Add IPv6 header support and refactor protocol handling in analyzer

Author: ydah

lib/redhound/analyzer.rb

@@ -12,20 +12,33 @@ def initialize(msg:, count:)
     end
 
     def analyze
-      ether = Header::Ether.generate(bytes: @msg.bytes[0..13], count: @count)
-      ether.dump
-      return unless ether.type.ipv4?
+      l2 = Header::Ether.generate(bytes: @msg.bytes[0..], count: @count)
+      l2.dump
+      return unless l2.supported_type?
 
-      ip = Header::Ipv4.generate(bytes: @msg.bytes[14..33])
-      ip.dump
-      if ip.protocol.udp?
-        udp = Header::Udp.generate(bytes: @msg.bytes[34..])
-        udp.dump
-      elsif ip.protocol.icmp?
-        icmp = Header::Icmp.generate(bytes: @msg.bytes[34..])
-        icmp.dump
-      else
-        puts "    └─ Unknown protocol #{ip.protocol}"
+      l3 = layer3_header(l2, l2.size)
+      l3.dump
+      unless l3.supported_protocol?
+        puts "    └─ Unsupported protocol #{l3.protocol}"
+        return
+      end
+
+      layer4_header(l3, l2.size + l3.size).dump
+    end
+
+    def layer3_header(l2, offset)
+      if l2.type.ipv4?
+        Header::Ipv4.generate(bytes: @msg.bytes[offset..])
+      elsif l2.type.ipv6?
+        Header::Ipv6.generate(bytes: @msg.bytes[offset..])
+      end
+    end
+
+    def layer4_header(l3, offset)
+      if l3.protocol.udp?
+        Header::Udp.generate(bytes: @msg.bytes[offset..])
+      elsif l3.protocol.icmp?
+        Header::Icmp.generate(bytes: @msg.bytes[offset..])
       end
     end
   end

lib/redhound/header.rb

@@ -4,5 +4,6 @@
 require_relative 'header/ethernet_protocol'
 require_relative 'header/icmp'
 require_relative 'header/ipv4'
+require_relative 'header/ipv6'
 require_relative 'header/internet_protocol'
 require_relative 'header/udp'

lib/redhound/header/ether.rb

@@ -12,12 +12,14 @@ def generate(bytes:, count:)
       end
 
       def initialize(bytes:, count:)
-        raise ArgumentError, 'bytes must be 14 bytes' unless bytes.size == 14
+        raise ArgumentError, "bytes must be #{size} bytes" unless bytes.size >= size
 
         @bytes = bytes
         @count = count
       end
 
+      def size = 14
+
       def generate
         @dhost = @bytes[0..5]
         @shost = @bytes[6..11]
@@ -41,6 +43,10 @@ def shost
         @shost.map { |b| b.to_s(16).rjust(2, '0') }.join(':')
       end
 
+      def supported_type?
+        @type.ipv4? || @type.ipv6?
+      end
+
       private
 
       def hex_type(type)

lib/redhound/header/icmp.rb

@@ -10,7 +10,7 @@ def generate(bytes:)
       end
 
       def initialize(bytes:)
-        raise ArgumentError, 'bytes must be bigger than 8 bytes' unless bytes.size >= 8
+        raise ArgumentError, "bytes must be bigger than #{size} bytes" unless bytes.size >= size
 
         @bytes = bytes
       end
@@ -30,6 +30,8 @@ def generate
         self
       end
 
+      def size = 8
+
       def dump
         puts self
       end

lib/redhound/header/ipv4.rb

@@ -12,7 +12,7 @@ def generate(bytes:)
       attr_reader :protocol
 
       def initialize(bytes:)
-        raise ArgumentError, 'bytes must be 20 bytes' unless bytes.size == 20
+        raise ArgumentError, "bytes must be #{size} bytes" unless bytes.size >= size
 
         @bytes = bytes
       end
@@ -32,6 +32,8 @@ def generate
         self
       end
 
+      def size = 20
+
       def dump
         puts self
       end
@@ -40,6 +42,10 @@ def to_s
         " └─ IPv4 Ver: #{version} IHL: #{ihl} TOS: #{@tos} Total Length: #{tot_len} ID: #{id} Offset: #{frag_off} TTL: #{@ttl} Protocol: #{@protocol} Checksum: #{check} Src: #{saddr} Dst: #{daddr}"
       end
 
+      def supported_protocol?
+        @protocol.udp? || @protocol.icmp?
+      end
+
       private
 
       def version

lib/redhound/header/ipv6.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module Redhound
+  class Header
+    class Ipv6
+      class << self
+        def generate(bytes:)
+          new(bytes:).generate
+        end
+
+        attr_reader :protocol
+
+        def initialize(bytes:)
+          raise ArgumentError, "bytes must be bigger than #{header_size} bytes" unless bytes.size >= header_size
+
+          @bytes = bytes
+        end
+
+        def size = 40
+
+        def generate
+          version_traffic_flow = @bytes[0..3].unpack('N')
+          @version = (version_traffic_flow >> 28) & 0xF
+          @traffic_class = (version_traffic_flow >> 20) & 0xFF
+          @flow_label = version_traffic_flow & 0xFFFFF
+          @payload_length = @bytes[4..5]
+          @next_header = @bytes[6]
+          @hop_limit = @bytes[7]
+          @saddr = @bytes[8..23]
+          @daddr = @bytes[24..39]
+          @protocol = InternetProtocol.new(protocol: @next_header)
+        end
+
+        def dump
+          puts self
+        end
+
+        def to_s
+          " └─ IPv6 Ver: #{version} Traffic Class: #{traffic_class} Flow Label: #{flow_label} Payload Length: #{payload_length} Next Header: #{@protocol} Hop Limit: #{hop_limit} Src: #{saddr} Dst: #{daddr}"
+        end
+
+        def supported_protocol?
+          @protocol.udp?
+        end
+
+        def payload_length
+          @payload_length.map { |b| b.to_s(16).rjust(2, '0') }.join.to_i(16)
+        end
+
+        def saddr
+          @saddr.map { |b| b.to_s(16).rjust(2, '0') }.join(':')
+        end
+
+        def daddr
+          @daddr.map { |b| b.to_s(16).rjust(2, '0') }.join(':')
+        end
+      end
+    end
+  end
+end

lib/redhound/header/udp.rb

@@ -10,7 +10,7 @@ def generate(bytes:)
       end
 
       def initialize(bytes:)
-        raise ArgumentError, 'bytes must be bigger than 8 bytes' unless bytes.size >= 8
+        raise ArgumentError, "bytes must be bigger than #{size} bytes" unless bytes.size >= size
 
         @bytes = bytes
       end
@@ -24,6 +24,8 @@ def generate
         self
       end
 
+      def size = 8
+
       def dump
         puts self
       end