RubyGems - pcaprub - Versions diffs - 0.8.1 → 0.9.0 - Mend

pcaprub 0.8.1 → 0.9.0

Files changed (8) hide show

data/README.rdoc CHANGED

@@ -10,17 +10,31 @@ PacketRub project (http://packetrub.rubyforge.org).
 Requirements:
   libpcap - http://www.tcpdump.org
-== Other Repositories
+== Installation
-The latest community svn version can be obtained from Subversion:
-  svn checkout http://pcaprub.rubyforge.org/svn/trunk/
+  gem install pcaprub
-The Metasploit Project also provides a Subversion repository:
-  svn checkout http://metasploit.com/svn/framework3/trunk/external/pcaprub/
-(credits: github.com/dxoigmn/pcaprub)
+== Usage
+ require 'rubygems'
+ require 'pcaprub'
+ cap = Pcap.new
 == Current Repository for Gemcutter source
 The Git Repo on Github @shadowbq is forked from the Metasploit SVN repo
   git clone git://github.com/shadowbq/pcaprub.git
+=== Notes on other repositories
+The latest community svn version can be obtained from Subversion:
+  svn checkout http://pcaprub.rubyforge.org/svn/trunk/
+The Metasploit Project also provides a Subversion repository:
+  svn checkout http://metasploit.com/svn/framework3/trunk/external/pcaprub/
+(credits: github.com/dxoigmn/pcaprub)

data/Rakefile CHANGED

@@ -80,5 +80,7 @@ Rake::RDocTask.new do |rdoc|
   rdoc.rdoc_dir = 'rdoc'
   rdoc.title = "pcaprub #{version}"
   rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('LICENSE*')
   rdoc.rdoc_files.include('lib/**/*.rb')
+  rdoc.rdoc_files.include('ext/**/*.c')
 end

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 0.8.1
1	+ 0.9.0

data/ext/pcaprub/extconf.rb CHANGED

@@ -15,5 +15,12 @@ else
 	have_library("pcap", "pcap_setnonblock")
 end
+if ( RUBY_VERSION =~ /^1\.9/ )
+	$CFLAGS += " -DRUBY_19"
+end
 dir_config(extension_name)
 create_makefile(extension_name)

data/ext/pcaprub/pcaprub.c CHANGED

@@ -1,5 +1,9 @@
 #include "ruby.h"
+#ifndef RUBY_19
 #include "rubysig.h"
+#endif
 #include <pcap.h>
@@ -8,15 +12,18 @@
  #include <arpa/inet.h>
 #endif
+#include <sys/time.h>
 static VALUE rb_cPcap;
-#define PCAPRUB_VERSION "0.8-dev"
+#define PCAPRUB_VERSION "0.9-dev"
 #define OFFLINE 1
 #define LIVE 2
 typedef struct rbpcap {
     pcap_t *pd;
+    pcap_dumper_t *pdt;
     char iface[256];
     char type;
 } rbpcap_t;
@@ -24,7 +31,7 @@ typedef struct rbpcap {
 typedef struct rbpcapjob {
 	struct pcap_pkthdr hdr;
-    char *pkt;
+    unsigned char *pkt;
 	int wtf;
 } rbpcapjob_t;
@@ -68,7 +75,7 @@ rbpcap_s_lookupdev(VALUE self)
     dev = pcap_lookupdev(eb);
     if (dev == NULL) {
 		rb_raise(rb_eRuntimeError, "%s", eb);
-    }
+   }
     ret_dev = rb_str_new2(dev);
 #endif
     return ret_dev;
@@ -104,11 +111,15 @@ static int rbpcap_ready(rbpcap_t *rbp) {
 	return 1;
 }
-static void rbpcap_close(rbpcap_t *rbp) {
+static void rbpcap_free(rbpcap_t *rbp) {
 	if (rbp->pd)
 		pcap_close(rbp->pd);
+	if (rbp->pdt)
+		pcap_dump_close(rbp->pdt);
 	rbp->pd = NULL;
+	rbp->pdt = NULL;
 	free(rbp);
 }
@@ -119,7 +130,7 @@ rbpcap_new_s(VALUE class)
     rbpcap_t *rbp;
     // need to make destructor do a pcap_close later
-    self = Data_Make_Struct(class, rbpcap_t, 0, rbpcap_close, rbp);
+    self = Data_Make_Struct(class, rbpcap_t, 0, rbpcap_free, rbp);
     rb_obj_call_init(self, 0, 0);
     memset(rbp, 0, sizeof(rbpcap_t));
@@ -146,7 +157,7 @@ rbpcap_setfilter(VALUE self, VALUE filter)
     	if(pcap_lookupnet(rbp->iface, &netid, &mask, eb) < 0)
     		rb_raise(rb_eRuntimeError, "%s", eb);
-    if(pcap_compile(rbp->pd, &bpf, RSTRING(filter)->ptr, 0, mask) < 0)
+    if(pcap_compile(rbp->pd, &bpf, RSTRING_PTR(filter), 0, mask) < 0)
     	rb_raise(rb_eRuntimeError, "invalid bpf filter");
     if(pcap_setfilter(rbp->pd, &bpf) < 0)
@@ -183,12 +194,18 @@ rbpcap_open_live(VALUE self, VALUE iface,VALUE snaplen,VALUE promisc, VALUE time
     Data_Get_Struct(self, rbpcap_t, rbp);
     rbp->type = LIVE;
     memset(rbp->iface, 0, sizeof(rbp->iface));
-    strncpy(rbp->iface, RSTRING(iface)->ptr, sizeof(rbp->iface) - 1);
+    strncpy(rbp->iface, RSTRING_PTR(iface), sizeof(rbp->iface) - 1);
+    if(rbp->pd) {
+        pcap_close(rbp->pd);
+    }
     rbp->pd = pcap_open_live(
-    	RSTRING(iface)->ptr,
+    	RSTRING_PTR(iface),
     	NUM2INT(snaplen),
     	promisc_value,
     	NUM2INT(timeout),
@@ -223,7 +240,7 @@ rbpcap_open_offline(VALUE self, VALUE filename)
     rbp->type = OFFLINE;
     rbp->pd = pcap_open_offline(
-    	RSTRING(filename)->ptr,
+    	RSTRING_PTR(filename),
     	eb
     );
@@ -242,6 +259,85 @@ rbpcap_open_offline_s(VALUE class, VALUE filename)
     return rbpcap_open_offline(iPcap, filename);
 }
+static VALUE
+rbpcap_open_dead(VALUE self, VALUE linktype, VALUE snaplen)
+{
+    rbpcap_t *rbp;
+    if(TYPE(linktype) != T_FIXNUM)
+        rb_raise(rb_eArgError, "linktype must be a fixnum");
+    if(TYPE(snaplen) != T_FIXNUM)
+        rb_raise(rb_eArgError, "snaplen must be a fixnum");
+    Data_Get_Struct(self, rbpcap_t, rbp);
+    memset(rbp->iface, 0, sizeof(rbp->iface));
+    rbp->type = OFFLINE;
+    rbp->pd = pcap_open_dead(
+        NUM2INT(linktype),
+        NUM2INT(snaplen)
+     );
+    return self;
+}
+static VALUE
+rbpcap_open_dead_s(VALUE class, VALUE linktype, VALUE snaplen)
+{
+    VALUE iPcap = rb_funcall(rb_cPcap, rb_intern("new"), 0);
+    return rbpcap_open_dead(iPcap, linktype, snaplen);
+}
+static VALUE
+rbpcap_dump_open(VALUE self, VALUE filename)
+{
+    rbpcap_t *rbp;
+    if(TYPE(filename) != T_STRING)
+       rb_raise(rb_eArgError, "filename must be a string");
+    Data_Get_Struct(self, rbpcap_t, rbp);
+    rbp->pdt = pcap_dump_open(
+        rbp->pd,
+        RSTRING_PTR(filename)
+    );
+    return self;
+}
+//not sure if this deviates too much from the way the rest of this class works?
+static VALUE
+rbpcap_dump(VALUE self, VALUE caplen, VALUE pktlen, VALUE packet)
+{
+    rbpcap_t *rbp;
+    struct pcap_pkthdr pcap_hdr;
+    if(TYPE(packet) != T_STRING)
+        rb_raise(rb_eArgError, "packet data must be a string");
+    if(TYPE(caplen) != T_FIXNUM)
+        rb_raise(rb_eArgError, "caplen must be a fixnum");
+    if(TYPE(pktlen) != T_FIXNUM)
+        rb_raise(rb_eArgError, "pktlen must be a fixnum");
+    Data_Get_Struct(self, rbpcap_t, rbp);
+    gettimeofday(&pcap_hdr.ts, NULL);
+    pcap_hdr.caplen = NUM2UINT(caplen);
+    pcap_hdr.len = NUM2UINT(pktlen);
+    pcap_dump(
+        (u_char*)rbp->pdt,
+        &pcap_hdr,
+        (unsigned char *)RSTRING_PTR(packet)
+    );
+    return self;
+}
 static VALUE
 rbpcap_inject(VALUE self, VALUE payload)
 {
@@ -257,68 +353,65 @@ rbpcap_inject(VALUE self, VALUE payload)
     /* WinPcap does not have a pcap_inject call we use pcap_sendpacket, if it suceedes
      * we simply return the amount of packets request to inject, else we fail.
      */
-    if(pcap_sendpacket(rbp->pd, RSTRING(payload)->ptr, RSTRING(payload)->len) != 0) {
+    if(pcap_sendpacket(rbp->pd, RSTRING_PTR(payload), RSTRING_LEN(payload)) != 0) {
     	rb_raise(rb_eRuntimeError, "%s", pcap_geterr(rbp->pd));
     }
-    return INT2NUM(RSTRING(payload)->len);
+    return INT2NUM(RSTRING_LEN(payload));
 #else
-    return INT2NUM(pcap_inject(rbp->pd, RSTRING(payload)->ptr, RSTRING(payload)->len));
+    return INT2NUM(pcap_inject(rbp->pd, RSTRING_PTR(payload), RSTRING_LEN(payload)));
 #endif
 }
 static void rbpcap_handler(rbpcapjob_t *job, struct pcap_pkthdr *hdr, u_char *pkt){
-	job->pkt = pkt;
+	job->pkt = (unsigned char *)pkt;
 	job->hdr = *hdr;
 }
 static VALUE
 rbpcap_next(VALUE self)
 {
-    rbpcap_t *rbp;
+	rbpcap_t *rbp;
 	rbpcapjob_t job;
 	char eb[PCAP_ERRBUF_SIZE];
 	int ret;
-    Data_Get_Struct(self, rbpcap_t, rbp);
+	Data_Get_Struct(self, rbpcap_t, rbp);
 	if(! rbpcap_ready(rbp)) return self;
 	pcap_setnonblock(rbp->pd, 1, eb);
-    TRAP_BEG;
-	while(! (ret = pcap_dispatch(rbp->pd, 1, (pcap_handler) rbpcap_handler, (u_char *)&job))) {
-		if(rbp->type == OFFLINE) break;
-		rb_thread_schedule();
-	}
-    TRAP_END;
+#ifndef RUBY_19
+	TRAP_BEG;
+#endif
+	ret = pcap_dispatch(rbp->pd, 1, (pcap_handler) rbpcap_handler, (u_char *)&job);
+#ifndef RUBY_19
+	TRAP_END;
+#endif
-	if(rbp->type = OFFLINE && ret <= 0) return Qnil;
+	if(rbp->type == OFFLINE && ret <= 0) return Qnil;
-    if(job.hdr.caplen > 0)
-    	return rb_str_new(job.pkt, job.hdr.caplen);
+	if(ret > 0 && job.hdr.caplen > 0)
+             return rb_str_new((char *) job.pkt, job.hdr.caplen);
-    return Qnil;
+	return Qnil;
 }
 static VALUE
 rbpcap_capture(VALUE self)
 {
     rbpcap_t *rbp;
+	int fno = -1;
     Data_Get_Struct(self, rbpcap_t, rbp);
 	if(! rbpcap_ready(rbp)) return self;
-    for(;;) {
+	fno = pcap_get_selectable_fd(rbp->pd);
+    for(;;) {
     	VALUE packet = rbpcap_next(self);
-    	if(packet == Qnil && rbp->type == OFFLINE)
-    		break;
-    	if(packet != Qnil)
-    		rb_yield(packet);
+    	if(packet == Qnil && rbp->type == OFFLINE) break;
+		packet == Qnil ? rb_thread_wait_fd(fno) : rb_yield(packet);
     }
     return self;
@@ -349,6 +442,7 @@ rbpcap_snapshot(VALUE self)
     return INT2NUM(pcap_snapshot(rbp->pd));
 }
+//returns a hash
 static VALUE
 rbpcap_stats(VALUE self)
 {
@@ -373,10 +467,27 @@ rbpcap_stats(VALUE self)
 void
 Init_pcaprub()
 {
-    // Pcap
+    /*
+    * Document-class: Pcap
+    *
+    * Main class defined by the pcaprub extension.
+    */
     rb_cPcap = rb_define_class("Pcap", rb_cObject);
+    /*
+    * Document-module-function: Version
+    * return the version of Pcaprub extension
+    */
     rb_define_module_function(rb_cPcap, "version", rbpcap_s_version, 0);
+    /*
+    * return the device id
+    */
     rb_define_module_function(rb_cPcap, "lookupdev", rbpcap_s_lookupdev, 0);
+    /*
+    * return the net
+    */
     rb_define_module_function(rb_cPcap, "lookupnet", rbpcap_s_lookupnet, 1);
     rb_define_const(rb_cPcap, "DLT_NULL",   INT2NUM(DLT_NULL));
@@ -405,15 +516,52 @@ Init_pcaprub()
     rb_define_singleton_method(rb_cPcap, "open_live", rbpcap_open_live_s, 4);
     rb_define_singleton_method(rb_cPcap, "open_offline", rbpcap_open_offline_s, 1);
+    rb_define_singleton_method(rb_cPcap, "open_dead", rbpcap_open_dead_s, 2);
+    rb_define_singleton_method(rb_cPcap, "dump_open", rbpcap_dump_open, 1);
+    /*
+    * Document-method: dump
+    */
+    rb_define_method(rb_cPcap, "dump", rbpcap_dump, 3);
+    /*
+    * Document-method: each
+    */
     rb_define_method(rb_cPcap, "each", rbpcap_capture, 0);
+    /*
+    * Document-method: next
+    */
     rb_define_method(rb_cPcap, "next", rbpcap_next, 0);
+    /*
+    * Document-method: setfilter
+    */
     rb_define_method(rb_cPcap, "setfilter", rbpcap_setfilter, 1);
+    /*
+    * Document-method: inject
+    */
     rb_define_method(rb_cPcap, "inject", rbpcap_inject, 1);
+    /*
+    * Document-method: datalink
+    */
     rb_define_method(rb_cPcap, "datalink", rbpcap_datalink, 0);
+    /*
+    * Document-method: snapshot
+    */
     rb_define_method(rb_cPcap, "snapshot", rbpcap_snapshot, 0);
+    /*
+    * Document-method: snaplen
+    */
     rb_define_method(rb_cPcap, "snaplen", rbpcap_snapshot, 0);
+    /*
+    * Document-method: stats
+    */
     rb_define_method(rb_cPcap, "stats", rbpcap_stats, 0);
 }

data/pcaprub.gemspec CHANGED

@@ -5,7 +5,7 @@
 Gem::Specification.new do |s|
   s.name = %q{pcaprub}
-  s.version = "0.8.1"
+  s.version = "0.9.0"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["shadowbq"]

data/test/test_pcaprub_unit.rb CHANGED

@@ -81,15 +81,24 @@ class Pcap::UnitTest < Test::Unit::TestCase
 	end
 	def test_pcap_next
-=begin
 		d = Pcap.lookupdev
 		o = Pcap.open_live(d, 1344, true, 1)
 		@c = 0
-		t = Thread.new { while(true); @c += 1; end; }
-		x = o.next
+		t = Thread.new { while(true); @c += 1; select(nil, nil, nil, 0.10); end; }
+		require 'timeout'
+		begin
+		Timeout.timeout(10) do
+			o.each do |pkt|
+			end
+		end
+		rescue ::Timeout::Error
+		end
 		t.kill
-=end
+		puts "Background thread ticked #{@c} times while capture was running"
 		true
 	end
-enD
+end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pcaprub
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.9.0
 platform: ruby
 authors:
 - shadowbq