Class: Capra::Engine

Inherits:

Object

• Object
• Capra::Engine

Defined in:

lib/capra/engine.rb

Instance Attribute Summary

• #interface(iface) ⇒ Object

  Returns the value of attribute interface.

• #rules ⇒ Object

  Returns the value of attribute rules.

Instance Method Summary

• #alert(mesg) ⇒ Object
• #debug! ⇒ Object
• #default_interface ⇒ Object
• #email(recpt) ⇒ Object
• #initialize(file: nil, &block) ⇒ Engine constructor

  A new instance of Engine.

• #pcap(file) ⇒ Object
• #rule(type, description: nil, reference: nil, &block) ⇒ Object
• #save(packet) ⇒ Object
• #save_to(file) ⇒ Object
• #start! ⇒ Object

Constructor Details

#initialize(file: nil, &block) ⇒ Engine

Returns a new instance of Engine.

# File 'lib/capra/engine.rb', line 6

def initialize(file: nil, &block)
  default_interface
  @rules = {}
  if file
    instance_eval File.read(file)
  else
    instance_eval &block
  end
  start!
end

Instance Attribute Details

#interface(iface) ⇒ Object

Returns the value of attribute interface.

# File 'lib/capra/engine.rb', line 3

def interface
  @interface
end

#rules ⇒ Object

Returns the value of attribute rules.

# File 'lib/capra/engine.rb', line 4

def rules
  @rules
end

Instance Method Details

#alert(mesg) ⇒ Object

# File 'lib/capra/engine.rb', line 45

def alert(mesg)
  puts mesg
end

#debug! ⇒ Object

# File 'lib/capra/engine.rb', line 33

def debug!
  binding.pry
end

#default_interface ⇒ Object

# File 'lib/capra/engine.rb', line 21

def default_interface
  @interface = Interfacez.default
end

#email(recpt) ⇒ Object

# File 'lib/capra/engine.rb', line 49

def email(recpt)
  puts "Sending email!"
end

#pcap(file) ⇒ Object

# File 'lib/capra/engine.rb', line 25

def pcap(file)
  @pcap = file
end

#rule(type, description: nil, reference: nil, &block) ⇒ Object

# File 'lib/capra/engine.rb', line 37

def rule(type, description: nil, reference: nil, &block)
  if @rules[type]
    @rules[type] << block
  else
    @rules[type] = [block]
  end
end

#save(packet) ⇒ Object

# File 'lib/capra/engine.rb', line 53

def save(packet)
  @save_to = "capra-save-"+Time.now.utc.to_s.split(" ").join("-")+".pcapng" if @save_to.nil?

  pf = PacketGen::PcapNG::File.new
  pf.array_to_file [packet]
  pf.to_f(@save_to, append: true)
end

#save_to(file) ⇒ Object

# File 'lib/capra/engine.rb', line 29

def save_to(file)
  @save_to = file
end

#start! ⇒ Object

# File 'lib/capra/engine.rb', line 61

def start!
  if @pcap
    read_pcap_file(@pcap) do |packet|
      @rules.each do |header, blocks|
        if header == 'ANY' || packet.is?(header)
          blocks.each do |block|
            block.call(packet)
          end
        end
      end
    end
  else
    PacketGen.capture(iface: @interface) do |packet|
      @rules.each do |header, blocks|
        if header == 'ANY' || packet.is?(header)
          blocks.each do |block|
            block.call(packet)
          end
        end
      end
    end
  end
end