Class: FFI::PCap::BPFProgram

Inherits:

Struct

• Object
• Struct
• FFI::PCap::BPFProgram

Includes:

DRY::StructHelper

Defined in:

lib/ffi/pcap/bpf_program.rb

Overview

Structure for pcap_compile(), pcap_setfilter(), etc.

See bpf_program struct in pcap-bpf.h

Class Method Summary

• .compile(expr, opts = {}) ⇒ BPFProgram

  Compiles a bpf filter without a pcap device being open.

Instance Method Summary

• #free! ⇒ Object
• #freed? ⇒ Boolean
• #instructions ⇒ Object

Class Method Details

.compile(expr, opts = {}) ⇒ BPFProgram

Compiles a bpf filter without a pcap device being open. Downside is no error messages are available, whereas they are when you use open_dead() and use compile() on the resulting Dead.

Parameters:

• opts (Hash) (defaults to: {}) —

  Additional options for compile

Options Hash (opts):

• :datalink (optional, DataLink, Integer, String, Symbol) —

  DataLink layer type. The argument type will be resolved to a DataLink value if possible. Defaults to data-link layer type NULL.

• :snaplen (optional, Integer) —

  The snapshot length for the filter. Defaults to SNAPLEN

• :optimize (optional, Integer) —

  Optimization flag. 0 means don't optimize. Defaults to 1.

• :netmask (optional, Integer) —

  A 32-bit number representing the IPv4 netmask of the network on which packets are being captured. It is only used when checking for IPv4 broadcast addresses in the filter program. Default: 0 (unspecified netmask)

Returns:

• (BPFProgram) —

  If no errors occur, a compiled BPFProgram is returned.

Raises:

• (LibError)

# File 'lib/ffi/pcap/bpf_program.rb', line 69

def self.compile(expr, opts={})
  datalink = (opts[:datalink] || 1)
  dl = datalink.kind_of?(DataLink) ? datalink : DataLink.new(datalink)
  slen     = (opts[:snaplen] || DEFAULT_SNAPLEN)
  optimize = (opts[:optimize] || 1)
  mask     = (opts[:netmask] || 0)

  code = new()
  r = PCap.pcap_compile_nopcap(slen, dl.value, code, expr, optimize, mask)

  raise(LibError, "pcap_compile_nopcap(): unspecified error") if r < 0
  return code
end

Instance Method Details

#free! ⇒ Object

# File 'lib/ffi/pcap/bpf_program.rb', line 31

def free!
  unless @closed
    @freed = true
    PCap.pcap_freecode(self)
  end
end

#freed? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ffi/pcap/bpf_program.rb', line 38

def freed?
  @freed == true
end

#instructions ⇒ Object

# File 'lib/ffi/pcap/bpf_program.rb', line 20

def instructions
  i = 0
  sz = BPFInstruction.size

  Array.new(self.bf_len) do 
    ins = BPFInstruction.new( self[:bf_insn] + i )
    i += sz
    ins
  end
end