ffi-pcap 0.2.0

data/spec/pcap_spec.rb

@@ -0,0 +1,149 @@
+require 'spec_helper'
+
+describe FFI::PCap do
+  it "should define a VERSION constant" do
+    FFI::PCap.const_defined?('VERSION').should == true
+  end
+
+  it ".lib_version() should expose the libpcap version banner" do
+    FFI::PCap.lib_version.should_not be_nil
+    FFI::PCap.lib_version.should_not be_empty
+  end
+
+  it ".lib_version_number() should expose the libpcap version number only" do
+    FFI::PCap.lib_version_number.should_not be_nil
+    FFI::PCap.lib_version_number.should_not be_empty
+    FFI::PCap.lib_version_number.should =~ /^\d+\.\d+\.\d+$/
+  end
+
+  it ".lookupdev() should return a device deafult device" do
+    dev = FFI::PCap.lookupdev
+    dev.should_not be_nil
+    dev.should_not be_empty
+  end
+
+  it ".each_device() should enumerate over all usable interfaces" do
+    i = 0
+    FFI::PCap.each_device do |dev|
+      dev.should_not be_nil
+      Interface.should === dev
+      [true,false].include?(dev.loopback?).should == true
+      i+=1
+    end
+    i.should_not == 0
+  end
+
+  it ".device_names() should return names for all network interfaces" do
+    devs = FFI::PCap.device_names
+    Array.should === devs
+    i = 0
+    devs.each do |dev|
+      String.should === dev
+      dev.should_not be_nil
+      dev.should_not be_empty
+      i+=1
+    end
+    i.should_not == 0
+    devs.include?(PCAP_DEV).should == true
+  end
+
+  it ".dump_devices() should return name/network pairs for all interfaces" do
+    i = 0
+    devs = FFI::PCap.dump_devices
+    Array.should === devs
+    devs.each do |y|
+      y.size.should == 2
+      dev, net = y
+      String.should === dev
+      dev.should_not be_nil
+      dev.should_not be_empty
+      i+=1
+    end
+    i.should_not == 0
+    devs.select{|dev,net| not net.nil? }.should_not be_empty
+    devs.map{|dev,net| dev}.include?(PCAP_DEV).should == true
+  end
+
+  it ".open_live() should open a live pcap handler given a chosen device" do
+    lambda {
+      pcap = FFI::PCap.open_live(:device => PCAP_DEV)
+      pcap.device.should == PCAP_DEV
+      pcap.close
+    }.should_not raise_error(Exception)
+  end
+
+  it ".open_live() should open a live pcap handler using a default device" do
+    lambda {
+      # XXX Using Vista and wpcap.dll this breaks on me.
+      #     The lookupdev for a default adapter result is '\', which is just
+      #     wrong.
+      pcap = FFI::PCap.open_live()
+      pcap.should be_ready
+      pcap.close
+    }.should_not raise_error(Exception)
+  end
+
+  it ".open_dead() should open a dead pcap handler" do
+    lambda {
+      pcap = FFI::PCap.open_dead()
+      pcap.should be_ready
+      pcap.close
+    }.should_not raise_error(Exception)
+  end
+
+  it ".open_offline() should open a pcap dump file" do
+    lambda {
+      pcap = FFI::PCap.open_offline(PCAP_TESTFILE)
+      pcap.should be_ready
+      pcap.close
+    }.should_not raise_error(Exception)
+  end
+
+  it ".open_file() should work the same as .open_offline()" do
+    lambda {
+      pcap = FFI::PCap.open_offline(PCAP_TESTFILE)
+      pcap.should be_ready
+      pcap.close
+    }.should_not raise_error(Exception)
+  end
+
+  it ".open_live() should take a block and close the device after calling it" do
+    pcap = nil
+    ret = FFI::PCap.open_live(:device => PCAP_DEV) {|this|
+      Live.should === this
+      this.should be_ready
+      this.should_not be_closed
+      pcap = this
+    }
+    ret.should be_nil
+    pcap.should_not be_ready
+    pcap.should be_closed
+  end
+
+  it ".open_dead() should take a block and close the device after calling it" do
+    pcap = nil
+    ret = FFI::PCap.open_dead() {|this|
+      Dead.should === this
+      this.should be_ready
+      this.should_not be_closed
+      pcap = this
+    }
+    ret.should be_nil
+    pcap.should_not be_ready
+    ret.should be_nil
+  end
+
+  it ".open_file() should take a block and close the device after calling it" do
+    pcap = nil
+    ret = FFI::PCap.open_file(PCAP_TESTFILE) {|this|
+      Offline.should === this
+      this.should be_ready
+      this.should_not be_closed
+      pcap = this
+    }
+    ret.should be_nil
+    pcap.should_not be_ready
+    ret.should be_nil
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,31 @@
+require 'rubygems'
+gem 'rspec', '>=1.3.0'
+require 'spec'
+
+require 'ffi/pcap'
+
+include FFI
+include FFI::PCap
+
+PCAP_DEV      = ENV['PCAP_DEV'] || 'lo0'
+PCAP_TESTFILE = ENV['PCAP_TESTFILE'] || File.expand_path(File.join(File.dirname(__FILE__), 'dumps', 'simple_tcp.pcap'))
+PCAP_TESTADDR = ENV['PCAP_TESTADDR'] || '127.0.0.1'
+
+$test_ping_pid = nil
+
+def start_traffic_generator
+  begin
+    if $test_ping_pid.nil?
+      $test_ping_pid = Process.fork{ `ping #{PCAP_TESTADDR}` }
+    end
+  rescue NotImplementedError
+    $test_ping_pid = nil
+  end
+end
+
+def stop_traffic_generator
+  if $test_ping_pid
+    Process.kill('TERM', $test_ping_pid)
+    $test_ping_pid = nil
+  end
+end

data/spec/wrapper_behaviors.rb

@@ -0,0 +1,124 @@
+require 'spec_helper'
+require 'tempfile'
+
+shared_examples_for "FFI::PCap::CommonWrapper" do
+  it "should indicate readiness" do
+    @pcap.ready?.should == true
+  end
+
+  it "should have a datalink" do
+    datalink = @pcap.datalink
+    datalink.value.should_not be_nil
+    Numeric.should === datalink.value
+    datalink.name.should_not be_empty
+  end
+
+  it "should be able to open a dump file" do
+    lambda {
+      dumper = @pcap.open_dump(Tempfile.new(rand(0xffff).to_s).path)
+      Dumper.should === dumper
+      dumper.close
+    }.should_not raise_error(Exception)
+  end
+
+  it "should be able to write packets to a dump file" do
+    tmpfile = Tempfile.new(rand(0xffff).to_s).path
+    dumper = @pcap.open_dump(tmpfile)
+    dumper.write_pkt( Packet.from_string("i want to be a packet when i grow up") )
+    dumper.flush
+    dumper.close
+
+    chk_pcap = Offline.new(tmpfile)
+    pkt = chk_pcap.next
+    pkt.should be_kind_of Packet
+    pkt.body.should == "i want to be a packet when i grow up"
+    chk_pcap.close
+  end
+
+  it "should raise an exception when opening a bad dump file" do
+    lambda {
+      @pcap.open_dump(File.join('','obviously','not','there'))
+    }.should raise_error(Exception)
+  end
+
+  it "should return an empty String when an error has not occurred" do
+    @pcap.error.should be_empty
+  end
+
+  it "should be able to compile a filter" do
+    filter = @pcap.compile("ip")
+    filter.should_not be_nil
+    BPFProgram.should === filter
+    filter.bf_len.should > 0
+  end
+
+  it "should detect invalid filter syntax when compiling" do
+    lambda {
+      @pcap.compile("ip and totally bogus")
+    }.should raise_error(LibError)
+  end
+
+  it "should prevent double closes" do
+    @pcap.close
+    @pcap.should be_closed
+    @pcap.should_not be_ready
+
+    lambda {
+      @pcap.close
+    }.should_not raise_error(Exception)
+  end
+
+end
+
+shared_examples_for "FFI::PCap::CaptureWrapper" do
+
+  it "should pass packets to a block using loop()" do
+    i = 0
+    @pkt = nil
+    @pcap.loop(:count => 2) do |this, pkt|
+      this.should == @pcap
+      pkt.should_not be_nil
+      Packet.should === pkt
+      i+=1
+    end
+    i.should == 2
+  end
+
+  it "should be able to get the next packet" do
+    pkt = @pcap.next
+    pkt.should_not be_nil
+  end
+
+  it "should be able to break out of a pcap loop()" do
+    stopped = false
+    i = 0
+
+    @pcap.loop(:count => 3) do |this, pkt|
+      stopped = true
+      i+=1
+      this.stop
+    end
+
+    i.should == 1
+    stopped.should == true
+  end
+
+  it "should consume packets without a block passed to loop()" do
+    lambda { @pcap.loop(:count => 3) }.should_not raise_error(Exception)
+  end
+
+  it "should be able to set a filter" do
+    lambda {
+      @pcap.set_filter("ip")
+    }.should_not raise_error(Exception)
+  end
+
+  it "should detect invalid filter syntax in set_filter" do
+    lambda {
+      @pcap.set_filter("ip and totally bogus")
+    }.should raise_error(LibError)
+  end
+
+  it_should_behave_like "FFI::PCap::CommonWrapper"
+end
+

data/tasks/rcov.rb

@@ -0,0 +1,6 @@
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end

data/tasks/rdoc.rb

@@ -0,0 +1,17 @@
+
+require 'rake/rdoctask'  
+
+Rake::RDocTask.new do |rdoc|  
+  if File.exist?('VERSION')  
+    version = "- #{File.read('VERSION')}"
+  else  
+    version = ""  
+  end  
+  
+  rdoc.rdoc_dir = 'rdoc'  
+  rdoc.title = "FFI PCap Documentation #{version}"  
+  rdoc.rdoc_files.include('README*')  
+  rdoc.rdoc_files.include('ChangeLog*')  
+  rdoc.rdoc_files.include('lib/**/*.rb')  
+end 
+

data/tasks/spec.rb

@@ -0,0 +1,9 @@
+require 'spec/rake/spectask'
+
+desc "Run all specifications"
+Spec::Rake::SpecTask.new(:spec) do |t|
+  t.libs += ['lib', 'spec']
+  t.spec_opts = ['--colour', '--format', 'specdoc']
+end
+
+task :default => :spec

data/tasks/yard.rb

@@ -0,0 +1,21 @@
+begin
+  require 'yard'
+
+  YARD::Rake::YardocTask.new do |t|
+    if File.exist?('VERSION')  
+      version = "- #{File.read('VERSION')}"
+    else  
+      version = ""  
+    end  
+    
+    t.files   = ['ChangeLog*','LICENSE*','lib/**/*.rb']
+    t.options = [
+      '--title',"FFI PCap Documentation #{version}",
+      '--protected',
+    ]
+  end
+
+  task :docs => :yard
+rescue LoadError
+end
+

metadata

@@ -0,0 +1,157 @@
+--- !ruby/object:Gem::Specification 
+name: ffi-pcap
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 2
+  - 0
+  version: 0.2.0
+platform: ruby
+authors: 
+- Postmodern
+- Dakrone
+- Eric Monti
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-05-10 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: ffi
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        - 5
+        - 0
+        version: 0.5.0
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: ffi_dry
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        - 1
+        - 9
+        version: 0.1.9
+  type: :runtime
+  version_requirements: *id002
+description: Bindings to libpcap via FFI interface in Ruby.
+email: postmodern.mod3@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- ChangeLog.rdoc
+- LICENSE.txt
+- README.rdoc
+files: 
+- .gitignore
+- ChangeLog.rdoc
+- LICENSE.txt
+- README.rdoc
+- Rakefile
+- VERSION
+- examples/ipfw_divert.rb
+- examples/print_bytes.rb
+- lib/ffi-pcap.rb
+- lib/ffi/pcap.rb
+- lib/ffi/pcap/addr.rb
+- lib/ffi/pcap/bpf.rb
+- lib/ffi/pcap/bsd.rb
+- lib/ffi/pcap/capture_wrapper.rb
+- lib/ffi/pcap/common_wrapper.rb
+- lib/ffi/pcap/copy_handler.rb
+- lib/ffi/pcap/crt.rb
+- lib/ffi/pcap/data_link.rb
+- lib/ffi/pcap/dead.rb
+- lib/ffi/pcap/dumper.rb
+- lib/ffi/pcap/error_buffer.rb
+- lib/ffi/pcap/exceptions.rb
+- lib/ffi/pcap/file_header.rb
+- lib/ffi/pcap/in_addr.rb
+- lib/ffi/pcap/interface.rb
+- lib/ffi/pcap/live.rb
+- lib/ffi/pcap/offline.rb
+- lib/ffi/pcap/packet.rb
+- lib/ffi/pcap/packet_header.rb
+- lib/ffi/pcap/pcap.rb
+- lib/ffi/pcap/stat.rb
+- lib/ffi/pcap/time_val.rb
+- lib/ffi/pcap/typedefs.rb
+- lib/ffi/pcap/version.rb
+- spec/data_link_spec.rb
+- spec/dead_spec.rb
+- spec/dumps/http.pcap
+- spec/dumps/simple_tcp.pcap
+- spec/error_buffer_spec.rb
+- spec/file_header_spec.rb
+- spec/live_spec.rb
+- spec/offline_spec.rb
+- spec/packet_behaviors.rb
+- spec/packet_injection_spec.rb
+- spec/packet_spec.rb
+- spec/pcap_spec.rb
+- spec/spec_helper.rb
+- spec/wrapper_behaviors.rb
+- tasks/rcov.rb
+- tasks/rdoc.rb
+- tasks/spec.rb
+- tasks/yard.rb
+has_rdoc: true
+homepage: http://github.com/sophsec/ffi-pcap
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: ffi-pcap
+rubygems_version: 1.3.6
+signing_key: 
+specification_version: 3
+summary: FFI bindings for libpcap
+test_files: 
+- spec/data_link_spec.rb
+- spec/dead_spec.rb
+- spec/error_buffer_spec.rb
+- spec/file_header_spec.rb
+- spec/live_spec.rb
+- spec/offline_spec.rb
+- spec/packet_behaviors.rb
+- spec/packet_injection_spec.rb
+- spec/packet_spec.rb
+- spec/pcap_spec.rb
+- spec/spec_helper.rb
+- spec/wrapper_behaviors.rb
+- examples/ipfw_divert.rb
+- examples/print_bytes.rb