Module: FFI::PCap

Extended by:

Library

Defined in:

lib/ffi/pcap.rb,
lib/ffi/pcap/crt.rb,
lib/ffi/pcap/addr.rb,
lib/ffi/pcap/dead.rb,
lib/ffi/pcap/live.rb,
lib/ffi/pcap/pcap.rb,
lib/ffi/pcap/stat.rb,
lib/ffi/pcap/bsd/af.rb,
lib/ffi/pcap/dumper.rb,
lib/ffi/pcap/packet.rb,
lib/ffi/pcap/in_addr.rb,
lib/ffi/pcap/offline.rb,
lib/ffi/pcap/stat_ex.rb,
lib/ffi/pcap/time_val.rb,
lib/ffi/pcap/typedefs.rb,
lib/ffi/pcap/data_link.rb,
lib/ffi/pcap/interface.rb,
lib/ffi/pcap/exceptions.rb,
lib/ffi/pcap/bpf_program.rb,
lib/ffi/pcap/bsd/in_addr.rb,
lib/ffi/pcap/file_header.rb,
lib/ffi/pcap/bsd/in6_addr.rb,
lib/ffi/pcap/bsd/typedefs.rb,
lib/ffi/pcap/copy_handler.rb,
lib/ffi/pcap/error_buffer.rb,
lib/ffi/pcap/bsd/sock_addr.rb,
lib/ffi/pcap/packet_header.rb,
lib/ffi/pcap/common_wrapper.rb,
lib/ffi/pcap/bpf_instruction.rb,
lib/ffi/pcap/capture_wrapper.rb,
lib/ffi/pcap/bsd/sock_addr_dl.rb,
lib/ffi/pcap/bsd/sock_addr_in.rb,
lib/ffi/pcap/bsd/sock_addr_in6.rb,
lib/ffi/pcap/bsd/sock_addr_family.rb

Defined Under Namespace

Modules: AF, CRT Classes: Addr, BPFInstruction, BPFProgram, CaptureWrapper, CommonWrapper, CopyHandler, DataLink, Dead, Dumper, ErrorBuffer, FileHeader, Handler, In6Addr, InAddr, Interface, LibError, Live, Offline, Packet, PacketHeader, ReadError, SockAddr, SockAddrDl, SockAddrFamily, SockAddrIn, SockAddrIn6, Stat, StatEx, TimeVal, TimeoutError, UnsupportedDataLinkError

Constant Summary

DEFAULT_SNAPLEN =

Default snapshot length for packets

65535

Class Method Summary

• .device_names ⇒ Object

  Returns an array of device names for each interface found on the system.

• .dump_devices ⇒ Object

  Returns an array of device name and network/netmask pairs for each interface found on the system.

• .each_device {|dev| ... } ⇒ nil

  List all capture devices and yield them each to a block.

• .lib_version ⇒ String

  Get the version information for libpcap.

• .lib_version_number ⇒ String

  Extract just the version number from the PCap.lib_version string.

• .lookupdev ⇒ String

  Find the default device on which to capture.

• .lookupnet(device) {|netp, maskp| ... } ⇒ nil, String

  Determine the IPv4 network number and mask relevant with a network device.

• .open_dead(opts = {}, &block) ⇒ Object

  Opens a new Dead pcap interface for compiling filters or opening a capture for output.

• .open_file(path, opts = {}, &block) ⇒ Object
• .open_live(opts = {}, &block) ⇒ Object

  Opens a new Live device for capturing from the network.

• .open_offline(path, opts = {}, &block) ⇒ Object

  Opens a saved capture file for reading.

Class Method Details

.device_names ⇒ Object

Returns an array of device names for each interface found on the system.

# File 'lib/ffi/pcap/pcap.rb', line 181

def PCap.device_names
  PCap.enum_for(:each_device).map { |dev| dev.name }
end

.dump_devices ⇒ Object

Returns an array of device name and network/netmask pairs for each interface found on the system.

If an interface does not have an address assigned, its network/netmask value is returned as a nil value.

# File 'lib/ffi/pcap/pcap.rb', line 166

def PCap.dump_devices
  PCap.enum_for(:each_device).map do |dev| 
    net = begin
            PCap.lookupnet(dev.name)
          rescue LibError
          end

    [dev.name, net]
  end
end

.each_device {|dev| ... } ⇒ nil

List all capture devices and yield them each to a block.

Yields:

• (dev)

Yield Parameters:

• dev (Interface) —

  An Interface structure for each device.

Returns:

• (nil)

Raises:

• (LibError) —

  On failure, an exception is raised with the relevant error message from libpcap.

# File 'lib/ffi/pcap/pcap.rb', line 136

def PCap.each_device
  devices = FFI::MemoryPointer.new(:pointer)
  errbuf  = ErrorBuffer.new

  PCap.pcap_findalldevs(devices, errbuf)
  node = devices.get_pointer(0)

  if node.null?
    raise(LibError,"pcap_findalldevs(): #{errbuf}",caller)
  end

  device = Interface.new(node)

  while device
    yield(device)

    device = device.next
  end

  PCap.pcap_freealldevs(node)
  return nil
end

.lib_version ⇒ String

Get the version information for libpcap.

Returns:

• (String) —

  Information about the version of the libpcap library being used; note that it contains more information than just a version number.

# File 'lib/ffi/pcap/pcap.rb', line 194

def PCap.lib_version
  PCap.pcap_lib_version
end

.lib_version_number ⇒ String

Extract just the version number from the lib_version string.

Returns:

• (String) —

  Version number.

# File 'lib/ffi/pcap/pcap.rb', line 204

def PCap.lib_version_number
  if (version = PCap.lib_version.match(/libpcap version (\d+\.\d+.\d+)/))
    return version[1]
  end
end

.lookupdev ⇒ String

Find the default device on which to capture.

Returns:

• (String) —

  Name of default device

Raises:

• (LibError) —

  On failure, an exception is raised with the relevant error message from libpcap.

# File 'lib/ffi/pcap/pcap.rb', line 23

def PCap.lookupdev
  e = ErrorBuffer.new

  unless (name = PCap.pcap_lookupdev(e))
    raise(LibError,"pcap_lookupdev(): #{e}",caller)
  end

  return name
end

.lookupnet(device) {|netp, maskp| ... } ⇒ nil, String

Determine the IPv4 network number and mask relevant with a network device.

Parameters:

• device (String) —

  The name of the device to look up.

Yields:

• (netp, maskp)

Yield Parameters:

• netp (FFI::MemoryPointer) —

  A pointer to the network return value.

• maskp (FFI::MemoryPointer) —

  A pointer to the netmask return value.

Returns:

• (nil, String) —

  The IPv4 network number and mask presented as n.n.n.n/m.m.m.m. nil is returned when a block is specified.

Raises:

• (LibError) —

  On failure, an exception is raised with the relevant error message from libpcap.

# File 'lib/ffi/pcap/pcap.rb', line 59

def PCap.lookupnet(device)
  netp   = MemoryPointer.new(find_type(:bpf_uint32))
  maskp  = MemoryPointer.new(find_type(:bpf_uint32))
  errbuf = ErrorBuffer.new

  unless PCap.pcap_lookupnet(device, netp, maskp, errbuf) == 0
    raise(LibError, "pcap_lookupnet(): #{errbuf}",caller)
  end

  if block_given?
    yield netp, maskp
  else
    net = netp.get_array_of_uchar(0,4).join('.')
    net << '/'
    net << maskp.get_array_of_uchar(0,4).join('.')

    return net
  end
end

.open_dead(opts = {}, &block) ⇒ Object

Opens a new Dead pcap interface for compiling filters or opening a capture for output.

See Also:

• FFI::PCap::Dead#initialize

# File 'lib/ffi/pcap/pcap.rb', line 97

def PCap.open_dead(opts={}, &block)
  ret = Dead.new(opts, &block)
  return block_given? ? ret.close : ret
end

.open_file(path, opts = {}, &block) ⇒ Object

See Also:

• open_offline

# File 'lib/ffi/pcap/pcap.rb', line 115

def PCap.open_file(path, opts={}, &block)
  open_offline(path, opts, &block)
end

.open_live(opts = {}, &block) ⇒ Object

Opens a new Live device for capturing from the network. See FFI::PCap::Live#initialize for arguments.

If passed a block, the block is passed to FFI::PCap::Live#initialize and the Live object is closed after completion of the block

# File 'lib/ffi/pcap/pcap.rb', line 86

def PCap.open_live(opts={},&block)
  ret = Live.new(opts, &block)
  return block_given? ? ret.close : ret
end

.open_offline(path, opts = {}, &block) ⇒ Object

Opens a saved capture file for reading.

See Also:

• FFI::PCap::Offline#initialize

# File 'lib/ffi/pcap/pcap.rb', line 107

def PCap.open_offline(path, opts={}, &block)
  ret = Offline.new(path, opts={}, &block)
  return block_given? ? ret.close : ret
end