ffi-pcap 0.2.0

data/spec/dead_spec.rb

@@ -0,0 +1,34 @@
+require 'spec_helper'
+require 'wrapper_behaviors'
+
+describe Dead do
+  before(:each) do
+    @pcap = Dead.new()
+  end
+
+  after(:each) do
+    @pcap.close
+  end
+
+  it_should_behave_like "FFI::PCap::CommonWrapper"
+
+  describe "yielding to a block" do
+    # Note we also test all the behaviors here together instead of seperately.
+    Dead.new() do |this|
+      @pcap = this
+
+      it "should be in a ready state in the block" do
+        @pcap.should be_ready
+        @pcap.should_not be_closed
+      end
+
+      it_should_behave_like "FFI::PCap::CommonWrapper"
+
+      @pcap.close
+    end
+
+
+  end
+
+end
+

data/spec/error_buffer_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe ErrorBuffer do
+  before(:all) do
+    @errbuf = ErrorBuffer.create
+  end
+
+  it "should have a size of 256" do
+    @errbuf.size.should == 256
+  end
+
+  it "should return an error message with to_s" do
+    @errbuf.to_s.should be_empty
+    FFI::PCap.pcap_open_offline("/this/file/wont/exist/#{rand(0xFFFF)}", @errbuf )
+    @errbuf.to_s.should_not be_empty
+  end
+end

data/spec/file_header_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+
+describe FileHeader do
+  before(:all) do
+    @file_header = FileHeader.new( :raw => File.read(PCAP_TESTFILE) )
+  end
+
+  it "should parse a pcap file correctly" do
+    @file_header.magic.should == 0xa1b2c3d4
+    @file_header.version_major.should == 2
+    @file_header.version_minor.should == 4
+    @file_header.thiszone.should == 0
+    @file_header.sigfigs.should == 0
+    @file_header.snaplen.should == 96
+    @file_header.linktype.should == 1
+  end
+
+  it "should return a file format version string" do
+    String.should === @file_header.version
+    @file_header.version.should == "2.4"
+  end
+
+  it "should return a DataLink for the linktype using datalink()" do
+    DataLink.should === @file_header.datalink
+    (@file_header.datalink == :en10mb).should == true
+  end
+
+end

data/spec/live_spec.rb

@@ -0,0 +1,87 @@
+require 'spec_helper'
+require 'wrapper_behaviors'
+require 'packet_behaviors'
+
+describe Live do
+  before(:each) do
+    @pcap = Live.new(
+      :device => PCAP_DEV,
+      :promisc => true,
+      :timeout => 1000
+    )
+    start_traffic_generator()
+  end
+
+  after(:each) do
+    stop_traffic_generator()
+    @pcap.close
+  end
+
+  it_should_behave_like "FFI::PCap::CaptureWrapper"
+  
+  it "should support non-blocking mode" do
+    @pcap.non_blocking = true
+    @pcap.should be_non_blocking
+  end
+
+  it "should provide statistics about packets received/dropped" do
+    i = 0
+    @pcap.loop {|this,pkt| @pcap.stop if (i += 1) == 10 }
+    i.should_not == 0
+    stats = @pcap.stats
+    Stat.should === stats
+    stats.received.should > 0
+    stats.received.should >= 10
+  end
+
+  it "should yield packets with a timestamp using loop()" do
+    i = 0
+    @pkt = nil
+    @pcap.loop(:count => 2) do |this, pkt|
+      this.should == @pcap
+      pkt.should_not be_nil
+      Packet.should === pkt
+      (Time.now - pkt.time).should_not > 1000
+      i+=1
+    end
+    i.should == 2
+  end
+
+
+  describe "live packets" do
+    before(:all) do
+      @pcap = Live.new(
+        :device => PCAP_DEV,
+        :promisc => true
+      )
+      @pkt = @pcap.next()
+      start_traffic_generator()
+    end
+
+    after(:all) do
+      stop_traffic_generator()
+      @pcap.close
+    end
+    
+    it_should_behave_like "FFI::PCap::Packet populated"
+
+  end
+
+  describe "yielding to a block" do
+    # Note we also test all the behaviors here together instead of seperately.
+    Offline.new(PCAP_TESTFILE) do |this|
+      @pcap = this
+
+      it "should be in a ready state in the block" do
+        @pcap.should be_ready
+        @pcap.should_not be_closed
+      end
+
+      start_traffic_generator()
+      it_should_behave_like "FFI::PCap::CaptureWrapper"
+      stop_traffic_generator()
+      @pcap.close
+    end
+  end
+end
+

data/spec/offline_spec.rb

@@ -0,0 +1,61 @@
+require 'spec_helper'
+require 'wrapper_behaviors'
+
+describe Offline do
+  before(:each) do
+    @pcap = Offline.new(PCAP_TESTFILE)
+  end
+
+  after(:each) do
+    @pcap.close
+  end
+
+  it_should_behave_like "FFI::PCap::CaptureWrapper"
+
+  it "should return a nil from next() at the end of the dump file" do
+    i = 0
+    @pcap.loop {|this,pkt| i+=1 }
+    i.should > 0
+    @pcap.next.should be_nil
+  end
+
+  it "should yield packets with a timestamp using loop()" do
+    i = 0
+    @pkt = nil
+    @pcap.loop(:count => 2) do |this, pkt|
+      this.should == @pcap
+      pkt.should_not be_nil
+      Packet.should === pkt
+      pkt.time.to_i.should > 0
+      i+=1
+    end
+    i.should == 2
+  end
+
+  it "should supply a file version" do
+    @pcap.file_version.should =~ /^\d+\.\d+$/
+  end
+
+  it "should indicate whether it is endian swapped" do
+    [true,false].include?(@pcap.swapped?).should == true
+  end
+
+  describe "yielding to a block" do
+
+    # Note we also test all the behaviors here together instead of seperately.
+    Offline.new(PCAP_TESTFILE) do |this|
+      @pcap = this
+
+      it "should be in a ready state in the block" do
+        @pcap.should be_ready
+        @pcap.should_not be_closed
+      end
+
+      it_should_behave_like "FFI::PCap::CaptureWrapper"
+
+      @pcap.close
+    end
+
+  end
+end
+

data/spec/packet_behaviors.rb

@@ -0,0 +1,68 @@
+
+shared_examples_for "FFI::PCap::Packet" do
+  it "should supply a way to get a pointer for the body" do
+    @pkt.body_ptr.should_not be_nil
+    ::FFI::Pointer.should === @pkt.body_ptr
+  end
+
+  it "should supply a way to get a String for the body" do
+    @pkt.body.should_not be_nil
+    String.should === @pkt.body
+  end
+
+  it "should supply a timestamp as a Time object" do
+    @pkt.time.should_not be_nil
+    Time.should === @pkt.time
+  end
+
+  it "should allow time timestamp to be changed" do
+    t = Time.now
+    lambda {@pkt.time = t}.should_not raise_error(Exception)
+    @pkt.time.should == t
+  end
+
+  it "should return a deep copy of itself with copy()" do
+    cp = @pkt.copy()
+    cp.object_id.should_not == @pkt.object_id
+    cp.body_ptr.object_id.should_not == @pkt.body_ptr.object_id
+    cp.body.should == @pkt.body
+  end
+end
+
+shared_examples_for "FFI::PCap::Packet populated" do
+  it_should_behave_like "FFI::PCap::Packet"
+
+  it "should have a non-zero packet length in the header" do
+    @pkt.length.should_not == 0
+  end
+
+  it "should have a non-zero captured length in the header" do
+    @pkt.captured.should_not == 0
+  end
+
+  it "should have a non-empty body" do
+    @pkt.body.should_not be_empty
+  end
+
+  it "should have a non-null body pointer" do
+    @pkt.body_ptr.should_not be_null
+  end
+
+end
+
+shared_examples_for "FFI::PCap::Packet composed" do
+  it "should return the expected header" do
+    @pkt.header.should be_kind_of(PacketHeader)
+    @pkt.header.len.should  == @test_body.size
+    @pkt.header.caplen.should == @test_body.size
+    @pkt.header.timestamp.to_time.to_i.should == 0
+  end
+
+  it "should return the expected body String" do
+    @pkt.body.should == @test_body
+  end
+
+  it "should return a pointer to the expected body String" do
+    @pkt.body_ptr.read_string(@pkt.caplen).should == @test_body
+  end
+end

data/spec/packet_injection_spec.rb

@@ -0,0 +1,38 @@
+require 'spec_helper'
+
+describe FFI::PCap::Live do
+  describe "packet injection" do
+    before(:all) do
+      @pcap = FFI::PCap.open_live :device => PCAP_DEV, 
+                             :promisc => false,
+                             :timeout => 100,
+                             :snaplen => 8192
+    end
+
+    after(:all) do
+      @pcap.close
+    end
+
+    it "should detect when an invalid argument is supplied" do
+      lambda { @pcap.inject(Object.new)}.should raise_error(ArgumentError)
+      lambda { @pcap.inject(nil)}.should raise_error(ArgumentError)
+      lambda { @pcap.inject(1)}.should raise_error(ArgumentError)
+      lambda { @pcap.inject([])}.should raise_error(ArgumentError)
+      lambda { @pcap.inject(:foo => :bar)}.should raise_error(ArgumentError)
+      lambda { 
+        @pcap.inject(FFI::MemoryPointer.new(10))
+      }.should raise_error(ArgumentError)
+    end
+
+    it "should allow injection of a String using inject()" do
+      test_data = "A" * 1024
+      @pcap.inject(test_data).should == test_data.size
+    end
+
+    it "should allow injection of a Packet using inject()" do
+      test_data = "B" * 512
+      @pcap.inject(Packet.from_string(test_data)).should == test_data.size
+    end
+
+  end
+end

data/spec/packet_spec.rb

@@ -0,0 +1,111 @@
+require 'spec_helper'
+require 'packet_behaviors'
+
+describe Packet do
+  describe 'created using new() with a body string and nil header' do
+    before(:all) do
+      @test_body = "\xde\xad\xbe\xef"
+      @pkt = Packet.new(nil, @test_body)
+    end
+
+    it_should_behave_like "FFI::PCap::Packet composed"
+
+  end
+
+  describe 'created using new() with a Header and pointer to body' do
+    before(:all) do
+      @test_body = "\xde\xad\xbe\xef\xba\xbe"
+      l = @test_body.size
+      body = FFI::MemoryPointer.from_string(@test_body)
+      @pkt = Packet.new(PacketHeader.new(:caplen => l, :len => l), body)
+    end
+
+    it_should_behave_like "FFI::PCap::Packet composed"
+
+  end
+
+  describe 'created with from_string()' do
+    before(:all) do
+      @test_body = "\xde\xad\xbe\xef"
+      @pkt = Packet.from_string("\xde\xad\xbe\xef")
+    end
+  
+    it_should_behave_like "FFI::PCap::Packet composed"
+
+  end
+
+
+  describe 'provided by a libpcap savefile using next()' do
+    before(:all) do
+      @pcap = FFI::PCap.open_offline(PCAP_TESTFILE)
+      @pkt = @pcap.next()
+    end
+
+    after(:all) do
+      @pcap.close()
+    end
+
+    it_should_behave_like "FFI::PCap::Packet populated"
+  end
+
+  describe 'provided by a libpcap savefile using loop()' do
+    before(:all) do
+      @pcap = FFI::PCap.open_offline(PCAP_TESTFILE)
+      @pkt = nil
+      # we use copy inside the loop because libpcap's loop() frees or reuses 
+      # memory for packets after each call to the handler.
+      @pcap.loop(:count => 1) {|this,pkt| @pkt = pkt.copy }
+    end
+
+    after(:all) do
+      @pcap.close()
+    end
+
+    it_should_behave_like "FFI::PCap::Packet populated"
+  end
+
+
+  describe "error detection for new()" do
+    it "should raise an error when two nil values are supplied" do
+      lambda { Packet.new(nil,nil)}.should raise_error(Exception)
+    end
+
+    it "should raise an error for an invalid header" do
+      lambda { 
+        Packet.new(Object.new, FFI::MemoryPointer.new(256))
+      }.should raise_error(Exception)
+    end
+
+    it "should raise an error for a nil header without a string body" do
+      lambda { 
+        Packet.new(nil, FFI::MemoryPointer.new(256))
+      }.should raise_error(Exception)
+    end
+
+    it "should raise an error for a valid header but an invalid body pointer" do
+      lambda { 
+        Packet.new(PacketHeader.new, "hellotest")
+      }.should raise_error(Exception)
+    end
+
+    it "should not raise an error for a PacketHeader and a pointer" do
+      lambda { 
+        Packet.new(PacketHeader.new, FFI::MemoryPointer.new(256))
+      }.should_not raise_error(Exception)
+    end
+
+    it "should not raise an error for a pointer and a pointer" do
+      lambda { 
+        Packet.new(FFI::MemoryPointer.new(20), FFI::MemoryPointer.new(256))
+      }.should_not raise_error(Exception)
+    end
+
+    it "should not raise an error for a nil and a string" do
+      lambda { 
+        Packet.new(nil, "hellothere")
+      }.should_not raise_error(Exception)
+
+    end
+
+  end
+end