Class: Caper::CommonWrapper

Inherits:

Object

• Object
• Caper::CommonWrapper

Defined in:

lib/caper/common_wrapper.rb

Overview

An abstract base wrapper class with features common to all pcap wrapper types. Do not use this directly. Instead refer to Live, Dead, or Offline class for open_live, open_dead, or open_file respectively.

Direct Known Subclasses

CaptureWrapper, Dead

Instance Attribute Summary

• #pcap ⇒ Object

  Returns the value of attribute pcap.

Instance Method Summary

• #close ⇒ Object

  Closes the pcap interface using libpcap.

• #closed? ⇒ Boolean

  Indicates whether the pcap interface is already closed.

• #compile(expression, opts = {}) ⇒ BPFProgram

  Compiles a pcap filter but does not apply it to the pcap interface.

• #datalink ⇒ Object

  Returns the DataLink for the pcap device.

• #geterr ⇒ String (also: #error)

  The error text pertaining to the last pcap library error.

• #initialize(pcap, opts = {}) {|_self| ... } ⇒ CommonWrapper constructor

  A new instance of CommonWrapper.

• #open_dump(path) ⇒ Dumper
• #ready? ⇒ Boolean
• #snaplen ⇒ Integer

  Gets the snapshot length.

• #supported_datalinks ⇒ Object

  Returns an array of supported DataLinks for the pcap device.

• #to_ptr ⇒ FFI::Pointer

  Returns the pcap interface pointer.

Constructor Details

#initialize(pcap, opts = {}) {|_self| ... } ⇒ CommonWrapper

Returns a new instance of CommonWrapper.

Yields:

• (_self)

Yield Parameters:

• _self (Caper::CommonWrapper) —

  the object that the method was called on

# File 'lib/caper/common_wrapper.rb', line 10

def initialize(pcap, opts={})
  @pcap = pcap
  @closed = false
  @errbuf ||= ErrorBuffer.create

  yield(self) if block_given?
end

Instance Attribute Details

#pcap ⇒ Object

Returns the value of attribute pcap.

# File 'lib/caper/common_wrapper.rb', line 8

def pcap
  @pcap
end

Instance Method Details

#close ⇒ Object

Closes the pcap interface using libpcap.

# File 'lib/caper/common_wrapper.rb', line 48

def close
  unless @closed
    Caper.pcap_close(_pcap)
    @closed = true
    @pcap = nil
  end
end

#closed? ⇒ Boolean

Indicates whether the pcap interface is already closed.

Returns:

• (Boolean)

# File 'lib/caper/common_wrapper.rb', line 39

def closed?
  @closed == true
end

#compile(expression, opts = {}) ⇒ BPFProgram

Compiles a pcap filter but does not apply it to the pcap interface.

Parameters:

• expression (String) —

  A pcap filter expression. See pcap-filter(7) manpage for syntax.

• opts (Hash) (defaults to: {}) —

  Additional options for compile

Options Hash (opts):

• :optimize (optional, Integer) —

  Optimization flag. 0 means don’t optimize. Defaults to 1.

• :netmask (optional, Integer) —

  A 32-bit number representing the IPv4 netmask of the network on which packets are being captured. It is only used when checking for IPv4 broadcast addresses in the filter program. Default: 0 (unspecified netmask)

Returns:

• (BPFProgram) —

  A Caper::BPFProgram structure for the compiled filter.

Raises:

• (LibError) —

  On failure, an exception is raised with the relevant error message from libpcap.

# File 'lib/caper/common_wrapper.rb', line 98

def compile(expression, opts={})
  optimize = opts[:optimize] || 1
  netmask  = opts[:netmask] || 0 
  code = BPFProgram.new
  if Caper.pcap_compile(_pcap, code, expression, optimize, netmask) != 0
    raise(LibError, "pcap_compile(): #{geterr()}")
  end
  return code
end

#datalink ⇒ Object

Returns the DataLink for the pcap device.

# File 'lib/caper/common_wrapper.rb', line 20

def datalink
  @datalink ||= DataLink.new(Caper.pcap_datalink(_pcap))
end

#geterr ⇒ String Also known as: error

Returns The error text pertaining to the last pcap library error.

Returns:

• (String) —

  The error text pertaining to the last pcap library error.

# File 'lib/caper/common_wrapper.rb', line 125

def geterr
  Caper.pcap_geterr(_pcap)
end

#open_dump(path) ⇒ Dumper

Returns:

• (Dumper)

Raises:

• (LibError) —

  On failure, an exception is raised with the relevant error message from libpcap.

# File 'lib/caper/common_wrapper.rb', line 115

def open_dump(path)
  dp = Caper.pcap_dump_open(_pcap, File.expand_path(path))
  raise(LibError, "pcap_dump_open(): #{geterr()}") if dp.null?
  return Dumper.new(dp)
end

#ready? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/caper/common_wrapper.rb', line 43

def ready?
  @closed == false and not @pcap.nil? and not @pcap.null?
end

#snaplen ⇒ Integer

Gets the snapshot length.

Returns:

• (Integer) —

  Snapshot length for the pcap interface.

# File 'lib/caper/common_wrapper.rb', line 69

def snaplen
  Caper.pcap_snapshot(_pcap)
end

#supported_datalinks ⇒ Object

Returns an array of supported DataLinks for the pcap device.

# File 'lib/caper/common_wrapper.rb', line 26

def supported_datalinks
  dlt_lst = FFI::MemoryPointer.new(:pointer)
  if (cnt=Caper.pcap_list_datalinks(_pcap, dlt_lst)) < 0
    raise(LibError, "pcap_list_datalinks(): #{geterr()}")
  end
  # extract datalink values 
  p = dlt_lst.get_pointer(0)
  ret = p.get_array_of_int(0, cnt).map {|dlt| DataLink.new(dlt) }
  CRT.free(p)
  return ret
end

#to_ptr ⇒ FFI::Pointer

Returns the pcap interface pointer.

Returns:

• (FFI::Pointer) —

  Internal pointer to a pcap_t handle.

# File 'lib/caper/common_wrapper.rb', line 61

def to_ptr
  _check_pcap()
end