blackfoundry-pcap 0.1

data/ext/ruby_pcap.h

@@ -0,0 +1,133 @@
+/*
+ *  ruby_pcap.h
+ *
+ *  $Id: ruby_pcap.h,v 1.4 2000/08/13 06:56:15 fukusima Exp $
+ *
+ *  Copyright (C) 1998-2000  Masaki Fukushima
+ */
+
+#ifndef RUBY_PCAP_H
+#define RUBY_PCAP_H
+
+#include "ruby.h"
+#include <pcap.h>
+#include <stdio.h>
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#include <arpa/inet.h>
+#ifndef IP_OFFMASK
+# define IP_OFFMASK 0x1fff
+#endif
+#ifdef linux
+# define __FAVOR_BSD
+#endif
+#include <netinet/tcp.h>
+#include <netinet/udp.h>
+#include <netinet/ip_icmp.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+#ifdef DEBUG
+# define DEBUG_PRINT(x) \
+    ((RTEST(ruby_debug) && RTEST(ruby_verbose))?\
+    (fprintf(stderr, "%s\n", x),fflush(stderr)) : 0)
+#else
+# define DEBUG_PRINT(x) (0)
+#endif
+
+#define UINT32_2_NUM(i) rb_uint2inum(i)
+#ifndef UINT2NUM
+# define UINT2NUM(i) rb_uint2inum(i)
+#endif
+#define MIN(x, y)	((x)<(y) ? (x) : (y))
+
+
+#define PACKET_MARSHAL_VERSION	1
+
+/* ruby config.h defines WORDS_BIGENDIAN if big-endian */
+struct packet_object_header {
+#ifdef WORDS_BIGENDIAN
+    u_char version:4;		/* marshal format version	*/
+    u_char flags:4;		/* flags			*/
+#else
+    u_char flags:4;		/* flags			*/
+    u_char version:4;		/* marshal format version	*/
+#endif
+#define POH_UDATA 0x01		/* flag: user data exists	*/
+#define POH_RSVD1 0x02		/*       (reserved)		*/
+#define POH_RSVD2 0x03		/*       (reserved)		*/
+#define POH_RSVD3 0x04		/*       (reserved)		*/
+    u_char dl_type;		/* data-link type (DLT_*)	*/
+    u_short layer3_off;		/* layer 3 header offset	*/
+    u_short layer4_off;		/* layer 4 header offset	*/
+    u_short layer5_off;		/* layer 5 header offset	*/
+#define OFF_NONEXIST 0xffff	/* offset value for non-existent layer	*/
+    struct pcap_pkthdr pkthdr;	/* pcap packet header		*/
+};
+
+struct packet_object {
+    struct packet_object_header hdr;	/* packet object header	*/
+    u_char *data;			/* packet data		*/
+    VALUE udata;			/* user data		*/
+};
+
+#define PKTFLAG_TEST(pkt, flag) ((pkt)->hdr.flags & (flag))
+#define PKTFLAG_SET(pkt, flag, val) \
+    ((val) ? ((pkt)->hdr.flags |= (flag)) : ((pkt)->hdr.flags &= ~(flag)))
+
+#define LAYER2_HDR(pkt)	((pkt)->data)
+#define LAYER3_HDR(pkt)	((pkt)->data + (pkt)->hdr.layer3_off)
+#define LAYER4_HDR(pkt)	((pkt)->data + (pkt)->hdr.layer4_off)
+#define LAYER5_HDR(pkt)	((pkt)->data + (pkt)->hdr.layer5_off)
+
+#define GetPacket(obj, pkt) Data_Get_Struct(obj, struct packet_object, pkt)
+#define Caplen(pkt, from) ((pkt)->hdr.pkthdr.caplen - (from))
+#define CheckTruncate(pkt, from, need, emsg) (\
+    (from) + (need) > (pkt)->hdr.pkthdr.caplen ? \
+        rb_raise(eTruncatedPacket, (emsg)) : 0 \
+)
+
+#define IsKindOf(v, class) RTEST(rb_obj_is_kind_of(v, class))
+#define CheckClass(v, class) ((IsKindOf(v, class)) ? 0 :\
+    rb_raise(rb_eTypeError, "wrong type %s (expected %s)",\
+        rb_class2name(CLASS_OF(v)), rb_class2name(class)))
+
+
+/* Pcap.c */
+extern VALUE mPcap, rbpcap_convert;
+extern VALUE ePcapError;
+extern VALUE eTruncatedPacket;
+extern VALUE cFilter;
+void Init_pcap(void);
+VALUE filter_match(VALUE self, VALUE v_pkt);
+
+/* packet.c */
+extern VALUE cPacket;
+void Init_packet(void);
+VALUE new_packet(const u_char *, const struct pcap_pkthdr *, int);
+
+/* ip_packet.c */
+#define IP_HDR(pkt)	((struct ip *)LAYER3_HDR(pkt))
+#define IP_DATA(pkt)	((u_char *)LAYER4_HDR(pkt))
+extern VALUE cIPPacket;
+void Init_ip_packet(void);
+VALUE setup_ip_packet(struct packet_object *, int);
+VALUE new_ipaddr(struct in_addr *);
+
+/* tcp_packet.c */
+extern VALUE cTCPPacket;
+void Init_tcp_packet(void);
+VALUE setup_tcp_packet(struct packet_object *, int);
+
+/* udp_packet.c */
+extern VALUE cUDPPacket;
+void Init_udp_packet(void);
+VALUE setup_udp_packet(struct packet_object *, int);
+
+/* icmp_packet.c */
+extern VALUE cICMPPacket;
+void Init_icmp_packet(void);
+VALUE setup_icmp_packet(struct packet_object *, int);
+
+#endif /* RUBY_PCAP_H */

data/ext/tcp_packet.c

@@ -0,0 +1,121 @@
+/*
+ *  tcp_packet.c
+ *
+ *  $Id: tcp_packet.c,v 1.1.1.1 1999/10/27 09:54:38 fukusima Exp $
+ *
+ *  Copyright (C) 1998, 1999  Masaki Fukushima
+ */
+
+#include "ruby_pcap.h"
+#include <limits.h>
+
+#define TCP_HDR(pkt)	((struct tcphdr *)LAYER4_HDR(pkt))
+#define TCP_DATA(pkt)	((u_char *)LAYER5_HDR(pkt))
+#define TCP_DATALEN(pkt) (ntohs(IP_HDR(pkt)->ip_len) - \
+    (IP_HDR(pkt)->ip_hl + TCP_HDR(pkt)->th_off) * 4)
+
+VALUE cTCPPacket;
+
+#define CheckTruncateTcp(pkt, need) \
+    CheckTruncate(pkt, pkt->hdr.layer4_off, need, "truncated TCP")
+
+VALUE
+setup_tcp_packet(pkt, tl_len)
+     struct packet_object *pkt;
+     int tl_len;
+{
+    VALUE class;
+
+    DEBUG_PRINT("setup_tcp_packet");
+
+    class = cTCPPacket;
+    if (tl_len > 20) {
+	int hl = TCP_HDR(pkt)->th_off * 4;
+	int layer5_len = tl_len - hl;
+	if (layer5_len > 0) {
+	    pkt->hdr.layer5_off = pkt->hdr.layer4_off + hl;
+	    /* upper layer */
+	}
+    }
+    return class;
+}
+
+#define TCPP_METHOD(func, need, val) \
+static VALUE\
+(func)(self)\
+     VALUE self;\
+{\
+    struct packet_object *pkt;\
+    struct tcphdr *tcp;\
+    DEBUG_PRINT(#func);\
+    GetPacket(self, pkt);\
+    CheckTruncateTcp(pkt, (need));\
+    tcp = TCP_HDR(pkt);\
+    return (val);\
+}
+
+TCPP_METHOD(tcpp_sport,   2, INT2FIX(ntohs(tcp->th_sport)))
+TCPP_METHOD(tcpp_dport,   4, INT2FIX(ntohs(tcp->th_dport)))
+TCPP_METHOD(tcpp_seq,     8, UINT32_2_NUM(ntohl(tcp->th_seq)))
+TCPP_METHOD(tcpp_acknum, 12, UINT32_2_NUM(ntohl(tcp->th_ack)))
+TCPP_METHOD(tcpp_off,    13, INT2FIX(tcp->th_off))
+TCPP_METHOD(tcpp_flags,  14, INT2FIX(tcp->th_flags))
+TCPP_METHOD(tcpp_win,    16, INT2FIX(ntohs(tcp->th_win)))
+TCPP_METHOD(tcpp_sum,    18, INT2FIX(ntohs(tcp->th_sum)))
+TCPP_METHOD(tcpp_urp,    20, INT2FIX(ntohs(tcp->th_urp)))
+
+#define TCPP_FLAG(func, flag) \
+    TCPP_METHOD(func, 14, (tcp->th_flags & flag) ? Qtrue : Qfalse)
+TCPP_FLAG(tcpp_fin, TH_FIN)
+TCPP_FLAG(tcpp_syn, TH_SYN)
+TCPP_FLAG(tcpp_rst, TH_RST)
+TCPP_FLAG(tcpp_psh, TH_PUSH)
+TCPP_FLAG(tcpp_ack, TH_ACK)
+TCPP_FLAG(tcpp_urg, TH_URG)
+
+static VALUE
+tcpp_data(self)
+     VALUE self;
+{
+    struct packet_object *pkt;
+    VALUE v_len;
+    int len;
+
+    DEBUG_PRINT("tcpp_data");
+    GetPacket(self, pkt);
+
+    if (pkt->hdr.layer5_off == OFF_NONEXIST) return Qnil;
+
+    len = MIN(Caplen(pkt, pkt->hdr.layer5_off), TCP_DATALEN(pkt));
+    if (len < 1) return Qnil;
+    return rb_str_new(TCP_DATA(pkt), len);
+}
+
+void
+Init_tcp_packet(void)
+{
+    DEBUG_PRINT("Init_tcp_packet");
+
+    /* define class TcpPacket */
+    cTCPPacket = rb_define_class_under(mPcap, "TCPPacket", cIPPacket);
+
+    rb_define_method(cTCPPacket, "tcp_sport", tcpp_sport, 0);
+    rb_define_method(cTCPPacket, "sport", tcpp_sport, 0);
+    rb_define_method(cTCPPacket, "tcp_dport", tcpp_dport, 0);
+    rb_define_method(cTCPPacket, "dport", tcpp_dport, 0);
+    rb_define_method(cTCPPacket, "tcp_seq", tcpp_seq, 0);
+    rb_define_method(cTCPPacket, "tcp_ack", tcpp_acknum, 0);
+    rb_define_method(cTCPPacket, "tcp_off", tcpp_off, 0);
+    rb_define_method(cTCPPacket, "tcp_hlen", tcpp_off, 0);
+    rb_define_method(cTCPPacket, "tcp_flags", tcpp_flags, 0);
+    rb_define_method(cTCPPacket, "tcp_win", tcpp_win, 0);
+    rb_define_method(cTCPPacket, "tcp_sum", tcpp_sum, 0);
+    rb_define_method(cTCPPacket, "tcp_urp", tcpp_urp, 0);
+    rb_define_method(cTCPPacket, "tcp_fin?", tcpp_fin, 0);
+    rb_define_method(cTCPPacket, "tcp_syn?", tcpp_syn, 0);
+    rb_define_method(cTCPPacket, "tcp_rst?", tcpp_rst, 0);
+    rb_define_method(cTCPPacket, "tcp_psh?", tcpp_psh, 0);
+    rb_define_method(cTCPPacket, "tcp_ack?", tcpp_ack, 0);
+    rb_define_method(cTCPPacket, "tcp_urg?", tcpp_urg, 0);
+    rb_define_method(cTCPPacket, "tcp_data", tcpp_data, 0);
+}

data/ext/udp_packet.c

@@ -0,0 +1,96 @@
+/*
+ *  udp_packet.c
+ *
+ *  $Id: udp_packet.c,v 1.1.1.1 1999/10/27 09:54:38 fukusima Exp $
+ *
+ *  Copyright (C) 1999  Masaki Fukushima
+ */
+
+#include "ruby_pcap.h"
+#include <limits.h>
+
+#define UDP_HDR(pkt)	((struct udphdr *)LAYER4_HDR(pkt))
+#define UDP_DATA(pkt)	((u_char *)LAYER5_HDR(pkt))
+#define UDP_LENGTH(pkt)	(ntohs(UDP_HDR(pkt)->uh_ulen))
+
+VALUE cUDPPacket;
+
+#define CheckTruncateUdp(pkt, need) \
+    CheckTruncate(pkt, pkt->hdr.layer4_off, need, "truncated UDP")
+
+VALUE
+setup_udp_packet(pkt, tl_len)
+     struct packet_object *pkt;
+     int tl_len;
+{
+    VALUE class;
+
+    DEBUG_PRINT("setup_udp_packet");
+
+    class = cUDPPacket;
+    if (tl_len > 8) {
+	int hl = 8;
+	int layer5_len;
+
+	tl_len = MIN(tl_len, UDP_LENGTH(pkt));
+	layer5_len = tl_len - hl;
+	if (layer5_len > 0) {
+	    pkt->hdr.layer5_off = pkt->hdr.layer4_off + hl;
+	    /* upper layer */
+	}
+    }
+    return class;
+}
+
+#define UDPP_METHOD(func, need, val) \
+static VALUE\
+(func)(self)\
+     VALUE self;\
+{\
+    struct packet_object *pkt;\
+    struct udphdr *udp;\
+    DEBUG_PRINT(#func);\
+    GetPacket(self, pkt);\
+    CheckTruncateUdp(pkt, (need));\
+    udp = UDP_HDR(pkt);\
+    return (val);\
+}
+
+UDPP_METHOD(udpp_sport,   2, INT2FIX(ntohs(udp->uh_sport)))
+UDPP_METHOD(udpp_dport,   4, INT2FIX(ntohs(udp->uh_dport)))
+UDPP_METHOD(udpp_len,     6, INT2FIX(ntohs(udp->uh_ulen)))
+UDPP_METHOD(udpp_sum,     8, INT2FIX(ntohs(udp->uh_sum)))
+
+static VALUE
+udpp_data(self)
+    VALUE self;
+{
+    struct packet_object *pkt;
+    int len;
+
+    DEBUG_PRINT("udpp_data");
+    GetPacket(self, pkt);
+    CheckTruncateUdp(pkt, 8);
+
+    if (pkt->hdr.layer5_off == OFF_NONEXIST) return Qnil;
+
+    len = MIN(Caplen(pkt, pkt->hdr.layer5_off), UDP_LENGTH(pkt)-8);
+    return rb_str_new(UDP_DATA(pkt), len);
+}
+
+void
+Init_udp_packet(void)
+{
+    DEBUG_PRINT("Init_udp_packet");
+
+    /* define class UdpPacket */
+    cUDPPacket = rb_define_class_under(mPcap, "UDPPacket", cIPPacket);
+
+    rb_define_method(cUDPPacket, "udp_sport", udpp_sport, 0);
+    rb_define_method(cUDPPacket, "sport", udpp_sport, 0);
+    rb_define_method(cUDPPacket, "udp_dport", udpp_dport, 0);
+    rb_define_method(cUDPPacket, "dport", udpp_dport, 0);
+    rb_define_method(cUDPPacket, "udp_len", udpp_len, 0);
+    rb_define_method(cUDPPacket, "udp_sum", udpp_sum, 0);
+    rb_define_method(cUDPPacket, "udp_data", udpp_data, 0);
+}

data/lib/pcap_misc.rb

@@ -0,0 +1,116 @@
+
+module Pcap
+  class Packet
+    def to_s
+      'Some packet'
+    end
+
+    def inspect
+      "#<#{self.class}: #{self}>"
+    end
+  end
+
+  class IPPacket
+    def to_s
+      "#{ip_src} > #{ip_dst}"
+    end
+  end
+
+  class TCPPacket
+    def tcp_data_len
+      ip_len - 4 * (ip_hlen + tcp_hlen)
+    end
+
+    def tcp_flags_s
+      return \
+	(tcp_urg? ? 'U' : '.') +
+	(tcp_ack? ? 'A' : '.') +
+	(tcp_psh? ? 'P' : '.') +
+	(tcp_rst? ? 'R' : '.') +
+	(tcp_syn? ? 'S' : '.') +
+        (tcp_fin? ? 'F' : '.')
+    end
+
+    def to_s
+      "#{src}:#{sport} > #{dst}:#{dport} #{tcp_flags_s}"
+    end
+  end
+
+  class UDPPacket
+    def to_s
+      "#{src}:#{sport} > #{dst}:#{dport} len #{udp_len} sum #{udp_sum}"
+    end
+  end
+
+  class ICMPPacket
+    def to_s
+      "#{src} > #{dst}: icmp: #{icmp_typestr}"
+    end
+  end
+
+  #
+  # Backword compatibility
+  #
+  IpPacket = IPPacket
+  IpAddress = IPAddress
+  TcpPacket = TCPPacket
+  UdpPacket = UDPPacket
+
+  # IpAddress is now obsolete.
+  # New class IPAddress is implemented in C.
+=begin
+  class IpAddress
+    def initialize(a)
+      raise AurgumentError unless a.is_a?(Integer)
+      @addr = a
+    end
+
+    def to_i
+      return @addr
+    end
+
+    def ==(other)
+      @addr == other.to_i
+    end
+
+    alias === ==
+    alias eql? ==
+
+    def to_num_s
+        return ((@addr >> 24) & 0xff).to_s + "." +
+          ((@addr >> 16) & 0xff).to_s + "." +
+          ((@addr >> 8) & 0xff).to_s + "." +
+          (@addr & 0xff).to_s;
+    end
+
+    def hostname
+      addr = self.to_num_s
+      # "require 'socket'" is here because of the order of
+      #   ext initialization in static linked binary
+      require 'socket'
+      begin
+	return Socket.gethostbyname(addr)[0]
+      rescue SocketError
+	return addr
+      end
+    end
+
+    def to_s
+      if Pcap.convert?
+        return hostname
+      else
+        return to_num_s
+      end
+    end
+  end
+=end
+end
+
+class Time
+  # tcpdump style format
+  def tcpdump
+    sprintf "%0.2d:%0.2d:%0.2d.%0.6d", hour, min, sec, tv_usec
+  end
+end
+
+autoload :Pcaplet, 'pcaplet'