ruby-pcap 0.7.8

data/ext/ip_packet.c

@@ -0,0 +1,424 @@
+/*
+ *  ip_packet.c
+ *
+ *  $Id: ip_packet.c,v 1.1.1.1 1999/10/27 09:54:38 fukusima Exp $
+ *
+ *  Copyright (C) 1998, 1999  Masaki Fukushima
+ */
+
+#include "ruby_pcap.h"
+#include <netdb.h>
+
+VALUE cIPPacket;
+static VALUE cIPAddress;
+
+static unsigned short in_cksum(unsigned char *data, int len);
+
+#define CheckTruncateIp(pkt, need) \
+    CheckTruncate(pkt, pkt->hdr.layer3_off, need, "truncated IP")
+
+VALUE
+setup_ip_packet(pkt, nl_len)
+     struct packet_object *pkt;
+     int nl_len;
+{
+    VALUE class;
+
+    DEBUG_PRINT("setup_ip_packet");
+
+    if (nl_len > 0 && IP_HDR(pkt)->ip_v != 4) {
+        return cPacket;
+    }
+
+    class = cIPPacket;
+    nl_len = MIN(nl_len, ntohs(IP_HDR(pkt)->ip_len));
+    if (nl_len > 20) {
+        int hl = IP_HDR(pkt)->ip_hl * 4;
+        int tl_len = nl_len - hl;
+        if (tl_len > 0) {
+            pkt->hdr.layer4_off = pkt->hdr.layer3_off + hl;
+            /* if this is fragment zero, setup upper layer */
+            if ((ntohs(IP_HDR(pkt)->ip_off) & IP_OFFMASK) == 0) {
+                switch (IP_HDR(pkt)->ip_p) {
+                case IPPROTO_TCP:
+                    class = setup_tcp_packet(pkt, tl_len);
+                    break;
+                case IPPROTO_UDP:
+                    class = setup_udp_packet(pkt, tl_len);
+                    break;
+                case IPPROTO_ICMP:
+                    class = setup_icmp_packet(pkt, tl_len);
+                    break;
+                }               
+            }
+        }
+    }
+
+    return class;
+}
+
+#define IPP_METHOD(func, need, val) \
+static VALUE\
+(func)(self)\
+     VALUE self;\
+{\
+    struct packet_object *pkt;\
+    struct ip *ip;\
+\
+    DEBUG_PRINT(#func);\
+    GetPacket(self, pkt);\
+    CheckTruncateIp(pkt, (need));\
+    ip = IP_HDR(pkt);\
+    return (val);\
+}
+
+IPP_METHOD(ipp_ver,    1, INT2FIX(ip->ip_v))
+IPP_METHOD(ipp_hlen,   1, INT2FIX(ip->ip_hl))
+IPP_METHOD(ipp_tos,    2, INT2FIX(ip->ip_tos))
+IPP_METHOD(ipp_len,    4, INT2FIX(ntohs(ip->ip_len)))
+IPP_METHOD(ipp_id,     6, INT2FIX(ntohs(ip->ip_id)))
+IPP_METHOD(ipp_flags,  8, INT2FIX((ntohs(ip->ip_off) & ~IP_OFFMASK) >> 13))
+IPP_METHOD(ipp_df,     8, ntohs(ip->ip_off) & IP_DF ? Qtrue : Qfalse)
+IPP_METHOD(ipp_mf,     8, ntohs(ip->ip_off) & IP_MF ? Qtrue : Qfalse)
+IPP_METHOD(ipp_off,    8, INT2FIX(ntohs(ip->ip_off) & IP_OFFMASK))
+IPP_METHOD(ipp_ttl,    9, INT2FIX(ip->ip_ttl))
+IPP_METHOD(ipp_proto, 10, INT2FIX(ip->ip_p))
+IPP_METHOD(ipp_sum,   12, INT2FIX(ntohs(ip->ip_sum)))
+IPP_METHOD(ipp_src,   16, new_ipaddr(&ip->ip_src))
+IPP_METHOD(ipp_dst,   20, new_ipaddr(&ip->ip_dst))
+
+
+#define IPP_SET_METHOD(func, need, member) \
+static VALUE \
+(func)(self, val) \
+     VALUE self; \
+     VALUE val; \
+{ \
+     struct packet_object *pkt; \
+     struct ip *ip; \
+\
+     DEBUG_PRINT(#func); \
+     GetPacket(self, pkt); \
+     CheckTruncateIp(pkt, (need)); \
+     ip = IP_HDR(pkt); \
+\
+     switch(TYPE(val)) { \
+     case T_STRING: \
+       (member).s_addr = inet_addr(RSTRING_PTR(val)); \
+       break; \
+     case T_BIGNUM: \
+       (member).s_addr = NUM2UINT(val); \
+       break; \
+     case T_DATA: \
+       (member).s_addr = ((struct in_addr *)&(DATA_PTR(val)))->s_addr; \
+     } \
+     ip->ip_sum = 0; \
+     ip->ip_sum = in_cksum((unsigned char *)ip, ip->ip_hl*4); \
+     return val; \
+}
+
+
+IPP_SET_METHOD(ipp_set_src, 16, ip->ip_src)
+IPP_SET_METHOD(ipp_set_dst, 20, ip->ip_dst)
+
+static VALUE
+ipp_sumok(self)
+     VALUE self;
+{
+    struct packet_object *pkt;
+    struct ip *ip;
+    int hlen, i, sum;
+    unsigned short *ipus;
+
+    GetPacket(self, pkt);
+    CheckTruncateIp(pkt, 20);
+    ip = IP_HDR(pkt);
+
+    hlen = ip->ip_hl * 4;
+    CheckTruncateIp(pkt, hlen);
+
+    ipus = (unsigned short *)ip;
+    sum = 0;
+    hlen /= 2; /* 16-bit word */
+    for (i = 0; i < hlen; i++) {
+        sum += ntohs(ipus[i]);
+        sum = (sum & 0xffff) + (sum >> 16);
+    }
+    if (sum == 0xffff)
+        return Qtrue;
+    return Qfalse;
+}
+
+static unsigned short
+in_cksum(unsigned char *data, int len)
+{
+    long sum = 0;  /* assume 32 bit long, 16 bit short */
+    unsigned short *temp = (unsigned short *)data;
+
+    while(len > 1){
+        sum += *temp++;
+        if(sum & 0x80000000)   /* if high order bit set, fold */
+            sum = (sum & 0xFFFF) + (sum >> 16);
+        len -= 2;
+    }
+    if(len)       /* take care of left over byte */
+        sum += (unsigned short) *((unsigned char *)temp);
+
+    while(sum>>16)
+        sum = (sum & 0xFFFF) + (sum >> 16);
+
+   return ~sum;
+}
+
+
+static VALUE
+ipp_sum_update(self)
+     VALUE self;
+{
+    struct packet_object *pkt;
+    struct ip *ip;
+
+    GetPacket(self, pkt);
+    CheckTruncateIp(pkt, 20);
+    ip = IP_HDR(pkt);
+
+    ip->ip_sum = 0;
+    ip->ip_sum = in_cksum((unsigned char *)ip, ip->ip_hl*4);
+    return INT2FIX(ntohs(ip->ip_sum));
+}
+
+
+static VALUE
+ipp_data(self)
+     VALUE self;
+{
+    struct packet_object *pkt;
+    struct ip *ip;
+    int len, hlen;
+
+    DEBUG_PRINT("ipp_data");
+    GetPacket(self, pkt);
+    CheckTruncateIp(pkt, 20);
+    ip = IP_HDR(pkt);
+
+    hlen = ip->ip_hl * 4;
+    len = pkt->hdr.pkthdr.caplen - pkt->hdr.layer3_off - hlen;
+    return rb_str_new((u_char *)ip + hlen, len);
+}
+
+/*
+ * IPAddress
+ */
+
+/* IPv4 adress (32bit) is stored by immediate value */
+#if SIZEOF_VOIDP < 4
+# error IPAddress assumes sizeof(void *) >= 4
+#endif
+
+#define GetIPAddress(obj, addr) {\
+    Check_Type(obj, T_DATA);\
+    addr = (struct in_addr *)&(DATA_PTR(obj));\
+}
+
+VALUE
+new_ipaddr(addr)
+    struct in_addr *addr;
+{
+    VALUE self;
+
+    self = Data_Wrap_Struct(cIPAddress, 0, 0, (void *)addr->s_addr);
+    return self;
+}
+
+
+
+#ifndef INADDR_NONE
+# define INADDR_NONE (0xffffffff)
+#endif
+static VALUE
+ipaddr_s_new(self, val)
+    VALUE self, val;
+{
+    struct in_addr addr;
+    struct hostent *hent;
+    char *hname;
+
+    switch(TYPE(val)) {
+    case T_STRING:
+        hname = RSTRING_PTR(val);
+        hent = gethostbyname(hname);
+        if (hent == NULL) {
+            extern int h_errno;
+            switch (h_errno) {
+            case HOST_NOT_FOUND:
+                rb_raise(ePcapError, "host not found: %s", hname);
+                break;
+            default:
+#ifdef HAVE_HSTRERROR
+                rb_raise(ePcapError, (char *)hstrerror(h_errno));
+#else
+                rb_raise(ePcapError, "host not found: %s", hname);
+#endif
+            }
+        }
+        addr = *(struct in_addr *)hent->h_addr;
+        break;
+    case T_FIXNUM:
+    case T_BIGNUM:
+        addr.s_addr = htonl(NUM2ULONG(val));
+        break;
+    default:
+        rb_raise(rb_eTypeError, "String or Integer required");
+    }
+    return new_ipaddr(&addr);
+}
+
+static VALUE
+ipaddr_to_i(self)
+    VALUE self;
+{
+    struct in_addr *addr;
+
+    GetIPAddress(self, addr);
+    return UINT32_2_NUM(ntohl(addr->s_addr));
+}
+
+static VALUE
+ipaddr_num_s(self)
+    VALUE self;
+{
+    struct in_addr *addr;
+
+    GetIPAddress(self, addr);
+    return rb_str_new2(inet_ntoa(*addr));
+}
+
+static VALUE
+ipaddr_hostname(self)
+    VALUE self;
+{
+    struct in_addr *addr;
+    struct hostent *host;
+
+    GetIPAddress(self, addr);
+    host = gethostbyaddr((char *)&addr->s_addr, sizeof addr->s_addr, AF_INET);
+    if (host == NULL)
+        return ipaddr_num_s(self);
+    return rb_str_new2(host->h_name);
+}
+
+static VALUE
+ipaddr_to_s(self)
+    VALUE self;
+{
+    if (RTEST(rbpcap_convert))
+        return ipaddr_hostname(self);
+    else
+        return ipaddr_num_s(self);
+}
+
+static VALUE
+ipaddr_equal(self, other)
+    VALUE self, other;
+{
+    struct in_addr *addr1;
+    struct in_addr *addr2;
+
+    GetIPAddress(self, addr1);
+    if (rb_class_of(other) == cIPAddress) {
+        GetIPAddress(other, addr2);
+        if (addr1->s_addr == addr2->s_addr)
+            return Qtrue;
+    }
+    return Qfalse;
+}
+
+static VALUE
+ipaddr_hash(self)
+    VALUE self;
+{
+    struct in_addr *addr;
+
+    GetIPAddress(self, addr);
+    return INT2FIX(ntohl(addr->s_addr));
+}
+
+static VALUE
+ipaddr_dump(self, limit)
+     VALUE self;
+     VALUE limit;
+{
+    struct in_addr *addr;
+
+    GetIPAddress(self, addr);
+    return rb_str_new((char *)addr, sizeof addr);
+}
+
+static VALUE
+ipaddr_s_load(klass, str)
+     VALUE klass;
+     VALUE str;
+{
+    struct in_addr addr;
+    int i;
+
+    if (RSTRING_LEN(str) != sizeof addr) {
+        rb_raise(rb_eArgError, "dump format error (IPAddress)");
+    }
+    for (i = 0; i < sizeof addr; i++) {
+        ((char *)&addr)[i] = RSTRING_PTR(str)[i];
+    }   
+    return new_ipaddr(&addr);
+}
+
+void
+Init_ip_packet(void)
+{
+    DEBUG_PRINT("Init_ip_packet");
+
+    cIPPacket = rb_define_class_under(mPcap, "IPPacket", cPacket);
+
+    rb_define_method(cIPPacket, "ip_ver", ipp_ver, 0);
+    rb_define_method(cIPPacket, "ip_hlen", ipp_hlen, 0);
+    rb_define_method(cIPPacket, "ip_tos", ipp_tos, 0);
+    rb_define_method(cIPPacket, "ip_len", ipp_len, 0);
+    rb_define_method(cIPPacket, "ip_id", ipp_id, 0);
+    rb_define_method(cIPPacket, "ip_flags", ipp_flags, 0);
+    rb_define_method(cIPPacket, "ip_df?", ipp_df, 0);
+    rb_define_method(cIPPacket, "ip_mf?", ipp_mf, 0);
+    rb_define_method(cIPPacket, "ip_off", ipp_off, 0);
+    rb_define_method(cIPPacket, "ip_ttl", ipp_ttl, 0);
+    rb_define_method(cIPPacket, "ip_proto", ipp_proto, 0);
+    rb_define_method(cIPPacket, "ip_sum", ipp_sum, 0);
+    rb_define_method(cIPPacket, "ip_sumok?", ipp_sumok, 0);
+    rb_define_method(cIPPacket, "ip_src", ipp_src, 0);
+    rb_define_method(cIPPacket, "src", ipp_src, 0);
+    rb_define_method(cIPPacket, "ip_src=", ipp_set_src, 1);
+    rb_define_method(cIPPacket, "src=", ipp_set_src, 1);
+    rb_define_method(cIPPacket, "ip_dst", ipp_dst, 0);
+    rb_define_method(cIPPacket, "dst", ipp_dst, 0);
+    rb_define_method(cIPPacket, "ip_dst=", ipp_set_dst, 1);
+    rb_define_method(cIPPacket, "dst=", ipp_set_dst, 1);
+    rb_define_method(cIPPacket, "ip_data", ipp_data, 0);
+    rb_define_method(cIPPacket, "ip_sum_update!", ipp_sum_update, 0);
+
+    cIPAddress = rb_define_class_under(mPcap, "IPAddress", rb_cObject);
+    rb_define_singleton_method(cIPAddress, "new", ipaddr_s_new, 1);
+    rb_define_method(cIPAddress, "to_i", ipaddr_to_i, 0);
+    rb_define_method(cIPAddress, "to_s", ipaddr_to_s, 0);
+    rb_define_method(cIPAddress, "num_s", ipaddr_num_s, 0);
+    rb_define_method(cIPAddress, "to_num_s", ipaddr_num_s, 0); /* BWC */
+    rb_define_method(cIPAddress, "hostname", ipaddr_hostname, 0);
+    rb_define_method(cIPAddress, "sym_s", ipaddr_hostname, 0);
+    rb_define_method(cIPAddress, "==", ipaddr_equal, 1);
+    rb_define_method(cIPAddress, "===", ipaddr_equal, 1);
+    rb_define_method(cIPAddress, "eql?", ipaddr_equal, 1);
+    rb_define_method(cIPAddress, "hash", ipaddr_hash, 0);
+
+    rb_define_method(cIPAddress, "_dump", ipaddr_dump, 1);
+    rb_define_singleton_method(cIPAddress, "_load", ipaddr_s_load, 1);
+
+    Init_tcp_packet();
+    Init_udp_packet();
+    Init_icmp_packet();
+}

data/ext/packet.c

@@ -0,0 +1,328 @@
+/*
+ *  packet.c
+ *
+ *  $Id: packet.c,v 1.4 2000/08/13 06:56:15 fukusima Exp $
+ *
+ *  Copyright (C) 1998-2000  Masaki Fukushima
+ */
+
+#include "ruby.h"
+#include "ruby_pcap.h"
+#include <sys/socket.h>
+#include <net/if.h>
+#include <netinet/if_ether.h>
+
+#define DL_HDR(pkt)     ((u_char *)LAYER2_HDR(pkt))
+#define DL_DATA(pkt)    ((u_char *)LAYER3_HDR(pkt))
+
+VALUE cPacket;
+static VALUE mMarshal;
+int id_load;
+int id_dump;
+
+/* called from GC */
+static void
+free_packet(pkt)
+     struct packet_object *pkt;
+{
+    DEBUG_PRINT("free_packet");
+    free(pkt);
+}
+
+/* called from GC */
+static void
+mark_packet(pkt)
+     struct packet_object *pkt;
+{
+    DEBUG_PRINT("mark_packet");
+    if (pkt->udata != Qnil)
+        rb_gc_mark(pkt->udata);
+}
+
+struct datalink_type {
+    int nltype_off;     /* offset of network-layer type field */
+    int nl_off;         /* offset of network-layer header */
+};
+
+static struct datalink_type datalinks[] = {
+#if 0
+    {  0,  4 }, /*  0: DLT_NULL */
+#else
+    { -1,  4 }, /*  0: DLT_NULL */
+#endif
+    { 12, 14 }, /*  1: DLT_EN10MB */
+    { -1, -1 }, /*  2: DLT_EN3MB */
+    { -1, -1 }, /*  3: DLT_AX25 */
+    { -1, -1 }, /*  4: DLT_PRONET */
+    { -1, -1 }, /*  5: DLT_CHAOS */
+    { 20, 22 }, /*  6: DLT_IEEE802 */
+    { -1, -1 }, /*  7: DLT_ARCNET */
+    { -1, 16 }, /*  8: DLT_SLIP */
+    {  2,  4 }, /*  9: DLT_PPP */
+#ifndef PCAP_FDDIPAD
+    { 19, 21 }, /* 10: DLT_FDDI */
+#else
+    { 19 + PCAP_FDDIPAD, 21 + PCAP_FDDIPAD },
+#endif
+    {  6,  8 }, /* 11: DLT_ATM_RFC1483 */
+    { -1,  0 }, /* 12: DLT_RAW */
+    { -1, 24 }, /* 13: DLT_SLIP_BSDOS */
+    {  5, 24 }  /* 14: DLT_PPP_BSDOS */
+#define DATALINK_MAX 14
+};
+
+VALUE
+new_packet(data, pkthdr, dl_type)
+     const u_char *data;
+     const struct pcap_pkthdr *pkthdr;
+     int dl_type;
+{
+    VALUE class;
+    struct packet_object *pkt;
+    int nl_off, nl_len, nltype_off, nl_type, pad;
+
+    DEBUG_PRINT("new_packet");
+
+    /* check nework layer type and offset */
+    if (dl_type > DATALINK_MAX) {
+        rb_raise(ePcapError, "Unknown data-link type (%d)", dl_type);
+    }
+    nltype_off  = datalinks[dl_type].nltype_off;
+    nl_off      = datalinks[dl_type].nl_off;
+    if (nl_off < 0) {
+        rb_raise(ePcapError, "Unsupported data-link type (%d)", dl_type);
+    }
+    if (nltype_off == -1) {
+        /* assume IP */
+        nl_type = ETHERTYPE_IP;
+    } else {
+        /* assume Ether Type value */
+        nl_type = ntohs(*(u_short *)(data + nltype_off));
+    }
+
+    /* alloc memory and setup packet_object */
+    pad = nl_off % 4;   /* align network layer header */
+    pkt = xmalloc(sizeof(*pkt) + pad + pkthdr->caplen);
+    pkt->hdr.version    = PACKET_MARSHAL_VERSION;
+    pkt->hdr.flags      = 0;
+    pkt->hdr.dl_type    = dl_type;
+    pkt->hdr.layer3_off = OFF_NONEXIST;
+    pkt->hdr.layer4_off = OFF_NONEXIST;
+    pkt->hdr.layer5_off = OFF_NONEXIST;
+    pkt->hdr.pkthdr     = *pkthdr;
+    pkt->data = (u_char *)pkt + sizeof(*pkt) + pad;
+    pkt->udata = Qnil;
+    memcpy(pkt->data, data, pkthdr->caplen);
+
+    nl_len = pkthdr->caplen - nl_off;
+    if (nl_off >= 0 && nl_len > 0)
+        pkt->hdr.layer3_off = nl_off;
+
+    /* setup upper layer */
+    class = cPacket;
+    if (pkt->hdr.layer3_off != OFF_NONEXIST) {
+        switch (nl_type) {
+        case ETHERTYPE_IP:
+            class = setup_ip_packet(pkt, nl_len);
+            break;
+        }
+    }
+#if DEBUG
+    if (ruby_debug && TYPE(class) != T_CLASS) {
+        rb_fatal("not class");
+    }
+#endif
+    return Data_Wrap_Struct(class, mark_packet, free_packet, pkt);
+}
+
+static VALUE
+packet_load(class, str)
+     VALUE class;
+     VALUE str;
+{
+    struct packet_object *pkt = NULL;
+    struct packet_object_header *hdr;
+    int version;
+    u_char *str_ptr;
+
+    DEBUG_PRINT("packet_load");
+
+    str_ptr = RSTRING_PTR(str);
+    hdr = (struct packet_object_header *)str_ptr;
+    version = hdr->version;
+    if (version == PACKET_MARSHAL_VERSION) {
+        bpf_u_int32 caplen;
+        u_short layer3_off;
+        int pad;
+
+        caplen = ntohl(hdr->pkthdr.caplen);
+        layer3_off = ntohs(hdr->layer3_off);
+        pad = layer3_off % 4;   /* align network layer header */
+        pkt = (struct packet_object *)xmalloc(sizeof(*pkt) + pad + caplen);
+
+        pkt->hdr.version                = PACKET_MARSHAL_VERSION;
+        pkt->hdr.flags                  = hdr->flags;
+        pkt->hdr.dl_type                = hdr->dl_type;
+        pkt->hdr.layer3_off             = ntohs(hdr->layer3_off);
+        pkt->hdr.layer4_off             = ntohs(hdr->layer4_off);
+        pkt->hdr.layer5_off             = ntohs(hdr->layer5_off);
+        pkt->hdr.pkthdr.ts.tv_sec       = ntohl(hdr->pkthdr.ts.tv_sec);
+        pkt->hdr.pkthdr.ts.tv_usec      = ntohl(hdr->pkthdr.ts.tv_usec);
+        pkt->hdr.pkthdr.caplen          = ntohl(hdr->pkthdr.caplen);
+        pkt->hdr.pkthdr.len             = ntohl(hdr->pkthdr.len);
+
+        pkt->data = (u_char *)pkt + sizeof(*pkt) + pad;
+        memcpy(pkt->data, str_ptr + sizeof(*hdr), caplen);
+        if (PKTFLAG_TEST(pkt, POH_UDATA)) {
+            int l = sizeof(*hdr) + caplen;
+            VALUE ustr = rb_str_substr(str, l, RSTRING_LEN(str) - l);
+            pkt->udata = rb_funcall(mMarshal, id_load, 1, ustr);
+        } else {
+            pkt->udata = Qnil;
+        }
+        PKTFLAG_SET(pkt, POH_UDATA, (pkt->udata != Qnil));
+    } else {
+        rb_raise(rb_eArgError, "unknown packet marshal version(0x%x)", version);
+    }
+
+    if (pkt != NULL)
+        return Data_Wrap_Struct(class, mark_packet, free_packet, pkt);
+    else
+        return Qnil;
+}
+
+static VALUE
+packet_dump(self, limit)
+     VALUE self;
+     VALUE limit;
+{
+    struct packet_object *pkt;
+    struct packet_object_header hdr;
+    VALUE str;
+
+    DEBUG_PRINT("packet_dump");
+    GetPacket(self, pkt);
+
+    hdr.version                 = PACKET_MARSHAL_VERSION;
+    hdr.flags                   = pkt->hdr.flags;
+    hdr.dl_type                 = pkt->hdr.dl_type;
+    hdr.layer3_off              = htons(pkt->hdr.layer3_off);
+    hdr.layer4_off              = htons(pkt->hdr.layer4_off);
+    hdr.layer5_off              = htons(pkt->hdr.layer5_off);
+    hdr.pkthdr.ts.tv_sec        = htonl(pkt->hdr.pkthdr.ts.tv_sec);
+    hdr.pkthdr.ts.tv_usec       = htonl(pkt->hdr.pkthdr.ts.tv_usec);
+    hdr.pkthdr.caplen           = htonl(pkt->hdr.pkthdr.caplen);
+    hdr.pkthdr.len              = htonl(pkt->hdr.pkthdr.len);
+
+    str = rb_str_new((char *)&hdr, sizeof(hdr));
+    rb_str_cat(str, pkt->data, pkt->hdr.pkthdr.caplen);
+    if (pkt->udata != Qnil) {
+        VALUE ustr;
+        ustr = rb_funcall(mMarshal, id_dump, 1, pkt->udata);
+        rb_str_concat(str, ustr);
+    }
+    return str;
+}
+
+static VALUE
+packet_set_udata(self, val)
+     VALUE self;
+     VALUE val;
+{
+    struct packet_object *pkt;
+
+    DEBUG_PRINT("packet_set_udata");
+    GetPacket(self, pkt);
+
+    pkt->udata = val;
+    PKTFLAG_SET(pkt, POH_UDATA, (val != Qnil));
+    return val;
+}
+
+static VALUE
+packet_set_time_i(self, val)
+     VALUE self;
+     VALUE val;
+{
+     struct packet_object *pkt;
+     unsigned int time_i;
+
+     DEBUG_PRINT("packet_set_time_i");
+     GetPacket(self, pkt);
+     Check_Type(val, T_FIXNUM);
+     time_i = NUM2UINT(val);
+
+     pkt->hdr.pkthdr.ts.tv_sec = time_i;
+     return val;
+}
+
+static VALUE
+packet_match(self, expr)
+     VALUE self;
+     VALUE expr;
+{
+    if (IsKindOf(expr, cFilter)) {
+        return filter_match(expr, self);
+    }
+    rb_raise(rb_eArgError, "Not Filter");
+}
+
+#define PACKET_METHOD(func, val) \
+static VALUE\
+(func)(self)\
+     VALUE self;\
+{\
+    struct packet_object *pkt;\
+\
+    DEBUG_PRINT(#func);\
+    GetPacket(self, pkt);\
+    return (val);\
+}
+
+PACKET_METHOD(packet_get_udata, pkt->udata);
+PACKET_METHOD(packet_datalink, INT2FIX(pkt->hdr.dl_type));
+PACKET_METHOD(packet_ip, rb_obj_is_kind_of(self, cIPPacket));
+PACKET_METHOD(packet_tcp, rb_obj_is_kind_of(self, cTCPPacket));
+PACKET_METHOD(packet_udp, rb_obj_is_kind_of(self, cUDPPacket));
+PACKET_METHOD(packet_length, UINT32_2_NUM(pkt->hdr.pkthdr.len));
+PACKET_METHOD(packet_caplen, UINT32_2_NUM(pkt->hdr.pkthdr.caplen));
+PACKET_METHOD(packet_time, rb_time_new(pkt->hdr.pkthdr.ts.tv_sec,
+                                       pkt->hdr.pkthdr.ts.tv_usec));
+PACKET_METHOD(packet_time_i, rb_int2inum(pkt->hdr.pkthdr.ts.tv_sec));
+PACKET_METHOD(packet_raw_data, rb_str_new(pkt->data, pkt->hdr.pkthdr.caplen));
+
+void
+Init_packet(void)
+{
+    DEBUG_PRINT("Init_packet");
+
+    /* define class Packet */
+    cPacket = rb_define_class_under(mPcap, "Packet", rb_cObject);
+
+    rb_define_singleton_method(cPacket, "_load", packet_load, 1);
+    rb_define_method(cPacket, "_dump", packet_dump, 1);
+    /* marshal backward compatibility */
+    rb_define_singleton_method(cPacket, "_load_from", packet_load, 1);
+    rb_define_method(cPacket, "_dump_to", packet_dump, 1);
+
+    rb_define_method(cPacket, "udata", packet_get_udata, 0);
+    rb_define_method(cPacket, "udata=", packet_set_udata, 1);
+    rb_define_method(cPacket, "datalink", packet_datalink, 0);
+    rb_define_method(cPacket, "ip?", packet_ip, 0);
+    rb_define_method(cPacket, "tcp?", packet_tcp, 0);
+    rb_define_method(cPacket, "udp?", packet_udp, 0);
+    rb_define_method(cPacket, "length", packet_length, 0);
+    rb_define_method(cPacket, "size", packet_length, 0);
+    rb_define_method(cPacket, "caplen", packet_caplen, 0);
+    rb_define_method(cPacket, "time", packet_time, 0);
+    rb_define_method(cPacket, "time_i", packet_time_i, 0);
+    rb_define_method(cPacket, "time_i=", packet_set_time_i, 1);
+    rb_define_method(cPacket, "raw_data", packet_raw_data, 0);
+    rb_define_method(cPacket, "=~", packet_match, 1);
+
+    /* mMarshal in ruby/marshal.c is static. Why? */
+    mMarshal = rb_eval_string("Marshal");
+    id_load = rb_intern("load");
+    id_dump = rb_intern("dump");
+    Init_ip_packet();
+}