[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Status of libpcap

Ghislain MARY

4/8/2005 2:15:00 PM

Hi all,

I found the ruby-libpcap library from
http://www.goto.info.waseda.ac.jp/~fukusima/ruby/p... but
unfortunately this library seems quite a bit old (based on libpcap-0.6 I
think).

So I was wondering if you know of an other library to handle pcap files
in ruby or if someone is working on a newer version for this library. If
not, I could try to update it to handle the last version of libpcap.

Thanks,

Ghislain MARY
3 Answers

Jonathan Paisley

4/11/2005 9:35:00 AM

0

On Sat, 09 Apr 2005 00:15:14 +0900, Ghislain Mary wrote:

> So I was wondering if you know of an other library to handle pcap files
> in ruby or if someone is working on a newer version for this library. If
> not, I could try to update it to handle the last version of libpcap.

I've used that library and linked against libpcap 0.8.3. I don't think the
libpcap API has changed much.

The only change I made was to correct a run-time warning to do with symbols.
See patch below.


diff -ur orig/pcap/Pcap.c pcap/Pcap.c
--- orig/pcap/Pcap.c Sun Aug 13 06:56:31 2000
+++ pcap/Pcap.c Tue Dec 9 02:08:19 2003
@@ -782,9 +782,9 @@
/* define class PcapStat */
cPcapStat = rb_funcall(rb_cStruct, rb_intern("new"), 4,
Qnil,
- INT2NUM(rb_intern("recv")),
- INT2NUM(rb_intern("drop")),
- INT2NUM(rb_intern("ifdrop")));
+ ID2SYM(rb_intern("recv")),
+ ID2SYM(rb_intern("drop")),
+ ID2SYM(rb_intern("ifdrop")));
rb_define_const(mPcap, "Stat", cPcapStat);

/* define exception classes */

Martin Pirker

4/12/2005 3:05:00 PM

0

Jonathan Paisley <jp-www@dcs.gla.ac.uk> wrote:
> I've used that library and linked against libpcap 0.8.3. I don't think the
> libpcap API has changed much.

A dumpfile of e.g. Ethereal sometimes causes exceptions when opened by
Pcap::Capture.open_offline, seems some new structures are not (yet)
handled by the Ruby bindings.


> The only change I made was to correct a run-time warning to do with symbols.
> See patch below.

This fixes the warnings, thanks!


Martin

Ghislain MARY

4/13/2005 11:15:00 PM

0

Hi,

Martin Pirker a écrit :
> Jonathan Paisley <jp-www@dcs.gla.ac.uk> wrote:
>
>>I've used that library and linked against libpcap 0.8.3. I don't think the
>>libpcap API has changed much.
>
>
> A dumpfile of e.g. Ethereal sometimes causes exceptions when opened by
> Pcap::Capture.open_offline, seems some new structures are not (yet)
> handled by the Ruby bindings.
>

Yes, that's exactly the problem I'm having. I try to load a capture of
IEEE802.11 frames with prism headers. Opening my capture file with
Pcap::Capture.open_offline and trying to iterate over each packets I get
a PcapError telling me "Unknow data-link type 119" which corresponds to
the libcap constant DLT_PRISM_HEADER. So I have managed to define this
constant in ruby-pcap. But that is not sufficient. But as it is done for
now, in packet.c the struct datalinks suppose that the ids of the
different datalinks types are incremented by 1, whereas this is not the
case, having gaps between different constants in the libpcap. So it
looks like that this is not that easy to make it work. I'll keep telling
here what I find, and if someone could help me that would be wery cool :)

Ghislain