TCP flags + bugfixes

Author: jperon

ipparse/l3/ip.moon

@@ -2,7 +2,7 @@
 :IP6, :IP4 = require"ipparse.l2.ethernet".proto
 :ip6, :ip62s, :s2ip6, :net62s, :s2net6 = require"ipparse.l3.ip6"
 :ip4, :ip42s, :s2ip4, :net42s, :s2net4 = require"ipparse.l3.ip4"
-su = string.unpack
+:sub, unpack: su = string
 
 get_version = (off) =>  -- Accepts data string; returns IP version
   su("B", @, off) >> 4
@@ -38,26 +38,24 @@ net2s = =>  -- Accepts data string; returns subnet as readable string.
 s2net = =>  -- Accepts readable string; retuns subnet as data string
   (@match":" and s2net6 or @match"%." and s2net4) @
 
-contains_subnet = (subnet) =>  -- Accepts 2 data strings; checks whether net @ contains subnet
-  return false if #@ ~= #subnet
-  nmask = su "B", @
-  smask = su "B", subnet
-  return false if nmask > smask
-  fmt, shft = "c#{nmask >> 3}", 8 - (nmask & 0x7)
-  nbytes, nbits = su fmt, @, 2
-  sbytes, sbits = su fmt, subnet, 2
-  return true if nbytes == sbytes and (nbits >> shft) == (sbits >> shft)
-  false
-
-contains_ip = (i) =>  -- Accepts 2 data strings; checks whether net @ contains ip
-  return false if #@ ~= #i+1
-  nmask = su "B", @
-  fmt, shft = "c#{nmask >> 3}", 8 - (nmask & 0x7)
+contains_ip = (i, nmask) =>  -- Accepts 2 data strings; checks whether net @ contains ip
+  if not nmask
+    return false if #@ ~= #i+1
+    nmask = su "B", @
+    return sub(@, 2) == i if nmask == 128
+  fmt, shft = "c#{nmask >> 3}B", 8 - (nmask & 0x7)
   nbytes, nbits = su fmt, @, 2
   sbytes, sbits = su fmt, i
   return true if nbytes == sbytes and (nbits >> shft) == (sbits >> shft)
   false
 
+contains_subnet = (subnet) =>  -- Accepts 2 data strings; checks whether net @ contains subnet
+  return false if #@ ~= #subnet
+  nmask, smask = su("B", @), su("B", subnet)
+  return false if nmask > smask
+  return @ == subnet if nmask == smask
+  contains_ip @, sub(subnet, 2), nmask
+
 proto =
   ICMP:   0x01
   TCP:    0x06

ipparse/l3/ip4.moon

@@ -24,8 +24,8 @@ net42s = =>  -- Accepts data string; returns IPv4 address as readable string
   format "%d.%d.%d.%d/%d", a, b, c, d, m
 
 s2net4 = =>
-  b1, b2, b3, b4, mask = @match"(%d+)%.(%d+)%.(%d+)%.(%d+)/?(%d+)"
-  sp "B BBBB", (tonumber mask or 32), tonumber(b1), tonumber(b2), tonumber(b3), tonumber(b4)
+  b1, b2, b3, b4, mask = @match"(%d+)%.(%d+)%.(%d+)%.(%d+)/?(%d*)"
+  sp "B BBBB", (tonumber(mask) or 32), tonumber(b1), tonumber(b2), tonumber(b3), tonumber(b4)
 
 
 :ip4, :ip42s, :s2ip4, :net42s, :s2net4

ipparse/l4/tcp.moon

@@ -1,7 +1,22 @@
 su = string.unpack
+unpack = table.unpack
 
-tcp: (off=0) =>
-  spt, dpt, seq_n, ack_n, data_off, flags, window, checksum, urg_ptr, _off = su ">H H I4 I4 B B H H H", @, off
-  data_off = data_off & 0xf0 >> 2
-  {:spt, :dpt, :seq_n, :ack_n, :off, :data_off, :flags, :window, :checksum, :urg_ptr}, _off
+FIN, SYN, RST, PSH, ACK, URG = unpack [ 1 << (i-1) for i = 1, 6 ]
 
+{
+  flags: {:FIN, :SYN, :RST, :PSH, :ACK, :URG}
+  tcp: (off=0) =>
+    spt, dpt, seq_n, ack_n, header_len, flags, window, checksum, urg_ptr, _off = su ">H H I4 I4 B B H H H", @, off
+    header_len = (header_len & 0xf0) >> 2
+    {
+      :spt, :dpt, :seq_n, :ack_n
+      :off, :header_len, data_off: off+header_len
+      :flags, :window, :checksum, :urg_ptr
+      urg: flags & URG ~= 0
+      ack: flags & ACK ~= 0
+      psh: flags & PSH ~= 0
+      rst: flags & RST ~= 0
+      syn: flags & SYN ~= 0
+      fin: flags & FIN ~= 0
+    }, _off
+}

ipparse/l7/dns.moon

@@ -4,7 +4,13 @@ format: sf, pack: sp, rep: sr, unpack: su = string
 :concat = table
 
 header = (off, is_tcp) =>  -- Accepts data string, offset and boolean; returns DNS header infos
-  size, off = su ">H", off if is_tcp
+  len = #@ - off
+  local size
+  if is_tcp
+    return nil, "No DNS data" if len < 2
+    size, off = su ">H", @, off
+    len -= 2
+  return nil, "No DNS data" if len < 12
   id, qr_opcode_aa_tc_rd, ra_z_rcode, qdcount, ancount, nscount, arcount, data_off = su ">H B B H H H H", @, off
   {
     :id
@@ -83,30 +89,30 @@ types = bidirectional {
 }
 
 ede_codes = {
-  "Unsupported DNSKEY Algorithm",
-  "Unsupported DS Digest Type",
-  "Stale Answer",
-  "Forged Answer",
-  "DNSSEC Indeterminate",
-  "DNSSEC Bogus",
-  "Signature Expired",
-  "Signature Not Yet Valid",
-  "DNSKEY Missing",
-  "RRSIGs Missing",
-  "No Zone Key Bit Set",
-  "NSEC Missing",
-  "Cached Error",
-  "Not Ready",
+  "Unsupported_DNSKEY_Algorithm",
+  "Unsupported_DS_Digest_Type",
+  "Stale_Answer",
+  "Forged_Answer",
+  "DNSSEC_Indeterminate",
+  "DNSSEC_Bogus",
+  "Signature_Expired",
+  "Signature_Not_Yet_Valid",
+  "DNSKEY_Missing",
+  "RRSIGs_Missing",
+  "No_Zone_Key_Bit_Set",
+  "NSEC_Missing",
+  "Cached_Error",
+  "Not_Ready",
   "Blocked",
   "Censored",
   "Filtered",
   "Prohibited",
-  "Stale NXDOMAIN Answer",
-  "Not Authoritative",
-  "Not Supported",
-  "No Reachable Authority",
-  "Network Error",
-  "Invalid Data"
+  "Stale_NXDOMAIN_Answer",
+  "Not_Authoritative",
+  "Not_Supported",
+  "No_Reachable_Authority",
+  "Network_Error",
+  "Invalid_Data"
 }
 ede_codes[0] = "Other"
 ede_codes = bidirectional ede_codes