spcap 0.0.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in spcap.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Bernard Rodier
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# Spcap
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'spcap'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install spcap
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,12 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+ 
+require 'rake/testtask'
+ 
+Rake::TestTask.new do |t|
+  t.libs << 'lib/spcap'
+  t.test_files = FileList['test/lib/spcap/*_test.rb']
+  t.verbose = true
+end
+ 
+task :default => :test

data/lib/spcap/factory.rb

@@ -0,0 +1,19 @@
+module Spcap
+# 1 	Internet Control Message Protocol 	ICMP
+# 2 	Internet Group Management Protocol 	IGMP
+# 6 	Transmission Control Protocol 	TCP
+# 17 	User Datagram Protocol 	UDP
+# 41 	IPv6 encapsulation 	ENCAP
+# 89 	Open Shortest Path First 	OSPF
+# 132 	Stream Control Transmission Protocol 	SCTP
+  class Factory
+    def self.get_packet(time,raw_data,len,linklayer_header_type)
+      if ( ( ( raw_data.getbyte(0) & 0xF0) / 16 ) == 4 )
+        if raw_data.getbyte(9) == 6 
+          return TCPPacket.new(time,raw_data,len,linklayer_header_type)
+        end
+      end
+      Logger.warn "Spcap::Factory only support TCP over IPv4 packet other packet are dropped"
+    end
+  end
+end

data/lib/spcap/file.rb

@@ -0,0 +1,48 @@
+module Spcap
+  class File
+    # File format :
+    # File header
+    #  4 Magic number
+    #  2,2  Major version	Minor version
+    #  4  Time zone offset always set to 0
+    #  4  Time stamp accuracy always set to 0
+    #  4  Snapshot length
+    #  4  Link-layer header type
+
+    MagicNumber = ["A1B2C3D4"].pack("H*")
+
+    def initialize(istream)
+      @istream = istream
+      magic_number = istream.read(4)
+      if magic_number == MagicNumber
+        @unpack_16 = "n"
+        @unpack_32 = "N"
+      else
+        @unpack_16 = "v"
+        @unpack_32 = "V"
+      end
+      @major_version, @minor_version = read16, read16
+      @istream.read(8) # flush unused  time_zone_offset_always_0, timestamp_accuracy_always_0,
+      @snapshot_length = read32
+      @linklayer_header_type = read32
+    end
+
+    def read16 ; @istream.read(2).unpack(@unpack_16).first ; end        
+    
+    def read32 ; @istream.read(4).unpack(@unpack_32).first ; end    
+    #    Packets header
+    #  4 Time stamp, seconds value
+    #  4 Time stamp, microseconds value
+    #  4 Length of captured packet data
+    #  4 Un-truncated length of the packet data
+    def each
+      until(@istream.eof?)
+        time = Time.at(read32,read32)
+        caplen = read32
+        len = read32
+        raw_data = @istream.read(caplen)
+        yield Packet.new(time,raw_data,len,@linklayer_header_type)
+      end
+    end
+  end
+end

data/lib/spcap/ipadress.rb

@@ -0,0 +1,39 @@
+module Spcap
+  class IPAddress
+    attr_reader :address
+    
+    def initialize(address)
+      @address = address
+    end
+    
+    # Return true if two addresses are the same address.
+    def ==(other)
+      @address = other.adress
+    end
+    
+    def hash
+      @address.hash
+    end
+    
+    # Return host name correspond to this address.
+    def hostname
+      # Not yet implemented
+      to_num_s
+    end
+
+    Return the value of IP address as integer.
+    def to_i
+      @address.unpackt("N").first
+    end
+    
+
+    #Return numerical string representation
+    def to_num_s
+      @address.unpack("CCCC").join('.')
+    end
+    
+    def to_s
+      to_num_s
+    end
+  end
+end

data/lib/spcap/ippacket.rb

@@ -0,0 +1,94 @@
+module Spcap
+  class IPPacket < Packet
+    attr_reader :src,:dst,:iph_len,:ip_len,
+    def initialize(time,data,len,datalink)
+      super(time,data,len,datalink)
+      @src = IPAddress.new(@raw_data[12,4])
+      @dst = IPAddress.new(data[16,4])
+      @iph_len = @raw_data.getbyte(0) & 0x0F
+      @ip_len = @raw_data[2,2].unpack("n").first
+      
+    end
+    
+    
+    # Return header length. (Unit: 4 octets)
+    def ip_hlen
+      @raw_data.getbyte(0) & 0x0F
+    end
+    
+    # Return data part as String.
+    def ip_data
+      @raw_data[ip_hlen,self.caplen-ip_hlen]
+    end
+    
+    # 
+    # Return the value of 3-bits IP flag field.
+    def ip_flags
+      @raw_data.getbyte(6) & 0xE0
+    end
+    
+    # Return true if Don't Fragment bit is set.
+    def ip_df?
+      (@raw_data.getbyte(6) & 0x40) == 0x40
+    end
+    
+    # Return true if More Fragment bit is set.
+    def ip_mf?
+      (self.raw_data.getbyte(6) & 0x20) == 0x20
+    end
+    
+    # Return destination IP address as IPAddress.
+    def ip_dst
+      @dst
+    end
+    # Return source IP address as IPAddress.
+    def ip_src
+      @src
+    end
+    
+    # Return identification.
+    def ip_id
+      @raw_data[4,4]
+    end
+    
+    # Return fragment offset.
+    def ip_off
+      @raw_data[4,4].unpack("n").first & 0xFFF
+    end
+    
+    
+    # Return the value of protocol field.
+    def ip_proto
+      @raw_data.getbyte(9)
+    end
+    
+    # Return the value of checksum field.
+    def ip_sum
+      @raw_data[10,2].unpack("n").fisrt
+    end
+
+    
+    # Return the value of TOS field.
+    def ip_tos
+      # TODO
+    end
+    
+    
+    # Return TTL.
+    def ip_ttl
+      @raw_data.getbyte(8)
+    end
+    
+    
+    # Return IP version.
+    def ip_ver
+      ( @raw_data.getbyte(0) & 0xF0 ) / 16
+    end
+    
+    # Return string representation.
+    def to_s
+      "TODO" # TODO
+    end
+    
+  end
+end

data/lib/spcap/logger.rb

@@ -0,0 +1,5 @@
+module Spcap
+  Logger = Log4r::Logger.new 'spcap_logger'
+  Logger.outputters = Log4r::Outputter.stderr
+  Logger.level=Log4r::INFO
+end

data/lib/spcap/packet.rb

@@ -0,0 +1,21 @@
+module Spcap
+  class Packet
+    attr_reader :raw_data, :caplen, :len, :time, :datalink
+    
+    def initialize(time,data,len,datalink)
+      @time = time
+      @raw_data = data
+      @caplen = data.length
+      @len = len
+      @datalink = datalink
+    end
+    
+    def size ; @len; end
+    def length ; @len; end
+    def ip? ; self.kind_of?(IPPacket) ; end
+    def tcp? ; self.kind_of?(TCPPacket) ; end
+    def udp? ; self.kind_of?(UDPPacket) ; end
+    def time_i ; self.time.to_i; end
+    
+  end
+end

data/lib/spcap/tcppacket.rb

@@ -0,0 +1,67 @@
+module Spcap
+  TCP_FLAGS  = "UAPRSF"
+  class TCPPacket < IPPacket
+    def initialize(time,data,len,datalink)
+      super(time,data,len,datalink)
+    end
+    
+    # Return acknowledgement number.
+    def tcp_ack ; ip_data[8,4].unpack("N").first ; end
+    
+    # Return data part as String.
+    def tcp_data ; ip_data[tcp_off,tcp_data_len] ; end
+    
+    # Return length of data part.
+    def tcp_data_len ; ip_len - ( ip_hlen * 4 ) - (tcp_hlen * 4) ; end
+    
+    # Return destination port number.
+    def tcp_sport ; ip_data[0,2].unpack("n").first ; end
+    def sport ; tcp_sport ; end
+
+    # Return destination port number.
+    def tcp_dport ; ip_data[2,2].unpack("n").first ; end
+    def dport ; tcp_dport ; end
+    
+    # Return the value of 6-bits flag field.
+    def tcp_flags ; ( ip_data.getbyte(13) & 0x6F ) ; end
+
+    # Return the value of 6-bits flag field as string like ".A...F".
+    def tcp_flags_s
+        ip_data[13].unpack("B*").first[2,6].
+          chars.zip(TCP_FLAGS.chars).collect { |flag,flag_s|
+            (flag == '0' ? '.' : flag_s)
+          }.join
+    end
+
+    # Return true if flag is set.
+    def tcp_fin? ; flags?(7) ; end
+    def tcp_syn? ; flags?(6) ; end
+    def tcp_rst? ; flags?(5) ; end
+    def tcp_psh? ; flags?(4) ; end
+    def tcp_ack? ; flags?(3) ; end
+    def tcp_urg? ; flags?(2) ; end
+    
+    # Return TCP data offset (header length). (Unit: 4-octets)
+    def tcp_hlen ;  ( ( ip_data.getbyte(12) & 0XF0) / 16 ) ; end
+    def tcp_off ; tcp_hlen ; end
+    
+    # Return sequence number.
+    def tcp_seq ; ( ip_data[4,4].unpack("N").first ) ; end
+
+    # Return the value of checksum field.
+    def tcp_sum ; ( ip_data[16,2].unpack("n").first ) ; end
+
+    # Return urgent pointer.
+    def tcp_urp ; ( ip_data[18,2].unpack("n").first ) ; end
+
+    # Return window size.
+    def tcp_win ; ( ip_data[14,2].unpack("n").first ) ; end
+        
+    # Return string representation.
+    def to_s ; "TODO" ; end
+
+    private 
+    def flag?(i) ; ip_data[13].unpack("B*").first[i] == '1'; end
+
+  end
+end

data/lib/spcap/version.rb

@@ -0,0 +1,3 @@
+module Spcap
+  VERSION = "0.0.1"
+end

data/lib/spcap.rb

@@ -0,0 +1,9 @@
+require 'log4r'
+require 'spcap/version'
+require 'spcap/logger'
+require 'spcap/packet'
+require 'spcap/file'
+
+module Spcap
+  # Your code goes here...
+end

data/spcap.gemspec

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'spcap/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "spcap"
+  spec.version       = Spcap::VERSION
+  spec.authors       = ["Bernard Rodier"]
+  spec.email         = ["bernard.rodier@gmail.com"]
+  spec.description   = %q{Very simple pcap file handler that is not require native extension}
+  spec.summary       = %q{Pure ruby gem without native exstension that handle pcap file produce by pcap library or tcpdump}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

data/test/lib/spcap/file_test.rb

@@ -0,0 +1,15 @@
+require_relative '../../test_helper'
+ 
+describe Spcap::File do
+  subject { Spcap::File.new(File.open('test/pcap_files/sample.pcap'))  }
+  
+  it "must be a Spcap::File" do
+    subject.must_be_instance_of(Spcap::File)
+  end
+  
+  it "must handle each without error" do
+    subject.each{|p| }
+    subject.must_respond_to(:each)
+  end
+
+end

data/test/test_helper.rb

@@ -0,0 +1,4 @@
+require 'minitest/spec'
+require 'minitest/autorun'
+require 'minitest/pride'
+require File.expand_path('../../lib/spcap.rb', __FILE__)

metadata

@@ -0,0 +1,98 @@
+--- !ruby/object:Gem::Specification
+name: spcap
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Bernard Rodier
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-08-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Very simple pcap file handler that is not require native extension
+email:
+- bernard.rodier@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/spcap.rb
+- lib/spcap/factory.rb
+- lib/spcap/file.rb
+- lib/spcap/ipadress.rb
+- lib/spcap/ippacket.rb
+- lib/spcap/logger.rb
+- lib/spcap/packet.rb
+- lib/spcap/tcppacket.rb
+- lib/spcap/version.rb
+- spcap.gemspec
+- test/lib/spcap/file_test.rb
+- test/test_helper.rb
+homepage: ''
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Pure ruby gem without native exstension that handle pcap file produce by
+  pcap library or tcpdump
+test_files:
+- test/lib/spcap/file_test.rb
+- test/test_helper.rb