class FFI::PCap::CommonWrapper

An abstract base wrapper class with features common to all pcap wrapper types. Do not use this directly. Instead refer to {Live}, {Dead}, or {Offline} class for {PCap.open_live}, {PCap.open_dead}, or {PCap.open_file}, respectively.

Attributes

pcap[RW]

Public Class Methods

new(pcap, opts={}) { |self| ... } click to toggle source
# File lib/ffi/pcap/common_wrapper.rb, line 13
def initialize(pcap, opts={})
  @pcap     = pcap
  @closed   = false
  @errbuf ||= ErrorBuffer.new

  yield self if block_given?
end

Public Instance Methods

close() click to toggle source

Closes the pcap interface using libpcap.

# File lib/ffi/pcap/common_wrapper.rb, line 60
def close
  unless @closed
    PCap.pcap_close(_pcap)

    @closed = true
    @pcap = nil
  end
end
closed?() click to toggle source

Indicates whether the pcap interface is already closed.

# File lib/ffi/pcap/common_wrapper.rb, line 49
def closed?
  @closed == true
end
compile(expression, opts={}) click to toggle source

Compiles a pcap filter but does not apply it to the pcap interface.

@param [String] expression

A pcap filter expression. See `pcap-filter(7)` manpage for syntax.

@param [Hash] opts

Additional options for compile

@option opts [optional, Integer] :optimize

Optimization flag. 0 means don't optimize. Defaults to 1.

@option opts [optional, Integer] :netmask

A 32-bit number representing the IPv4 netmask of the network on
which packets are being captured. It is only used when checking
for IPv4 broadcast addresses in the filter program.
Default: 0 (unspecified netmask)

@return [BPF::Program]

A BPF program structure for the compiled filter.

@raise [LibError]

On failure, an exception is raised with the relevant error
message from libpcap.
# File lib/ffi/pcap/common_wrapper.rb, line 113
def compile(expression, opts={})
  optimize = opts[:optimize] || 1
  netmask  = opts[:netmask] || 0 
  code = BPFProgram.new

  if PCap.pcap_compile(_pcap, code, expression, optimize, netmask) != 0
    raise(LibError,"pcap_compile(): #{geterr()}",caller)
  end

  return code
end
error()
Alias for: geterr
geterr() click to toggle source

@return [String]

The error text pertaining to the last pcap library error.
# File lib/ffi/pcap/common_wrapper.rb, line 146
def geterr
  PCap.pcap_geterr(_pcap)
end
Also aliased as: error
open_dump(path) click to toggle source

@return [Dumper]

@raise [LibError]

On failure, an exception is raised with the relevant error
message from libpcap.
# File lib/ffi/pcap/common_wrapper.rb, line 132
def open_dump(path)
  dp = PCap.pcap_dump_open(_pcap, File.expand_path(path))

  if dp.null?
    raise(LibError,"pcap_dump_open(): #{geterr}",caller)
  end

  return Dumper.new(dp)
end
ready?() click to toggle source
# File lib/ffi/pcap/common_wrapper.rb, line 53
def ready?
  (@closed == false && !(@pcap.nil?) && !(@pcap.null?))
end
snaplen() click to toggle source

Gets the snapshot length.

@return [Integer]

Snapshot length for the pcap interface.
# File lib/ffi/pcap/common_wrapper.rb, line 84
def snaplen
  PCap.pcap_snapshot(_pcap)
end
to_ptr() click to toggle source

Returns the pcap interface pointer.

@return [FFI::Pointer]

Internal pointer to a pcap_t handle.
# File lib/ffi/pcap/common_wrapper.rb, line 75
def to_ptr
  _check_pcap()
end

Private Instance Methods

_check_pcap() click to toggle source

Raises an exception if ‘@pcap` is not set.

Internal sanity check to confirm the pcap instance variable has been set. Otherwise very bad things can ensue by passing a null pointer to various libpcap functions.

# File lib/ffi/pcap/common_wrapper.rb, line 162
def _check_pcap
  if @pcap.nil?
    raise(StandardError,"nil pcap device",caller)
  else
    @pcap
  end
end
_pcap() click to toggle source

Raises an exception if @pcap is not set or is a null pointer.

Internal sanity check to confirm the pcap pointer variable has been set and is not a null pointer. Otherwise very bad things can ensue by passing a null pointer to various libpcap functions.

# File lib/ffi/pcap/common_wrapper.rb, line 178
def _pcap
  ptr = _check_pcap

  if ptr.null?
    raise(StandardError,"null pointer to pcap device",caller)
  else
    ptr
  end
end