Class: FFI::PCap::CommonWrapper

Inherits:

Object

• Object
• FFI::PCap::CommonWrapper

Defined in:

lib/ffi/pcap/common_wrapper.rb

Overview

An abstract base wrapper class with features common to all pcap wrapper types. Do not use this directly. Instead refer to Live, Dead, or Offline class for open_live, open_dead, or open_file, respectively.

Direct Known Subclasses

CaptureWrapper, Dead

Instance Attribute Summary

• #pcap ⇒ Object

  Returns the value of attribute pcap.

Instance Method Summary

• #close ⇒ Object

  Closes the pcap interface using libpcap.

• #closed? ⇒ Boolean

  Indicates whether the pcap interface is already closed.

• #compile(expression, opts = {}) ⇒ BPF::Program

  Compiles a pcap filter but does not apply it to the pcap interface.

• #datalink ⇒ Object

  Returns the DataLink for the pcap device.

• #geterr ⇒ String (also: #error)

  The error text pertaining to the last pcap library error.

• #initialize(pcap, opts = {}) {|_self| ... } ⇒ CommonWrapper constructor

  A new instance of CommonWrapper.

• #open_dump(path) ⇒ Dumper
• #ready? ⇒ Boolean
• #snaplen ⇒ Integer

  Gets the snapshot length.

• #supported_datalinks ⇒ Object

  Returns an array of supported DataLinks for the pcap device.

• #to_ptr ⇒ FFI::Pointer

  Returns the pcap interface pointer.

Constructor Details

#initialize(pcap, opts = {}) {|_self| ... } ⇒ CommonWrapper

Returns a new instance of CommonWrapper.

Yields:

• (_self)

Yield Parameters:

• _self (FFI::PCap::CommonWrapper) —

  the object that the method was called on

# File 'lib/ffi/pcap/common_wrapper.rb', line 13

def initialize(pcap, opts={})
  @pcap     = pcap
  @closed   = false
  @errbuf ||= ErrorBuffer.new

  yield self if block_given?
end

Instance Attribute Details

#pcap ⇒ Object

Returns the value of attribute pcap.

# File 'lib/ffi/pcap/common_wrapper.rb', line 11

def pcap
  @pcap
end

Instance Method Details

#close ⇒ Object

Closes the pcap interface using libpcap.

# File 'lib/ffi/pcap/common_wrapper.rb', line 60

def close
  unless @closed
    PCap.pcap_close(_pcap)

    @closed = true
    @pcap = nil
  end
end

#closed? ⇒ Boolean

Indicates whether the pcap interface is already closed.

Returns:

• (Boolean)

# File 'lib/ffi/pcap/common_wrapper.rb', line 49

def closed?
  @closed == true
end

#compile(expression, opts = {}) ⇒ BPF::Program

Compiles a pcap filter but does not apply it to the pcap interface.

Parameters:

• expression (String) —

  A pcap filter expression. See pcap-filter(7) manpage for syntax.

• opts (Hash) (defaults to: {}) —

  Additional options for compile

Options Hash (opts):

• :optimize (optional, Integer) —

  Optimization flag. 0 means don't optimize. Defaults to 1.

• :netmask (optional, Integer) —

  A 32-bit number representing the IPv4 netmask of the network on which packets are being captured. It is only used when checking for IPv4 broadcast addresses in the filter program. Default: 0 (unspecified netmask)

Returns:

• (BPF::Program) —

  A BPF program structure for the compiled filter.

Raises:

• (LibError) —

  On failure, an exception is raised with the relevant error message from libpcap.

# File 'lib/ffi/pcap/common_wrapper.rb', line 113

def compile(expression, opts={})
  optimize = opts[:optimize] || 1
  netmask  = opts[:netmask] || 0 
  code = BPFProgram.new

  if PCap.pcap_compile(_pcap, code, expression, optimize, netmask) != 0
    raise(LibError,"pcap_compile(): #{geterr()}",caller)
  end

  return code
end

#datalink ⇒ Object

Returns the DataLink for the pcap device.

# File 'lib/ffi/pcap/common_wrapper.rb', line 24

def datalink
  @datalink ||= DataLink.new(PCap.pcap_datalink(_pcap))
end

#geterr ⇒ String Also known as: error

Returns The error text pertaining to the last pcap library error.

Returns:

• (String) —

  The error text pertaining to the last pcap library error.

# File 'lib/ffi/pcap/common_wrapper.rb', line 146

def geterr
  PCap.pcap_geterr(_pcap)
end

#open_dump(path) ⇒ Dumper

Returns:

• (Dumper)

Raises:

• (LibError) —

  On failure, an exception is raised with the relevant error message from libpcap.

# File 'lib/ffi/pcap/common_wrapper.rb', line 132

def open_dump(path)
  dp = PCap.pcap_dump_open(_pcap, File.expand_path(path))

  if dp.null?
    raise(LibError,"pcap_dump_open(): #{geterr}",caller)
  end

  return Dumper.new(dp)
end

#ready? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ffi/pcap/common_wrapper.rb', line 53

def ready?
  (@closed == false && !(@pcap.nil?) && !(@pcap.null?))
end

#snaplen ⇒ Integer

Gets the snapshot length.

Returns:

• (Integer) —

  Snapshot length for the pcap interface.

# File 'lib/ffi/pcap/common_wrapper.rb', line 84

def snaplen
  PCap.pcap_snapshot(_pcap)
end

#supported_datalinks ⇒ Object

Returns an array of supported DataLinks for the pcap device.

# File 'lib/ffi/pcap/common_wrapper.rb', line 31

def supported_datalinks
  dlt_lst = MemoryPointer.new(:pointer)

  if (cnt = PCap.pcap_list_datalinks(_pcap, dlt_lst)) < 0
    raise(LibError, "pcap_list_datalinks(): #{geterr}",caller)
  end

  # extract datalink values 
  p = dlt_lst.get_pointer(0)
  ret = p.get_array_of_int(0, cnt).map {|dlt| DataLink.new(dlt) }

  CRT.free(p)
  return ret
end

#to_ptr ⇒ FFI::Pointer

Returns the pcap interface pointer.

Returns:

• (FFI::Pointer) —

  Internal pointer to a pcap_t handle.

# File 'lib/ffi/pcap/common_wrapper.rb', line 75

def to_ptr
  _check_pcap()
end