Class: ReassembleTcp::PacketStream

Inherits:

Object

Object
ReassembleTcp::PacketStream

show all

Defined in:: lib/reassemble_tcp/packet_stream.rb

Overview

packet stream for the same direction and sequence(or acknowledge) number

Instance Attribute Summary collapse

#direction ⇒ Object readonly

Returns the value of attribute direction.
#pkts ⇒ Object readonly

Returns the value of attribute pkts.
#range ⇒ Object readonly

Returns the value of attribute range.
#seq_ack_num ⇒ Object readonly

Returns the value of attribute seq_ack_num.

Instance Method Summary collapse

#append(direction, pkt) ⇒ Array<PacketFu::Packet> (also: #<<)
#data ⇒ String

reassemble tcp stream data.
#initialize(direction, pkt) ⇒ PacketStream constructor

A new instance of PacketStream.
#last_timestamp ⇒ Float

Unix time value.
#match?(direction, pkt) ⇒ Boolean

Constructor Details

#initialize(direction, pkt) ⇒ `PacketStream`

Returns a new instance of PacketStream.

Parameters:

direction (Symbol) —

:send or :recv
pkt (PacketFu::Packet) —

packet

# File 'lib/reassemble_tcp/packet_stream.rb', line 9

def initialize(direction, pkt)
  case direction
  when :send
    @seq_ack_num = pkt.tcp_seq.to_i
  when :recv
    @seq_ack_num = pkt.tcp_ack.to_i
  else
    raise ArgumentError, "direction should be :send or :recv"
  end
  @direction = direction
  @range = pkt.timestamp..pkt.timestamp
  @pkts = [pkt]
end

Instance Attribute Details

#direction ⇒ `Object` (readonly)

Returns the value of attribute direction.



5
6
7

# File 'lib/reassemble_tcp/packet_stream.rb', line 5

def direction
  @direction
end

#pkts ⇒ `Object` (readonly)

Returns the value of attribute pkts.



5
6
7

# File 'lib/reassemble_tcp/packet_stream.rb', line 5

def pkts
  @pkts
end

#range ⇒ `Object` (readonly)

Returns the value of attribute range.



5
6
7

# File 'lib/reassemble_tcp/packet_stream.rb', line 5

def range
  @range
end

#seq_ack_num ⇒ `Object` (readonly)

Returns the value of attribute seq_ack_num.



5
6
7

# File 'lib/reassemble_tcp/packet_stream.rb', line 5

def seq_ack_num
  @seq_ack_num
end

Instance Method Details

#append(direction, pkt) ⇒ `Array<PacketFu::Packet>` Also known as: <<

Parameters:

direction (Symbol) —

:send or :recv
pkt (PacketFu::Packet) —

packet

Returns:

(Array<PacketFu::Packet>)

Raises:

(ArgumentError)

# File 'lib/reassemble_tcp/packet_stream.rb', line 26

def append(direction, pkt)
  raise ArgumentError unless match?(direction, pkt)
  @pkts << pkt
  @range = Range.new(*[@range.begin, @range.end, pkt.timestamp].minmax)
  @pkts
end

#data ⇒ `String`

reassemble tcp stream data

Returns:

(String) —

reassembled data

# File 'lib/reassemble_tcp/packet_stream.rb', line 49

def data
  pkts = @pkts.sort_by!{|pk| pk.timestamp }
  pkts.map{|pkt| pkt.payload }.select{|pay| pay !~ /\A\0+\Z/}.compact.join
end

#last_timestamp ⇒ `Float`

Returns unix time value.

Returns:

(Float) —

unix time value



35
36
37

# File 'lib/reassemble_tcp/packet_stream.rb', line 35

def last_timestamp
  @range.last
end

#match?(direction, pkt) ⇒ `Boolean`

Parameters:

direction (Symbol) —

:send or :recv
pkt (PacketFu::Packet) —

packet

Returns:

(Boolean)

# File 'lib/reassemble_tcp/packet_stream.rb', line 42

def match?(direction, pkt)
  num = (direction == :send) ?  pkt.tcp_seq.to_i : pkt.tcp_ack.to_i
  @direction == direction && @seq_ack_num == num
end

Class: ReassembleTcp::PacketStream

Overview

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(direction, pkt) ⇒ PacketStream

Instance Attribute Details

#direction ⇒ Object (readonly)

#pkts ⇒ Object (readonly)

#range ⇒ Object (readonly)

#seq_ack_num ⇒ Object (readonly)

Instance Method Details

#append(direction, pkt) ⇒ Array<PacketFu::Packet> Also known as: <<

#data ⇒ String

#last_timestamp ⇒ Float

#match?(direction, pkt) ⇒ Boolean

#initialize(direction, pkt) ⇒ `PacketStream`

#direction ⇒ `Object` (readonly)

#pkts ⇒ `Object` (readonly)

#range ⇒ `Object` (readonly)

#seq_ack_num ⇒ `Object` (readonly)

#append(direction, pkt) ⇒ `Array<PacketFu::Packet>` Also known as: <<

#data ⇒ `String`

#last_timestamp ⇒ `Float`

#match?(direction, pkt) ⇒ `Boolean`