dakrone-pcap-ffi 0.0.0

data/lib/pcap/packets/ip.rb

@@ -0,0 +1,119 @@
+require 'pcap/packet'
+require 'pcap/in_addr'
+
+require 'ffi'
+
+module FFI
+  module PCap
+    module Packets
+      class IPv4 < FFI::Struct
+
+        include Packet
+
+        # IPv4 flags
+        FLAGS = [
+          # Reserved fragment flag
+          RESERVED_FRAGMENT = 0x8000,
+
+          # Dont fragment flag
+          DONT_FRAGMENT = 0x4000,
+
+          # More fragments flag
+          MORE_FRAGMENTS = 0x2000
+        ]
+
+        # Mask for fragment flags
+        FRAGMENT_MASK = 0x1fff
+        
+        layout :ip_vhl, :uchar,
+               :ip_tos, :uchar,
+               :ip_len, :ushort,
+               :ip_id, :ushort,
+               :ip_off, :ushort,
+               :ip_ttl, :uchar,
+               :ip_p, :uchar,
+               :ip_sum, :ushort,
+               :ip_src, InAddr,
+               :ip_dst, InAddr
+
+        #
+        # Returns the version of the IP packet.
+        #
+        def version
+          self[:ip_vhl] >> 4
+        end
+
+        #
+        # Returns the header length of the packet.
+        #
+        def header_length
+          self[:ip_vhl] & 0x0f
+        end
+
+        #
+        # Returns the Type of Service (TOS).
+        #
+        def tos
+          self[:ip_tos]
+        end
+
+        #
+        # Returns the total packet length.
+        #
+        def packet_length
+          self[:ip_len]
+        end
+
+        #
+        # Returns the packet id.
+        #
+        def id
+          self[:ip_id]
+        end
+
+        #
+        # Returns the fragment offset.
+        #
+        def offset
+          self[:ip_off]
+        end
+
+        #
+        # Returns the Time to Live (TTL).
+        #
+        def ttl
+          self[:ip_ttl]
+        end
+
+        #
+        # Returns the protocol number.
+        #
+        def protocol
+          self[:ip_p]
+        end
+
+        #
+        # Returns the packet checksum.
+        #
+        def checksum
+          self[:ip_sum]
+        end
+
+        #
+        # Returns the source IP address.
+        #
+        def src
+          self[:ip_src]
+        end
+
+        #
+        # Returns the destination IP address.
+        #
+        def dest
+          self[:ip_dest]
+        end
+
+      end
+    end
+  end
+end

data/lib/pcap/packets/tcp.rb

@@ -0,0 +1,172 @@
+require 'pcap/packets/typedefs'
+require 'pcap/packet'
+
+require 'ffi'
+
+module FFI
+  module PCap
+    module Packets
+      class TCP < FFI::Struct
+
+        include Packet
+
+        # TCP flags
+        FLAGS = [
+          # Null flags
+          NULL = 0x00,
+
+          # Final packet flag
+          FIN = 0x01,
+
+          # Synchronization packet flag
+          SYN = 0x02,
+
+          # Reset packet flag
+          RST = 0x04,
+
+          # Push packet flag
+          PUSH = 0x08,
+
+          # Acknowledgement packet flag
+          ACK = 0x10,
+
+          # Urgent data packet flag
+          URG = 0x20,
+
+          # ECE packet flag
+          ECE = 0x40,
+
+          # CWR packet flag
+          CWR = 0x80,
+
+          # All combined flags
+          XMAS = (FIN | SYN | RST | PUSH | ACK | URG | ECE | CWR)
+        ]
+
+        layout :th_sport, :ushort,
+               :th_dport, :ushort,
+               :th_seq, :tcp_seq,
+               :th_ack, :tcp_seq,
+               :th_offx2, :uchar,
+               :th_flags, :uchar,
+               :th_win, :ushort,
+               :th_sum, :ushort,
+               :th_urp, :ushort
+
+        #
+        # Returns the source port.
+        #
+        def src_port
+          self[:th_sport]
+        end
+
+        #
+        # Returns the destination port.
+        #
+        def dest_port
+          self[:th_dport]
+        end
+
+        #
+        # Returns the sequence number of the packet.
+        #
+        def seq
+          self[:th_seq]
+        end
+
+        #
+        # Returns the acknowledgement number of the packet.
+        #
+        def ack
+          self[:th_ack]
+        end
+
+        #
+        # Returns the data offset for the packet.
+        #
+        def offset
+          (self[:th_offx2] & 0xf0) >> 4
+        end
+
+        #
+        # Returns +true+ if the packet has no flags set, +false+ otherwise.
+        #
+        def null?
+          self[:th_flags] == NULL
+        end
+
+        #
+        # Returns +true+ if the packet has the FIN flag set, returns
+        # +false+ otherwise.
+        #
+        def fin?
+          (self[:th_flags] & FIN) != 0
+        end
+
+        #
+        # Returns +true+ if the packet has the SYN flag set, returns
+        # +false+ otherwise.
+        #
+        def syn?
+          (self[:th_flags] & SYN) != 0
+        end
+
+        #
+        # Returns +true+ if the packet has the RST flag set, returns
+        # +false+ otherwise.
+        #
+        def rst?
+          (self[:th_flags] & RST) != 0
+        end
+
+        #
+        # Returns +true+ if the packet has the PUSH flag set, returns
+        # +false+ otherwise.
+        #
+        def push?
+          (self[:th_flags] & PUSH) != 0
+        end
+
+        #
+        # Returns +true+ if the packet has the ACK flag set, returns
+        # +false+ otherwise.
+        #
+        def ack?
+          (self[:th_flags] & ACK) != 0
+        end
+
+        #
+        # Returns +true+ if the packet has the URG flag set, returns
+        # +false+ otherwise.
+        #
+        def urg?
+          (self[:th_flags] & URG) != 0
+        end
+
+        #
+        # Returns +true+ if the packet has the ECE flag set, returns
+        # +false+ otherwise.
+        #
+        def ece?
+          (self[:th_flags] & ECE) != 0
+        end
+
+        #
+        # Returns +true+ if the packet has the CWR flag set, returns
+        # +false+ otherwise.
+        #
+        def cwr?
+          (self[:th_flags] & CWR) != 0
+        end
+
+        #
+        # Returns +true+ if the packet has all flags set, +false+ otherwise.
+        #
+        def xmas?
+          (self[:th_flags] & XMAS) == XMAS
+        end
+
+      end
+    end
+  end
+end

data/lib/pcap/packets/typedefs.rb

@@ -0,0 +1,7 @@
+require 'pcap/typedefs'
+
+module FFI
+
+  alias_type :uint32, :tcp_seq
+
+end

data/lib/pcap/packets.rb

@@ -0,0 +1,3 @@
+require 'pcap/packets/typedefs'
+require 'pcap/packets/ip'
+require 'pcap/packets/tcp'

data/lib/pcap/pcap.rb

@@ -0,0 +1,85 @@
+require 'pcap/ffi'
+require 'pcap/data_link'
+require 'pcap/if'
+require 'pcap/handler'
+require 'pcap/error_buffer'
+
+module FFI
+  module PCap
+    def PCap.lib_version
+      PCap.pcap_lib_version
+    end
+
+    def PCap.device
+      errbuf = ErrorBuffer.new
+
+      unless (name = PCap.pcap_lookupdev(errbuf))
+        raise(StandardError,errbuf.to_s,caller)
+      end
+
+      return name
+    end
+
+    def PCap.each_device(&block)
+      devices = MemoryPointer.new(:pointer)
+      errbuf = ErrorBuffer.new
+
+      PCap.pcap_findalldevs(devices,errbuf)
+      node = devices.get_pointer(0)
+
+      if node.null?
+        raise(StandardError,errbuf.to_s,caller)
+      end
+
+      device = IF.new(node)
+
+      until device
+        block.call(device) if block
+        device = device.next
+      end
+
+      PCap.pcap_freealldevs(node)
+      return nil
+    end
+
+    def PCap.open_live(options={},&block)
+      device = options[:device]
+      promisc = if options[:promisc]
+                  1
+                else
+                  0
+                end
+      snaplen = (options[:snaplen] || Handler::SNAPLEN)
+      to_ms = (options[:timeout] || 0)
+      errbuf = ErrorBuffer.new
+
+      ptr = PCap.pcap_open_live(device,snaplen,promisc,to_ms,nil)
+
+      if ptr.null?
+        raise(StandardError,errbuf.to_s,caller)
+      end
+
+      return Handler.new(ptr,options,&block)
+    end
+
+    def PCap.open_dead(datalink,options={})
+      datalink = DataLink[datalink]
+      snaplen = (options[:snaplen] || Handler::SNAPLEN)
+
+      return Handler.new(PCap.pcap_open_dead(datalink,snaplen),options)
+    end
+
+    def PCap.open_offline(path,options={})
+      path = File.expand_path(path)
+      errbuf = ErrorBuffer.new
+
+      ptr = PCap.pcap_open_offline(path,errbuf)
+
+      if ptr.null?
+        raise(StandardError,errbuf.to_s,caller)
+      end
+
+      return Handler.new(ptr,options)
+    end
+  end
+end

data/lib/pcap/sock_addr.rb

@@ -0,0 +1,17 @@
+require 'pcap/typedefs'
+
+require 'ffi'
+
+module FFI
+  module PCap
+    class SockAddr < FFI::Struct
+      layout :sa_family, :sa_family_t,
+             :sa_data, [:char, 14]
+
+      def family
+        self[:sa_family]
+      end
+
+    end
+  end
+end

data/lib/pcap/sock_addr_in.rb

@@ -0,0 +1,25 @@
+require 'pcap/typedefs'
+require 'pcap/in_addr'
+
+require 'ffi'
+
+module FFI
+  module PCap
+    class SockAddrIn < FFI::Struct
+
+      layout :sin_family, :sa_family_t,
+             :sin_port, :in_port_t,
+             :sin_addr, InAddr,
+             :sin_zero, [:char, ]
+
+      def family
+        self[:sin_family]
+      end
+
+      def addr
+        InAddr.new(self[:sin_addr])
+      end
+
+    end
+  end
+end

data/lib/pcap/stat.rb

@@ -0,0 +1,23 @@
+require 'ffi/struct'
+
+module FFI
+  module PCap
+    class Stat < FFI::Struct
+      layout :ps_recv, :uint,
+             :ps_drop, :uint,
+             :ps_ifdrop, :uint
+
+      def received
+        self[:ps_recv]
+      end
+
+      def dropped
+        self[:ps_drop]
+      end
+
+      def interface_dropped
+        self[:ps_ifdrop]
+      end
+    end
+  end
+end

data/lib/pcap/time_val.rb

@@ -0,0 +1,29 @@
+require 'pcap/typedefs'
+
+require 'ffi/struct'
+
+module FFI
+  module PCap
+    class TimeVal < FFI::Struct
+      layout :tv_sec, :time_t,
+             :tv_usec, :suseconds_t
+
+      def sec
+        self[:tv_sec]
+      end
+
+      def usec
+        self[:tv_usec]
+      end
+
+      def to_time
+        Time.at(self[:tv_sec],self[:tv_usec])
+      end
+
+      def to_s
+        to_time.to_s
+      end
+
+    end
+  end
+end

data/lib/pcap/typedefs.rb

@@ -0,0 +1,16 @@
+require 'rubygems'
+require 'ffi'
+
+module FFI
+  def self.alias_type(type,aliased)
+    add_typedef(find_type(type),aliased.to_sym)
+  end
+
+  alias_type :long, :time_t
+  alias_type :long, :suseconds_t
+  alias_type :ushort, :sa_family_t
+  alias_type :uint16, :in_port_t
+  alias_type :uint32, :in_addr_t
+  alias_type :int, :bpf_int32
+  alias_type :uint, :bpf_uint32
+end

data/lib/pcap/version.rb

@@ -0,0 +1,6 @@
+module FFI
+  module PCap
+    # pcap-ffi version
+    VERSION = '0.1.0'
+  end
+end

data/lib/pcap.rb

@@ -0,0 +1,10 @@
+require 'pcap/if'
+require 'pcap/addr'
+require 'pcap/file_header'
+require 'pcap/packet_header'
+require 'pcap/stat'
+require 'pcap/data_link'
+require 'pcap/handler'
+require 'pcap/version'
+require 'pcap/ffi'
+require 'pcap/pcap'

data/pcap-ffi.gemspec

@@ -0,0 +1,86 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{pcap-ffi}
+  s.version = "0.0.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Postmodern, Dakrone"]
+  s.date = %q{2009-05-27}
+  s.description = %q{Bindings to sniff packets using the FFI interface in Ruby.}
+  s.email = %q{postmodern.mod3@gmail.com}
+  s.extra_rdoc_files = [
+    "README.txt"
+  ]
+  s.files = [
+    ".gitignore",
+     "History.txt",
+     "Manifest.txt",
+     "README.txt",
+     "Rakefile",
+     "VERSION",
+     "examples/print_bytes.rb",
+     "lib/pcap.rb",
+     "lib/pcap/addr.rb",
+     "lib/pcap/data_link.rb",
+     "lib/pcap/dumper.rb",
+     "lib/pcap/error_buffer.rb",
+     "lib/pcap/exceptions.rb",
+     "lib/pcap/exceptions/read_error.rb",
+     "lib/pcap/ffi.rb",
+     "lib/pcap/file_header.rb",
+     "lib/pcap/handler.rb",
+     "lib/pcap/if.rb",
+     "lib/pcap/in_addr.rb",
+     "lib/pcap/packet_header.rb",
+     "lib/pcap/packets.rb",
+     "lib/pcap/packets/ethernet.rb",
+     "lib/pcap/packets/ip.rb",
+     "lib/pcap/packets/tcp.rb",
+     "lib/pcap/packets/typedefs.rb",
+     "lib/pcap/pcap.rb",
+     "lib/pcap/sock_addr.rb",
+     "lib/pcap/sock_addr_in.rb",
+     "lib/pcap/stat.rb",
+     "lib/pcap/time_val.rb",
+     "lib/pcap/typedefs.rb",
+     "lib/pcap/version.rb",
+     "pcap-ffi.gemspec",
+     "spec/data_link_spec.rb",
+     "spec/dumps/simple_tcp.pcap",
+     "spec/error_buffer.rb",
+     "spec/handler_examples.rb",
+     "spec/handler_spec.rb",
+     "spec/helpers/dumps.rb",
+     "spec/pcap_spec.rb",
+     "spec/spec_helper.rb",
+     "tasks/spec.rb"
+  ]
+  s.has_rdoc = true
+  s.homepage = %q{http://github.com/postmodern/pcap-ffi}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{pcap-ffi}
+  s.rubygems_version = %q{1.3.1}
+  s.summary = %q{FFI bindings for libpcap}
+  s.test_files = [
+    "spec/pcap_spec.rb",
+     "spec/data_link_spec.rb",
+     "spec/error_buffer.rb",
+     "spec/spec_helper.rb",
+     "spec/handler_spec.rb",
+     "spec/handler_examples.rb",
+     "spec/helpers/dumps.rb",
+     "examples/print_bytes.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 2
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end

data/spec/data_link_spec.rb

@@ -0,0 +1,29 @@
+require 'pcap/data_link'
+
+require 'spec_helper'
+
+describe DataLink do
+  before(:all) do
+    @datalink = DataLink.new(0)
+  end
+
+  it "should be initialized from a pcap datalink value" do
+    @datalink.name.should == 'NULL'
+  end
+
+  it "should map datalink names to pcap datalink values" do
+    DataLink[:en10mb].should == 1
+  end
+
+  it "should have a description" do
+    @datalink.description.should_not be_empty
+  end
+
+  it "should be able to convert to an Integer" do
+    @datalink.to_i.should == 0
+  end
+
+  it "should be able to convert to a String" do
+    @datalink.to_s.should == 'NULL'
+  end
+end

data/spec/error_buffer.rb

@@ -0,0 +1,18 @@
+require 'pcap/error_buffer'
+
+require 'spec_helper'
+
+describe PCap::ErrorBuffer do
+  before(:all) do
+    @errbuf = PCap::ErrorBuffer.new
+  end
+
+  it "should have a size of 256" do
+    @errbuf.size.should == 256
+  end
+
+  it "should return the error message for to_s" do
+    @errbuf.write_string('test')
+    @errbuf.to_s.should == 'test'
+  end
+end