caper 0.2.0

data/lib/caper/copy_handler.rb

@@ -0,0 +1,36 @@
+
+module Caper
+
+  # CopyHandler is a callback handler for use with CaptureWrapper.loop and 
+  # CaptureWrapper.dispatch. When used, it works exactly as normal, 
+  # passing a reference to a pcap wrapper and Packet except for one important
+  # difference. A copy of the Packet is yielded to the callback instead of
+  # the volatile one received in the pcap_loop() and pcap_dispatch() 
+  # callbacks.
+  #
+  # The CopyHandler implements receive_callback to return a _copy_
+  # of the Packet object. It is necessary to make a copy to keep allocated
+  # references to packets supplied by pcap_loop() and pcap_dispatch() 
+  # callbacks outside of the scope of a single callback firing on one
+  # packet.
+  #
+  # This handler interface is used by default by CaptureWrapper, so it is
+  # generally always safe to keep references to received packets after new
+  # packets have been received or even after a pcap interface has been 
+  # closed. See CaptureWrapper for more information.
+  class CopyHandler
+    def receive_pcap(pcap, pkt)
+      return [pcap, pkt.copy]
+    end
+  end
+
+
+  # This class only exists for backward compatibility. Setting
+  # pcap handler to nil has the same effect now.
+  class Handler
+    def receive_pcap(*args)
+      return args
+    end
+  end
+end
+

data/lib/caper/crt.rb

@@ -0,0 +1,13 @@
+
+module Caper
+  module CRT
+    extend FFI::Library
+
+    ffi_lib FFI::Library::LIBC
+
+    typedef :ulong, :size_t  # not all platforms have this set for FFI
+
+    attach_function :free, [:pointer], :void
+    attach_function :memcpy, [:pointer, :pointer, :size_t], :pointer
+  end
+end

data/lib/caper/data_link.rb

@@ -0,0 +1,171 @@
+module Caper
+
+  class DataLink
+
+    # Several DLT names harvested out of the pcap-bpf.h header file. These
+    # are in alphabetical order. Their Array index _does_ _not_ match their 
+    # pcap DLT value.
+    #
+    # Don't use this Array for anything except quick reference.  Use the 
+    # 'lookup' class methods for actually resolving name to value 
+    # mappings or such.
+    SOME_DLTS = %w[A429 A653_ICM AIRONET_HEADER APPLE_IP_OVER_IEEE1394 
+    ARCNET ARCNET_LINUX ATM_CLIP ATM_RFC1483 AURORA AX25 BACNET_MS_TP 
+    BLUETOOTH_HCI_H4 BLUETOOTH_HCI_H4_WITH_PHDR CAN20B CHAOS CHDLC CISCO_IOS 
+    C_HDLC DOCSIS ECONET EN10MB EN3MB ENC ERF ERF_ETH ERF_POS FDDI FRELAY 
+    GCOM_SERIAL GCOM_T1E1 GPF_F GPF_T GPRS_LLC HHDLC IBM_SN IBM_SP IEEE802 
+    IEEE802_11 IEEE802_11_RADIO IEEE802_11_RADIO_AVS IEEE802_15_4 
+    IEEE802_15_4_LINUX IEEE802_16_MAC_CPS IEEE802_16_MAC_CPS_RADIO IPFILTER 
+    IPMB IP_OVER_FC JUNIPER_ATM1 JUNIPER_ATM2 JUNIPER_CHDLC JUNIPER_ES 
+    JUNIPER_ETHER JUNIPER_FRELAY JUNIPER_GGSN JUNIPER_ISM JUNIPER_MFR 
+    JUNIPER_MLFR JUNIPER_MLPPP JUNIPER_MONITOR JUNIPER_PIC_PEER JUNIPER_PPP 
+    JUNIPER_PPPOE JUNIPER_PPPOE_ATM JUNIPER_SERVICES JUNIPER_ST JUNIPER_VP 
+    LINUX_IRDA LINUX_LAPD LINUX_PPP_WITHDIRECTION LINUX_SLL LOOP LTALK MFR 
+    MTP2 MTP2_WITH_PHDR MTP3 NULL OLD_PFLOG PCI_EXP PFLOG PFSYNC PPI PPP 
+    PPP_BSDOS PPP_ETHER PPP_PPPD PPP_SERIAL PPP_WITH_DIRECTION PRISM_HEADER 
+    PRONET RAIF1 RAW REDBACK_SMARTEDGE RIO SCCP SITA SLIP SLIP_BSDOS SUNATM 
+    SYMANTEC_FIREWALL TZSP USB USB_LINUX USER0 USER1 USER10 USER11 USER12 
+    USER13 USER14 USER15 USER2 USER3 USER4 USER5 USER6 USER7 USER8 USER9]
+
+    # Uses the pcap_datalnk_* functions to lookup a datalink name and value 
+    # pair.
+    # 
+    # @param [String, Symbol or Integer] l
+    #   The name or value to lookup. A Symbol is converted to String. Names 
+    #   are case-insensitive.
+    #
+    # @return [Array]
+    #   A 2-element array containing [value, name]. Both elements are nil
+    #   if the lookup failed.
+    #
+    def self.lookup(l)
+      val, name = nil
+      l = l.to_s if l.kind_of? Symbol
+
+      case l
+      when String
+        if v=name_to_val(l)
+          name = val_to_name(v)  # get the canonical name
+          val = v
+        end
+      when Integer
+        name = val_to_name(l)
+        val = l
+      else
+        raise(ArgumentError, "lookup takes either a String or Integer")
+      end
+      return [val, name]
+    end
+
+    # Translates a data link type name, which is a DLT_ name with the DLT_ 
+    # removed, to the corresponding data link type numeric value.
+    #
+    # @param [String or Symbol] n
+    #   The name to lookup. Names are case-insensitive.
+    #
+    # @return [Integer or nil] 
+    #   The numeric value for the datalink name or nil on failure.
+    def self.name_to_val(n)
+      n = n.to_s if n.kind_of?(Symbol)
+      if (v=Caper.pcap_datalink_name_to_val(n)) >= 0
+        return v
+      end
+    end
+
+    # Translates a data link type  value  to  the corresponding data link 
+    # type name.
+    #
+    # @return [String or nil]
+    #   The string name of the data-link or nil on failure.
+    # 
+    def self.val_to_name(v)
+      Caper.pcap_datalink_val_to_name(v)
+    end
+
+    # @param [String, Symbol or Integer] l
+    #   The name or value to lookup. A Symbol is converted to String. Names 
+    #   are case-insensitive.
+    def self.describe(l)
+      l = l.to_s if l.kind_of?(Symbol)
+      l = Caper.pcap_datalink_name_to_val(l) if l.kind_of?(String) 
+      Caper.pcap_datalink_val_to_description(l)
+    end
+    
+    # Caper datalink numeric value
+    attr_reader :value
+
+    # Creates a new DataLink object with the specified value or name.
+    # The canonical name, value, and description are can be looked up on 
+    # demand. 
+    #
+    # @param [String or Integer] arg
+    #   Arg can be a string or number which will be used to look up the
+    #   datalink.
+    #
+    # @raise [UnsupportedDataLinkError]
+    #   An exception is raised if a name is supplied and a lookup for its
+    #   value fails or if the arg parameter is an invalid type.
+    #
+    def initialize(arg)
+      if arg.kind_of? String or arg.kind_of? Symbol
+        unless @value = self.class.name_to_val(arg.to_s)
+          raise(UnsupportedDataLinkError, "Invalid DataLink: #{arg.to_s}")
+        end
+      elsif arg.kind_of? Numeric
+        @value = arg
+      else
+        raise(UnsupportedDataLinkError, "Invalid DataLink: #{arg.inspect}")
+      end
+      @name = self.class.val_to_name(@value)
+    end
+
+    # Overrides the equality operator so that quick comparisons can be
+    # made against other DataLinks, name by String, or value by Integer.
+    def ==(other)
+      case other
+      when DataLink
+        return (self.value == other.value)
+      when Numeric
+        return (self.value == other)
+      when Symbol
+        return (@value == self.class.name_to_val(other.to_s))
+      when String
+        return (@value == self.class.name_to_val(other))
+      else
+        return false
+      end
+    end
+
+    # Overrides the sort comparison operator to sort by DLT value.
+    def <=>(other)
+      self.value <=> other.value
+    end
+
+    # Returns the description of the datalink.
+    def description
+      @desc ||= self.class.describe(@value)
+    end
+
+    alias desc description
+    alias describe description
+
+    # Returns the canonical String name of the DataLink object
+    def name
+      @name
+    end
+
+    # Override 'inspect' we'll to always provide the name for irb, 
+    # pretty_print, etc.
+    def inspect
+      "<#{self.class}:#{"0x%0.8x" % self.object_id} @value=#{@value}, @name=#{name().inspect}>"
+    end
+
+    alias to_s name
+    alias to_i value
+  end
+
+  attach_function :pcap_datalink_name_to_val, [:string], :int
+  attach_function :pcap_datalink_val_to_name, [:int], :string
+  attach_function :pcap_datalink_val_to_description, [:int], :string
+
+end

data/lib/caper/dead.rb

@@ -0,0 +1,35 @@
+require 'caper/common_wrapper'
+
+module Caper
+  # A wrapper class for pcap devices opened with open_dead()
+  class Dead < CommonWrapper
+    attr_reader :datalink
+
+    # Creates a fake pcap interface for compiling filters or opening a
+    # capture for output.
+    #
+    # @param [Hash] opts
+    #   Options are ignored and passed to the super-class except those below.
+    #
+    # @option opts [optional, String, Symbol, Integer] :datalink
+    #   The link-layer type for pcap. nil is equivalent to 0 (aka DLT_NULL).
+    #
+    # @option opts [optional, Integer] :snaplen
+    #   The snapshot length for the pcap object. Defaults to Caper::DEFAULT_SNAPLEN
+    #
+    # @return [Dead]
+    #   A Caper::Dead wrapper.
+    #
+    def initialize(opts={}, &block)
+      dl = opts[:datalink] || DataLink.new(0)
+      @datalink = dl.kind_of?(DataLink) ? dl : DataLink.new(dl)
+      @snaplen  = opts[:snaplen] || DEFAULT_SNAPLEN
+      @pcap = Caper.pcap_open_dead(@datalink.value, @snaplen)
+      raise(LibError, "pcap_open_dead(): returned a null pointer") if @pcap.null?
+      super(@pcap, opts, &block)
+    end
+  end
+
+  attach_function :pcap_open_dead, [:int, :int], :pcap_t
+
+end

data/lib/caper/dumper.rb

@@ -0,0 +1,53 @@
+
+module Caper
+
+  # See pcap_dumper_t in pcap.h
+  #
+  # A pcap_dumper, or Caper::Dumper is handled opaquely so that it can
+  # be implemented differently on different platforms. In Caper, we
+  # simply wrap the pcap_dumper_t pointer with a ruby interface.
+  class Dumper
+
+    def initialize(dumper)
+      @dumper = dumper
+    end
+
+    def _write(header, bytes)
+      Caper.pcap_dump(@dumper, header, bytes)
+    end
+
+    def write(*args)
+      if args.first.is_a? Packet
+        write_pkt(*args)
+      else
+        _write(*args)
+      end
+    end
+
+    def write_pkt(pkt)
+      _write(pkt.header, pkt.body_ptr)
+    end
+
+    def tell
+      Caper.pcap_dump_ftell(@dumper)
+    end
+
+    def flush
+      Caper.pcap_dump_flush(@dumper)
+    end
+
+    def close
+      Caper.pcap_dump_close(@dumper)
+    end
+
+  end
+
+  # XXX not sure if we even want file FILE IO stuff yet
+  #attach_function :pcap_dump_file, [:pcap_dumper_t], :FILE
+
+  attach_function :pcap_dump_ftell, [:pcap_dumper_t], :long
+  attach_function :pcap_dump_flush, [:pcap_dumper_t], :int
+  attach_function :pcap_dump_close, [:pcap_dumper_t], :void
+  attach_function :pcap_dump, [:pointer, PacketHeader, :pointer], :void
+
+end

data/lib/caper/error_buffer.rb

@@ -0,0 +1,42 @@
+module Caper
+  class ErrorBuffer < FFI::MemoryPointer
+
+    # Size of the error buffers
+    SIZE = 256
+
+    #  Creates a new ErrorBuffer object. Because of wierdness in JRuby
+    #  when trying to subclass FFI::Buffer, always use this instead of 
+    #  'new()'
+    #
+    #  See http://github.com/ffi/ffi/issues#issue/27
+    def self.create()
+      new(SIZE)
+    end
+
+    #
+    # Creates a new ErrorBuffer object.
+    # The argument is nil and is only present for compatability with JRuby.
+    #
+    # See http://github.com/ffi/ffi/issues#issue/27
+    def initialize(arg=nil)
+      super(SIZE)
+    end
+
+    #
+    # Returns the error message within the error buffer.
+    #
+    def to_s
+      get_string(0)
+    end
+
+    # Older JRuby/ffi versions of MemoryPointer and Buffer don't have a size 
+    # method. We override it here to ensure we can use it.
+    def size
+      begin
+        super()
+      rescue NoMethodError
+        SIZE
+      end
+    end
+  end
+end

data/lib/caper/exceptions.rb

@@ -0,0 +1,19 @@
+module Caper
+  # A Caper::UnsupportedDataLinkError indicates an invalid or unsupported
+  # DataLink Layer Type (DLT) value or name.
+  class UnsupportedDataLinkError < StandardError
+  end
+
+  # A Caper::LibError is used to convey errors detected by the libpcap
+  # native library.
+  class LibError < StandardError
+  end
+
+  # A Caper::ReadError is a sub-class of Caper::LibError that indicates a 
+  # problem reading from a pcap device.
+  class ReadError < LibError
+  end
+
+  class TimeoutError < LibError
+  end
+end

data/lib/caper/file_header.rb

@@ -0,0 +1,24 @@
+
+module Caper
+  class FileHeader < FFI::Struct
+    include FFI::DRY::StructHelper
+
+    dsl_layout do
+      field :magic,         :bpf_uint32
+      field :version_major, :ushort
+      field :version_minor, :ushort
+      field :thiszone,      :bpf_int32
+      field :sigfigs,       :bpf_uint32
+      field :snaplen,       :bpf_uint32
+      field :linktype,      :bpf_uint32
+    end
+
+    def datalink
+      DataLink.new(self.linktype)
+    end
+
+    def version
+      "#{self.version_major}.#{self.version_minor}"
+    end
+  end
+end

data/lib/caper/in_addr.rb

@@ -0,0 +1,7 @@
+module Caper
+  class InAddr < FFI::Struct
+
+    layout :s_addr, [NativeType::UINT8, 4]
+
+  end
+end

data/lib/caper/interface.rb

@@ -0,0 +1,27 @@
+
+module Caper
+
+  # Item in a list of interfaces.
+  #
+  # See pcap_if struct in pcap.h
+  class Interface < FFI::Struct
+    include FFI::DRY::StructHelper
+
+    # interface is loopback
+    LOOPBACK = 0x00000001
+
+    dsl_layout do
+      p_struct  :next, ::Caper::Interface
+      field     :name,        :string, :desc => 'name used by pcap_open_live()'
+      field     :description, :string, :desc => 'text description, or NULL'
+      p_struct  :addresses, ::Caper::Addr,    :desc => 'address linked list'
+      field     :flags,   :bpf_uint32, :desc => 'PCAP_IF_ interface flags'
+    end
+
+    def loopback?
+      self.flags & LOOPBACK == LOOPBACK
+    end
+
+  end
+
+end

data/lib/caper/live.rb

@@ -0,0 +1,301 @@
+require 'caper/capture_wrapper'
+
+module Caper
+  begin
+    attach_function :pcap_setdirection, [:pcap_t, :pcap_direction_t], :int
+  rescue FFI::NotFoundError
+  end
+
+  begin
+    attach_function :pcap_sendpacket, [:pcap_t, :pointer, :int], :int
+  rescue FFI::NotFoundError
+  end
+
+  begin
+    attach_function :pcap_inject, [:pcap_t, :pointer, :int], :int
+  rescue FFI::NotFoundError
+  end
+
+
+  # Creates a pcap interface for capturing from the network.
+  #
+  # @param [Hash] opts
+  #   Options are ignored and passed to the super-class except those below.
+  #
+  # @option opts [optional, String, nil] :device, :dev
+  #   The device to open. On some platforms, this can be "any". If nil or 
+  #   unspecified Caper.lookupdev() is called to obtain a default device. 
+  #
+  # @option opts [optional, Integer] :snaplen
+  #   The snapshot length for the pcap object. Defaults to DEFAULT_SNAPLEN
+  #
+  # @option opts [optional, Boolean] :promisc
+  #   Specifies if the interface is to be put into promiscuous mode. Defaults
+  #   to false.
+  #
+  # @option opts [optional, Integer] :timeout
+  #   Specifies the read timeout in milliseconds. Defaults to DEFAULT_TO_MS
+  #
+  # @return [Live]
+  #   A Caper::Live wrapper.
+  #
+  # @raise [LibError]
+  #   On failure, an exception is raised with the relevant error 
+  #   message from libpcap.
+  #
+  # @raise [ArgumentError]
+  #   May raise an exception if a :device cannot be autodetected using 
+  #   Caper.lookupdev() for any reason. This should never happen on most platforms.
+  #
+  class Live < CaptureWrapper
+    DEFAULT_TO_MS = 1000     # Default timeout for pcap_open_live()
+
+    attr_reader :device, :promisc, :timeout, :direction
+
+    def initialize(opts=nil)
+      opts ||= {}
+      @device = opts[:device] || opts[:dev] || Caper.lookupdev()
+      unless @device
+        raise(ArgumentError, "Couldn't detect a device. One must be specified.")
+      end
+
+      @snaplen   = opts[:snaplen] || DEFAULT_SNAPLEN
+      @promisc   = opts[:promisc] ? 1 : 0
+      @timeout   = opts[:timeout] || DEFAULT_TO_MS
+      @direction = (opts[:direction] || opts[:dir])
+
+      @errbuf = ErrorBuffer.create()
+      @pcap = Caper.pcap_open_live(@device, @snaplen, @promisc, @timeout, @errbuf)
+      raise(LibError, "pcap_open_live(): #{@errbuf.to_s}") if @pcap.null?
+
+      # call super to get all our ducks in a row
+      super(@pcap, opts)
+
+      set_direction(@direction) if @direction
+
+      # Cache network and netmask from pcap_lookupdev.
+      # These pointers may be used internally (and should get autoreleased)
+      @netp, @maskp = nil
+      begin
+        Caper.lookupnet(@device) do |netp, maskp|
+          @netp = netp
+          @maskp = maskp
+        end
+      rescue LibError
+        warn "Warning: #{$!}"
+      end
+
+      yield self if block_given?
+    end
+
+    # Returns the dotted notation string for the IPv4 network address for 
+    # the device used by this pcap interface.
+    def network
+      return nil unless @netp
+      @network ||= @netp.get_array_of_uchar(0,4).join('.')
+    end
+
+    # Returns the dotted notation string for the IPv4 netmask for the device
+    # used by this pcap interface.
+    def netmask
+      return nil unless @maskp
+      @netmask ||= @maskp.get_array_of_uchar(0,4).join('.')
+    end
+
+    # Returns the 32-bit numeric representation of the IPv4 network address
+    # for this device.
+    def network_n32
+      return nil unless @netp
+      ::FFI::DRY::NetEndian.ntohl(@netp.get_uint32(0))
+    end
+
+    # Returns the 32-bit numeric representation of the IPv4 network address
+    # for this device.
+    def netmask_n32
+      return nil unless @maskp
+      ::FFI::DRY::NetEndian.ntohl(@maskp.get_uint32(0))
+    end
+
+    @@have_setdirection = Caper.respond_to?(:pcap_setdirection)
+
+    # Sets the direction for which packets will be captured.
+    # 
+    # (Not supported on all platforms)
+    def set_direction(dir)
+      unless @@have_setdirection
+        raise(NotImplementedError, 
+              "pcap_setdirection() is not avaiable from your pcap library") 
+      end
+
+      dirs = Caper.enum_type(:pcap_direction_t)
+      if Caper.pcap_setdirection(_pcap, dirs[:"pcap_d_#{dir}"]) == 0
+        return true
+      else
+        raise(LibError, "pcap_setdirection(): #{geterr()}", caller)
+      end
+    end
+
+    alias direction= set_direction
+
+    # set the state of non-blocking mode on a capture device
+    #
+    # @param [Boolean] mode
+    #
+    # @raise [LibError]
+    #   On failure, an exception is raised with the relevant error message 
+    #   from libpcap.
+    #
+    def set_non_blocking(mode)
+      mode =  mode ? 1 : 0
+      if Caper.pcap_setnonblock(_pcap, mode, @errbuf) == 0
+        return mode == 1
+      else
+        raise(LibError, "pcap_setnonblock(): #{@errbuf.to_s}", caller)
+      end
+    end
+
+    alias non_blocking= set_non_blocking
+
+    # get the state of non-blocking mode on a capture device
+    #
+    # @return [Boolean]
+    #   non-blocking mode
+    #
+    # @raise [LibError]
+    #   On failure, an exception is raised with the relevant error message 
+    #   from libpcap.
+    #
+    def non_blocking
+      if (mode=Caper.pcap_getnonblock(_pcap, @errbuf)) == -1
+        raise(LibError, "pcap_getnonblock(): #{@errbuf.to_s}", caller)
+      else
+        return mode == 1
+      end
+    end
+
+    alias non_blocking? non_blocking
+
+    # Get capture statistics
+    #
+    # @return [Stats]
+    #
+    # @raise [LibError]
+    #   On failure, an exception is raised with the relevant error message 
+    #   from libpcap.
+    #
+    def stats
+      stats = Stat.new
+      unless Caper.pcap_stats(_pcap, stats) == 0
+        raise(LibError, "pcap_stats(): #{geterr()}")
+      end
+      return stats
+    end
+
+
+    @@have_inject = Caper.respond_to?(:pcap_inject)
+
+    # Transmit a packet using pcap_inject()
+    #
+    # (not available on all platforms)
+    #
+    # @param [Packet, String] obj
+    #   The packet to send. This can be a Packet or String object.
+    #
+    # @return [Integer]
+    #   The number of bytes sent.
+    #
+    # @raise [ArgumentError]
+    #   An exception is raised if the pkt object type is incorrect or
+    #   if it is a Packet and the body pointer is null. 
+    #
+    # @raise [LibError]
+    #   On failure, an exception is raised with the relevant libpcap
+    #   error message.
+    #
+    # @raise [NotImplementedError]
+    #   If the pcap_inject() function is not available from your libpcap
+    #   library pcap_sendpacket will be tried, if both are missing, this 
+    #   exception will be raised.
+    #
+    def inject(pkt)
+      if @@have_inject
+        if pkt.kind_of? Packet
+          len = pkt.caplen
+          bufp = pkt.body_ptr
+          raise(ArgumentError, "packet data null pointer") if bufp.null?
+        elsif pkt.kind_of? String
+          len = pkt.size
+          bufp = FFI::MemoryPointer.from_string(pkt)
+        else
+          raise(ArgumentError, "Don't know how to inject #{pkt.class}")
+        end
+
+        if (sent=Caper.pcap_inject(_pcap, bufp, len)) < 0
+          raise(LibError, "pcap_inject(): #{geterr()}")
+        end
+        return sent
+      else 
+        # fake it with sendpacket on windows
+        if sendpacket(pkt)
+          return (Packet === pkt)? pkt.caplen : pkt.size
+        end
+      end
+    end
+
+    @@have_sendpacket = Caper.respond_to?(:pcap_sendpacket)
+
+    # Transmit a packet using pcap_sendpacket()
+    #
+    # (not available on all platforms)
+    #
+    # @param [Packet, String] obj
+    #   The packet to send. This can be a Packet or String object.
+    #
+    # @return [True]
+    #   True is returned on success. Otherwise an exception is raised.
+    #
+    # @raise [ArgumentError]
+    #   An exception is raised if the pkt object type is incorrect or
+    #   if it is a Packet and the body pointer is null. 
+    #
+    # @raise [LibError]
+    #   On failure, an exception is raised with the relevant libpcap
+    #   error message.
+    #
+    # @raise [NotImplementedError]
+    #   If the pcap_sendpacket() function is not available from your libpcap
+    #   library this exception will be raised.
+    #
+    def sendpacket(pkt)
+      unless @@have_sendpacket
+        raise(NotImplementedError, 
+              "packet injectors are not avaiable from your pcap library") 
+      end
+
+      if pkt.kind_of? Packet
+        len = pkt.caplen
+        bufp = pkt.body_ptr
+        raise(ArgumentError, "packet data null pointer") if bufp.null?
+      elsif pkt.kind_of? String
+        len = pkt.size
+        bufp = FFI::MemoryPointer.from_string(pkt)
+      else
+        raise(ArgumentError, "Don't know how to send #{pkt.class}")
+      end
+
+      if Caper.pcap_sendpacket(_pcap, bufp, len) != 0
+        raise(LibError, "pcap_sendpacket(): #{geterr()}")
+      end
+      return true
+    end
+
+    alias send_packet sendpacket
+
+  end
+
+  attach_function :pcap_open_live, [:string, :int, :int, :int, :pointer], :pcap_t
+  attach_function :pcap_getnonblock, [:pcap_t, :pointer], :int
+  attach_function :pcap_setnonblock, [:pcap_t, :int, :pointer], :int
+  attach_function :pcap_stats, [:pcap_t, Stat], :int
+
+end