Class: PacketGen::PcapNG::File

Inherits:

Object

• Object
• PacketGen::PcapNG::File

Defined in:

lib/packetgen/pcapng/file.rb

Overview

PcapNG::File is a complete Pcap-NG file handler.

Author:

• Sylvain Daubert

Constant Summary

KNOWN_LINK_TYPES =

Known link types

{
  LINKTYPE_ETHERNET => 'Eth',
  LINKTYPE_IEEE802_11 => 'Dot11',
  LINKTYPE_IEEE802_11_RADIOTAP => 'RadioTap',
  LINKTYPE_PPI => 'PPI',
  LINKTYPE_IPV4 => 'IP',
  LINKTYPE_IPV6 => 'IPv6'
}.freeze

Instance Attribute Summary

• #sections ⇒ Array

  Get file sections.

Instance Method Summary

• #append(filename = 'out.pcapng') ⇒ Array

  Shorthand method for appending to a file.

• #array_to_file(options = {}) ⇒ Object
• #clear ⇒ void

  Clear the contents of the Pcapng::File.

• #file_to_array(options = {}) ⇒ Array<Packet>, Array<Hash>

  Translates a File into an array of packets.

• #initialize ⇒ File constructor

  A new instance of File.

• #read(str) ⇒ self

  Read a string to populate the object.

• #read!(str) ⇒ self

  Clear the contents of the Pcapng::File prior to reading in a new string.

• #read_packet_bytes(fname, &blk) ⇒ Object

  Give an array of raw packets (raw data from packets).

• #read_packets(fname, &blk) ⇒ Object

  Return an array of parsed packets.

• #readfile(fname) {|block| ... } ⇒ Integer

  Read a given file and analyze it.

• #to_file(filename, options = {}) ⇒ Array (also: #to_f)

  Writes the File to a file.

• #to_s ⇒ String

  Return the object as a String.

• #write(filename = 'out.pcapng') ⇒ Array

  Shorthand method for writing to a file.

Constructor Details

#initialize ⇒ File

Returns a new instance of File.

# File 'lib/packetgen/pcapng/file.rb', line 27

def initialize
  @sections = []
end

Instance Attribute Details

#sections ⇒ Array

Get file sections

Returns:

• (Array)

# File 'lib/packetgen/pcapng/file.rb', line 25

def sections
  @sections
end

Instance Method Details

#append(filename = 'out.pcapng') ⇒ Array

Shorthand method for appending to a file.

Parameters:

• filename (#to_s) (defaults to: 'out.pcapng')

Returns:

• (Array) —

  see return value from #to_file

# File 'lib/packetgen/pcapng/file.rb', line 210

def append(filename='out.pcapng')
  self.to_file(filename.to_s, append: true)
end

#array_to_file(ary) ⇒ self #array_to_file(options = {}) ⇒ Array

Overloads:

• #array_to_file(ary) ⇒ self

  Update PacketGen::PcapNG::File object with packets.

  Parameters:

  • ary (Array) —

    as generated by #file_to_array or Array of Packet objects. Update PacketGen::PcapNG::File object without writing file on disk

  Returns:

  • (self)
• #array_to_file(options = {}) ⇒ Array

  Update PacketGen::PcapNG::File and/or write it to a file

  Parameters:

  • options (Hash) (defaults to: {})

  Options Hash (options):

  • :filename (String) —

    file written on disk only if given

  • :array (Array) —

    can either be an array of packet data, or a hash-value pair of timestamp => data.

  • :timestamp (Time) —

    set an initial timestamp

  • :ts_inc (Integer) —

    set the increment between timestamps. Defaults to 1

  • :append (Boolean) —

    if true, append packets to the end of the file

  Returns:

  • (Array) —

    see return value from #to_file

# File 'lib/packetgen/pcapng/file.rb', line 231

def array_to_file(options={})
  case options
  when Hash
    filename = options[:filename] || options[:file]
    ary = options[:array] || options[:arr]
    unless ary.is_a? Array
      raise ArgumentError, ':array parameter needs to be an array'
    end
    ts = options[:timestamp] || options[:ts] || Time.now
    ts_inc = options[:ts_inc] || 1
    append = !options[:append].nil?
  when Array
    ary = options
    ts = Time.now
    ts_inc = 1
    filename = nil
    append = false
  else
    raise ArgumentError, 'unknown argument. Need either a Hash or Array'
  end

  section = SHB.new
  @sections << section
  itf = IDB.new(endian: section.endian)
  classify_block section, itf

  ary.each_with_index do |pkt, i|
    case pkt
    when Hash
      this_ts = pkt.keys.first.to_i
      this_cap_len = pkt.values.first.to_s.size
      this_data = pkt.values.first.to_s
    else
      this_ts = (ts + ts_inc * i).to_i
      this_cap_len = pkt.to_s.size
      this_data = pkt.to_s
    end
    this_ts = (this_ts / itf.ts_resol).to_i
    this_tsh = this_ts >> 32
    this_tsl = this_ts & 0xffffffff
    this_pkt = EPB.new(endian:       section.endian,
                       interface_id: 0,
                       tsh:          this_tsh,
                       tsl:          this_tsl,
                       cap_len:      this_cap_len,
                       orig_len:     this_cap_len,
                       data:         this_data)
    classify_block section, this_pkt
  end

  if filename
    self.to_f(filename, append: append)
  else
    self
  end
end

#clear ⇒ void

This method returns an undefined value.

Clear the contents of the Pcapng::File.

# File 'lib/packetgen/pcapng/file.rb', line 150

def clear
  @sections.clear
end

#file_to_array(options = {}) ⇒ Array<Packet>, Array<Hash>

Translates a PacketGen::PcapNG::File into an array of packets.

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :filename (String) —

  if given, object is cleared and filename is analyzed before generating array. Else, array is generated from self

• :file (String) —

  same as :filename

• :keep_timestamps (Boolean) —

  if true (default value: false), generates an array of hashes, each one with timestamp as key and packet as value. There is one hash per packet.

• :keep_ts (Boolean) —

  same as :keep_timestamp

Returns:

• (Array<Packet>, Array<Hash>)

# File 'lib/packetgen/pcapng/file.rb', line 164

def file_to_array(options={})
  filename = options[:filename] || options[:file]
  if filename
    clear
    readfile filename
  end

  ary = []
  @sections.each do |section|
    section.interfaces.each do |itf|
      if options[:keep_timestamps] || options[:keep_ts]
        ary.concat(itf.packets.map { |pkt| { pkt.timestamp => pkt.data.to_s } })
      else
        ary.concat(itf.packets.map { |pkt| pkt.data.to_s })
      end
    end
  end
  ary
end

#read(str) ⇒ self

Read a string to populate the object. Note that this appends new blocks to the Pcapng::File object.

Parameters:

• str (String)

Returns:

• (self)

# File 'lib/packetgen/pcapng/file.rb', line 35

def read(str)
  PacketGen.force_binary(str)
  io = StringIO.new(str)
  parse_section(io)
  self
end

#read!(str) ⇒ self

Clear the contents of the Pcapng::File prior to reading in a new string. This string should contain a Section Header Block and an Interface Description Block to create a conform pcapng file.

Parameters:

• str (String)

Returns:

• (self)

# File 'lib/packetgen/pcapng/file.rb', line 47

def read!(str)
  clear
  read(str)
end

#read_packet_bytes(fname) ⇒ Array #read_packet_bytes(fname) {|raw, interface's| ... } ⇒ Integer

Give an array of raw packets (raw data from packets). If a block is given, yield raw packet data from the given file.

Overloads:

• #read_packet_bytes(fname) ⇒ Array

  Returns array of packet raw data.

  Parameters:

  • fname (String) —

    pcapng file name

  Returns:

  • (Array) —

    array of packet raw data

• #read_packet_bytes(fname) {|raw, interface's| ... } ⇒ Integer

  Returns number of packets.

  Parameters:

  • fname (String) —

    pcapng file name

  Yield Parameters:

  • raw (String) —

    packet raw data

  • interface's (Integer) —

    link_type from which packet was captured

  Returns:

  • (Integer) —

    number of packets

Raises:

• (ArgumentError) —

  cannot read fname

# File 'lib/packetgen/pcapng/file.rb', line 93

def read_packet_bytes(fname, &blk)
  count = 0
  packets = [] unless blk

  readfile(fname) do |packet|
    if blk
      count += 1
      yield packet.data.to_s, packet.interface.link_type
    else
      packets << packet.data.to_s
    end
  end

  blk ? count : packets
end

#read_packets(fname) ⇒ Array<Packet> #read_packets(fname) {|packet| ... } ⇒ Integer

Return an array of parsed packets. If a block is given, yield parsed packets from the given file.

Overloads:

• #read_packets(fname) ⇒ Array<Packet>

  Parameters:

  • fname (String) —

    pcapng file name

  Returns:

  • (Array<Packet>)
• #read_packets(fname) {|packet| ... } ⇒ Integer

  Returns number of packets.

  Parameters:

  • fname (String) —

    pcapng file name

  Yield Parameters:

  • packet (Packet)

  Returns:

  • (Integer) —

    number of packets

Raises:

• (ArgumentError) —

  cannot read fname

# File 'lib/packetgen/pcapng/file.rb', line 119

def read_packets(fname, &blk)
  count = 0
  packets = [] unless blk

  read_packet_bytes(fname) do |packet, link_type|
    first_header = KNOWN_LINK_TYPES[link_type]
    parsed_pkt = if first_header.nil?
                   # unknown link type, try to guess
                   Packet.parse(packet)
                 else
                   Packet.parse(packet, first_header: first_header)
                 end
    if blk
      count += 1
      yield parsed_pkt
    else
      packets << parsed_pkt
    end
  end

  blk ? count : packets
end

#readfile(fname) {|block| ... } ⇒ Integer

Read a given file and analyze it. If given a block, it will yield PcapNG::EPB or PcapNG::SPB objects. This is the only way to get packet timestamps.

Parameters:

• fname (String) —

  pcapng file name

Yield Parameters:

• block (EPB, SPB)

Returns:

• (Integer) —

  return number of yielded blocks (only if a block is given)

Raises:

• (ArgumentError) —

  cannot read fname

# File 'lib/packetgen/pcapng/file.rb', line 59

def readfile(fname, &blk)
  unless ::File.readable?(fname)
    raise ArgumentError, "cannot read file #{fname}"
  end

  ::File.open(fname, 'rb') do |f|
    parse_section(f) until f.eof?
  end

  return unless blk

  count = 0
  @sections.each do |section|
    section.interfaces.each do |intf|
      intf.packets.each do |pkt|
        count += 1
        yield pkt
      end
    end
  end
  count
end

#to_file(filename, options = {}) ⇒ Array Also known as: to_f

Writes the PacketGen::PcapNG::File to a file.

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :append (Boolean) — default: default: +false+ —

  if set to true, the packets are appended to the file, rather than overwriting it

Returns:

• (Array) —

  array of 2 elements: filename and size written

# File 'lib/packetgen/pcapng/file.rb', line 189

def to_file(filename, options={})
  mode = if options[:append] && ::File.exist?(filename)
           'ab'
         else
           'wb'
         end
  ::File.open(filename, mode) { |f| f.write(self.to_s) }
  [filename, self.to_s.size]
end

#to_s ⇒ String

Return the object as a String

Returns:

• (String)

# File 'lib/packetgen/pcapng/file.rb', line 144

def to_s
  @sections.map(&:to_s).join
end

#write(filename = 'out.pcapng') ⇒ Array

Shorthand method for writing to a file.

Parameters:

• filename (#to_s) (defaults to: 'out.pcapng')

Returns:

• (Array) —

  see return value from #to_file

# File 'lib/packetgen/pcapng/file.rb', line 203

def write(filename='out.pcapng')
  self.to_file(filename.to_s, append: false)
end