Class: Netfilter::Packet

Inherits:

Object

• Object
• Netfilter::Packet

Defined in:

lib/nflog.rb

Overview

Class representing a packet captured by Netfilter::Log.

Defined Under Namespace

Classes: HardwareAddress, Timeval

Instance Method Summary

• #data ⇒ Object

  The packet contents.

• #gid ⇒ Object

  The GID of the user that generated the packet.

• #hw_addr ⇒ Object

  The source MAC address.

• #indev ⇒ Object

  The index of the interface the packet was received through.

• #indev_name ⇒ Object

  The name of the interface the packet was received through.

• #initialize(nflog, nfad) ⇒ Packet constructor

  A new instance of Packet.

• #nfmark ⇒ Object

  The netfilter mark.

• #outdev ⇒ Object

  The index of the interface the packet will be routed to.

• #outdev_name ⇒ Object

  The name of the interface the packet will be routed to.

• #phys_indev ⇒ Object

  The index of the physical interface the packet was received through.

• #phys_indev_name ⇒ Object

  The name of the physical interface the packet was received through.

• #phys_outdev ⇒ Object

  The index of the physical interface the packet will be routed to.

• #phys_outdev_name ⇒ Object

  The name of the physical interface the packet will be routed to.

• #prefix ⇒ Object

  The logging string.

• #seq ⇒ Object

  The NFLOG sequence number.

• #seq_global ⇒ Object

  The global NFLOG sequence number.

• #timestamp ⇒ Object

  The packet timestamp.

• #uid ⇒ Object

  The UID of the user that generated the packet.

Constructor Details

#initialize(nflog, nfad) ⇒ Packet

Returns a new instance of Packet.

# File 'lib/nflog.rb', line 51

def initialize(nflog, nfad)
    @nflog, @nfad = nflog, nfad
end

Instance Method Details

#data ⇒ Object

The packet contents.

# File 'lib/nflog.rb', line 146

def data
    hwhdrlen = Log.nflog_get_msg_packet_hwhdrlen(@nfad)
    
    if hwhdrlen > 0
        hwhdr = Log.nflog_get_msg_packet_hwhdr(@nfad)
        link_header = hwhdr.read_bytes(hwhdrlen)
    else
        link_header = ''
    end

    payload_ptr = FFI::MemoryPointer.new(:pointer, 1)
    payload_size = Log.nflog_get_payload(@nfad, payload_ptr)
    if payload_size < 0
        raise LogError, "nflog_get_payload has failed"
    end

    payload = payload_ptr.read_pointer.read_bytes(payload_size)

    [ link_header, payload ]
end

#gid ⇒ Object

The GID of the user that generated the packet.

# File 'lib/nflog.rb', line 216

def gid
    gid = FFI::Buffer.new(FFI.type_size(FFI::Type::UINT32))
    if Log.nflog_get_gid(@nfad, gid) < 0
        return 0 
    end

    gid.read_bytes(gid.total).unpack("I")[0]
end

#hw_addr ⇒ Object

The source MAC address.

# File 'lib/nflog.rb', line 134

def hw_addr
    phw = Log.nflog_get_packet_hw(@nfad)
    return nil if phw.null?

    hw = HardwareAddress.new(phw)
    hw_addrlen = [ hw[:hw_addrlen] ].pack('v').unpack('n')[0]
    hw[:hw_addr].to_ptr.read_bytes(hw_addrlen)
end

#indev ⇒ Object

The index of the interface the packet was received through.

# File 'lib/nflog.rb', line 78

def indev
    Log.nflog_get_indev(@nfad)
end

#indev_name ⇒ Object

The name of the interface the packet was received through.

# File 'lib/nflog.rb', line 85

def indev_name
    get_interface_name(self.indev)
end

#nfmark ⇒ Object

The netfilter mark.

# File 'lib/nflog.rb', line 58

def nfmark
    Log.nflog_get_nfmark(@nfad)
end

#outdev ⇒ Object

The index of the interface the packet will be routed to.

# File 'lib/nflog.rb', line 106

def outdev
    Log.nflog_get_outdev(@nfad)
end

#outdev_name ⇒ Object

The name of the interface the packet will be routed to.

# File 'lib/nflog.rb', line 113

def outdev_name
    get_interface_name(self.outdev)
end

#phys_indev ⇒ Object

The index of the physical interface the packet was received through.

# File 'lib/nflog.rb', line 92

def phys_indev
    Log.nflog_get_physindev(@nfad)
end

#phys_indev_name ⇒ Object

The name of the physical interface the packet was received through.

# File 'lib/nflog.rb', line 99

def phys_indev_name
    get_interface_name(self.phys_indev)
end

#phys_outdev ⇒ Object

The index of the physical interface the packet will be routed to.

# File 'lib/nflog.rb', line 120

def phys_outdev
    Log.nflog_get_physoutdev(@nfad)
end

#phys_outdev_name ⇒ Object

The name of the physical interface the packet will be routed to.

# File 'lib/nflog.rb', line 127

def phys_outdev_name
    get_interface_name(self.phys_outdev)
end

#prefix ⇒ Object

The logging string.

Raises:

• (LogError)

# File 'lib/nflog.rb', line 170

def prefix
    logstr = Log.nflog_get_prefix(@nfad)
    raise LogError, "nflog_get_prefix has failed" if logstr.null?

    logstr.read_string
end

#seq ⇒ Object

The NFLOG sequence number.

# File 'lib/nflog.rb', line 180

def seq
    seqnum = FFI::Buffer.new(FFI.type_size(FFI::Type::UINT32))
    if Log.nflog_get_seq(@nfad, seqnum) < 0
        raise LogError, "nflog_get_seq has failed"
    end

    seqnum.read_bytes(seqnum.total).unpack("I")[0]
end

#seq_global ⇒ Object

The global NFLOG sequence number.

# File 'lib/nflog.rb', line 192

def seq_global
    seqnum = FFI::Buffer.new(FFI.type_size(FFI::Type::UINT32))
    if Log.nflog_get_seq_global(@nfad, seqnum) < 0
        raise LogError, "nflog_get_seq_global has failed"
    end

    seqnum.read_bytes(seqnum.total).unpack("I")[0]
end

#timestamp ⇒ Object

The packet timestamp.

# File 'lib/nflog.rb', line 65

def timestamp
    ptv = FFI::MemoryPointer.new :pointer
    tv = Timeval.new(ptv)
    if Log.nflog_get_timestamp(@nfad, ptv) < 0
        0
    else
        Time.at(tv[:tv_sec])
    end
end

#uid ⇒ Object

The UID of the user that generated the packet.

# File 'lib/nflog.rb', line 204

def uid
    uid = FFI::Buffer.new(FFI.type_size(FFI::Type::UINT32))
    if Log.nflog_get_uid(@nfad, uid) < 0
        return 0
    end

    uid.read_bytes(uid.total).unpack("I")[0]
end