RubyGems - ffi-pcap - Versions diffs - 0.2.0 → 0.2.1 - Mend

ffi-pcap 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

data/.gitignore +2 -1
data/.pkg_ignore +25 -0
data/.rspec +1 -0
data/.specopts +1 -0
data/.yardopts +1 -0
data/{ChangeLog.rdoc → ChangeLog.md} +15 -5
data/LICENSE.txt +1 -4
data/README.md +92 -0
data/Rakefile +30 -20
data/examples/em_selectable_pcap.rb +38 -0
data/examples/em_timer.rb +26 -0
data/examples/ipfw_divert.rb +28 -8
data/examples/print_bytes.rb +5 -1
data/examples/replay.rb +11 -0
data/examples/selectable_pcap.rb +29 -0
data/ffi-pcap.gemspec +60 -0
data/gemspec.yml +23 -0
data/lib/ffi/pcap.rb +7 -13
data/lib/ffi/pcap/addr.rb +16 -15
data/lib/ffi/pcap/bpf_instruction.rb +25 -0
data/lib/ffi/pcap/bpf_program.rb +85 -0
data/lib/ffi/pcap/bsd.rb +9 -98
data/lib/ffi/pcap/bsd/af.rb +18 -0
data/lib/ffi/pcap/bsd/in6_addr.rb +16 -0
data/lib/ffi/pcap/bsd/in_addr.rb +18 -0
data/lib/ffi/pcap/bsd/sock_addr.rb +19 -0
data/lib/ffi/pcap/bsd/sock_addr_dl.rb +24 -0
data/lib/ffi/pcap/bsd/sock_addr_family.rb +19 -0
data/lib/ffi/pcap/bsd/sock_addr_in.rb +21 -0
data/lib/ffi/pcap/bsd/sock_addr_in6.rb +20 -0
data/lib/ffi/pcap/bsd/typedefs.rb +7 -0
data/lib/ffi/pcap/capture_wrapper.rb +296 -256
data/lib/ffi/pcap/common_wrapper.rb +152 -127
data/lib/ffi/pcap/copy_handler.rb +32 -32
data/lib/ffi/pcap/crt.rb +7 -10
data/lib/ffi/pcap/data_link.rb +178 -153
data/lib/ffi/pcap/dead.rb +42 -29
data/lib/ffi/pcap/dumper.rb +39 -41
data/lib/ffi/pcap/error_buffer.rb +21 -36
data/lib/ffi/pcap/exceptions.rb +21 -15
data/lib/ffi/pcap/file_header.rb +24 -18
data/lib/ffi/pcap/in_addr.rb +4 -4
data/lib/ffi/pcap/interface.rb +22 -20
data/lib/ffi/pcap/live.rb +296 -252
data/lib/ffi/pcap/offline.rb +50 -43
data/lib/ffi/pcap/packet.rb +186 -143
data/lib/ffi/pcap/packet_header.rb +20 -18
data/lib/ffi/pcap/pcap.rb +269 -212
data/lib/ffi/pcap/stat.rb +19 -49
data/lib/ffi/pcap/stat_ex.rb +42 -0
data/lib/ffi/pcap/time_val.rb +52 -38
data/lib/ffi/pcap/typedefs.rb +16 -20
data/spec/data_link_spec.rb +39 -35
data/spec/dead_spec.rb +0 -4
data/spec/error_buffer_spec.rb +7 -9
data/spec/file_header_spec.rb +17 -14
data/spec/live_spec.rb +12 -5
data/spec/offline_spec.rb +10 -11
data/spec/packet_behaviors.rb +20 -6
data/spec/packet_injection_spec.rb +9 -8
data/spec/packet_spec.rb +22 -26
data/spec/pcap_spec.rb +52 -40
data/spec/spec_helper.rb +16 -5
data/spec/wrapper_behaviors.rb +0 -3
data/tasks/doc.rake +69 -0
data/tasks/gem.rake +200 -0
data/tasks/git.rake +40 -0
data/tasks/post_load.rake +34 -0
data/tasks/rubyforge.rake +55 -0
data/tasks/setup.rb +286 -0
data/tasks/spec.rake +54 -0
data/tasks/svn.rake +47 -0
data/tasks/test.rake +40 -0
metadata +142 -92
data/README.rdoc +0 -30
data/VERSION +0 -1
data/lib/ffi/pcap/bpf.rb +0 -106
data/lib/ffi/pcap/version.rb +0 -6
data/tasks/rcov.rb +0 -6
data/tasks/rdoc.rb +0 -17
data/tasks/spec.rb +0 -9
data/tasks/yard.rb +0 -21

data/gemspec.yml ADDED

@@ -0,0 +1,23 @@
+name: ffi-pcap
+version: 0.2.1
+summary: FFI bindings for libpcap
+description: Bindings to libpcap via FFI interface in Ruby.
+license: MIT
+authors:
+ - Postmodern
+ - Dakrone
+ - Eric Monti
+email: postmodern.mod3@gmail.com
+homepage: https://github.com/sophsec/ffi-pcap
+has_yard: true
+requirements: libpcap >= 1.0.0
+dependencies:
+  ffi: ~> 1.0
+  ffi_dry: ~> 0.1.12
+development_dependencies:
+  rubygems-tasks: ~> 0.2
+  rspec: ~> 2.0
+  yard: ~> 0.8

data/lib/ffi/pcap.rb CHANGED

@@ -1,22 +1,16 @@
-begin; require 'rubygems'; rescue LoadError; end
 require 'ffi_dry'
 module FFI
-module PCap
-  extend FFI::Library
+  module PCap
+    extend FFI::Library
-  begin
-    ffi_lib "wpcap"
-  rescue LoadError
-    ffi_lib "pcap"
+    ffi_lib ['pcap', 'libpcap.so.1', 'wpcap']
   end
-end
+  Pcap = PCap
 end
 require 'ffi/pcap/crt'
-require 'ffi/pcap/version'
 require 'ffi/pcap/exceptions'
 # FFI typedefs, pointer wrappers, and struct
@@ -28,7 +22,8 @@ require 'ffi/pcap/file_header'
 require 'ffi/pcap/time_val'
 require 'ffi/pcap/packet_header'
 require 'ffi/pcap/stat'
-require 'ffi/pcap/bpf'
+require 'ffi/pcap/bpf_instruction'
+require 'ffi/pcap/bpf_program'
 require 'ffi/pcap/dumper'
 # Ruby FFI function bindings, sugar, and misc wrappers
@@ -39,4 +34,3 @@ require 'ffi/pcap/packet'
 require 'ffi/pcap/live'
 require 'ffi/pcap/offline'
 require 'ffi/pcap/dead'

data/lib/ffi/pcap/addr.rb CHANGED

@@ -1,21 +1,22 @@
 module FFI
-module PCap
+  module PCap
+    #
+    # Representation of an interface address.
+    #
+    # See pcap_addr struct in `pcap.h`
+    #
+    class Addr < FFI::Struct
-  # Representation of an interface address.
-  #
-  # See pcap_addr struct in pcap.h
-  class Addr < FFI::Struct
-    include FFI::DRY::StructHelper
+      include FFI::DRY::StructHelper
-    dsl_layout do
-      p_struct :next,       ::FFI::PCap::Addr
-      p_struct :addr,       ::FFI::PCap::SockAddr, :desc => 'address'
-      p_struct :netmask,    ::FFI::PCap::SockAddr, :desc => 'netmask of the address'
-      p_struct :broadcast,  ::FFI::PCap::SockAddr, :desc => 'broadcast for the address'
-      p_struct :dest_addr,  ::FFI::PCap::SockAddr, :desc => 'p2p destination for address'
-    end
+      dsl_layout do
+        p_struct :next,       ::FFI::PCap::Addr
+        p_struct :addr,       ::FFI::PCap::SockAddr, :desc => 'address'
+        p_struct :netmask,    ::FFI::PCap::SockAddr, :desc => 'netmask of the address'
+        p_struct :broadcast,  ::FFI::PCap::SockAddr, :desc => 'broadcast for the address'
+        p_struct :dest_addr,  ::FFI::PCap::SockAddr, :desc => 'p2p destination for address'
+      end
+    end
   end
 end
-end

data/lib/ffi/pcap/bpf_instruction.rb ADDED

@@ -0,0 +1,25 @@
+require 'ffi/pcap/typedefs'
+module FFI
+  module PCap
+    #
+    # Includes structures defined in `pcap-bpf.h`
+    #
+    # Berkeley Packet Filter instruction data structure.
+    #
+    # See bpf_insn struct in `pcap-bpf.h`
+    #
+    class BPFInstruction < FFI::Struct
+      include FFI::DRY::StructHelper
+      dsl_layout do
+        field :code,  :ushort
+        field :jt,    :uchar
+        field :jf,    :uchar
+        field :k,     :bpf_int32
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bpf_program.rb ADDED

@@ -0,0 +1,85 @@
+require 'ffi/pcap/bpf_instruction'
+require 'ffi/pcap/data_link'
+module FFI
+  module PCap
+    #
+    # Structure for `pcap_compile()`, `pcap_setfilter()`, etc.
+    #
+    # See bpf_program struct in `pcap-bpf.h`
+    #
+    class BPFProgram < FFI::Struct
+      include FFI::DRY::StructHelper
+      dsl_layout do
+        field    :bf_len,  :uint
+        field    :bf_insn, :pointer
+      end
+      def instructions
+        i = 0
+        sz = BPFInstruction.size
+        Array.new(self.bf_len) do
+          ins = BPFInstruction.new( self[:bf_insn] + i )
+          i += sz
+          ins
+        end
+      end
+      def free!
+        unless @closed
+          @freed = true
+          PCap.pcap_freecode(self)
+        end
+      end
+      def freed?
+        @freed == true
+      end
+      #
+      # Compiles a bpf filter without a pcap device being open. Downside is
+      # no error messages are available, whereas they are when you use
+      # open_dead() and use compile() on the resulting Dead.
+      #
+      # @param [Hash] opts
+      #   Additional options for compile
+      #
+      # @option opts [optional, DataLink, Integer, String, Symbol] :datalink
+      #   DataLink layer type. The argument type will be resolved to a
+      #   DataLink value if possible. Defaults to data-link layer type NULL.
+      #
+      # @option opts [optional, Integer] :snaplen
+      #   The snapshot length for the filter. Defaults to SNAPLEN
+      #
+      # @option opts [optional, Integer] :optimize
+      #   Optimization flag. 0 means don't optimize. Defaults to 1.
+      #
+      # @option opts [optional, Integer] :netmask
+      #   A 32-bit number representing the IPv4 netmask of the network on
+      #   which packets are being captured. It is only used when checking
+      #   for IPv4 broadcast addresses in the filter program.
+      #   Default: 0 (unspecified netmask)
+      #
+      # @return [BPFProgram]
+      #   If no errors occur, a compiled BPFProgram is returned.
+      #
+      def self.compile(expr, opts={})
+        datalink = (opts[:datalink] || 1)
+        dl = datalink.kind_of?(DataLink) ? datalink : DataLink.new(datalink)
+        slen     = (opts[:snaplen] || DEFAULT_SNAPLEN)
+        optimize = (opts[:optimize] || 1)
+        mask     = (opts[:netmask] || 0)
+        code = new()
+        r = PCap.pcap_compile_nopcap(slen, dl.value, code, expr, optimize, mask)
+        raise(LibError, "pcap_compile_nopcap(): unspecified error") if r < 0
+        return code
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bsd.rb CHANGED

@@ -1,98 +1,9 @@
-# Here's where various BSD sockets typedefs and structures go
-# ... good to have around
-# cribbed from dnet-ffi - EM
-require 'socket'
-module FFI
-module PCap
-  typedef :uint8, :sa_family_t
-  typedef :uint32, :in_addr_t
-  typedef :uint16, :in_port_t
-  # contains AF_* constants culled from Ruby's ::Socket
-  module AF
-    include ::FFI::DRY::ConstMap
-    slurp_constants(::Socket, "AF_")
-    def self.list; @@list ||= super() ; end
-  end
-  # Common abstract superclass for all sockaddr struct classes
-  #
-  class SockAddrFamily < ::FFI::Struct
-    include ::FFI::DRY::StructHelper
-    # returns an address family name for the :family struct member value
-    def lookup_family
-      AF[ self[:family] ]
-    end
-  end
-  # generic sockaddr, always good to have around
-  #
-  class SockAddr < SockAddrFamily
-    dsl_layout do
-      field :len,    :uint8,        :desc => 'total length of struct'
-      field :family, :sa_family_t,  :desc => 'address family (AF_*)'
-      field :data,   :char,         :desc => 'variable length bound by :len'
-    end
-  end
-  # Used to represent a 32-bit IPv4 address in a sock_addr_in structure
-  #
-  class InAddr < ::FFI::Struct
-    include ::FFI::DRY::StructHelper
-    dsl_layout { field :in_addr,  :in_addr_t, :desc => 'inet address' }
-  end
-  # sockaddr inet, always good to have around
-  #
-  class SockAddrIn < SockAddrFamily
-    dsl_layout do
-      field :len,    :uint8,        :desc => 'length of structure (16)'
-      field :family, :sa_family_t,  :desc => 'address family (AF_INET)'
-      field :port,   :in_port_t,    :desc => '16-bit TCP or UDP port number'
-      field :addr,   :in_addr_t,    :desc => '32-bit IPv4 address'
-      array :_sa_zero, [:uint8,8],  :desc => 'unused'
-    end
-  end
-  # Used to represent an IPv6 address in a sock_addr_in6 structure
-  #
-  class In6Addr < ::FFI::Struct
-    include ::FFI::DRY::StructHelper
-    dsl_layout { array :s6_addr, [:uint8, 16], :desc => 'IPv6 address' }
-  end
-  # IPv6 socket address
-  #
-  class SockAddrIn6 < SockAddrFamily
-    dsl_layout do
-      field :len,      :uint8,       :desc => 'length of structure(24)'
-      field :family,   :sa_family_t, :desc => 'address family (AF_INET6)'
-      field :port,     :in_port_t,   :desc => 'transport layer port'
-      field :flowinfo, :uint32,      :desc => 'priority & flow label'
-      struct :addr,    ::FFI::PCap::In6Addr,     :desc => 'IPv6 address'
-    end
-  end
-  # data-link socket address
-  #
-  class SockAddrDl < SockAddrFamily
-    dsl_layout do
-      field :len,       :uint8,   :desc => 'length of structure(variable)'
-      field :family, :sa_family_t, :desc => 'address family (AF_LINK)'
-      field :sdl_index, :uint16,  :desc => 'system assigned index, if > 0'
-      field :dltype,    :uint8,   :desc => 'IFT_ETHER, etc. from net/if_types.h'
-      field :nlen,      :uint8,   :desc => 'name length, from :_data'
-      field :alen,      :uint8,   :desc => 'link-layer addres-length'
-      field :slen,      :uint8,   :desc => 'link-layer selector length'
-      field :_data,     :char,    :desc => 'minimum work area=12, can be larger'
-    end
-  end
-end
-end
+require 'ffi/pcap/bsd/typedefs'
+require 'ffi/pcap/bsd/af'
+require 'ffi/pcap/bsd/in_addr'
+require 'ffi/pcap/bsd/sock_addr'
+require 'ffi/pcap/bsd/sock_addr_family'
+require 'ffi/pcap/bsd/sock_addr_in'
+require 'ffi/pcap/bsd/sock_addr_dl'
+require 'ffi/pcap/bsd/in6_addr'
+require 'ffi/pcap/bsd/sock_addr_in6'

data/lib/ffi/pcap/bsd/af.rb ADDED

@@ -0,0 +1,18 @@
+require 'socket'
+module FFI
+  module PCap
+    #
+    # Contains `AF_*` constants culled from Ruby's ::Socket
+    #
+    module AF
+      include ::FFI::DRY::ConstMap
+      slurp_constants(::Socket, "AF_")
+      def self.list
+        @@list ||= super()
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bsd/in6_addr.rb ADDED

@@ -0,0 +1,16 @@
+module FFI
+  module PCap
+    #
+    # Used to represent an IPv6 address in a sock_addr_in6 structure
+    #
+    class In6Addr < ::FFI::Struct
+      include ::FFI::DRY::StructHelper
+      dsl_layout do
+        array :s6_addr, [:uint8, 16], :desc => 'IPv6 address'
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bsd/in_addr.rb ADDED

@@ -0,0 +1,18 @@
+require 'ffi/pcap/bsd/typedefs'
+module FFI
+  module PCap
+    #
+    # Used to represent a 32-bit IPv4 address in a sock_addr_in structure
+    #
+    class InAddr < ::FFI::Struct
+      include ::FFI::DRY::StructHelper
+      dsl_layout do
+        field :in_addr,  :in_addr_t, :desc => 'inet address'
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bsd/sock_addr.rb ADDED

@@ -0,0 +1,19 @@
+require 'ffi/pcap/bsd/typedefs'
+require 'ffi/pcap/bsd/sock_addr_family'
+module FFI
+  module PCap
+    #
+    # generic sockaddr, always good to have around
+    #
+    class SockAddr < SockAddrFamily
+      dsl_layout do
+        field :len,    :uint8,        :desc => 'total length of struct'
+        field :family, :sa_family_t,  :desc => 'address family (AF_*)'
+        field :data,   :char,         :desc => 'variable length bound by :len'
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bsd/sock_addr_dl.rb ADDED

@@ -0,0 +1,24 @@
+require 'ffi/pcap/bsd/typedefs'
+require 'ffi/pcap/bsd/sock_addr_family'
+module FFI
+  module PCap
+    #
+    # data-link socket address
+    #
+    class SockAddrDl < SockAddrFamily
+      dsl_layout do
+        field :len,       :uint8,   :desc => 'length of structure(variable)'
+        field :family,    :sa_family_t, :desc => 'address family (AF_LINK)'
+        field :sdl_index, :uint16,  :desc => 'system assigned index, if > 0'
+        field :dltype,    :uint8,   :desc => 'IFT_ETHER, etc. from net/if_types.h'
+        field :nlen,      :uint8,   :desc => 'name length, from :_data'
+        field :alen,      :uint8,   :desc => 'link-layer addres-length'
+        field :slen,      :uint8,   :desc => 'link-layer selector length'
+        field :_data,     :char,    :desc => 'minimum work area=12, can be larger'
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bsd/sock_addr_family.rb ADDED

@@ -0,0 +1,19 @@
+require 'ffi/pcap/bsd/af'
+module FFI
+  module PCap
+    #
+    # Common abstract superclass for all sockaddr struct classes
+    #
+    class SockAddrFamily < ::FFI::Struct
+      include ::FFI::DRY::StructHelper
+      # returns an address family name for the :family struct member value
+      def lookup_family
+        AF[self[:family]]
+      end
+    end
+  end
+end