search

maiha / pcap.cr

Crystal bindings for libpcap
MIT License
25 stars 3 forks source link

How to use other functions from LibPcap? #14

Closed picatz closed 6 years ago

picatz commented 6 years ago

I've been interested in figuring out how C bindings works with Crystal; and LibPcap I think is a good example to start with.

I've noticed this library doesn't ever use the pcap_dispatch function, though there are bindings provided by it thanks to @puppetpies -- I just can't figure out how to use it.

I see that the pcap_loop function is used, though I don't entirely understand how it's used in the Capture class. I think the main reason is I don't understand how the PcapHandler works.

Hope this isn't too much to bother you for, but: could you provide me some simple examples of how I might be able to use pcap_dispatch to get one packet at a time without the pcap_loop function? I'd love to be able to understand how this works more with examples!

picatz commented 6 years ago

I've been continuing to look into this more. Perhaps it's the pcap_next_ex function I'd want to use. Which seems simpler, since there's no handler involved from what I can tell.

However, I can't see to get it to work. 😟 I've found a binding in lua which I got the idea from.

Not entirely sure.

picatz commented 6 years ago

Totally got the pcap_next_ex function to work! 😂

But, I'd still like other examples of other functions.

picatz commented 6 years ago

I've now gotten quite a few of them to work on my own this weekend.

I've also noticed that some libraries built in other languages like gopacket, pcaprub, and pcap-lua don't use the pcap_loop function I was struggling with. I still can't figure out how the Crystal version works. But I can read packets without it.

I've been struggling my way through, getting as intimate I can with LibPcap and I've just about read half of the man pages and started working on my own bindings in Crystal too. Heavily based off of the work of @puppetpies, yourself, and other languages that have bindings to LibPcap.

I suppose I need to figure out how packet parsing works in depth next.

maiha commented 6 years ago

Hi @picatz ! Thank you for your interest in pcap.cr.

Crystal can automatically generate libXXX.cr from c-lang headers. So libpcap.cr provides many functions, but we are using just a few methods in it.

To be honest, I'm newbie to the libpcap. And I used pcap_loop as pupetpies did. So I'm afraid that I don't know about pcap_dispatch.

As far as I googled it, it seems they are almost the same. https://stackoverflow.com/questions/4917056/pcap-loop-and-pcap-dispatch-difference

Thank you,

picatz commented 6 years ago

Hello @maiha!

That's a really interesting feature of crystal I've never used before! I've been hand-crafting the bindings ( which are pretty trivial to write, thanks to crystal and @puppetpies ).

I'm actually working on my own packet capturing library with some extended features on top of libpcap just so I can learn how it works.

I've found the pcap_next_ex to work perfectly for what I need right now. It's what gopacket and pcap-lua use, so it works for me; and it's simpler to use! I'm interested in the performance differences though, and I've done no benchmarks between the two.

Thank you though!

picatz commented 6 years ago

Packet Parsing / Byte Order Mapping

I'm still working on wrapping my head around packet parsing.

I've been reading different RFCs and I've gotten a decent grasp of it. I've also researched several libraries in other languages and am still working on reading through others.

So, I was was wondering if you could help explain how the packeting parsing works for pcap.cr and how the Bomap class works.

maiha commented 6 years ago

I've found the pcap_next_ex to work perfectly for what I need right now.

Nice! It seems we should use pcap_next_ex rather than pcap_loop. https://www.winpcap.org/docs/docs_40_2/html/group__wpcap__tut4.html

I'll plan to replace loop with next_ex in this weekend. :smiley: Thank you,

maiha commented 6 years ago

Bomap

Bomap is just a thin crystal macro that controls byte orders by using ntohl, ntohs in libc.

For example, the length of IP Header (aka. ip_len) should be converted to host byte order. So we mark it by own dsl Bomap.n16 that means convert Network byte order to host for 16 bits. Thus, we get the following code.

module Pcap
  class IpHeader
    Bomap.n16 ip_len

In compile stage, this will be expanded to 

module Pcap
  class IpHeader
    def ip_len : UInt16
       LibC.ntohs(@raw.ip_len)
    end

where @raw is a native pcap structure. Then we will get expected byte order with Bomap dsl.

FYI: Bomap.nop foo doesn't convert anything and just returns @raw.foo.

Thank you,

maiha commented 6 years ago

@picatz Implemented #next_ex and #get?. I'm grad if the #get? is what you want. 😃

Please see README or spec for details.

Thank you,

picatz commented 6 years ago

@maiha That's awesome, it looks simple and easy to use! 👍

Thank you for your explanations and support with this issue. 🙇

picatz commented 6 years ago

@maiha For reference, here is the code I have created: https://github.com/picatz/packetz

I credited both you and @puppetpies for your previous work to get packetz to where it's at right now. And I have some further plans for it! 😸

For example, I have yet to implement any packet parsing into packetz.

In the future I'd really like to implement something like packetgen by @sdaubert in crystal.

puppetpies commented 6 years ago

I like the look of packetz i gave it a star !