148 lines
3.7 KiB
Ruby
148 lines
3.7 KiB
Ruby
|
|
# :title: PacketFu Documentation
|
|
# :main: README
|
|
|
|
cwd = File.expand_path(File.dirname(__FILE__))
|
|
|
|
$: << cwd
|
|
|
|
require File.join(cwd,"packetfu","structfu")
|
|
require "ipaddr"
|
|
require 'rubygems' if RUBY_VERSION =~ /^1\.[0-8]/
|
|
|
|
module PacketFu
|
|
|
|
# Picks up all the protocols defined in the protos subdirectory
|
|
def self.require_protos(cwd)
|
|
protos_dir = File.join(cwd, "packetfu", "protos")
|
|
Dir.new(protos_dir).each do |fname|
|
|
next unless fname[/\.rb$/]
|
|
begin
|
|
require File.join(protos_dir,fname)
|
|
rescue
|
|
warn "Warning: Could not load `#{fname}'. Skipping."
|
|
end
|
|
end
|
|
end
|
|
|
|
# Deal with Ruby's encoding by ignoring it.
|
|
def self.force_binary(str)
|
|
str.force_encoding "binary" if str.respond_to? :force_encoding
|
|
end
|
|
|
|
# Sets the expected byte order for a pcap file. See PacketFu::Read.set_byte_order
|
|
@byte_order = :little
|
|
|
|
# Checks if pcaprub is loaded correctly.
|
|
@pcaprub_loaded = false
|
|
|
|
# PacketFu works best with Pcaprub version 0.8-dev (at least)
|
|
# The current (Aug 01, 2010) pcaprub gem is 0.9, so should be fine.
|
|
def self.pcaprub_platform_require
|
|
begin
|
|
require 'pcaprub'
|
|
rescue LoadError
|
|
return false
|
|
end
|
|
@pcaprub_loaded = true
|
|
end
|
|
|
|
pcaprub_platform_require
|
|
|
|
if @pcaprub_loaded
|
|
if Pcap.version !~ /[0-9]\.[7-9][0-9]?(-dev)?/ # Regex for 0.7-dev and beyond.
|
|
@pcaprub_loaded = false # Don't bother with broken versions
|
|
raise LoadError, "PcapRub not at a minimum version of 0.8-dev"
|
|
end
|
|
require "packetfu/capture"
|
|
require "packetfu/inject"
|
|
end
|
|
|
|
# Returns the status of pcaprub
|
|
def self.pcaprub_loaded?
|
|
@pcaprub_loaded
|
|
end
|
|
|
|
# Returns an array of classes defined in PacketFu
|
|
def self.classes
|
|
constants.map { |const| const_get(const) if const_get(const).kind_of? Class}.compact
|
|
end
|
|
|
|
# Adds the class to PacketFu's list of packet classes -- used in packet parsing.
|
|
def self.add_packet_class(klass)
|
|
raise "Need a class" unless klass.kind_of? Class
|
|
if klass.name !~ /[A-Za-z0-9]Packet/
|
|
raise "Packet classes should be named 'ProtoPacket'"
|
|
end
|
|
@packet_classes ||= []
|
|
@packet_classes << klass
|
|
@packet_classes.sort! {|x,y| x.name <=> y.name}
|
|
end
|
|
|
|
# Presumably, there may be a time where you'd like to remove a packet class.
|
|
def self.remove_packet_class(klass)
|
|
raise "Need a class" unless klass.kind_of? Class
|
|
@packet_classes ||= []
|
|
@packet_classes.delete klass
|
|
@packet_classes
|
|
end
|
|
|
|
# Returns an array of packet classes
|
|
def self.packet_classes
|
|
@packet_classes || []
|
|
end
|
|
|
|
# Returns an array of packet types by packet prefix.
|
|
def self.packet_prefixes
|
|
return [] unless @packet_classes
|
|
@packet_classes.map {|p| p.to_s.split("::").last.to_s.downcase.gsub(/packet$/,"")}
|
|
end
|
|
|
|
# The current inspect style. One of :hex, :dissect, or :default
|
|
# Note that :default means Ruby's default, which is usually
|
|
# far too long to be useful.
|
|
def self.inspect_style
|
|
@inspect_style ||= :dissect
|
|
end
|
|
|
|
# Setter for PacketFu's @inspect_style
|
|
def self.inspect_style=(arg)
|
|
@inspect_style = case arg
|
|
when :hex, :pretty
|
|
:hex
|
|
when :dissect, :verbose
|
|
:dissect
|
|
when :default, :ugly
|
|
:default
|
|
else
|
|
:dissect
|
|
end
|
|
end
|
|
|
|
# Switches inspect styles in a round-robin fashion between
|
|
# :dissect, :default, and :hex
|
|
def toggle_inspect
|
|
case @inspect_style
|
|
when :hex, :pretty
|
|
@inspect_style = :dissect
|
|
when :dissect, :verbose
|
|
@inspect_style = :default
|
|
when :default, :ugly
|
|
@inspect_style = :hex
|
|
else
|
|
@inspect_style = :dissect
|
|
end
|
|
end
|
|
|
|
|
|
end
|
|
|
|
require File.join(cwd,"packetfu","version")
|
|
require File.join(cwd,"packetfu","pcap")
|
|
require File.join(cwd,"packetfu","packet")
|
|
PacketFu.require_protos(cwd)
|
|
require File.join(cwd,"packetfu","utils")
|
|
require File.join(cwd,"packetfu","config")
|
|
|
|
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|