RubyGems - ruby-pcap - Versions diffs - 0.7.9 → 0.8.0 - Mend

ruby-pcap 0.7.9 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +5 -5
data/README.md +1 -4
data/ext/pcap/Pcap.c +125 -23
data/ext/pcap/arp_packet.c +82 -0
data/ext/pcap/icmp_packet.c +35 -0
data/ext/pcap/icmpv6_packet.c +107 -0
data/ext/pcap/ip_packet.c +16 -7
data/ext/pcap/ipv6_packet.c +162 -0
data/ext/pcap/packet.c +36 -8
data/ext/pcap/ruby_pcap.h +34 -4
data/ext/pcap/slow_protocol_packet.c +29 -0
data/ext/pcap/tcp_packet.c +346 -6
data/ext/pcap/udp_packet.c +262 -1
data/lib/pcap/packet.rb +123 -11
data/ruby-pcap.gemspec +4 -4
metadata +13 -9

data/ext/pcap/udp_packet.c CHANGED Viewed

@@ -78,6 +78,250 @@ udpp_data(self)
     return rb_str_new(UDP_DATA(pkt), len);
 }
+static VALUE
+udpp_csum_update(self)
+     VALUE self;
+{
+    struct packet_object *pkt;
+    struct ip *ip;
+    struct udphdr *udp;
+    GetPacket(self, pkt);
+    ip = IP_HDR(pkt);
+    udp = UDP_HDR(pkt);
+    unsigned short *ip_src = (void *)&ip->ip_src.s_addr;
+    unsigned short *ip_dst = (void *)&ip->ip_dst.s_addr;
+    long sum = 0;
+    /* save checksum in packet */
+    unsigned short uh_sum = ntohs(udp->uh_sum);
+    unsigned short answer = 0;
+    unsigned short *temp = (unsigned short *)udp;
+    int len = ntohs(ip->ip_len) - ip->ip_hl*4; // length of ip data
+    // pseudo header sum
+    sum += ntohs(*(ip_src++));
+    sum += ntohs(*ip_src);
+    sum += ntohs(*(ip_dst++));
+    sum += ntohs(*ip_dst);
+    sum += 17;
+    sum += len;
+    // set checksum to zero and sum
+    udp->uh_sum = 0;
+    while (len > 1){
+      sum += ntohs(*temp++);
+      len -= 2;
+    }
+    if (len)
+      sum += ntohs((unsigned short) *((unsigned char *)temp));
+    while(sum>>16)
+      sum = (sum & 0xFFFF) + (sum >> 16);
+    answer = ~sum;
+    if (answer == 0)
+      answer = ~answer;
+    /*
+     * set checkum in packet
+     */
+    udp->uh_sum = htons(answer);
+    /*
+     * no change, return nil
+     */
+    if (answer == uh_sum)
+      return Qnil;
+    /*
+     * return new checkum
+     */
+    return UINT2NUM(answer);
+}
+/*
+  Set UDP source port and update checksum
+*/
+static VALUE
+udpp_sport_set(self, val)
+     VALUE self, val;
+{
+    struct packet_object *pkt;
+    struct udphdr *udp;
+    long sum = 0;
+    GetPacket(self, pkt);
+    udp = UDP_HDR(pkt);
+    /*
+     * https://tools.ietf.org/html/rfc1624
+     * HC' = ~(C + (-m) + m')
+    */
+    sum = ~(~ntohs(udp->uh_sum) - ntohs(udp->uh_sport) + NUM2USHORT(val));
+    while(sum>>16)
+      sum = (sum & 0xFFFF) + (sum >> 16);
+    /*
+     * set desired value and new checksum
+    */
+    udp->uh_sport = htons(NUM2USHORT(val));
+    udp->uh_sum = htons(sum);
+    return val;
+}
+/*
+  Set UDP destination port and update checksum
+*/
+static VALUE
+udpp_dport_set(self, val)
+     VALUE self, val;
+{
+    struct packet_object *pkt;
+    struct udphdr *udp;
+    long sum = 0;
+    GetPacket(self, pkt);
+    udp = UDP_HDR(pkt);
+    /*
+     * https://tools.ietf.org/html/rfc1624
+     * HC' = ~(C + (-m) + m')
+    */
+    sum = ~(~ntohs(udp->uh_sum) - ntohs(udp->uh_dport) + NUM2USHORT(val));
+    while(sum>>16)
+      sum = (sum & 0xFFFF) + (sum >> 16);
+    /*
+     * set desired value and new checksum
+    */
+    udp->uh_dport = htons(NUM2USHORT(val));
+    udp->uh_sum = htons(sum);
+    return val;
+}
+/*
+ * IPv6 Specific methods
+ */
+VALUE cUDPv6Packet;
+VALUE
+setup_udpv6_packet(pkt, tl_len)
+    struct packet_object *pkt;
+    int tl_len;
+{
+    VALUE class;
+    DEBUG_PRINT("setup_udpv6_packet");
+    class = cUDPv6Packet;
+    if (tl_len > 8) {
+      int hl = 8;
+      int layer5_len;
+      tl_len = MIN(tl_len, UDP_LENGTH(pkt));
+      layer5_len = tl_len - hl;
+      if (layer5_len > 0) {
+        pkt->hdr.layer5_off = pkt->hdr.layer4_off + hl;
+        /* upper layer */
+        }
+    }
+    return class;
+}
+static VALUE
+udpp_csumokv6(self)
+  VALUE self;
+{
+    struct packet_object *pkt;
+    struct ip6_hdr *ip;
+    struct udphdr *udp;
+    GetPacket(self, pkt);
+    ip = IPV6_HDR(pkt);
+    udp = UDP_HDR(pkt);
+    unsigned short *ip_src = (void *)&ip->ip6_src.s6_addr;
+    unsigned short *ip_dst = (void *)&ip->ip6_dst.s6_addr;
+    long sum = 0;
+    unsigned short answer = 0;
+    unsigned short *temp = (unsigned short *)udp;
+    int len = ntohs(ip->ip6_plen); // length of ip data
+    unsigned short csum = ntohs(udp->uh_sum); // keep the checksum in packet
+    // pseudo header sum
+    int i = 1;
+    for (i = 0; i < 8; i++) {
+      sum += ntohs(*(ip_src));
+      sum += ntohs(*(ip_dst));
+      ip_src++;
+      ip_dst++;
+    }
+    sum += 0x11; // UDP
+    sum += len;
+    // set checksum to zero and sum
+    udp->uh_sum = 0;
+    while (len > 1){
+      sum += ntohs(*temp++);
+      len -= 2;
+    }
+    if (len)
+      sum += ntohs((unsigned short) *((unsigned char *)temp));
+    while(sum>>16)
+      sum = (sum & 0xFFFF) + (sum >> 16);
+      answer = ~sum;
+    if (answer == 0)
+      answer = ~answer;
+    udp->uh_sum = htons(csum); //restore the checkum in packet
+    if (DEBUG_CHECKSUM)
+      printf("UDP csum in packet:%d should be %d\n", csum, answer);
+    if (answer == csum)
+      return Qtrue;
+    return Qfalse;
+}
+static VALUE
+udpp_csumok(self)
+     VALUE self;
+{
+    struct packet_object *pkt;
+    struct ip *ip;
+    struct udphdr *udp;
+    GetPacket(self, pkt);
+    ip = IP_HDR(pkt);
+    udp = UDP_HDR(pkt);
+    unsigned short *ip_src = (void *)&ip->ip_src.s_addr;
+    unsigned short *ip_dst = (void *)&ip->ip_dst.s_addr;
+    long sum = 0;
+    unsigned short answer = 0;
+    unsigned short *temp = (unsigned short *)udp;
+    int len = ntohs(ip->ip_len) - ip->ip_hl*4; // length of ip data
+    int csum = ntohs(udp->uh_sum); // keep the checksum in packet
+    // pseudo header sum
+    sum += ntohs(*(ip_src++));
+    sum += ntohs(*ip_src);
+    sum += ntohs(*(ip_dst++));
+    sum += ntohs(*ip_dst);
+    sum += 17;
+    sum += len;
+    // set checksum to zero and sum
+    udp->uh_sum = 0;
+    while (len > 1){
+      sum += ntohs(*temp++);
+      len -= 2;
+    }
+    if (len)
+      sum += ntohs((unsigned short) *((unsigned char *)temp));
+    while(sum>>16)
+      sum = (sum & 0xFFFF) + (sum >> 16);
+    answer = ~sum;
+    if (answer == 0)
+      answer = ~answer;
+    udp->uh_sum = csum; //restore the checkum in packet
+    if (DEBUG_CHECKSUM)
+      printf("UDP csum in packet:%d should be %d\n", csum, answer);
+    if (answer == csum)
+      return Qtrue;
+    return Qfalse;
+}
+static VALUE
+udpp_truncated(self)
+     VALUE self;
+{
+    struct packet_object *pkt;
+    struct ip *ip;
+    struct udphdr *udp;
+    GetPacket(self, pkt);
+    ip = IP_HDR(pkt);
+    udp = UDP_HDR(pkt);
+    if IsTruncated(pkt, pkt->hdr.layer3_off, ip->ip_hl * 4 + ntohs(udp->uh_ulen))
+        return Qtrue;
+    return Qfalse;
+}
 void
 Init_udp_packet(void)
 {
@@ -85,12 +329,29 @@ Init_udp_packet(void)
     /* define class UdpPacket */
     cUDPPacket = rb_define_class_under(mPcap, "UDPPacket", cIPPacket);
+    cUDPv6Packet = rb_define_class_under(mPcap, "UDPv6Packet", cIPv6Packet);
+    /* define methods under IPv4 */
     rb_define_method(cUDPPacket, "udp_sport", udpp_sport, 0);
+    rb_define_method(cUDPPacket, "udp_sport=", udpp_sport_set, 1);
     rb_define_method(cUDPPacket, "sport", udpp_sport, 0);
+    rb_define_method(cUDPPacket, "sport=", udpp_sport_set, 1);
     rb_define_method(cUDPPacket, "udp_dport", udpp_dport, 0);
+    rb_define_method(cUDPPacket, "udp_dport=", udpp_dport_set, 1);
     rb_define_method(cUDPPacket, "dport", udpp_dport, 0);
+    rb_define_method(cUDPPacket, "dport=", udpp_dport_set, 1);
     rb_define_method(cUDPPacket, "udp_len", udpp_len, 0);
     rb_define_method(cUDPPacket, "udp_sum", udpp_sum, 0);
     rb_define_method(cUDPPacket, "udp_data", udpp_data, 0);
+    rb_define_method(cUDPPacket, "udp_csum_ok?", udpp_csumok, 0);
+    rb_define_method(cUDPPacket, "udp_truncated?", udpp_truncated, 0);
+    rb_define_method(cUDPPacket, "udp_csum_update!", udpp_csum_update, 0);
+    /* define methods under IPv6 */
+    rb_define_method(cUDPv6Packet, "udp_sport", udpp_sport, 0);
+    rb_define_method(cUDPv6Packet, "sport", udpp_sport, 0);
+    rb_define_method(cUDPv6Packet, "udp_dport", udpp_dport, 0);
+    rb_define_method(cUDPv6Packet, "dport", udpp_dport, 0);
+    rb_define_method(cUDPv6Packet, "udp_len", udpp_len, 0);
+    rb_define_method(cUDPv6Packet, "udp_sum", udpp_sum, 0);
+    rb_define_method(cUDPv6Packet, "udp_data", udpp_data, 0);
+    rb_define_method(cUDPv6Packet, "udp_csum_ok?", udpp_csumokv6, 0);
 }

data/lib/pcap/packet.rb CHANGED Viewed

@@ -7,6 +7,21 @@ module Pcap
     def inspect
       "#<#{self.class}: #{self}>"
     end
+    def src_mac_address
+      return unpack_hex_string(raw_data[6, 12])
+    end
+    def dst_mac_address
+      return unpack_hex_string(raw_data[0, 6])
+    end
+    def ethertype
+      raw_data[12, 14].unpack('n')[0]
+    end
+    def unpack_hex_string(hex)
+      hex.unpack('H2H2H2H2H2H2').join('')
+    end
   end
   class IPPacket
@@ -15,6 +30,12 @@ module Pcap
     end
   end
+  class IPv6Packet
+    def to_s
+      "#{src_s} > #{dst_s} next header #{ip_nh}"
+    end
+  end
   class TCPPacket
     def tcp_data_len
       ip_len - 4 * (ip_hlen + tcp_hlen)
@@ -33,32 +54,123 @@ module Pcap
     def to_s
       "#{src}:#{sport} > #{dst}:#{dport} #{tcp_flags_s}"
     end
+  end
-    def src_mac_address
-      return unpack_hex_string(raw_data[6, 12])
+  class UDPPacket
+    def to_s
+      "#{src}:#{sport} > #{dst}:#{dport} len #{udp_len} sum #{udp_sum}"
     end
+  end
-    def dst_mac_address
-      return unpack_hex_string(raw_data[0, 6])
+  class ICMPPacket
+    def to_s
+      "#{src} > #{dst}: icmp: #{icmp_typestr}"
     end
+  end
-    def unpack_hex_string(hex)
-      return hex.unpack('H2H2H2H2H2H2').join('')
+  class TCPv6Packet
+    def tcp_flags_s
+      return \
+  (tcp_urg? ? 'U' : '.') +
+  (tcp_ack? ? 'A' : '.') +
+  (tcp_psh? ? 'P' : '.') +
+  (tcp_rst? ? 'R' : '.') +
+  (tcp_syn? ? 'S' : '.') +
+        (tcp_fin? ? 'F' : '.')
     end
-  end
-  class UDPPacket
     def to_s
-      "#{src}:#{sport} > #{dst}:#{dport} len #{udp_len} sum #{udp_sum}"
+      "#{src_s}:#{sport} > #{dst_s}:#{dport} #{tcp_flags_s}"
     end
   end
-  class ICMPPacket
+  class UDPv6Packet
     def to_s
-      "#{src} > #{dst}: icmp: #{icmp_typestr}"
+      "#{src_s}:#{sport} > #{dst_s}:#{dport} len #{udp_len} sum #{udp_sum}"
+    end
+  end
+  # Slow protocol frames
+  class SPPacket
+    # return Slow protocol subtype: 0x01 LACP, 0x02 Marker 0x03 EFM OAM
+    def sp_subtype
+      raw_data[14].unpack('C')[0]
     end
   end
+  # LACP frames
+  class LACPPacket
+    LACP_ACTIVITY = 0x01
+    LACP_TIMEOUT = 0x02
+    LACP_AGGR = 0x04
+    LACP_SYNC = 0x08
+    LACP_COLLECTING = 0x10
+    LACP_DISTR = 0x20
+    LACP_DEFAULTED = 0x40
+    LACP_EXPIRED = 0x80
+    # return LACP Version
+    def version
+      raw_data[15].unpack('C')[0]
+    end
+    # return Actor LACP flags in human readable form
+    def actor_flags
+      parse_flags(actor_info['Actor State'])
+    end
+    # return Actor LACP flags in human readable form
+    def partner_flags
+      parse_flags(partner_info['Partner State'])
+    end
+    # return LACP Actor TLV
+    def actor_info
+      # throw error if 1st TLV is not Actor
+      raise 'error in actor TLV' if raw_data[16].unpack('C')[0] != 1
+      {
+        'Actor System Priority' => raw_data[18,19].unpack('n')[0],
+        'Actor System Id' => unpack_hex_string(raw_data[20, 26]),
+        'Actor Key' => raw_data[26,27].unpack('n')[0],
+        'Actor Port Priority' => raw_data[28,29].unpack('n')[0],
+        'Actor Port' => raw_data[30,31].unpack('n')[0],
+        'Actor State' => raw_data[32].unpack('C')[0].to_i
+      }
+    end
+    # return LACP Partner TLV
+    def partner_info
+      # throw error if 2nd TLV is not Partner
+      actor_tlv_len = raw_data[17].unpack('C')[0]
+      base = 16 + actor_tlv_len
+      raise 'error in partner TLV' if raw_data[base].unpack('C')[0] != 2
+      base += 2
+      {
+        'Partner System Priority' => raw_data[base, base + 1].unpack('n')[0],
+        'Partner System Id' => unpack_hex_string(raw_data[base + 2, base + 7]),
+        'Partner Key' => raw_data[base + 8,base + 9].unpack('n')[0],
+        'Partner Port Priority' => raw_data[base + 10,base + 11].unpack('n')[0],
+        'Partner Port' => raw_data[base + 12,base + 13].unpack('n')[0],
+        'Partner State' => raw_data[base + 14].unpack('C')[0].to_i
+      }
+    end
+    # parse LACP flags based on 802.3ad-2000
+    def parse_flags(flags)
+      {
+        'Activity' => (LACP_ACTIVITY & flags).zero? ? 'Passive' : 'Active',
+        'Timeout' => (LACP_TIMEOUT & flags).zero? ? 'Long' : 'Short',
+        'Aggregation' => (LACP_AGGR & flags).zero? ? 'Individual' : 'Aggregatable',
+        'Synchronization' => (LACP_SYNC & flags).zero? ? 'OutSync' : 'InSync',
+        'Collecting' => (LACP_COLLECTING & flags).zero? ? 'NotCollecting' : 'Collecting',
+        'Distributing' => (LACP_DISTR & flags).zero? ? 'NotDistributing' : 'Distributing',
+        'Defaulted' => (LACP_DEFAULTED & flags).zero? ? 'RecvPartner' : 'DefaultPartner',
+        'Expired' => (LACP_EXPIRED & flags).zero? ? 'NotExpired' : 'Expired'
+      }
+    end
+  end
   #
   # Backword compatibility
   #

data/ruby-pcap.gemspec CHANGED Viewed

@@ -4,12 +4,12 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 Gem::Specification.new do |gem|
   gem.name          = "ruby-pcap"
-  gem.version       = "0.7.9"
-  gem.authors       = [%q{Masaki Fukushima}, %q{Andrew Hobson}]
-  gem.email         = ["mbarczak@gmail.com"]
+  gem.version       = "0.8.0"
+  gem.authors       = [%q{Masaki Fukushima}, %q{Andrew Hobson}, %q{Marcus Barczak}]
+  gem.email         = ["opensource@vitosha-labs.bg"]
   gem.description   = %q{Ruby interface to LBL Packet Capture library. This library also includes classes to access packet header fields.}
   gem.summary       = %q{Ruby interface to LBL Packet Capture library.}
-  gem.homepage      = "https://github.com/ickymettle/ruby-pcap"
+  gem.homepage      = "https://github.com/vitoshalabs/ruby-pcap"
   gem.license       = "GPL-2.0"
   gem.files         = `git ls-files`.split($/)

metadata CHANGED Viewed

@@ -1,15 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: ruby-pcap
 version: !ruby/object:Gem::Version
-  version: 0.7.9
+  version: 0.8.0
 platform: ruby
 authors:
 - Masaki Fukushima
 - Andrew Hobson
-autorequire:
+- Marcus Barczak
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-07-20 00:00:00.000000000 Z
+date: 2022-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake-compiler
@@ -28,7 +29,7 @@ dependencies:
 description: Ruby interface to LBL Packet Capture library. This library also includes
   classes to access packet header fields.
 email:
-- mbarczak@gmail.com
+- opensource@vitosha-labs.bg
 executables: []
 extensions:
 - ext/pcap/extconf.rb
@@ -75,11 +76,15 @@ files:
 - examples/tcpdump.rb
 - examples/test.rb
 - ext/pcap/Pcap.c
+- ext/pcap/arp_packet.c
 - ext/pcap/extconf.rb
 - ext/pcap/icmp_packet.c
+- ext/pcap/icmpv6_packet.c
 - ext/pcap/ip_packet.c
+- ext/pcap/ipv6_packet.c
 - ext/pcap/packet.c
 - ext/pcap/ruby_pcap.h
+- ext/pcap/slow_protocol_packet.c
 - ext/pcap/tcp_packet.c
 - ext/pcap/udp_packet.c
 - lib/pcap/packet.rb
@@ -87,11 +92,11 @@ files:
 - lib/pcap/tcpdump_time_format.rb
 - lib/pcap_misc.rb
 - ruby-pcap.gemspec
-homepage: https://github.com/ickymettle/ruby-pcap
+homepage: https://github.com/vitoshalabs/ruby-pcap
 licenses:
 - GPL-2.0
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -106,9 +111,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.2.3
-signing_key:
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: Ruby interface to LBL Packet Capture library.
 test_files: []