ffi-pcap 0.2.0

data/lib/ffi/pcap/live.rb

@@ -0,0 +1,303 @@
+require 'ffi/pcap/capture_wrapper'
+
+module FFI
+module PCap
+  begin
+    attach_function :pcap_setdirection, [:pcap_t, :pcap_direction_t], :int
+  rescue FFI::NotFoundError
+  end
+
+  begin
+    attach_function :pcap_sendpacket, [:pcap_t, :pointer, :int], :int
+  rescue FFI::NotFoundError
+  end
+
+  begin
+    attach_function :pcap_inject, [:pcap_t, :pointer, :int], :int
+  rescue FFI::NotFoundError
+  end
+
+
+  # Creates a pcap interface for capturing from the network.
+  #
+  # @param [Hash] opts
+  #   Options are ignored and passed to the super-class except those below.
+  #
+  # @option opts [String, nil] :device, :dev
+  #   The device to open. On some platforms, this can be "any". If nil or 
+  #   unspecified FFI::PCap.lookupdev() is called to obtain a default device. 
+  #
+  # @option opts [Integer] :snaplen
+  #   The snapshot length for the pcap object. Defaults to DEFAULT_SNAPLEN
+  #
+  # @option opts [Boolean] :promisc
+  #   Specifies if the interface is to be put into promiscuous mode. Defaults
+  #   to false.
+  #
+  # @option opts [Integer] :timeout
+  #   Specifies the read timeout in milliseconds. Defaults to DEFAULT_TO_MS
+  #
+  # @return [Live]
+  #   A FFI::PCap::Live wrapper.
+  #
+  # @raise [LibError]
+  #   On failure, an exception is raised with the relevant error 
+  #   message from libpcap.
+  #
+  # @raise [ArgumentError]
+  #   May raise an exception if a :device cannot be autodetected using 
+  #   FFI::PCap.lookupdev() for any reason. This should never happen on most platforms.
+  #
+  class Live < CaptureWrapper
+    DEFAULT_TO_MS = 1000     # Default timeout for pcap_open_live()
+
+    attr_reader :device, :promisc, :timeout, :direction
+
+    def initialize(opts=nil)
+      opts ||= {}
+      @device = opts[:device] || opts[:dev] || FFI::PCap.lookupdev()
+      unless @device
+        raise(ArgumentError, "Couldn't detect a device. One must be specified.")
+      end
+
+      @snaplen   = opts[:snaplen] || DEFAULT_SNAPLEN
+      @promisc   = opts[:promisc] ? 1 : 0
+      @timeout   = opts[:timeout] || DEFAULT_TO_MS
+      @direction = (opts[:direction] || opts[:dir])
+
+      @errbuf = ErrorBuffer.create()
+      @pcap = FFI::PCap.pcap_open_live(@device, @snaplen, @promisc, @timeout, @errbuf)
+      raise(LibError, "pcap_open_live(): #{@errbuf.to_s}") if @pcap.null?
+
+      # call super to get all our ducks in a row
+      super(@pcap, opts)
+
+      set_direction(@direction) if @direction
+
+      # Cache network and netmask from pcap_lookupdev.
+      # These pointers may be used internally (and should get autoreleased)
+      @netp, @maskp = nil
+      begin
+        FFI::PCap.lookupnet(@device) do |netp, maskp|
+          @netp = netp
+          @maskp = maskp
+        end
+      rescue LibError
+        warn "Warning: #{$!}"
+      end
+
+      yield self if block_given?
+    end
+
+    # Returns the dotted notation string for the IPv4 network address for 
+    # the device used by this pcap interface.
+    def network
+      return nil unless @netp
+      @network ||= @netp.get_array_of_uchar(0,4).join('.')
+    end
+
+    # Returns the dotted notation string for the IPv4 netmask for the device
+    # used by this pcap interface.
+    def netmask
+      return nil unless @maskp
+      @netmask ||= @maskp.get_array_of_uchar(0,4).join('.')
+    end
+
+    # Returns the 32-bit numeric representation of the IPv4 network address
+    # for this device.
+    def network_n32
+      return nil unless @netp
+      ::FFI::DRY::NetEndian.ntohl(@netp.get_uint32(0))
+    end
+
+    # Returns the 32-bit numeric representation of the IPv4 network address
+    # for this device.
+    def netmask_n32
+      return nil unless @maskp
+      ::FFI::DRY::NetEndian.ntohl(@maskp.get_uint32(0))
+    end
+
+    @@have_setdirection = FFI::PCap.respond_to?(:pcap_setdirection)
+
+    # Sets the direction for which packets will be captured.
+    # 
+    # (Not supported on all platforms)
+    def set_direction(dir)
+      unless @@have_setdirection
+        raise(NotImplementedError, 
+              "pcap_setdirection() is not avaiable from your pcap library") 
+      end
+
+      dirs = FFI::PCap.enum_type(:pcap_direction_t)
+      if FFI::PCap.pcap_setdirection(_pcap, dirs[:"pcap_d_#{dir}"]) == 0
+        return true
+      else
+        raise(LibError, "pcap_setdirection(): #{geterr()}", caller)
+      end
+    end
+
+    alias direction= set_direction
+
+    # set the state of non-blocking mode on a capture device
+    #
+    # @param [Boolean] mode
+    #
+    # @raise [LibError]
+    #   On failure, an exception is raised with the relevant error message 
+    #   from libpcap.
+    #
+    def set_non_blocking(mode)
+      mode =  mode ? 1 : 0
+      if FFI::PCap.pcap_setnonblock(_pcap, mode, @errbuf) == 0
+        return mode == 1
+      else
+        raise(LibError, "pcap_setnonblock(): #{@errbuf.to_s}", caller)
+      end
+    end
+
+    alias non_blocking= set_non_blocking
+
+    # get the state of non-blocking mode on a capture device
+    #
+    # @return [Boolean]
+    #   non-blocking mode
+    #
+    # @raise [LibError]
+    #   On failure, an exception is raised with the relevant error message 
+    #   from libpcap.
+    #
+    def non_blocking
+      if (mode=FFI::PCap.pcap_getnonblock(_pcap, @errbuf)) == -1
+        raise(LibError, "pcap_getnonblock(): #{@errbuf.to_s}", caller)
+      else
+        return mode == 1
+      end
+    end
+
+    alias non_blocking? non_blocking
+
+    # Get capture statistics
+    #
+    # @return [Stats]
+    #
+    # @raise [LibError]
+    #   On failure, an exception is raised with the relevant error message 
+    #   from libpcap.
+    #
+    def stats
+      stats = Stat.new
+      unless FFI::PCap.pcap_stats(_pcap, stats) == 0
+        raise(LibError, "pcap_stats(): #{geterr()}")
+      end
+      return stats
+    end
+
+
+    @@have_inject = FFI::PCap.respond_to?(:pcap_inject)
+
+    # Transmit a packet using pcap_inject()
+    #
+    # (not available on all platforms)
+    #
+    # @param [Packet, String] obj
+    #   The packet to send. This can be a Packet or String object.
+    #
+    # @return [Integer]
+    #   The number of bytes sent.
+    #
+    # @raise [ArgumentError]
+    #   An exception is raised if the pkt object type is incorrect or
+    #   if it is a Packet and the body pointer is null. 
+    #
+    # @raise [LibError]
+    #   On failure, an exception is raised with the relevant libpcap
+    #   error message.
+    #
+    # @raise [NotImplementedError]
+    #   If the pcap_inject() function is not available from your libpcap
+    #   library pcap_sendpacket will be tried, if both are missing, this 
+    #   exception will be raised.
+    #
+    def inject(pkt)
+      if @@have_inject
+        if pkt.kind_of? Packet
+          len = pkt.caplen
+          bufp = pkt.body_ptr
+          raise(ArgumentError, "packet data null pointer") if bufp.null?
+        elsif pkt.kind_of? String
+          len = pkt.size
+          bufp = FFI::MemoryPointer.from_string(pkt)
+        else
+          raise(ArgumentError, "Don't know how to inject #{pkt.class}")
+        end
+
+        if (sent=FFI::PCap.pcap_inject(_pcap, bufp, len)) < 0
+          raise(LibError, "pcap_inject(): #{geterr()}")
+        end
+        return sent
+      else 
+        # fake it with sendpacket on windows
+        if sendpacket(pkt)
+          return (Packet === pkt)? pkt.caplen : pkt.size
+        end
+      end
+    end
+
+    @@have_sendpacket = FFI::PCap.respond_to?(:pcap_sendpacket)
+
+    # Transmit a packet using pcap_sendpacket()
+    #
+    # (not available on all platforms)
+    #
+    # @param [Packet, String] obj
+    #   The packet to send. This can be a Packet or String object.
+    #
+    # @return [True]
+    #   True is returned on success. Otherwise an exception is raised.
+    #
+    # @raise [ArgumentError]
+    #   An exception is raised if the pkt object type is incorrect or
+    #   if it is a Packet and the body pointer is null. 
+    #
+    # @raise [LibError]
+    #   On failure, an exception is raised with the relevant libpcap
+    #   error message.
+    #
+    # @raise [NotImplementedError]
+    #   If the pcap_sendpacket() function is not available from your libpcap
+    #   library this exception will be raised.
+    #
+    def sendpacket(pkt)
+      unless @@have_sendpacket
+        raise(NotImplementedError, 
+              "packet injectors are not avaiable from your pcap library") 
+      end
+
+      if pkt.kind_of? Packet
+        len = pkt.caplen
+        bufp = pkt.body_ptr
+        raise(ArgumentError, "packet data null pointer") if bufp.null?
+      elsif pkt.kind_of? String
+        len = pkt.size
+        bufp = FFI::MemoryPointer.from_string(pkt)
+      else
+        raise(ArgumentError, "Don't know how to send #{pkt.class}")
+      end
+
+      if FFI::PCap.pcap_sendpacket(_pcap, bufp, len) != 0
+        raise(LibError, "pcap_sendpacket(): #{geterr()}")
+      end
+      return true
+    end
+
+    alias send_packet sendpacket
+
+  end
+
+  attach_function :pcap_open_live, [:string, :int, :int, :int, :pointer], :pcap_t
+  attach_function :pcap_getnonblock, [:pcap_t, :pointer], :int
+  attach_function :pcap_setnonblock, [:pcap_t, :int, :pointer], :int
+  attach_function :pcap_stats, [:pcap_t, Stat], :int
+
+end
+end

data/lib/ffi/pcap/offline.rb

@@ -0,0 +1,53 @@
+require 'ffi/pcap/capture_wrapper'
+
+module FFI
+module PCap
+  # A wrapper class for pcap devices opened with open_offline()
+  #
+  class Offline < CaptureWrapper
+    attr_accessor :path
+
+    # Creates a pcap interface for reading saved capture files.
+    #
+    # @param [String] path
+    #   The path to the file to open.
+    #
+    # @param [Hash] opts
+    #   Options are ignored and passed to the super-class except for those 
+    #   below.
+    #
+    # @option opts [ignored] :path
+    #   The :path option will be overridden with the value of the path 
+    #   argument.  If specified in opts, its value will be ignored.
+    #
+    # @return [Offline]
+    #   A FFI::PCap::Offline wrapper.
+    #
+    # @raise [LibError]
+    #   On failure, an exception is raised with the relevant error 
+    #   message from libpcap.
+    #
+    def initialize(path, opts={}, &block)
+      @path = path
+      @errbuf = ErrorBuffer.create()
+      @pcap = FFI::PCap.pcap_open_offline(File.expand_path(@path), @errbuf)
+      raise(LibError, "pcap_open_offline(): #{@errbuf.to_s}") if @pcap.null?
+      super(@pcap, opts, &block)
+    end
+
+    def swapped?
+      FFI::PCap.pcap_is_swapped(_pcap) == 1 ? true : false
+    end
+
+    def file_version
+      "#{FFI::PCap.pcap_major_version(_pcap)}.#{FFI::PCap.pcap_minor_version(_pcap)}"
+    end
+  end
+
+  attach_function :pcap_open_offline, [:string, :pointer], :pcap_t
+  attach_function :pcap_is_swapped, [:pcap_t], :int
+  attach_function :pcap_major_version, [:pcap_t], :int
+  attach_function :pcap_minor_version, [:pcap_t], :int
+
+end
+end

data/lib/ffi/pcap/packet.rb

@@ -0,0 +1,164 @@
+module FFI
+module PCap
+  class Packet
+    attr_reader :body_ptr, :header
+
+    # Creates a Packet from a Ruby string object.
+    #
+    # see new() for more information about the arguments.
+    def self.from_string(body, opts={})
+      new(nil, body, opts)
+    end
+
+    # Allocates a Packet using new memory. Used primarily for pcap_loop
+    # and pcap_dispatch to retain packets after new ones have been received
+    # or a pcap device is closed.
+    def self.allocate(phdr, buf)
+      new(phdr, buf).copy()
+    end
+
+    # @param [PacketHeader, nil] hdr
+    #   The pcap pkthdr struct for this packet or nil.  hdr may only be
+    #   nil if a string is supplied for the body. A header will be 
+    #   created automatically and set_body called with opts.
+    #
+    # @param [FFI::Pointer, String] body
+    #   A string or pointer for the body of the packet. A String may
+    #   only be specified if hdr is set to nil.
+    #
+    # @param [optional, Hash] opts
+    #   Specifies additional options at creation time. Only those
+    #   below are applicable for all initiatialization styles.
+    #   All other options are sent to set_body(), but only if the header
+    #   is nil and body is a String. See set_body() for more info.
+    # 
+    # @option opts [optional, Time] :time, :timestamp
+    #   Sets the timestamp in the header.
+    #
+    # @raise [ArgumentError, TypeError]
+    #   An exception is raised if any of the parameter rules described 
+    #   are not followed.
+    #
+    def initialize(hdr, body, opts={})
+      o = opts.dup
+      ts = o.delete(:time) || o.delete(:timestamp)
+      case hdr
+      when PacketHeader
+        raise(ArgumentError, "NULL header pointer") if hdr.to_ptr.null?
+        @header = hdr
+      when ::FFI::Pointer
+        raise(ArgumentError, "NULL header pointer") if hdr.null?
+        @header = PacketHeader.new(hdr)
+      when nil 
+        if body.is_a? String
+          set_body(body, o)
+        else
+          raise(TypeError, "invalid body with nil header: #{body.class}")
+        end
+      else
+        raise(TypeError, "invalid header: #{hdr.class}")
+      end
+        
+      @header.ts.time = ts if ts
+
+      unless @body_ptr
+        if body.is_a?(FFI::Pointer) and not body.null?
+          @body_ptr = body
+        else
+          raise(TypeError, "invalid body for header: #{body.class}")
+        end
+      end
+    end
+
+    # Sets the body from a string. A pointer is automatically derived from
+    #
+    # @param [String] data
+    #   The body to set
+    #
+    # @param [Hash] opts
+    #   Body length options.
+    #
+    # @option opts [optional, Integer] :caplen, :captured
+    #   The captured length (or snaplen) for this packet.
+    #   Length of data portion present. Defaults to body.size(). If
+    #   caplen is larger than the body, then it is overridden with body.size.
+    #   
+    # @option opts [optional, Integer] :len, :length
+    #   The total length of the packet (off wire). Defaults to caplen. If
+    #   If :length is less than the :caplen, it is overridden as :caplen.
+    #
+    #
+    # @return [String]
+    #   Returns the data as supplied per attr_writer convention.
+    #
+    def set_body(data, opts={})
+      cl = opts[:caplen] || opts[:captured] || data.size
+      l = opts[:length] || opts[:len] || cl
+      clen = (cl < data.size) ? cl : data.size
+      len = (l < clen) ? clen : l
+
+      @header ||= PacketHeader.new
+      @header.caplen = len || @header.caplen
+      @header.len = len || @header.caplen
+      @body_ptr = FFI::MemoryPointer.from_string(data)
+      return self
+    end
+
+    alias body= set_body
+
+    # @return [String]
+    #   A String representation of the packet data.
+    #   The reference to the string is not kept by the object and changes
+    #   won't affect the data in this packet.
+    def body
+      @body_ptr.read_string(@header.caplen)
+    end
+
+    # @return [Time]
+    #   Returns the pcap timestamp as a Time object
+    def time
+      @header.ts.time
+    end
+
+    alias timestamp time
+
+    # Sets the pcap timestamp.
+    def time=(t)
+      @header.ts.time=(t)
+    end
+
+    def caplen
+      @header.caplen
+    end
+
+    alias captured caplen
+
+    def len
+      @header.len
+    end
+
+    alias length len
+
+    # An optimized copy which allocates new memory for a PacketHeader and
+    # body.
+    #
+    # DANGEROUS: This method uses direct FFI bindings for the copy and
+    # may crash Ruby if the packet header or body is incorrect.
+    #
+    # @raise [StandardError]
+    #   An exception is raised if the header or body is a NULL pointer.
+    #
+    def copy
+      raise(StandardError, "header is a NULL pointer") if @header.to_ptr.null?
+      raise(StandardError, "body is a NULL pointer") if body_ptr.null?
+      cpy_hdr = PacketHeader.new
+      cpy_buf = FFI::MemoryPointer.new(@header.caplen)
+      CRT.memcpy(cpy_hdr, @header, PacketHeader.size)
+      CRT.memcpy(cpy_buf, @body_ptr, @header.caplen)
+      self.class.new( cpy_hdr, cpy_buf )
+    end
+
+  end
+
+end
+end