Class: PcapParser::Stream

Inherits:
Object
  • Object
show all
Defined in:
lib/pcap_parser/stream.rb

Overview

Current IO stream referencing pcap file. Provides interface to read bin data from stream.

Constant Summary collapse

LittleEndian =

Little-endian byte order flag

:little_endian
BigEndian =

Big-endian byte order flag

:big_endian
PCAP_MAGIC_BE =

Big-Endians with microseconds magic number

0xa1b2c3d4
PCAP_MAGIC_LE =

Little-Endians with microseconds magic number

0xd4c3b2a1
PCAP_MAGIC_BE_NSEC =

Big-Endians with nanoseconds magic number

0xa1b23c4d
PCAP_MAGIC_LE_NSEC =

Little-Endians with nanoseconds magic number

0x4d3cb2a1

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(file) ⇒ Stream

Returns a new instance of Stream

Raises:


21
22
23
24
25
26
# File 'lib/pcap_parser/stream.rb', line 21

def initialize(file)
  @file = file
  set_magic
  raise PcapFileTooShort if @file.read(20).length < 20
  @file.pos = 4
end

Instance Attribute Details

#magicObject (readonly)

Returns the value of attribute magic


19
20
21
# File 'lib/pcap_parser/stream.rb', line 19

def magic
  @magic
end

Class Method Details

.bit_set?(byte, bit) ⇒ Boolean

Check if bit is set (equals 1) in 8bit char.


113
114
115
# File 'lib/pcap_parser/stream.rb', line 113

def self.bit_set?(byte, bit)
  byte.unpack("C").pop >> (8 - bit) & 0b1 == 1
end

Instance Method Details

#big_endian?Boolean

Is file byte order big-endian?


45
46
47
# File 'lib/pcap_parser/stream.rb', line 45

def big_endian?
  byte_order.equal? BigEndian
end

#byte_orderObject

File byte order: little-endian or big-indian


29
30
31
32
33
34
35
36
37
# File 'lib/pcap_parser/stream.rb', line 29

def byte_order
  if [PCAP_MAGIC_LE, PCAP_MAGIC_LE_NSEC].include? magic
    LittleEndian
  elsif [PCAP_MAGIC_BE, PCAP_MAGIC_BE_NSEC].include? magic
    BigEndian
  else
    raise InvalidPcapFile
  end
end

#eof?true, false

Check if end of stream.


106
107
108
# File 'lib/pcap_parser/stream.rb', line 106

def eof?
  @file.eof?
end

#int16(len = 1) ⇒ String

Read 16bit Integer template string (“v” or “n”) respecting file endianess.


62
63
64
# File 'lib/pcap_parser/stream.rb', line 62

def int16(len = 1)
  ntoh_int(16, len)
end

#int32(len = 1) ⇒ String

Read 32bit Integer template string (“V” or “N”) respecting file endianess.


70
71
72
# File 'lib/pcap_parser/stream.rb', line 70

def int32(len = 1)
  ntoh_int(32, len)
end

#little_endian?Boolean

Is file byte order little-endian?


40
41
42
# File 'lib/pcap_parser/stream.rb', line 40

def little_endian?
  byte_order.equal? LittleEndian
end

#read_char(len = 1) ⇒ Array

Read unsigned char array from binary stream.


93
94
95
# File 'lib/pcap_parser/stream.rb', line 93

def read_char(len = 1)
  @file.read(len).unpack("C*")
end

#read_int16(len = 1) ⇒ Array

Read 16bit Integer array from binary stream respecting file endianess.


78
79
80
# File 'lib/pcap_parser/stream.rb', line 78

def read_int16(len = 1)
  @file.read(len * 2).unpack int16(len)
end

#read_int32(len = 1) ⇒ Array

Read 32bit Integer array from binary stream respecting file endianess.


86
87
88
# File 'lib/pcap_parser/stream.rb', line 86

def read_int32(len = 1)
  @file.read(len * 4).unpack int32(len)
end

#read_raw(len) ⇒ String

Read raw binary string from stream.


100
101
102
# File 'lib/pcap_parser/stream.rb', line 100

def read_raw(len)
  @file.read len
end

#sec_subtObject

Seconds subtract fraction


50
51
52
53
54
55
56
# File 'lib/pcap_parser/stream.rb', line 50

def sec_subt
  if [PCAP_MAGIC_BE_NSEC, PCAP_MAGIC_LE_NSEC].include? magic
    10**-9
  else
    10**-6
  end
end