     class << self
+      # @rbs (ifname: String, filename: String) -> void
       def run(ifname:, filename:)
         new(ifname:, filename:).run
       end
     end
+    # @rbs (ifname: String, filename: String) -> void
     def initialize(ifname:, filename:)
       @ifname = ifname
-      @socket = SocketBuilder.build(ifname:)
+      @source = Resolver.resolve(ifname:)
       if filename
         @writer = Writer.new(filename:)
         @writer.start
       end
+      @count = 0
     end
+    # @rbs () -> void
     def run
       loop do
-        msg, = @socket.recvfrom(2048)
-        Analyzer.analyze(msg:)
-        @writer.write(msg) if @writer
+        msg, = @source.next_packet
+        Analyzer.analyze(msg:, count: increment)
+        @writer&.write(msg:)
       rescue Interrupt
-        @writer.stop if @writer
+        @writer&.stop
         break
       end
     end
+    private
+    # @rbs () -> Integer
+    def increment
+      @count.tap { @count += 1 }
+    end
   end
 end

data/lib/redhound/resolver.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# rbs_inline: enabled
+# frozen_string_literal: true
+module Redhound
+  class Resolver
+    class << self
+      # @rbs (ifname: String) -> void
+      def resolve(ifname:)
+        new.resolve(ifname:)
+      end
+    end
+    # @rbs (ifname: String) -> Redhound::Source::Socket
+    def resolve(ifname:)
+      if RUBY_PLATFORM =~ /darwin/
+        raise 'Not implemented yet'
+      else
+        Redhound::Builder::Socket.build(ifname:)
+      end
+    end
+  end
+end

data/lib/redhound/source/socket.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# rbs_inline: enabled
+# frozen_string_literal: true
+module Redhound
+  module Source
+    class Socket
+      # @rbs (socket: ::Socket) -> void
+      def initialize(socket:)
+        @socket = socket
+      end
+      # @rbs (Integer size) -> [String, Addrinfo]
+      def next_packet(size = 2048)
+        @socket.recvfrom(size)
+      end
+    end
+  end
+end

data/lib/redhound/source.rb ADDED Viewed

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+require_relative 'source/socket'

data/lib/redhound/version.rb CHANGED Viewed

@@ -1,5 +1,6 @@
+# rbs_inline: enabled
 # frozen_string_literal: true
 module Redhound
-  VERSION = '0.2.0'
+  VERSION = '1.0.1'
 end

data/lib/redhound/writer.rb CHANGED Viewed

@@ -1,27 +1,33 @@
+# rbs_inline: enabled
 # frozen_string_literal: true
 module Redhound
   class Writer
+    # @rbs (filename: String) -> void
     def initialize(filename:)
       @filename = filename
     end
+    # @rbs () -> void
     def start
       @file = File.open(@filename, 'wb')
       @file.write(file_header)
     end
-    def write(msg)
+    # @rbs (msg: String) -> void
+    def write(msg:)
       @file.write(packet_record(Time.now, msg.bytesize, msg.bytesize))
       @file.write(msg)
     end
+    # @rbs () -> void
     def stop
       @file.close
     end
     private
+    # @rbs () -> String
     def file_header
       [
         0xa1b2c3d4, # Magic Number (little-endian)
@@ -34,10 +40,11 @@ module Redhound
       ].pack('VvvVVVV')
     end
+    # @rbs (Time timestamp, Integer captured_length, Integer original_length) -> String
     def packet_record(timestamp, captured_length, original_length)
       [
         timestamp.to_i,           # Timestamp seconds
-        (timestamp.usec || 0),    # Timestamp microseconds
+        timestamp.usec || 0,      # Timestamp microseconds
         captured_length,          # Captured packet length
         original_length           # Original packet length
       ].pack('VVVV')

data/lib/redhound.rb CHANGED Viewed

@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 require_relative 'redhound/analyzer'
+require_relative 'redhound/builder'
 require_relative 'redhound/command'
-require_relative 'redhound/header'
-require_relative 'redhound/packet_mreq'
+require_relative 'redhound/l2'
+require_relative 'redhound/l3'
+require_relative 'redhound/l4'
 require_relative 'redhound/receiver'
-require_relative 'redhound/socket_builder'
+require_relative 'redhound/resolver'
+require_relative 'redhound/source'
 require_relative 'redhound/version'
 require_relative 'redhound/writer'