ruby-pcap 0.7.9 → 0.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 913aacfd45979834125fde75053c925015ee8b45
-  data.tar.gz: 97499258d1aa138e73950474e439f9ec538a8aa2
+SHA256:
+  metadata.gz: 0c416ece1a8344e1f07c5170957aab941a4670eb422727dce36fc5c346db048f
+  data.tar.gz: 4b8f52b6059947608699b8fa125351990504ac027b8fdbf47780e76809885a99
 SHA512:
-  metadata.gz: ee7bca3fd1b84ccf63ba4e008a770f80e561b7eab224de77f3c6406963e302a4a737f06aebbda7d048b4269117d79babd30991a31fb31ae406bbd7296f6b4e2f
-  data.tar.gz: f4c6a018d754462db3f34ab5006ad5cb0a910a7bda315248f0352f0acf727eb34de29f49e32035085ba44b557e7489d473312208deb49fc5971e3b0b4f59e2d2
+  metadata.gz: c82fc770ddec96e61b75b099991a33a59d9fca0a575958d5101aff095acd4e81242c09d8a22a773a2b2348a9c7dcae23fed9d9f458179d57e6ffc626c7f4d6bf
+  data.tar.gz: cc556bf0383bf6babec625a01db347ea421894d67f45d0f69c33b3e9d847cda66abf60b1ede6c1ee8ce6186846e1cec4f2324ed74bb0e54603c785576079af40

data/.github/workflows/build.yml

@@ -0,0 +1,26 @@
+name: build
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['3.1', '3.0', '2.7','2.4','2.1']
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up ruby ${{ matrix.ruby_version}}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+      - name: Install system libs dependencies
+        run: sudo apt-get update -qq && sudo apt-get install -y libpcap-dev
+      - name: Get deps
+        run: bundle install
+      - name: Build it
+        run: bundle exec rake

data/README.md

@@ -1,6 +1,7 @@
+
 ## ruby-pcap
 
-[![Build Status](https://travis-ci.org/ickymettle/ruby-pcap.svg)](https://travis-ci.org/ickymettle/ruby-pcap)
+[![build workflow](https://github.com/vitoshalabs/ruby-pcap/actions/workflows/build.yml/badge.svg)](https://github.com/vitoshalabs/ruby-pcap/actions/workflows/build.yml)
 
 ruby-pcap is a ruby extension to LBL libpcap (Packet Capture library).
 This library also includes classes to access TCP/IP header.
@@ -13,8 +14,7 @@ gem install ruby-pcap
 
 ### Requirements
 
-* ruby-1.9.3 or higher
-  * May work with older ruby version but not being tested
+* ruby-2.1 or higher
 * libpcap (http://www.tcpdump.org/)
 
 ## Usage
@@ -26,10 +26,6 @@ Directory 'examples' contains some simple scripts.
 
 Masaki Fukushima <fukusima@goto.info.waseda.ac.jp>
 
-## Maintained by
-
-Marcus Barczak <mbarczak@etsy.com>
-
 ## Copyright
 
 ruby-pcap is copyrighted free software by Masaki Fukushima.

data/examples/capture_duration.rb

@@ -0,0 +1,28 @@
+#!/usr/bin/ruby
+# frozen_string_literal: true
+
+require 'pcap'
+require 'pcap/pcaplet'
+
+iface = ARGV[0] || 'en0'
+duration = (ARGV[1] || 10).to_i
+count = 0
+capture = Pcap::Capture.open_live(iface, 65_535, true)
+Thread.new do
+  sleep duration
+  if capture.closed?
+    puts 'device is already closed!'
+  else
+    puts 'signaling OS to stop capture!'
+    capture.breakloop
+  end
+end
+puts "starting capture on #{iface} for #{duration} seconds"
+start_time = Time.now
+capture.loop do |pkt|
+  puts "Got #{pkt}"
+  count += 1
+end
+capture.close
+end_time = Time.now
+puts "packets count #{count} completed in #{end_time - start_time} seconds"

data/ext/pcap/Pcap.c

@@ -7,7 +7,6 @@
  */
 
 #include "ruby_pcap.h"
-#include "rubysig.h"
 #include <sys/time.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ -309,6 +308,19 @@ capture_close(self)
     return Qnil;
 }
 
+static VALUE
+is_capture_closed(self)
+     VALUE self;
+{
+    struct capture_object *cap;
+    DEBUG_PRINT("is_capture_closed");
+    Data_Get_Struct(self, struct capture_object, cap);
+    if (cap->pcap == NULL) {
+      return Qtrue;
+    }
+    return Qfalse;
+}
+
 static void
 handler(cap, pkthdr, data)
      struct capture_object *cap;
@@ -318,36 +330,112 @@ handler(cap, pkthdr, data)
     rb_yield(new_packet(data, pkthdr, cap->dl_type));
 }
 
+#define DST_ADDR(data)  INT2FIX(ntohl(*((unsigned int *) (data + 30))))
+#define SRC_ADDR(data)  INT2FIX(ntohl(*((unsigned int *) (data + 26))))
+
+static void
+dst_ipv4_addr_handler(cap, pkthdr, data)
+     struct capture_object *cap;
+     const struct pcap_pkthdr *pkthdr;
+     const u_char *data;
+{
+  rb_yield(DST_ADDR(data));
+}
+
+static void
+src_ipv4_addr_handler(cap, pkthdr, data)
+     struct capture_object *cap;
+     const struct pcap_pkthdr *pkthdr;
+     const u_char *data;
+{
+  rb_yield(SRC_ADDR(data));
+}
+
+#define SRCV6_ADDR(data)  rb_integer_unpack((u_char *) (data + 22), 16, 1, 0, INTEGER_PACK_BIG_ENDIAN)
+#define DSTV6_ADDR(data)  rb_integer_unpack((u_char *) (data + 38), 16, 1, 0, INTEGER_PACK_BIG_ENDIAN)
+
+static void
+dst_ipv6_addr_handler(cap, pkthdr, data)
+     struct capture_object *cap;
+     const struct pcap_pkthdr *pkthdr;
+     const u_char *data;
+{
+  rb_yield(DSTV6_ADDR(data));
+}
+
+static void
+src_ipv6_addr_handler(cap, pkthdr, data)
+     struct capture_object *cap;
+     const struct pcap_pkthdr *pkthdr;
+     const u_char *data;
+{
+  rb_yield(SRCV6_ADDR(data));
+}
+
+void parse_opts(VALUE v_opts, void **default_handler)
+{
+  if (NIL_P(v_opts)) {
+    DEBUG_PRINT("using default capture handler");
+    *default_handler = &handler;
+  } else {
+    // raise error if second argument is not a symbol
+    Check_Type(v_opts, T_SYMBOL);
+    // only :source, :destination are supported
+    if (SYM2ID(v_opts) == rb_intern("source")) {
+      DEBUG_PRINT("yeilding only source ipv4 addresses");
+      *default_handler = &src_ipv4_addr_handler;
+    } else if (SYM2ID(v_opts) == rb_intern("destination")) {
+      DEBUG_PRINT("yeilding only destination ipv4 addresses");
+      *default_handler = &dst_ipv4_addr_handler;
+    } else if (SYM2ID(v_opts) == rb_intern("destinationv6")) {
+        DEBUG_PRINT("yeilding only destination ipv6 addresses");
+        *default_handler = &dst_ipv6_addr_handler;
+    } else if (SYM2ID(v_opts) == rb_intern("sourcev6")) {
+        DEBUG_PRINT("yeilding only source ipv6 addresses");
+        *default_handler = &src_ipv6_addr_handler;
+    } else {
+      // unkonw keyword passed, use default capture handler
+      DEBUG_PRINT("unknown option, using default capture handler");
+      *default_handler = &handler;
+    }
+  }
+}
+
 static VALUE
 capture_dispatch(argc, argv, self)
      int argc;
      VALUE *argv;
      VALUE self;
 {
-    VALUE v_cnt;
-    int cnt;
+    VALUE v_cnt, v_opts;
+    int ret = 0, cnt = 0;
+    unsigned int cap_cnt = 0;
     struct capture_object *cap;
-    int ret;
+    void *default_handler;
 
     DEBUG_PRINT("capture_dispatch");
     GetCapture(self, cap);
 
     /* scan arg */
-    if (rb_scan_args(argc, argv, "01", &v_cnt) >= 1) {
-        FIXNUM_P(v_cnt);
-        cnt = FIX2INT(v_cnt);
+    rb_scan_args(argc, argv, "02", &v_cnt, &v_opts);
+    if (NIL_P(v_cnt)) {
+      cnt = -1;
     } else {
-        cnt = -1;
+      FIXNUM_P(v_cnt);
+      cnt = FIX2INT(v_cnt);
     }
-
-    MAYBE_TRAP_BEG;
-    ret = pcap_dispatch(cap->pcap, cnt, handler, (u_char *)cap);
-    MAYBE_TRAP_END;
-    if (ret == -1) {
+    parse_opts(v_opts, &default_handler);
+    // call dispatch with 10,000 and break if we have reached desired amount
+    // if dispatch is called with -1/0 sometimes it dispatches millions of packets
+    for (cap_cnt = 0; cap_cnt < cnt; cap_cnt += ret ) {
+      MAYBE_TRAP_BEG;
+      ret = pcap_dispatch(cap->pcap, 10000, default_handler, (u_char *)cap);
+      MAYBE_TRAP_END;
+      if (ret < 0) {
         rb_raise(ePcapError, "dispatch: %s", pcap_geterr(cap->pcap));
+      }
     }
-
-    return INT2FIX(ret);
+  return UINT2NUM(cap_cnt);
 }
 
 static VALUE
@@ -367,31 +455,45 @@ capture_fh(argc, argv, self)
     return rb_funcall(rb_path2class("IO"), rb_intern("new"), 1, INT2FIX(pcap_fileno(cap->pcap)));
 }
 
+static VALUE
+capture_breakloop(self)
+     VALUE self;
+{
+    struct capture_object *cap;
+
+    DEBUG_PRINT("capture_breakloop");
+    GetCapture(self, cap);
+    pcap_breakloop(cap->pcap);
+    return Qnil;
+}
+
 static VALUE
 capture_loop(argc, argv, self)
      int argc;
      VALUE *argv;
      VALUE self;
 {
-    VALUE v_cnt;
+    VALUE v_cnt, v_opts;
     int cnt;
     struct capture_object *cap;
     int ret;
+    void *default_handler;
 
     DEBUG_PRINT("capture_loop");
     GetCapture(self, cap);
 
     /* scan arg */
-    if (rb_scan_args(argc, argv, "01", &v_cnt) >= 1) {
-        FIXNUM_P(v_cnt);
-        cnt = FIX2INT(v_cnt);
+    rb_scan_args(argc, argv, "02", &v_cnt, &v_opts);
+    if (NIL_P(v_cnt)) {
+      cnt = -1;
     } else {
-        cnt = -1;
+      FIXNUM_P(v_cnt);
+      cnt = FIX2INT(v_cnt);
     }
-
+    parse_opts(v_opts, &default_handler);
     if (pcap_file(cap->pcap) != NULL) {
         MAYBE_TRAP_BEG;
-        ret = pcap_loop(cap->pcap, cnt, handler, (u_char *)cap);
+        ret = pcap_loop(cap->pcap, cnt, default_handler, (u_char *)cap);
         MAYBE_TRAP_END;
     }
     else {
@@ -409,7 +511,7 @@ capture_loop(argc, argv, self)
                     rb_thread_wait_fd(fd);
                 }
                 MAYBE_TRAP_BEG;
-                ret = pcap_dispatch(cap->pcap, 1, handler, (u_char *)cap);
+                ret = pcap_dispatch(cap->pcap, 1, default_handler, (u_char *)cap);
                 MAYBE_TRAP_END;
             } while (ret == 0);
 
@@ -540,6 +642,30 @@ capture_inject(self, v_buf)
     return Qnil;
 }
 
+// configure capture direction: IN/OUT packets
+static VALUE
+capture_direction(self, direction)
+     VALUE direction;
+     VALUE self;
+{
+    struct capture_object *cap;
+    // default value is in and out packets
+    int v_direction = PCAP_D_INOUT;
+
+    DEBUG_PRINT("capture_direction");
+    GetCapture(self, cap);
+    Check_Type(direction, T_SYMBOL);
+    // set desired direction: :in,:out or both
+    if (SYM2ID(direction) == rb_intern("in")) {
+      DEBUG_PRINT("setting capture direction IN");
+      v_direction = PCAP_D_IN;
+    } else if (SYM2ID(direction) == rb_intern("out")) {
+      DEBUG_PRINT("setting capture direction OUT");
+      v_direction = PCAP_D_OUT;
+    }
+  return INT2NUM(pcap_setdirection(cap->pcap, v_direction));
+}
+
 /*
  * Dumper object
  */
@@ -905,6 +1031,9 @@ Init_pcap(void)
     rb_define_method(cCapture, "snaplen", capture_snapshot, 0);
     rb_define_method(cCapture, "stats", capture_stats, 0);
     rb_define_method(cCapture, "inject", capture_inject, 1);
+    rb_define_method(cCapture, "direction", capture_direction, 1);
+    rb_define_method(cCapture, "breakloop", capture_breakloop, 0);
+    rb_define_method(cCapture, "closed?", is_capture_closed, 0);
 
     /* define class Dumper */
     cDumper = rb_define_class_under(mPcap, "Dumper", rb_cObject);

data/ext/pcap/arp_packet.c

@@ -0,0 +1,82 @@
+/*
+ *  arp_packet.c
+ *
+ *  $Id: arp_packet.c,v 0.1
+ *
+ */
+
+#include "ruby_pcap.h"
+#include <netdb.h>
+
+struct arphdr
+  {
+    unsigned short int ar_hrd;  /* Format of hardware address.  */
+    unsigned short int ar_pro;  /* Format of protocol address.  */
+    unsigned char ar_hln;       /* Length of hardware address.  */
+    unsigned char ar_pln;       /* Length of protocol address.  */
+    unsigned short int ar_op;   /* ARP opcode (command).  */
+    unsigned char ar_sha[6];    /* Sender hardware address.  */
+    unsigned char ar_sip[4];    /* Sender IP address.  */
+    unsigned char ar_tha[6];    /* Target hardware address.  */
+    unsigned char ar_tip[4];    /* Target IP address.  */
+  };
+
+
+VALUE cARPPacket;
+
+VALUE
+setup_arp_packet(pkt, nl_len)
+     struct packet_object *pkt;
+     int nl_len;
+{
+    VALUE class;
+
+    DEBUG_PRINT("setup_arp_packet");
+
+    class = cARPPacket;
+
+    return class;
+}
+
+#define ARP_HDR(pkt)    ((struct arphdr *)LAYER3_HDR(pkt))
+
+#define ARPP_METHOD(func, val) \
+static VALUE\
+(func)(self)\
+     VALUE self;\
+{\
+    struct packet_object *pkt;\
+    struct arphdr *arp;\
+    DEBUG_PRINT(#func);\
+    GetPacket(self, pkt);\
+    arp = ARP_HDR(pkt);\
+    return (val);\
+}
+
+ARPP_METHOD(arpp_hw,     INT2FIX(ntohs(arp->ar_hrd)))
+ARPP_METHOD(arpp_prot,   INT2FIX(ntohs(arp->ar_pro)))
+ARPP_METHOD(arpp_hlen,   INT2FIX(arp->ar_hln))
+ARPP_METHOD(arpp_plen,   INT2FIX(arp->ar_pln))
+ARPP_METHOD(arpp_op,     INT2FIX(ntohs(arp->ar_op)))
+ARPP_METHOD(arpp_s_hw,   rb_str_new(arp->ar_sha,6))
+ARPP_METHOD(arpp_s_ip,   UINT32_2_NUM(ntohl( *((unsigned long int *) arp->ar_sip))))
+ARPP_METHOD(arpp_t_hw,   rb_str_new(arp->ar_tha,6))
+ARPP_METHOD(arpp_t_ip,   UINT32_2_NUM(ntohl( *((unsigned long int *) arp->ar_tip))))
+
+
+void
+Init_arp_packet(void)
+{
+    DEBUG_PRINT("Init_arp_packet");
+
+    cARPPacket = rb_define_class_under(mPcap, "ARPPacket", cPacket);
+    rb_define_method(cARPPacket, "hw", arpp_hw, 0);
+    rb_define_method(cARPPacket, "protocol", arpp_prot, 0);
+    rb_define_method(cARPPacket, "hwlen", arpp_hlen, 0);
+    rb_define_method(cARPPacket, "plen", arpp_plen, 0);
+    rb_define_method(cARPPacket, "op_code", arpp_op, 0);
+    rb_define_method(cARPPacket, "sender_hw", arpp_s_hw, 0);
+    rb_define_method(cARPPacket, "sender_ip", arpp_s_ip, 0);
+    rb_define_method(cARPPacket, "target_hw", arpp_t_hw, 0);
+    rb_define_method(cARPPacket, "target_ip", arpp_t_ip, 0);
+}

data/ext/pcap/icmp_packet.c

@@ -232,6 +232,40 @@ icmpp_radv(self, ind)
     rb_ary_push(ary, INT2NUM(ntohl(IDRD(icmp)->ird_pref)));
     return ary;
 }
+static VALUE
+icmpp_csumok(self)
+     VALUE self;
+{
+    struct packet_object *pkt;
+    struct ip *ip;
+    struct icmp *icmp;
+    GetPacket(self, pkt);
+    ip = IP_HDR(pkt);
+    icmp = ICMP_HDR(pkt);
+
+    long sum = 0;
+    unsigned short *temp = (unsigned short *)icmp;
+    int len = ntohs(ip->ip_len) - ip->ip_hl*4; // length of ip data
+    int csum = ntohs(icmp->icmp_cksum); // keep the checksum in packet
+
+    icmp->icmp_cksum = 0;
+    while(len > 1){
+      sum += ntohs(*temp++);
+      len -= 2;
+    }
+    if(len)
+      sum += ntohs((unsigned short) *((unsigned char *)temp));
+    while(sum>>16)
+      sum = (sum & 0xFFFF) + (sum >> 16);
+    unsigned short answer = ~sum;
+
+    icmp->icmp_cksum = csum; //restore the checkum in packet
+    if (DEBUG_CHECKSUM)
+      printf("ICMP csum in packet:%d should be %d\n", csum, answer);
+    if (answer == csum)
+      return Qtrue;
+    return Qfalse;
+}
 
 #define time_new_msec(t) rb_time_new((t)/1000, (t)%1000 * 1000)
 ICMPP_METHOD(icmpp_otime, 12, time_new_msec(ntohl(icmp->icmp_otime)))
@@ -336,6 +370,7 @@ Init_icmp_packet(void)
     rb_define_method(cICMPPacket, "icmp_typestr",  icmpp_typestr, 0);
     rb_define_method(cICMPPacket, "icmp_code",     icmpp_code, 0);
     rb_define_method(cICMPPacket, "icmp_cksum",    icmpp_cksum, 0);
+    rb_define_method(cICMPPacket, "icmp_csum_ok?", icmpp_csumok, 0);
 
     klass = rb_define_class_under(mPcap, "ICMPEchoReply", cICMPPacket);
     icmp_types[ICMP_ECHOREPLY].klass = klass;

data/ext/pcap/icmpv6_packet.c

@@ -0,0 +1,107 @@
+/*
+ *  icmpv6_packet.c
+ */
+
+#include "ruby_pcap.h"
+
+#define ICMPV6_HDR(pkt)  ((struct icmp6_hdr *)LAYER4_HDR(pkt))
+#define ICMP_CAPLEN(pkt) (pkt->hdr.pkthdr.caplen - pkt->hdr.layer4_off)
+
+VALUE cICMPv6Packet;
+
+#define CheckTruncateICMP(pkt, need) CheckTruncate(pkt, pkt->hdr.layer4_off, need, "truncated ICMPv6")
+
+
+VALUE
+setup_icmpv6_packet(pkt)
+  struct packet_object *pkt;
+{
+    return cICMPv6Packet;
+}
+
+
+#define ICMPP_METHOD(func, need, val) \
+static VALUE\
+(func)(self)\
+     VALUE self;\
+{\
+    struct packet_object *pkt;\
+    struct icmp6_hdr *icmp;\
+    GetPacket(self, pkt);\
+    CheckTruncateICMP(pkt, (need));\
+    icmp = ICMPV6_HDR(pkt);\
+    return (val);\
+}
+
+/*
+ * Common methods based on icmp6_hdr
+ */
+
+ICMPP_METHOD(icmpp_type,   1, INT2FIX(icmp->icmp6_type))
+ICMPP_METHOD(icmpp_code,   2, INT2FIX(icmp->icmp6_code))
+ICMPP_METHOD(icmpp_cksum,  4, INT2FIX(ntohs(icmp->icmp6_cksum)))
+/* 4 Bytes is the common ICMPv6 Header*/
+ICMPP_METHOD(icmppv6_data, 5, rb_str_new(icmp->icmp6_data8, ICMP_CAPLEN(pkt)-4))
+
+
+static VALUE
+icmpp_csumokv6(self)
+     VALUE self;
+{
+    struct packet_object *pkt;
+    struct ip6_hdr *ip;
+    struct icmp6_hdr *icmp;
+    GetPacket(self, pkt);
+    ip = IPV6_HDR(pkt);
+    icmp = ICMPV6_HDR(pkt);
+
+    long sum = 0;
+    unsigned short *temp = (unsigned short *)icmp;
+    int len = ntohs(ip->ip6_plen); // length of ip data
+    int csum = ntohs(icmp->icmp6_cksum); // keep the checksum in packet
+    unsigned short *ip_src = (void *)&ip->ip6_src.s6_addr;
+    unsigned short *ip_dst = (void *)&ip->ip6_dst.s6_addr;
+
+    // ICMPv6 now inclides pseudo header sum
+    int i = 1;
+    for (i = 0; i < 8; i++) {
+      sum += ntohs(*(ip_src));
+      sum += ntohs(*(ip_dst));
+      ip_src++;
+      ip_dst++;
+    }
+    sum += 58; // ICMPv6 next header value
+    sum += len;
+
+    icmp->icmp6_cksum = 0;
+    while(len > 1){
+      sum += ntohs(*temp++);
+      len -= 2;
+    }
+    if(len)
+      sum += ntohs((unsigned short) *((unsigned char *)temp));
+    while(sum>>16)
+      sum = (sum & 0xFFFF) + (sum >> 16);
+    unsigned short answer = ~sum;
+
+    icmp->icmp6_cksum = csum; //restore the checkum in packet
+    if (DEBUG_CHECKSUM)
+      printf("ICMP csum in packet:%d should be %d\n", csum, answer);
+    if (answer == csum)
+      return Qtrue;
+    return Qfalse;
+}
+
+
+void
+Init_icmpv6_packet(void)
+{
+
+    cICMPv6Packet = rb_define_class_under(mPcap, "ICMPv6Packet", cIPv6Packet);
+
+    rb_define_method(cICMPv6Packet, "icmp_type",     icmpp_type, 0);
+    rb_define_method(cICMPv6Packet, "icmp_code",     icmpp_code, 0);
+    rb_define_method(cICMPv6Packet, "icmp_cksum",    icmpp_cksum, 0);
+    rb_define_method(cICMPv6Packet, "icmp_csum_ok?", icmpp_csumokv6, 0);
+    rb_define_method(cICMPv6Packet, "icmp_data",     icmppv6_data, 0);
+}

data/ext/pcap/ip_packet.c

@@ -14,8 +14,7 @@ static VALUE cIPAddress;
 
 static unsigned short in_cksum(unsigned char *data, int len);
 
-#define CheckTruncateIp(pkt, need) \
-    CheckTruncate(pkt, pkt->hdr.layer3_off, need, "truncated IP")
+#define CheckTruncateIp(pkt, need)  CheckTruncate(pkt, pkt->hdr.layer3_off, need, "truncated IP")
 
 VALUE
 setup_ip_packet(pkt, nl_len)
@@ -49,7 +48,7 @@ setup_ip_packet(pkt, nl_len)
                 case IPPROTO_ICMP:
                     class = setup_icmp_packet(pkt, tl_len);
                     break;
-                }               
+                }
             }
         }
     }
@@ -149,6 +148,19 @@ ipp_sumok(self)
     return Qfalse;
 }
 
+static VALUE
+ipp_truncated(self)
+     VALUE self;
+{
+    struct packet_object *pkt;
+    struct ip *ip;
+    GetPacket(self, pkt);
+    ip = IP_HDR(pkt);
+    if IsTruncated(pkt, pkt->hdr.layer3_off, ntohs(ip->ip_len))
+        return Qtrue;
+    return Qfalse;
+}
+
 static unsigned short
 in_cksum(unsigned char *data, int len)
 {
@@ -401,6 +413,7 @@ Init_ip_packet(void)
     rb_define_method(cIPPacket, "dst=", ipp_set_dst, 1);
     rb_define_method(cIPPacket, "ip_data", ipp_data, 0);
     rb_define_method(cIPPacket, "ip_sum_update!", ipp_sum_update, 0);
+    rb_define_method(cIPPacket, "ip_truncated?", ipp_truncated, 0);
 
     cIPAddress = rb_define_class_under(mPcap, "IPAddress", rb_cObject);
     rb_define_singleton_method(cIPAddress, "new", ipaddr_s_new, 1);
@@ -417,8 +430,4 @@ Init_ip_packet(void)
 
     rb_define_method(cIPAddress, "_dump", ipaddr_dump, 1);
     rb_define_singleton_method(cIPAddress, "_load", ipaddr_s_load, 1);
-
-    Init_tcp_packet();
-    Init_udp_packet();
-    Init_icmp_packet();
 }