RubyGems - ffi-pcap - Versions diffs - 0.2.0 → 0.2.1 - Mend

ffi-pcap 0.2.0 → 0.2.1

Files changed (82) hide show

data/.gitignore +2 -1
data/.pkg_ignore +25 -0
data/.rspec +1 -0
data/.specopts +1 -0
data/.yardopts +1 -0
data/{ChangeLog.rdoc → ChangeLog.md} +15 -5
data/LICENSE.txt +1 -4
data/README.md +92 -0
data/Rakefile +30 -20
data/examples/em_selectable_pcap.rb +38 -0
data/examples/em_timer.rb +26 -0
data/examples/ipfw_divert.rb +28 -8
data/examples/print_bytes.rb +5 -1
data/examples/replay.rb +11 -0
data/examples/selectable_pcap.rb +29 -0
data/ffi-pcap.gemspec +60 -0
data/gemspec.yml +23 -0
data/lib/ffi/pcap.rb +7 -13
data/lib/ffi/pcap/addr.rb +16 -15
data/lib/ffi/pcap/bpf_instruction.rb +25 -0
data/lib/ffi/pcap/bpf_program.rb +85 -0
data/lib/ffi/pcap/bsd.rb +9 -98
data/lib/ffi/pcap/bsd/af.rb +18 -0
data/lib/ffi/pcap/bsd/in6_addr.rb +16 -0
data/lib/ffi/pcap/bsd/in_addr.rb +18 -0
data/lib/ffi/pcap/bsd/sock_addr.rb +19 -0
data/lib/ffi/pcap/bsd/sock_addr_dl.rb +24 -0
data/lib/ffi/pcap/bsd/sock_addr_family.rb +19 -0
data/lib/ffi/pcap/bsd/sock_addr_in.rb +21 -0
data/lib/ffi/pcap/bsd/sock_addr_in6.rb +20 -0
data/lib/ffi/pcap/bsd/typedefs.rb +7 -0
data/lib/ffi/pcap/capture_wrapper.rb +296 -256
data/lib/ffi/pcap/common_wrapper.rb +152 -127
data/lib/ffi/pcap/copy_handler.rb +32 -32
data/lib/ffi/pcap/crt.rb +7 -10
data/lib/ffi/pcap/data_link.rb +178 -153
data/lib/ffi/pcap/dead.rb +42 -29
data/lib/ffi/pcap/dumper.rb +39 -41
data/lib/ffi/pcap/error_buffer.rb +21 -36
data/lib/ffi/pcap/exceptions.rb +21 -15
data/lib/ffi/pcap/file_header.rb +24 -18
data/lib/ffi/pcap/in_addr.rb +4 -4
data/lib/ffi/pcap/interface.rb +22 -20
data/lib/ffi/pcap/live.rb +296 -252
data/lib/ffi/pcap/offline.rb +50 -43
data/lib/ffi/pcap/packet.rb +186 -143
data/lib/ffi/pcap/packet_header.rb +20 -18
data/lib/ffi/pcap/pcap.rb +269 -212
data/lib/ffi/pcap/stat.rb +19 -49
data/lib/ffi/pcap/stat_ex.rb +42 -0
data/lib/ffi/pcap/time_val.rb +52 -38
data/lib/ffi/pcap/typedefs.rb +16 -20
data/spec/data_link_spec.rb +39 -35
data/spec/dead_spec.rb +0 -4
data/spec/error_buffer_spec.rb +7 -9
data/spec/file_header_spec.rb +17 -14
data/spec/live_spec.rb +12 -5
data/spec/offline_spec.rb +10 -11
data/spec/packet_behaviors.rb +20 -6
data/spec/packet_injection_spec.rb +9 -8
data/spec/packet_spec.rb +22 -26
data/spec/pcap_spec.rb +52 -40
data/spec/spec_helper.rb +16 -5
data/spec/wrapper_behaviors.rb +0 -3
data/tasks/doc.rake +69 -0
data/tasks/gem.rake +200 -0
data/tasks/git.rake +40 -0
data/tasks/post_load.rake +34 -0
data/tasks/rubyforge.rake +55 -0
data/tasks/setup.rb +286 -0
data/tasks/spec.rake +54 -0
data/tasks/svn.rake +47 -0
data/tasks/test.rake +40 -0
metadata +142 -92
data/README.rdoc +0 -30
data/VERSION +0 -1
data/lib/ffi/pcap/bpf.rb +0 -106
data/lib/ffi/pcap/version.rb +0 -6
data/tasks/rcov.rb +0 -6
data/tasks/rdoc.rb +0 -17
data/tasks/spec.rb +0 -9
data/tasks/yard.rb +0 -21

data/gemspec.yml ADDED

@@ -0,0 +1,23 @@
+name: ffi-pcap
+version: 0.2.1
+summary: FFI bindings for libpcap
+description: Bindings to libpcap via FFI interface in Ruby.
+license: MIT
+authors:
+ - Postmodern
+ - Dakrone
+ - Eric Monti
+email: postmodern.mod3@gmail.com
+homepage: https://github.com/sophsec/ffi-pcap
+has_yard: true
+requirements: libpcap >= 1.0.0
+dependencies:
+  ffi: ~> 1.0
+  ffi_dry: ~> 0.1.12
+development_dependencies:
+  rubygems-tasks: ~> 0.2
+  rspec: ~> 2.0
+  yard: ~> 0.8

data/lib/ffi/pcap.rb CHANGED

@@ -1,22 +1,16 @@
-begin; require 'rubygems'; rescue LoadError; end
 require 'ffi_dry'
 module FFI
-module PCap
-  extend FFI::Library
+  module PCap
+    extend FFI::Library
-  begin
-    ffi_lib "wpcap"
-  rescue LoadError
-    ffi_lib "pcap"
+    ffi_lib ['pcap', 'libpcap.so.1', 'wpcap']
   end
-end
+  Pcap = PCap
 end
 require 'ffi/pcap/crt'
-require 'ffi/pcap/version'
 require 'ffi/pcap/exceptions'
 # FFI typedefs, pointer wrappers, and struct
@@ -28,7 +22,8 @@ require 'ffi/pcap/file_header'
 require 'ffi/pcap/time_val'
 require 'ffi/pcap/packet_header'
 require 'ffi/pcap/stat'
-require 'ffi/pcap/bpf'
+require 'ffi/pcap/bpf_instruction'
+require 'ffi/pcap/bpf_program'
 require 'ffi/pcap/dumper'
 # Ruby FFI function bindings, sugar, and misc wrappers
@@ -39,4 +34,3 @@ require 'ffi/pcap/packet'
 require 'ffi/pcap/live'
 require 'ffi/pcap/offline'
 require 'ffi/pcap/dead'

data/lib/ffi/pcap/addr.rb CHANGED

@@ -1,21 +1,22 @@
 module FFI
-module PCap
+  module PCap
+    #
+    # Representation of an interface address.
+    #
+    # See pcap_addr struct in `pcap.h`
+    #
+    class Addr < FFI::Struct
-  # Representation of an interface address.
-  #
-  # See pcap_addr struct in pcap.h
-  class Addr < FFI::Struct
-    include FFI::DRY::StructHelper
+      include FFI::DRY::StructHelper
-    dsl_layout do
-      p_struct :next,       ::FFI::PCap::Addr
-      p_struct :addr,       ::FFI::PCap::SockAddr, :desc => 'address'
-      p_struct :netmask,    ::FFI::PCap::SockAddr, :desc => 'netmask of the address'
-      p_struct :broadcast,  ::FFI::PCap::SockAddr, :desc => 'broadcast for the address'
-      p_struct :dest_addr,  ::FFI::PCap::SockAddr, :desc => 'p2p destination for address'
-    end
+      dsl_layout do
+        p_struct :next,       ::FFI::PCap::Addr
+        p_struct :addr,       ::FFI::PCap::SockAddr, :desc => 'address'
+        p_struct :netmask,    ::FFI::PCap::SockAddr, :desc => 'netmask of the address'
+        p_struct :broadcast,  ::FFI::PCap::SockAddr, :desc => 'broadcast for the address'
+        p_struct :dest_addr,  ::FFI::PCap::SockAddr, :desc => 'p2p destination for address'
+      end
+    end
   end
 end
-end

data/lib/ffi/pcap/bpf_instruction.rb ADDED

@@ -0,0 +1,25 @@
+require 'ffi/pcap/typedefs'
+module FFI
+  module PCap
+    #
+    # Includes structures defined in `pcap-bpf.h`
+    #
+    # Berkeley Packet Filter instruction data structure.
+    #
+    # See bpf_insn struct in `pcap-bpf.h`
+    #
+    class BPFInstruction < FFI::Struct
+      include FFI::DRY::StructHelper
+      dsl_layout do
+        field :code,  :ushort
+        field :jt,    :uchar
+        field :jf,    :uchar
+        field :k,     :bpf_int32
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bpf_program.rb ADDED

@@ -0,0 +1,85 @@
+require 'ffi/pcap/bpf_instruction'
+require 'ffi/pcap/data_link'
+module FFI
+  module PCap
+    #
+    # Structure for `pcap_compile()`, `pcap_setfilter()`, etc.
+    #
+    # See bpf_program struct in `pcap-bpf.h`
+    #
+    class BPFProgram < FFI::Struct
+      include FFI::DRY::StructHelper
+      dsl_layout do
+        field    :bf_len,  :uint
+        field    :bf_insn, :pointer
+      end
+      def instructions
+        i = 0
+        sz = BPFInstruction.size
+        Array.new(self.bf_len) do
+          ins = BPFInstruction.new( self[:bf_insn] + i )
+          i += sz
+          ins
+        end
+      end
+      def free!
+        unless @closed
+          @freed = true
+          PCap.pcap_freecode(self)
+        end
+      end
+      def freed?
+        @freed == true
+      end
+      #
+      # Compiles a bpf filter without a pcap device being open. Downside is
+      # no error messages are available, whereas they are when you use
+      # open_dead() and use compile() on the resulting Dead.
+      #
+      # @param [Hash] opts
+      #   Additional options for compile
+      #
+      # @option opts [optional, DataLink, Integer, String, Symbol] :datalink
+      #   DataLink layer type. The argument type will be resolved to a
+      #   DataLink value if possible. Defaults to data-link layer type NULL.
+      #
+      # @option opts [optional, Integer] :snaplen
+      #   The snapshot length for the filter. Defaults to SNAPLEN
+      #
+      # @option opts [optional, Integer] :optimize
+      #   Optimization flag. 0 means don't optimize. Defaults to 1.
+      #
+      # @option opts [optional, Integer] :netmask
+      #   A 32-bit number representing the IPv4 netmask of the network on
+      #   which packets are being captured. It is only used when checking
+      #   for IPv4 broadcast addresses in the filter program.
+      #   Default: 0 (unspecified netmask)
+      #
+      # @return [BPFProgram]
+      #   If no errors occur, a compiled BPFProgram is returned.
+      #
+      def self.compile(expr, opts={})
+        datalink = (opts[:datalink] || 1)
+        dl = datalink.kind_of?(DataLink) ? datalink : DataLink.new(datalink)
+        slen     = (opts[:snaplen] || DEFAULT_SNAPLEN)
+        optimize = (opts[:optimize] || 1)
+        mask     = (opts[:netmask] || 0)
+        code = new()
+        r = PCap.pcap_compile_nopcap(slen, dl.value, code, expr, optimize, mask)
+        raise(LibError, "pcap_compile_nopcap(): unspecified error") if r < 0
+        return code
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bsd.rb CHANGED

@@ -1,98 +1,9 @@
-# Here's where various BSD sockets typedefs and structures go
-# ... good to have around
-# cribbed from dnet-ffi - EM
-require 'socket'
-module FFI
-module PCap
-  typedef :uint8, :sa_family_t
-  typedef :uint32, :in_addr_t
-  typedef :uint16, :in_port_t
-  # contains AF_* constants culled from Ruby's ::Socket
-  module AF
-    include ::FFI::DRY::ConstMap
-    slurp_constants(::Socket, "AF_")
-    def self.list; @@list ||= super() ; end
-  end
-  # Common abstract superclass for all sockaddr struct classes
-  #
-  class SockAddrFamily < ::FFI::Struct
-    include ::FFI::DRY::StructHelper
-    # returns an address family name for the :family struct member value
-    def lookup_family
-      AF[ self[:family] ]
-    end
-  end
-  # generic sockaddr, always good to have around
-  #
-  class SockAddr < SockAddrFamily
-    dsl_layout do
-      field :len,    :uint8,        :desc => 'total length of struct'
-      field :family, :sa_family_t,  :desc => 'address family (AF_*)'
-      field :data,   :char,         :desc => 'variable length bound by :len'
-    end
-  end
-  # Used to represent a 32-bit IPv4 address in a sock_addr_in structure
-  #
-  class InAddr < ::FFI::Struct
-    include ::FFI::DRY::StructHelper
-    dsl_layout { field :in_addr,  :in_addr_t, :desc => 'inet address' }
-  end
-  # sockaddr inet, always good to have around
-  #
-  class SockAddrIn < SockAddrFamily
-    dsl_layout do
-      field :len,    :uint8,        :desc => 'length of structure (16)'
-      field :family, :sa_family_t,  :desc => 'address family (AF_INET)'
-      field :port,   :in_port_t,    :desc => '16-bit TCP or UDP port number'
-      field :addr,   :in_addr_t,    :desc => '32-bit IPv4 address'
-      array :_sa_zero, [:uint8,8],  :desc => 'unused'
-    end
-  end
-  # Used to represent an IPv6 address in a sock_addr_in6 structure
-  #
-  class In6Addr < ::FFI::Struct
-    include ::FFI::DRY::StructHelper
-    dsl_layout { array :s6_addr, [:uint8, 16], :desc => 'IPv6 address' }
-  end
-  # IPv6 socket address
-  #
-  class SockAddrIn6 < SockAddrFamily
-    dsl_layout do
-      field :len,      :uint8,       :desc => 'length of structure(24)'
-      field :family,   :sa_family_t, :desc => 'address family (AF_INET6)'
-      field :port,     :in_port_t,   :desc => 'transport layer port'
-      field :flowinfo, :uint32,      :desc => 'priority & flow label'
-      struct :addr,    ::FFI::PCap::In6Addr,     :desc => 'IPv6 address'
-    end
-  end
-  # data-link socket address
-  #
-  class SockAddrDl < SockAddrFamily
-    dsl_layout do
-      field :len,       :uint8,   :desc => 'length of structure(variable)'
-      field :family, :sa_family_t, :desc => 'address family (AF_LINK)'
-      field :sdl_index, :uint16,  :desc => 'system assigned index, if > 0'
-      field :dltype,    :uint8,   :desc => 'IFT_ETHER, etc. from net/if_types.h'
-      field :nlen,      :uint8,   :desc => 'name length, from :_data'
-      field :alen,      :uint8,   :desc => 'link-layer addres-length'
-      field :slen,      :uint8,   :desc => 'link-layer selector length'
-      field :_data,     :char,    :desc => 'minimum work area=12, can be larger'
-    end
-  end
-end
-end
+require 'ffi/pcap/bsd/typedefs'
+require 'ffi/pcap/bsd/af'
+require 'ffi/pcap/bsd/in_addr'
+require 'ffi/pcap/bsd/sock_addr'
+require 'ffi/pcap/bsd/sock_addr_family'
+require 'ffi/pcap/bsd/sock_addr_in'
+require 'ffi/pcap/bsd/sock_addr_dl'
+require 'ffi/pcap/bsd/in6_addr'
+require 'ffi/pcap/bsd/sock_addr_in6'

data/lib/ffi/pcap/bsd/af.rb ADDED

@@ -0,0 +1,18 @@
+require 'socket'
+module FFI
+  module PCap
+    #
+    # Contains `AF_*` constants culled from Ruby's ::Socket
+    #
+    module AF
+      include ::FFI::DRY::ConstMap
+      slurp_constants(::Socket, "AF_")
+      def self.list
+        @@list ||= super()
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bsd/in6_addr.rb ADDED

@@ -0,0 +1,16 @@
+module FFI
+  module PCap
+    #
+    # Used to represent an IPv6 address in a sock_addr_in6 structure
+    #
+    class In6Addr < ::FFI::Struct
+      include ::FFI::DRY::StructHelper
+      dsl_layout do
+        array :s6_addr, [:uint8, 16], :desc => 'IPv6 address'
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bsd/in_addr.rb ADDED

@@ -0,0 +1,18 @@
+require 'ffi/pcap/bsd/typedefs'
+module FFI
+  module PCap
+    #
+    # Used to represent a 32-bit IPv4 address in a sock_addr_in structure
+    #
+    class InAddr < ::FFI::Struct
+      include ::FFI::DRY::StructHelper
+      dsl_layout do
+        field :in_addr,  :in_addr_t, :desc => 'inet address'
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bsd/sock_addr.rb ADDED

@@ -0,0 +1,19 @@
+require 'ffi/pcap/bsd/typedefs'
+require 'ffi/pcap/bsd/sock_addr_family'
+module FFI
+  module PCap
+    #
+    # generic sockaddr, always good to have around
+    #
+    class SockAddr < SockAddrFamily
+      dsl_layout do
+        field :len,    :uint8,        :desc => 'total length of struct'
+        field :family, :sa_family_t,  :desc => 'address family (AF_*)'
+        field :data,   :char,         :desc => 'variable length bound by :len'
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bsd/sock_addr_dl.rb ADDED

@@ -0,0 +1,24 @@
+require 'ffi/pcap/bsd/typedefs'
+require 'ffi/pcap/bsd/sock_addr_family'
+module FFI
+  module PCap
+    #
+    # data-link socket address
+    #
+    class SockAddrDl < SockAddrFamily
+      dsl_layout do
+        field :len,       :uint8,   :desc => 'length of structure(variable)'
+        field :family,    :sa_family_t, :desc => 'address family (AF_LINK)'
+        field :sdl_index, :uint16,  :desc => 'system assigned index, if > 0'
+        field :dltype,    :uint8,   :desc => 'IFT_ETHER, etc. from net/if_types.h'
+        field :nlen,      :uint8,   :desc => 'name length, from :_data'
+        field :alen,      :uint8,   :desc => 'link-layer addres-length'
+        field :slen,      :uint8,   :desc => 'link-layer selector length'
+        field :_data,     :char,    :desc => 'minimum work area=12, can be larger'
+      end
+    end
+  end
+end

data/lib/ffi/pcap/bsd/sock_addr_family.rb ADDED

@@ -0,0 +1,19 @@
+require 'ffi/pcap/bsd/af'
+module FFI
+  module PCap
+    #
+    # Common abstract superclass for all sockaddr struct classes
+    #
+    class SockAddrFamily < ::FFI::Struct
+      include ::FFI::DRY::StructHelper
+      # returns an address family name for the :family struct member value
+      def lookup_family
+        AF[self[:family]]
+      end
+    end
+  end
+end