spcap 0.0.2 → 0.0.3

data/.gitignore

@@ -15,3 +15,5 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+pcapcopy.tmp
+

data/README.md

@@ -1,6 +1,9 @@
 # Spcap
 
-TODO: Write a gem description
+Simple Pcap stream handler without native extention.
+This gem respect original interface of ruby-pcap module 
+
+[![Gem Version](https://badge.fury.io/rb/spcap.png)](http://badge.fury.io/rb/spcap)
 
 ## Installation
 

data/lib/spcap.rb

@@ -1,8 +1,14 @@
 require 'log4r'
 require 'spcap/version'
+require 'spcap/exceptions'
 require 'spcap/logger'
+require 'spcap/ipaddress'
 require 'spcap/packet'
-require 'spcap/file'
+require 'spcap/ippacket'
+require 'spcap/tcppacket'
+require 'spcap/factory'
+require 'spcap/stream'
+require 'spcap/scopy'
 
 module Spcap
   # Your code goes here...

data/lib/spcap/exceptions.rb

@@ -0,0 +1,4 @@
+module Spcap
+  class InitializeException < Exception
+  end
+end

data/lib/spcap/factory.rb

@@ -13,7 +13,10 @@ module Spcap
           return TCPPacket.new(time,raw_data,len,linklayer_header_type)
         end
       end
-      Logger.warn "Spcap::Factory only support TCP over IPv4 packet other packet are dropped"
+      
+      p = Packet.new(time,raw_data,len,linklayer_header_type)
+      Logger.warn "Spcap::Factory only support TCP over IPv4 packet other packet are dropped Packet Headher : [#{raw_data[0,16].unpack("H*").first}]"
+      return p
     end
   end
 end

data/lib/spcap/{ipadress.rb → ipaddress.rb}

@@ -6,11 +6,18 @@ module Spcap
       @address = address
     end
     
+    # Return true if two addresses are the same address.
+    def <=>(other)
+      @address <=> other.address
+    end
+
     # Return true if two addresses are the same address.
     def ==(other)
-      @address = other.adress
+      @address == other.address
     end
     
+    def eql?(other) ; self == other ; end
+    
     def hash
       @address.hash
     end
@@ -21,7 +28,7 @@ module Spcap
       to_num_s
     end
 
-    Return the value of IP address as integer.
+    # Return the value of IP address as integer.
     def to_i
       @address.unpackt("N").first
     end

data/lib/spcap/ippacket.rb

@@ -1,24 +1,19 @@
 module Spcap
   class IPPacket < Packet
-    attr_reader :src,:dst,:iph_len,:ip_len,
+    attr_reader :src,:dst,:ip_hlen,:ip_len
+    
     def initialize(time,data,len,datalink)
       super(time,data,len,datalink)
       @src = IPAddress.new(@raw_data[12,4])
       @dst = IPAddress.new(data[16,4])
-      @iph_len = @raw_data.getbyte(0) & 0x0F
+      @ip_hlen = @raw_data.getbyte(0) & 0x0F
       @ip_len = @raw_data[2,2].unpack("n").first
       
     end
     
-    
-    # Return header length. (Unit: 4 octets)
-    def ip_hlen
-      @raw_data.getbyte(0) & 0x0F
-    end
-    
     # Return data part as String.
     def ip_data
-      @raw_data[ip_hlen,self.caplen-ip_hlen]
+      @raw_data[ip_hlen*4,self.caplen-ip_hlen*4]
     end
     
     # 

data/lib/spcap/packet.rb

@@ -15,7 +15,6 @@ module Spcap
     def ip? ; self.kind_of?(IPPacket) ; end
     def tcp? ; self.kind_of?(TCPPacket) ; end
     def udp? ; self.kind_of?(UDPPacket) ; end
-    def time_i ; self.time.to_i; end
-    
+    def time_i ; self.time.to_i ; end
   end
 end

data/lib/spcap/scopy.rb

@@ -0,0 +1,50 @@
+module Spcap
+  class Scopy < Stream
+    CURRENT_OUT_FILENAME = 'pcapcopy.tmp'
+    FILENAME_EXTENTION = '.pcap'
+    def initialize(istream,opt = {})
+      @tmpname = CURRENT_OUT_FILENAME
+      @wpath = opt[:wpath] || ''
+      @prefix = opt[:prefix] || ''
+      @limit = opt[:limit] || 10000
+      @counter = 0
+      @ostream = new_file
+      super(istream)
+      packing = @unpack_16 + @unpack_16 + @unpack_32 + @unpack_32 + @unpack_32 + @unpack_32
+      @header = @magic_number + [@major_version, @minor_version, 0, 0, @snapshot_length, 
+        @linklayer_header_type].pack(packing)
+    end
+    
+    def read(size)
+      buf = @istream.read(size)
+      @ostream.write(buf)
+      return buf
+    end
+    
+    def new_file ; File.new(File.expand_path(backup_name,@wpath),"w") ; end
+    
+    def backup_name
+      @prefix + Time.now.strftime("%Y%m%d%H%M%S%6N") + FILENAME_EXTENTION
+    end
+
+    def switch_out
+      @ostream.close
+      @ostream = new_file
+      @ostream.write(@header)
+    end
+    
+    def finalize
+      @ostream.close
+    end
+    
+    def next
+      pkt = super
+      @counter += 1
+        if @counter == @limit
+          switch_out
+          @counter = 0
+        end
+      return pkt
+    end
+  end
+end

data/lib/spcap/stream.rb

@@ -0,0 +1,87 @@
+module Spcap
+  class Stream
+    # File format :
+    # File header
+    #  4 Magic number
+    #  2,2  Major version	Minor version
+    #  4  Time zone offset always set to 0
+    #  4  Time stamp accuracy always set to 0
+    #  4  Snapshot length
+    #  4  Link-layer header type
+
+    MagicNumber = ["A1B2C3D4"].pack("H*")
+
+    def initialize(istream)
+      @istream = istream
+      @magic_number = read(4)
+      if @magic_number == MagicNumber
+        @unpack_16 = "n"
+        @unpack_32 = "N"
+      else
+        @unpack_16 = "v"
+        @unpack_32 = "V"
+      end
+      @major_version, @minor_version = read16, read16
+      read(8) # flush unused  time_zone_offset_always_0, timestamp_accuracy_always_0,
+      @snapshot_length = read32
+      @linklayer_header_type = read32
+      # if header type is not ethernet raise an error !!
+      raise InitializeException, "Not PCAP ethernet stream is not supported"if @linklayer_header_type != 1
+      
+    end
+    def close
+      @istream.close
+    end
+    def read(size)
+      buf = @istream.read(size)
+      return buf
+    end
+    
+    def read16 
+      buf = read(2)
+      buf.unpack(@unpack_16).first
+    end        
+    
+    def read32 
+      buf = read(4)
+      buf.unpack(@unpack_32).first
+    end    
+    #    Packets header
+    #  4 Time stamp, seconds value
+    #  4 Time stamp, microseconds value
+    #  4 Length of captured packet data
+    #  4 Un-truncated length of the packet data
+    def each
+      until(@istream.eof?)
+        p = self.next
+        yield p unless p.nil?
+      end
+    end
+    
+    def eof? ; @istream.eof? ; end
+    
+    def next
+      time = Time.at(read32,read32)
+      caplen = read32
+      len = read32
+      # TODO : move Ethernet parsing in Packet class constructor
+      src_mac_address = read(6)
+      dst_mac_address = read(6)
+      protocol_type = read(2).unpack("n").first
+      raw_data = read(caplen-14)
+      if protocol_type == 0x0800
+        p = Factory.get_packet(time,raw_data,len,@linklayer_header_type)
+        if p.nil?
+          Logger.warn "Spcap::Factory return nil packet"
+        else
+          return p
+        end
+      else
+        # ignore non IPv4 packets
+        Logger.info "Non-IPv4 packets are ignored Protocol = #{protocol_type}"
+      end
+      return nil      
+    end
+    
+  end
+end

data/lib/spcap/tcppacket.rb

@@ -5,11 +5,16 @@ module Spcap
       super(time,data,len,datalink)
     end
     
+    def channel ; [[src,sport],[dst,dport]] ; end
+    def full_session ; channel.sort ; end
+    def session ; full_session.hash ; end    
+    def direction ; full_session == channel ; end
+    
     # Return acknowledgement number.
     def tcp_ack ; ip_data[8,4].unpack("N").first ; end
     
     # Return data part as String.
-    def tcp_data ; ip_data[tcp_off,tcp_data_len] ; end
+    def tcp_data ; ip_data[tcp_off*4,tcp_data_len] ; end
     
     # Return length of data part.
     def tcp_data_len ; ip_len - ( ip_hlen * 4 ) - (tcp_hlen * 4) ; end
@@ -34,12 +39,12 @@ module Spcap
     end
 
     # Return true if flag is set.
-    def tcp_fin? ; flags?(7) ; end
-    def tcp_syn? ; flags?(6) ; end
-    def tcp_rst? ; flags?(5) ; end
-    def tcp_psh? ; flags?(4) ; end
-    def tcp_ack? ; flags?(3) ; end
-    def tcp_urg? ; flags?(2) ; end
+    def tcp_fin? ; flag?(7) ; end
+    def tcp_syn? ; flag?(6) ; end
+    def tcp_rst? ; flag?(5) ; end
+    def tcp_psh? ; flag?(4) ; end
+    def tcp_ack? ; flag?(3) ; end
+    def tcp_urg? ; flag?(2) ; end
     
     # Return TCP data offset (header length). (Unit: 4-octets)
     def tcp_hlen ;  ( ( ip_data.getbyte(12) & 0XF0) / 16 ) ; end

data/lib/spcap/version.rb

@@ -1,3 +1,3 @@
 module Spcap
-  VERSION = "0.0.2"
+  VERSION = "0.0.3"
 end

data/test/lib/spcap/file_test.rb

@@ -1,10 +1,10 @@
 require_relative '../../test_helper'
  
-describe Spcap::File do
-  subject { Spcap::File.new(File.open('test/pcap_files/sample.pcap'))  }
+describe Spcap::Stream do
+  subject { Spcap::Stream.new(File.open('test/pcap_files/sample.pcap'))  }
   
-  it "must be a Spcap::File" do
-    subject.must_be_instance_of(Spcap::File)
+  it "must be a Spcap::Stream" do
+    subject.must_be_instance_of(Spcap::Stream)
   end
   
   it "must handle each without error" do
@@ -13,3 +13,44 @@ describe Spcap::File do
   end
 
 end
+
+describe Spcap::Scopy do
+  subject { Spcap::Scopy.new(File.open('test/pcap_files/sample.pcap'))  }
+  before do
+    @counter=0
+  end
+  it "must be a Spcap::Scopy" do
+    subject.must_be_instance_of(Spcap::Scopy)
+  end
+  
+  it "must handle each without error" do
+    subject.each{|p| @counter += 1}
+    @counter.must_equal(37)
+    subject.must_respond_to(:each)
+  end 
+end
+
+
+describe Spcap::TCPPacket do
+  
+  subject { packet = nil
+            src = Spcap::Scopy.new(File.open('test/pcap_files/sample.pcap'))  
+            packet = src.next
+            packet
+          }
+  before do
+    @src = Spcap::IPAddress.new([174,100,92,122].pack("CCCC"))
+    @sport = 45671
+    @dst = Spcap::IPAddress.new([174,100,92,106].pack("CCCC"))
+    @dport = 111  
+    @channel = [[@src,@sport],[@dst,@dport]]
+    @full_session = @channel.sort
+  end
+  it "must be a Spcap::TCPPacket" do
+    subject.must_be_instance_of(Spcap::TCPPacket)
+  end
+  
+  it "must handle full_session without error" do
+    subject.full_session.must_equal(@full_session)
+  end 
+end

data/test/test_helper.rb

@@ -2,3 +2,4 @@ require 'minitest/spec'
 require 'minitest/autorun'
 require 'minitest/pride'
 require File.expand_path('../../lib/spcap.rb', __FILE__)
+Spcap::Logger.level=Log4r::DEBUG

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spcap
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-08-23 00:00:00.000000000 Z
+date: 2013-10-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -56,16 +56,19 @@ files:
 - README.md
 - Rakefile
 - lib/spcap.rb
+- lib/spcap/exceptions.rb
 - lib/spcap/factory.rb
-- lib/spcap/file.rb
-- lib/spcap/ipadress.rb
+- lib/spcap/ipaddress.rb
 - lib/spcap/ippacket.rb
 - lib/spcap/logger.rb
 - lib/spcap/packet.rb
+- lib/spcap/scopy.rb
+- lib/spcap/stream.rb
 - lib/spcap/tcppacket.rb
 - lib/spcap/version.rb
 - spcap.gemspec
 - test/lib/spcap/file_test.rb
+- test/pcap_files/sample.pcap
 - test/test_helper.rb
 homepage: https://github.com/brodier/spcap
 licenses:
@@ -95,4 +98,5 @@ summary: Pure ruby gem without native exstension that handle pcap file produce b
   pcap library or tcpdump
 test_files:
 - test/lib/spcap/file_test.rb
+- test/pcap_files/sample.pcap
 - test/test_helper.rb

data/lib/spcap/file.rb

@@ -1,48 +0,0 @@
-module Spcap
-  class File
-    # File format :
-    # File header
-    #  4 Magic number
-    #  2,2  Major version	Minor version
-    #  4  Time zone offset always set to 0
-    #  4  Time stamp accuracy always set to 0
-    #  4  Snapshot length
-    #  4  Link-layer header type
-
-    MagicNumber = ["A1B2C3D4"].pack("H*")
-
-    def initialize(istream)
-      @istream = istream
-      magic_number = istream.read(4)
-      if magic_number == MagicNumber
-        @unpack_16 = "n"
-        @unpack_32 = "N"
-      else
-        @unpack_16 = "v"
-        @unpack_32 = "V"
-      end
-      @major_version, @minor_version = read16, read16
-      @istream.read(8) # flush unused  time_zone_offset_always_0, timestamp_accuracy_always_0,
-      @snapshot_length = read32
-      @linklayer_header_type = read32
-    end
-
-    def read16 ; @istream.read(2).unpack(@unpack_16).first ; end        
-    
-    def read32 ; @istream.read(4).unpack(@unpack_32).first ; end    
-    #    Packets header
-    #  4 Time stamp, seconds value
-    #  4 Time stamp, microseconds value
-    #  4 Length of captured packet data
-    #  4 Un-truncated length of the packet data
-    def each
-      until(@istream.eof?)
-        time = Time.at(read32,read32)
-        caplen = read32
-        len = read32
-        raw_data = @istream.read(caplen)
-        yield Packet.new(time,raw_data,len,@linklayer_header_type)
-      end
-    end
-  end
-end