Class: PacketGen::Packet

Inherits:

Object

• Object
• PacketGen::Packet

Defined in:

lib/packetgen/packet.rb

Overview

An object of type Packet handles a network packet. This packet may contain multiple protocol headers, starting from MAC layer or from Network (OSI) layer.

Creating a packet is fairly simple:

Packet.gen 'IP', src: '192.168.1.1', dst: '192.168.1.2'

Create a packet

Packets may be hand-made or parsed from a binary string:

Packet.gen('IP', src: '192.168.1.1', dst: '192.168.1.2').add('UDP', sport: 45000, dport: 23)
Packet.parse(binary_string)

Access packet information

pkt = Packet.gen('IP').add('UDP')
# read information
pkt.udp.sport
pkt.ip.ttl
# set information
pkt.udp.dport = 2323
pkt.ip.ttl = 1
pkt.ip(ttl: 1, id: 1234)

Save a packet to a file

pkt.write('file.pcapng')

Get packets

Packets may be captured from wire:

Packet.capture do |packet|
  do_some_stuffs
end
packets = Packet.capture(iface: 'eth0', max: 5)  # get 5 packets from eth0

Packets may also be read from a file:

packets = Packet.read(file.pcapng)

Save packets to a file

Packet.write 'file.pcapng', packets

Author:

• Sylvain Daubert

Instance Attribute Summary

• #cache_headers ⇒ Boolean

  Activaye or deactivate header cache (activated by default).

• #headers ⇒ Array<Header::Base> readonly

  Get packet headers, ordered as they appear in the packet.

Class Method Summary

• .capture(**kwargs) {|packet, timestamp| ... } ⇒ Array<Packet>

  Capture packets from wire.

• .gen(protocol, options = {}) ⇒ Packet

  Create a new Packet.

• .parse(binary_str, first_header: nil) ⇒ Packet

  Parse a binary string and generate a Packet from it.

• .read(filename) ⇒ Array<Packet>

  Read packets from filename.

• .write(filename, packets) ⇒ void

  Write packets to filename.

Instance Method Summary

• #==(other) ⇒ Boolean
• #===(other) ⇒ Boolean
• #add(protocol, options = {}) ⇒ self

  Add a protocol header in packet.

• #body ⇒ Types

  Get packet body.

• #body=(str) ⇒ void

  Set packet body.

• #calc ⇒ void

  Recalculate all calculatable fields (for now: length and checksum).

• #calc_checksum ⇒ void

  Recalculate all packet checksums.

• #calc_length ⇒ void

  Recalculate all packet length fields.

• #decapsulate(*hdrs) ⇒ self

  Remove headers from self.

• #encapsulate(other, parsing: false) ⇒ self

  Encapulate another packet in self.

• #initialize ⇒ Packet constructor

  A new instance of Packet.

• #insert(prev, protocol, options = {}) ⇒ self

  Insert a header in packet.

• #inspect ⇒ String

  Get packet as a pretty formatted string.

• #is?(protocol) ⇒ Boolean

  Check if a protocol header is embedded in packet.

• #parse(binary_str, first_header: nil) ⇒ Packet

  Parse a binary string and populate Packet from it.

• #reply ⇒ Packet

  Forge a new packet from current one with all possible fields inverted.

• #reply! ⇒ self

  Invert all possible fields in packet to create a reply.

• #to_f(filename) ⇒ Array (also: #write)

  Write packet to a PCapNG file on disk.

• #to_s ⇒ String

  Get binary string (i.e. binary string sent on or received from network).

• #to_w(iface = nil, calc: true, number: 1, interval: 1) ⇒ void

  Send packet on wire.

Constructor Details

#initialize ⇒ Packet

Returns a new instance of Packet.

# File 'lib/packetgen/packet.rb', line 128

def initialize
  @headers = []
  @header_cache = {}
  @cache_headers = true
end

Instance Attribute Details

#cache_headers ⇒ Boolean

Activaye or deactivate header cache (activated by default)

Returns:

• (Boolean)

# File 'lib/packetgen/packet.rb', line 57

def cache_headers
  @cache_headers
end

#headers ⇒ Array<Header::Base> (readonly)

Get packet headers, ordered as they appear in the packet.

Returns:

• (Array<Header::Base>)

# File 'lib/packetgen/packet.rb', line 54

def headers
  @headers
end

Class Method Details

.capture(**kwargs) {|packet, timestamp| ... } ⇒ Array<Packet>

Capture packets from wire. Same arguments as Capture#initialize

Yield Parameters:

• packet (Packet, String) —

  if a block is given, yield each captured packet (Packet or raw data String, depending on :parse option)

• timestamp (Time) —

  packet timestamp

Returns:

• (Array<Packet>) —

  captured packet

See Also:

• Capture#initialize

Since:

• 3.3.0 add packet timestamp as second yield parameter

# File 'lib/packetgen/packet.rb', line 88

def self.capture(**kwargs, &block)
  capture = Capture.new(**kwargs)
  if block
    capture.start(&block)
  else
    capture.start
  end
  capture.packets
end

.gen(protocol, options = {}) ⇒ Packet

Create a new Packet

Parameters:

• protocol (String) —

  base protocol for packet

• options (Hash) (defaults to: {}) —

  specific options for protocol

Returns:

• (Packet)

# File 'lib/packetgen/packet.rb', line 63

def self.gen(protocol, options={})
  self.new.add protocol, options
end

.parse(binary_str, first_header: nil) ⇒ Packet

Parse a binary string and generate a Packet from it.

# auto-detect first header
Packet.parse str
# force decoding a Ethernet header for first header
Packet.parse str, first_header: 'Eth'

Parameters:

• binary_str (String)
• first_header (String, nil) (defaults to: nil) —

  First protocol header. nil means discover it!

Returns:

• (Packet)

Raises:

• (ArgumentError) —

  first_header is an unknown header

# File 'lib/packetgen/packet.rb', line 76

def self.parse(binary_str, first_header: nil)
  new.parse binary_str, first_header: first_header
end

.read(filename) ⇒ Array<Packet>

Read packets from filename. May read Pcap and Pcap-NG formats.

For more control (on Pcap-ng only), see PacketGen::PcapNG::File.

Parameters:

• filename (String) —

  PcapNG or Pcap file.

Returns:

• (Array<Packet>)

Raises:

• (ArgumentError) —

  unknown file format

Author:

• Sylvain Daubert

• Kent Gruber - Pcap format

Since:

• 2.0.0 Also read Pcap format.

# File 'lib/packetgen/packet.rb', line 107

def self.read(filename)
  PcapNG::File.new.read_packets(filename)
rescue StandardError => e
  raise ArgumentError, e unless File.extname(filename.downcase) == '.pcap'

  Pcap.read(filename)
end

.write(filename, packets) ⇒ void

This method returns an undefined value.

Write packets to filename

For more options, see PacketGen::PcapNG::File.

Parameters:

• filename (String)
• packets (Array<Packet>) —

  packets to write

# File 'lib/packetgen/packet.rb', line 121

def self.write(filename, packets)
  pf = PcapNG::File.new
  pf.array_to_file packets
  pf.to_f filename
end

Instance Method Details

#==(other) ⇒ Boolean

Parameters:

• other (Packet)

Returns:

• (Boolean)

# File 'lib/packetgen/packet.rb', line 322

def ==(other)
  to_s == other.to_s
end

#===(other) ⇒ Boolean

Parameters:

• other (Packet)

Returns:

• (Boolean)

Since:

• 3.1.2

# File 'lib/packetgen/packet.rb', line 329

def ===(other)
  case other
  when PacketGen::Packet
    self == other
  when String
    is? other
  else
    false
  end
end

#add(protocol, options = {}) ⇒ self

Add a protocol header in packet.

Parameters:

• protocol (String)
• options (Hash) (defaults to: {}) —

  protocol specific options

Returns:

• (self)

Raises:

• (BindingError) —

  unknown protocol

# File 'lib/packetgen/packet.rb', line 139

def add(protocol, options={})
  klass = check_protocol(protocol)

  # options[:packet]= self is speedier than options.merge(packet: self)
  options[:packet] = self
  header = klass.new(options)
  add_header header
  self
end

#body ⇒ Types

Get packet body

Returns:

• (Types)

# File 'lib/packetgen/packet.rb', line 205

def body
  last_header[:body] if last_header.respond_to? :body
end

#body=(str) ⇒ void

This method returns an undefined value.

Set packet body

Parameters:

• str (String)

# File 'lib/packetgen/packet.rb', line 212

def body=(str)
  last_header.body = str
end

#calc ⇒ void

This method returns an undefined value.

Recalculate all calculatable fields (for now: length and checksum)

# File 'lib/packetgen/packet.rb', line 198

def calc
  calc_length
  calc_checksum
end

#calc_checksum ⇒ void

This method returns an undefined value.

Recalculate all packet checksums

# File 'lib/packetgen/packet.rb', line 182

def calc_checksum
  headers.reverse_each do |header|
    header.calc_checksum if header.respond_to? :calc_checksum
  end
end

#calc_length ⇒ void

This method returns an undefined value.

Recalculate all packet length fields

# File 'lib/packetgen/packet.rb', line 190

def calc_length
  headers.reverse_each do |header|
    header.calc_length if header.respond_to? :calc_length
  end
end

#decapsulate(*hdrs) ⇒ self

Remove headers from self

Parameters:

• hdrs (Array<Header>)

Returns:

• (self) —

  self with some headers removed

Raises:

• (FormatError) —

  any headers not in self

• (BindingError) —

  removed headers result in an unknown binding

Since:

• 1.1.0

# File 'lib/packetgen/packet.rb', line 275

def decapsulate(*hdrs)
  hdrs.each do |hdr|
    prev_hdr = previous_header(hdr)
    next_hdr = next_header(hdr)
    headers.delete(hdr)
    add_header(next_hdr, previous_header: prev_hdr) if prev_hdr && next_hdr
  end
  invalidate_header_cache
rescue ArgumentError => e
  raise FormatError, e.message
end

#encapsulate(other, parsing: false) ⇒ self

Encapulate another packet in self

Parameters:

• other (Packet)
• parsing (Boolean) (defaults to: false) —

  set to true to not update last current header field from binding with first other’s one. Use only when current header field has its value set accordingly.

Returns:

• (self) —

  self with new headers from other

Raises:

• (BindingError) —

  do not known how to encapsulate

Since:

• 1.1.0

# File 'lib/packetgen/packet.rb', line 263

def encapsulate(other, parsing: false)
  other.headers.each_with_index do |h, i|
    add_header h, parsing: i.positive? || parsing
  end
end

#insert(prev, protocol, options = {}) ⇒ self

Insert a header in packet

Parameters:

• prev (Header) —

  header after which insert new one

• protocol (String) —

  protocol to insert

• options (Hash) (defaults to: {}) —

  protocol specific options

Returns:

• (self)

Raises:

• (BindingError) —

  unknown protocol

# File 'lib/packetgen/packet.rb', line 155

def insert(prev, protocol, options={})
  klass = check_protocol(protocol)

  nxt = prev.body
  # options[:packet]= self is speedier than options.merge(packet: self)
  options[:packet] = self
  header = klass.new(options)
  add_header header, previous_header: prev
  idx = headers.index(prev) + 1
  headers[idx, 0] = header
  header[:body] = nxt
  self
end

#inspect ⇒ String

Get packet as a pretty formatted string.

Returns:

• (String)

# File 'lib/packetgen/packet.rb', line 312

def inspect
  str = Inspect.dashed_line(self.class)
  headers.each do |header|
    str << header.inspect
  end
  str << Inspect.inspect_body(body)
end

#is?(protocol) ⇒ Boolean

Check if a protocol header is embedded in packet.

pkt = PacketGen.gen('IP').add('UDP')
pkt.is?('IP')   #=> true
pkt.is?('TCP')  #=> false

Returns:

• (Boolean)

Raises:

• (ArgumentError) —

  unknown protocol

# File 'lib/packetgen/packet.rb', line 175

def is?(protocol)
  klass = check_protocol protocol
  headers.any?(klass)
end

#parse(binary_str, first_header: nil) ⇒ Packet

Parse a binary string and populate Packet from it.

Parameters:

• binary_str (String)
• first_header (String, nil) (defaults to: nil) —

  First protocol header. nil means discover it!

Returns:

• (Packet) —

  self

Raises:

• (ParseError) —

  first_header is an unknown header

• (BindingError) —

  unknwon binding between some headers

# File 'lib/packetgen/packet.rb', line 293

def parse(binary_str, first_header: nil)
  headers.clear

  if first_header.nil?
    # No decoding forced for first header. Have to guess it!
    first_header = guess_first_header(binary_str)
    raise ParseError, "cannot identify first header in string: #{binary_str.inspect}" if first_header.nil?
  end

  add first_header
  headers[-1, 1] = last_header.read(binary_str)

  # Decode upper headers recursively
  decode_bottom_up
  self
end

#reply ⇒ Packet

Forge a new packet from current one with all possible fields inverted. The new packet may be a reply to current one.

Returns:

• (Packet)

Since:

• 2.7.0

# File 'lib/packetgen/packet.rb', line 354

def reply
  pkt = dup
  pkt.reply!
end

#reply! ⇒ self

Invert all possible fields in packet to create a reply.

Returns:

• (self)

Since:

• 2.7.0

# File 'lib/packetgen/packet.rb', line 343

def reply!
  headers.each do |header|
    header.reply! if header.respond_to?(:reply!)
  end
  self
end

#to_f(filename) ⇒ Array Also known as: write

Write packet to a PCapNG file on disk.

Parameters:

• filename (String)

Returns:

• (Array) —

  see return from PacketGen::PcapNG::File#to_file

See Also:

• File

# File 'lib/packetgen/packet.rb', line 226

def to_f(filename)
  PcapNG::File.new.read_array([self]).to_f(filename)
end

#to_s ⇒ String

Get binary string (i.e. binary string sent on or received from network).

Returns:

• (String)

# File 'lib/packetgen/packet.rb', line 218

def to_s
  first_header.to_s
end

#to_w(iface = nil, calc: true, number: 1, interval: 1) ⇒ void

This method returns an undefined value.

Send packet on wire. Use first header #to_w method.

Parameters:

• iface (String) (defaults to: nil) —

  interface name. Default to first non-loopback interface

• calc (Boolean) (defaults to: true) —

  if true, call #calc on packet before sending it.

• number (Integer) (defaults to: 1) —

  number of times to send the packets

• interval (Integer, Float) (defaults to: 1) —

  time, in seconds, between sending 2 packets

Since:

• 2.1.4 add ‘calc`, `number` and `interval` parameters

• 3.0.0 calc defaults to true

# File 'lib/packetgen/packet.rb', line 239

def to_w(iface=nil, calc: true, number: 1, interval: 1)
  iface ||= PacketGen.default_iface

  if first_header.respond_to? :to_w
    self.calc if calc

    number.times do
      first_header.to_w(iface)
      sleep interval if number > 1
    end
  else
    type = first_header.protocol_name
    raise WireError, "don't known how to send a #{type} packet on wire"
  end
end