RubyGems - rb-pcap - Versions diffs - 0.1.0 - Mend

rb-pcap 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

data/README.markdown ADDED

@@ -0,0 +1,10 @@
+rb-pcap
+=======
+A simple ruby wrapper for the pcap library.
+Compiling
+---------
+    ruby extconf.rb
+    make

data/ext/extconf.rb ADDED

@@ -0,0 +1,6 @@
+require 'mkmf'
+dir_config('pcap')
+fail "Couldn't find libpcap." unless have_library("pcap", "pcap_open_live", "pcap.h")
+create_makefile("rb_pcap")

data/ext/rb_pcap.c ADDED

@@ -0,0 +1,29 @@
+#include "rb_pcap.h"
+void Init_rb_pcap() {
+  cCapture = rb_define_class("Capture", rb_cObject);
+  rb_include_module(cCapture, rb_mEnumerable);
+  rb_define_singleton_method(cCapture, "open", capture_open, -1);
+  rb_define_singleton_method(cCapture, "open_offline", capture_open_offline, 1);
+  rb_define_method(cCapture, "close", capture_close, 0);
+  rb_define_method(cCapture, "dispatch", capture_dispatch, -1);
+  rb_define_method(cCapture, "each", capture_loop, -1);
+  rb_define_method(cCapture, "each_packet", capture_loop, -1);
+  rb_define_method(cCapture, "filter=", capture_setfilter, 1);
+  rb_define_method(cCapture, "limit", capture_getlimit, 0);
+  rb_define_method(cCapture, "limit=", capture_setlimit, 1);
+  rb_define_method(cCapture, "dissector", capture_getdissector, 0);
+  rb_define_method(cCapture, "dissector=", capture_setdissector, 0);
+  rb_define_method(cCapture, "datalink", capture_datalink, 0);
+  rb_define_method(cCapture, "snapshot_length", capture_snapshot, 0);
+  cFilter = rb_define_class_under(cCapture, "Filter", rb_cObject);
+  rb_define_alloc_func(cFilter, filter_alloc);
+  rb_define_method(cFilter, "initialize", filter_init, -1);
+  rb_define_method(cFilter, "expression", filter_source, 0);
+  rb_define_method(cFilter, "=~", filter_match, 1);
+  rb_define_method(cFilter, "===", filter_match, 1);
+  eCaptureError    = rb_define_class_under(cCapture, "CaptureError", rb_eStandardError);
+  eTruncatedPacket = rb_define_class_under(cCapture, "TruncatedPacket", eCaptureError);
+}

data/ext/rb_pcap.h ADDED

@@ -0,0 +1,12 @@
+#ifndef __RB_PCAP_H__
+#define __RB_PCAP_H__
+#include "rb_pcap_capture.h"
+#include "rb_pcap_filter.h"
+VALUE cCapture;
+VALUE cFilter;
+VALUE eCaptureError;
+VALUE eTruncatedPacket;
+#endif

data/ext/rb_pcap_capture.c ADDED

@@ -0,0 +1,365 @@
+#include "rb_pcap_capture.h"
+void closed_capture()
+{
+  rb_raise(rb_eRuntimeError, "device is already closed");
+}
+void free_capture(struct capture_object *cap)
+{
+  if (cap->pcap != NULL) {
+    rb_thread_fd_close(pcap_fileno(cap->pcap));
+    pcap_close(cap->pcap);
+    cap->pcap = NULL;
+  }
+  free(cap);
+}
+VALUE capture_close(VALUE self)
+{
+  struct capture_object *cap;
+  GetCapture(self, cap);
+  if (cap->dumper) {
+    pcap_dump_close(cap->dumper);
+  }
+  rb_thread_fd_close(pcap_fileno(cap->pcap));
+  pcap_close(cap->pcap);
+  cap->pcap = NULL;
+  return Qnil;
+}
+VALUE capture_setfilter(VALUE self, VALUE v_filter)
+{
+  struct capture_object *cap;
+  struct bpf_program program;
+  GetCapture(self, cap);
+  if (IsKindOf(v_filter, cFilter)) {
+    struct filter_object *f;
+    GetFilter(v_filter, f);
+    program = f->program;
+  } else {
+    Check_Type(v_filter, T_STRING);
+    char *filter = RSTRING(v_filter)->ptr;
+    if (pcap_compile(cap->pcap, &program, filter, 1, cap->netmask) < 0) {
+      rb_raise(eCaptureError, "setfilter: %s", pcap_geterr(cap->pcap));
+    }
+  }
+  if (pcap_setfilter(cap->pcap, &program) < 0) {
+    rb_raise(eCaptureError, "setfilter: %s", pcap_geterr(cap->pcap));
+  }
+  return v_filter;
+}
+VALUE capture_setdissector(VALUE self, VALUE dissector)
+{
+  if (!(IsKindOf(dissector, rb_cProc) || dissector == Qnil)) {
+    rb_raise(rb_eArgError, "dissector must be proc or nil");
+  }
+  struct capture_object *cap;
+  GetCapture(self, cap);
+  cap->dissector = dissector;
+  return dissector;
+}
+VALUE capture_open(int argc, VALUE *argv, VALUE class)
+{
+  VALUE v_device, v_snaplen = Qnil, v_promisc = Qnil, v_to_ms = Qnil, v_filter = Qnil, v_limit = Qnil, v_dissector = Qnil, v_dump = Qnil;
+  char *device;
+  char *dump;
+  int snaplen, promisc, to_ms;
+  int rs;
+  VALUE self;
+  struct capture_object *cap;
+  pcap_t *pcap;
+  bpf_u_int32 net, netmask;
+  rs = rb_scan_args(argc, argv, "13", &v_device, &v_snaplen,&v_promisc, &v_to_ms);
+  if (IsKindOf(v_device, rb_cHash)) {
+    v_snaplen   = rb_funcall(v_device, rb_intern("[]"), 1, ID2SYM(rb_intern("snapshot_length")));
+    v_to_ms     = rb_funcall(v_device, rb_intern("[]"), 1, ID2SYM(rb_intern("timeout")));
+    v_promisc   = rb_funcall(v_device, rb_intern("[]"), 1, ID2SYM(rb_intern("promiscuous")));
+    v_limit     = rb_funcall(v_device, rb_intern("[]"), 1, ID2SYM(rb_intern("limit")));
+    v_filter    = rb_funcall(v_device, rb_intern("[]"), 1, ID2SYM(rb_intern("filter")));
+    v_dissector = rb_funcall(v_device, rb_intern("[]"), 1, ID2SYM(rb_intern("dissector")));
+    v_dump      = rb_funcall(v_device, rb_intern("[]"), 1, ID2SYM(rb_intern("dump")));
+    v_device    = rb_funcall(v_device, rb_intern("[]"), 1, ID2SYM(rb_intern("device")));
+    if (v_device == Qnil) {
+      rb_raise(rb_eArgError, ":device must be specified");
+    }
+  }
+  Check_SafeStr(v_device);
+  device = RSTRING(v_device)->ptr;
+  if (v_snaplen != Qnil) {
+    Check_Type(v_snaplen, T_FIXNUM);
+    snaplen = FIX2INT(v_snaplen);
+  } else {
+    snaplen = DEFAULT_SNAPLEN;
+  }
+  if (snaplen <  0) {
+    rb_raise(rb_eArgError, "invalid snaplen");
+  }
+  if (v_promisc != Qnil) {
+    promisc = RTEST(v_promisc);
+  } else {
+    promisc = DEFAULT_PROMISC;
+  }
+  if (v_to_ms != Qnil) {
+    Check_Type(v_to_ms, T_FIXNUM);
+    to_ms = FIX2INT(v_to_ms);
+  } else {
+    to_ms = DEFAULT_TO_MS;
+  }
+  char pcap_errbuf[PCAP_ERRBUF_SIZE];
+  pcap = pcap_open_live(device, snaplen, promisc, to_ms, pcap_errbuf);
+  if (pcap == NULL) {
+    rb_raise(eCaptureError, "%s", pcap_errbuf);
+  }
+  if (pcap_lookupnet(device, &net, &netmask, pcap_errbuf) == -1) {
+    netmask = 0;
+    rb_warning("cannot lookup net: %s\n", pcap_errbuf);
+  }
+  self = Data_Make_Struct(class, struct capture_object, 0, free_capture, cap);
+  cap->pcap = pcap;
+  cap->netmask = netmask;
+  cap->dl_type = pcap_datalink(pcap);
+  capture_setdissector(self, v_dissector);
+  if (v_dump != Qnil) {
+    Check_Type(v_dump, T_STRING);
+    cap->dumper = pcap_dump_open(cap->pcap, RSTRING(v_dump)->ptr);
+  } else {
+    cap->dumper = NULL;
+  }
+  if (v_limit != Qnil) {
+    Check_Type(v_limit, T_FIXNUM);
+    cap->limit = FIX2INT(v_limit);
+  } else {
+    cap->limit = -1;
+  }
+  if (v_filter != Qnil) {
+    capture_setfilter(self, v_filter);
+  }
+  if (rb_block_given_p()) {
+    rb_yield(self);
+    capture_close(self);
+    return Qnil;
+  } else
+    return self;
+}
+VALUE capture_open_offline(VALUE class, VALUE fname)
+{
+  VALUE self;
+  struct capture_object *cap;
+  pcap_t *pcap;
+  /* open offline */
+  Check_SafeStr(fname);
+  char pcap_errbuf[PCAP_ERRBUF_SIZE];
+  pcap = pcap_open_offline(RSTRING(fname)->ptr, pcap_errbuf);
+  if (pcap == NULL) {
+    rb_raise(eCaptureError, "%s", pcap_errbuf);
+  }
+  /* setup instance */
+  self = Data_Make_Struct(class, struct capture_object, 0, free_capture, cap);
+  cap->pcap = pcap;
+  cap->netmask = 0;
+  cap->dl_type = pcap_datalink(pcap);
+  return self;
+}
+void handler1(struct capture_object *cap, const struct pcap_pkthdr *pkthdr, const u_char *data)
+{
+  if (cap->dissector != Qnil) {
+    VALUE dissected = rb_funcall(cap->dissector, rb_intern("call"), 1, rb_str_new((char *)data, pkthdr->caplen));
+    rb_yield_values(1, dissected); // not sure why rb_yield doesn't work here, but it wasn't for me
+  } else
+    rb_yield_values(1, rb_str_new((char *)data, pkthdr->caplen));
+}
+void handler2(struct capture_object *cap, const struct pcap_pkthdr *pkthdr, const u_char *data)
+{
+  if (cap->dissector != Qnil) {
+    VALUE dissected = rb_funcall(cap->dissector, rb_intern("call"), 1, rb_str_new((char *)data, pkthdr->caplen));
+    rb_yield_values(2, dissected, rb_time_new(pkthdr->ts.tv_sec, pkthdr->ts.tv_usec));
+  } else
+    rb_yield_values(2, rb_str_new((char *)data, pkthdr->caplen), rb_time_new(pkthdr->ts.tv_sec, pkthdr->ts.tv_usec));
+}
+VALUE capture_dispatch(int argc, VALUE *argv, VALUE self)
+{
+  VALUE v_cnt;
+  int cnt;
+  struct capture_object *cap;
+  int ret;
+  GetCapture(self, cap);
+  if (cap->dumper == NULL) {
+    rb_raise(rb_eRuntimeError, "No dump file specified, use each to retrieve packets.");
+  }
+  /*VALUE proc = rb_block_proc();
+  VALUE v_arity = rb_funcall(proc, rb_intern("arity"), 0);
+  int arity = FIX2INT(v_arity);
+  pcap_handler handler = (arity < 2) ? (pcap_handler)handler1 : (pcap_handler)handler2;
+  */
+  /* scan arg */
+  if (rb_scan_args(argc, argv, "01", &v_cnt) >= 1) {
+    FIXNUM_P(v_cnt);
+    cnt = FIX2INT(v_cnt);
+  } else {
+    cnt = -1;
+  }
+  TRAP_BEG;
+  ret = pcap_dispatch(cap->pcap, cnt, pcap_dump, (u_char *)cap->dumper);
+  TRAP_END;
+  if (ret == -1)
+    rb_raise(eCaptureError, "dispatch: %s", pcap_geterr(cap->pcap));
+  return INT2FIX(ret);
+}
+VALUE capture_loop(int argc, VALUE *argv, VALUE self)
+{
+  VALUE v_cnt;
+  int cnt;
+  struct capture_object *cap;
+  int ret;
+  GetCapture(self, cap);
+  VALUE proc = rb_block_proc();
+  VALUE v_arity = rb_funcall(proc, rb_intern("arity"), 0);
+  int arity = FIX2INT(v_arity);
+  pcap_handler handler = (arity < 2) ? (pcap_handler)handler1 : (pcap_handler)handler2;
+  /* scan arg */
+  if (rb_scan_args(argc, argv, "01", &v_cnt) >= 1) {
+    FIXNUM_P(v_cnt);
+    cnt = FIX2INT(v_cnt);
+    } else
+    cnt = cap->limit;
+    if (pcap_file(cap->pcap) != NULL) {
+    TRAP_BEG;
+    ret = pcap_loop(cap->pcap, cnt, handler, (u_char *)cap);
+    TRAP_END;
+  } else {
+    int fd = pcap_fileno(cap->pcap);
+    fd_set rset;
+    struct timeval tm;
+    FD_ZERO(&rset);
+    tm.tv_sec = 0;
+    tm.tv_usec = 0;
+    for (;;) {
+      do {
+        FD_SET(fd, &rset);
+        if (select(fd+1, &rset, NULL, NULL, &tm) == 0) {
+          rb_thread_wait_fd(fd);
+        }
+        TRAP_BEG;
+        ret = pcap_read(cap->pcap, 1, handler, (u_char *)cap);
+        TRAP_END;
+      } while (ret == 0);
+      if (ret <= 0)
+        break;
+      if (cnt > 0) {
+        cnt -= ret;
+        if (cnt <= 0)
+          break;
+      }
+    }
+  }
+    return INT2FIX(ret);
+}
+VALUE capture_datalink(VALUE self)
+{
+    struct capture_object *cap;
+    GetCapture(self, cap);
+    return INT2NUM(pcap_datalink(cap->pcap));
+}
+VALUE capture_snapshot(VALUE self)
+{
+    struct capture_object *cap;
+    GetCapture(self, cap);
+    return INT2NUM(pcap_snapshot(cap->pcap));
+}
+VALUE capture_getlimit(VALUE self)
+{
+  struct capture_object *cap;
+  GetCapture(self, cap);
+  return INT2FIX(cap->limit);
+}
+VALUE capture_setlimit(VALUE self, VALUE limit)
+{
+  Check_Type(limit, T_FIXNUM);
+  struct capture_object *cap;
+  GetCapture(self, cap);
+  cap->limit = FIX2INT(limit);
+  return limit;
+}
+VALUE capture_getdissector(VALUE self)
+{
+  struct capture_object *cap;
+  GetCapture(self, cap);
+  return cap->dissector;
+}

data/ext/rb_pcap_capture.h ADDED

@@ -0,0 +1,53 @@
+#ifndef __RB_PCAP_CAPTURE_H__
+#define __RB_PCAP_CAPTURE_H__
+#include <ruby.h>
+#include <rubysig.h>
+#include <pcap.h>
+#include "rb_pcap_filter.h"
+#define DEFAULT_DATALINK  DLT_EN10MB
+#define DEFAULT_SNAPLEN  256
+#define DEFAULT_PROMISC  1
+#define DEFAULT_TO_MS  1000
+extern VALUE eCaptureError;
+extern VALUE eTruncatedPacket;
+extern VALUE cCapture;
+struct capture_object {
+  pcap_t        *pcap;
+  pcap_dumper_t *dumper;
+  int            limit;
+  bpf_u_int32    netmask;
+  int            dl_type;
+  VALUE          dissector;
+};
+#define GetFilter(obj, filter) Data_Get_Struct(obj, struct filter_object, filter)
+#define GetPacket(obj, pkt) Data_Get_Struct(obj, struct packet_object, pkt)
+#define GetCapture(obj, cap) { Data_Get_Struct(obj, struct capture_object, cap); if (cap->pcap == NULL) closed_capture(); }
+#define Caplen(pkt, from) ((pkt)->hdr.pkthdr.caplen - (from))
+#define CheckTruncate(pkt, from, need, emsg) ((from) + (need) > (pkt)->hdr.pkthdr.caplen ? rb_raise(eTruncatedPacket, (emsg)) : 0)
+#define IsKindOf(v, class) RTEST(rb_obj_is_kind_of(v, class))
+#define CheckClass(v, class) ((IsKindOf(v, class)) ? 0 : rb_raise(rb_eTypeError, "wrong type %s (expected %s)", rb_class2name(CLASS_OF(v)), rb_class2name(class)))
+void closed_capture();
+void free_capture(struct capture_object *cap);
+VALUE capture_close(VALUE self);
+VALUE capture_setfilter(VALUE self, VALUE v_filter);
+VALUE capture_setdissector(VALUE self, VALUE dissector);
+VALUE capture_open(int argc, VALUE *argv, VALUE class);
+VALUE capture_open_offline(VALUE class, VALUE fname);
+void handler1(struct capture_object *cap, const struct pcap_pkthdr *pkthdr, const u_char *data);
+void handler2(struct capture_object *cap, const struct pcap_pkthdr *pkthdr, const u_char *data);
+VALUE capture_dispatch(int argc, VALUE *argv, VALUE self);
+VALUE capture_loop(int argc, VALUE *argv, VALUE self);
+VALUE capture_datalink(VALUE self);
+VALUE capture_snapshot(VALUE self);
+VALUE capture_getlimit(VALUE self);
+VALUE capture_setlimit(VALUE self, VALUE limit);
+VALUE capture_getdissector(VALUE self);
+#endif

data/ext/rb_pcap_filter.c ADDED

@@ -0,0 +1,85 @@
+#include "rb_pcap_filter.h"
+void free_filter(struct filter_object *filter)
+{
+  free(filter->expr);
+  free(filter);
+}
+VALUE filter_alloc(VALUE self)
+{
+  struct filter_object *filter = (struct filter_object *)xmalloc(sizeof(struct filter_object));
+  filter->expr = NULL;
+  return Data_Wrap_Struct(self, NULL, free_filter, filter);
+}
+VALUE filter_init(int argc, VALUE* argv, VALUE self)
+{
+  VALUE v_expr, v_optimize, v_netmask;
+  struct filter_object *filter;
+  char *expr;
+  int n, optimize, snaplen, linktype;
+  bpf_u_int32 netmask;
+  n = rb_scan_args(argc, argv, "12", &v_expr, &v_optimize, &v_netmask);
+  /* filter expression */
+  Check_Type(v_expr, T_STRING);
+  expr = STR2CSTR(v_expr);
+  snaplen   = DEFAULT_SNAPLEN;
+  linktype  = DEFAULT_DATALINK;
+  /* optimize flag */
+  optimize = 1;
+  if (n >= 3) {
+    optimize = RTEST(v_optimize);
+  }
+    /* netmask */
+  netmask = 0;
+  if (n >= 4) {
+    bpf_u_int32 mask = NUM2UINT(v_netmask);
+    netmask = htonl(mask);
+  }
+  GetFilter(self, filter);
+  if (pcap_compile_nopcap(snaplen, linktype, &filter->program, expr, optimize, netmask) == -1) {
+    rb_raise(eCaptureError, "pcap_compile_nopcap error");
+  }
+  filter->datalink  = linktype;
+  filter->snaplen   = snaplen;
+  filter->expr      = strdup(expr);
+  filter->optimize  = optimize ? Qtrue : Qfalse;
+  filter->netmask   = INT2NUM(ntohl(netmask));
+  return self;
+}
+VALUE filter_source(VALUE self)
+{
+    struct filter_object *filter;
+    GetFilter(self, filter);
+    return rb_str_new2(filter->expr);
+}
+VALUE filter_match(VALUE self, VALUE v_pkt)
+{
+  struct filter_object *filter;
+  struct packet_object *pkt;
+  GetFilter(self, filter);
+  int v_pkt_len = RSTRING(v_pkt)->len;
+  if (bpf_filter(filter->program.bf_insns, (unsigned char *)StringValuePtr(v_pkt), v_pkt_len, v_pkt_len)) {
+    return Qtrue;
+  }
+  return Qfalse;
+}

data/ext/rb_pcap_filter.h ADDED

@@ -0,0 +1,28 @@
+#ifndef __RB_PCAP_FILTER_H__
+#define __RB_PCAP_FILTER_H__
+#include <ruby.h>
+#include <rubysig.h>
+#include <pcap.h>
+#include "rb_pcap_capture.h"
+struct filter_object {
+  char                *expr;
+  struct bpf_program  program;
+  int                 datalink;
+  int                 snaplen;
+  VALUE               optimize;
+  VALUE               netmask;
+};
+extern VALUE cFilter;
+void mark_filter(struct filter_object *filter);
+void free_filter(struct filter_object *filter);
+VALUE filter_alloc(VALUE self);
+VALUE filter_init(int argc, VALUE *argv, VALUE class);
+VALUE filter_source(VALUE self);
+VALUE filter_match(VALUE self, VALUE v_pkt);
+#endif

data/lib/rb-pcap.rb ADDED

	@@ -0,0 +1 @@
1	+ require 'rb_pcap'

metadata ADDED

@@ -0,0 +1,64 @@
+--- !ruby/object:Gem::Specification
+name: rb-pcap
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Cory T. Cornelius
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2008-08-02 00:00:00 -04:00
+default_executable:
+dependencies: []
+description: See README.markdown for more information.
+email:
+- cory.t.cornelius@dartmouth.edu
+executables: []
+extensions:
+- ext/extconf.rb
+extra_rdoc_files: []
+files:
+- README.markdown
+- lib/rb-pcap.rb
+- ext/extconf.rb
+- ext/rb_pcap_capture.c
+- ext/rb_pcap_capture.h
+- ext/rb_pcap_filter.c
+- ext/rb_pcap_filter.h
+- ext/rb_pcap.c
+- ext/rb_pcap.h
+has_rdoc: true
+homepage: http://github.com/dxoigmn/rb-pcap
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+requirements: []
+rubyforge_project:
+rubygems_version: 1.3.5
+signing_key:
+specification_version: 3
+summary: Simple libpcap wrapper.
+test_files: []