Header Structure Decodes
Looking into each layer of a packet
libtrace's structure decodes (IP, IP6, UDP, TCP, ICMP) are all
retrieved from a Packet by methods belonging to Packet, e.g. TCP =
packet.get_tcp. However, a libtrace_packet struct doesn't
have
a way to tell you how many bytes of the structure were actually
captured. Because of that, ruby-libtrace can't simply return
the data bytes that belong to a structure but are in a part of
it following the fixed-length part, e.g. IP and TCP options, and
IP6 header
extensions.
Instead,
ruby-libtrace uses libtrace's 'get_layer' routines, so that it can
return objects that know how many header bytes were actually captured.
Note that objects may be truncated because on-the-wire they
extended past the SNAPLEN used when the trace was captured.
Class Layer2
| Instance
Variables |
| linktype |
Link Type for the
trace, see below for values |
| data |
String containing the
layer2 (link) header bytes |
| Class Method |
| layer2 |
Packet.layer2
->
aNewLayer2 |
|
Returns a Layer2 object,
containing it's link type and header bytes for this packet. |
| Global
Constants |
| trace types |
See the libtrace
documentation for more details |
|
TRACE_TYPE_ETH |
802.3-style
Ethernet |
|
TRACE_TYPE_ATM |
ATM frames |
|
TRACE_TYPE_80211 |
802.11 frames |
|
TRACE_TYPE_NONE |
Raw IP frames |
|
TRACE_TYPE_LINUX_SLL |
Linux "null" framing |
|
TRACE_TYPE_PFLOG |
FreeBSD's PFlog |
|
TRACE_TYPE_DUCK |
Pseudo link layer for DUCK
packets |
|
TRACE_TYPE_80211_RADIO |
Radiotap + 802.11 |
|
TRACE_TYPE_LLCSNAP |
Raw LLC/SNAP |
|
TRACE_TYPE_PPP |
PPP frames |
|
TRACE_TYPE_METADATA |
WDCAP-style meta-data |
Class Layer3
| Instance
Variables |
| ethertype |
Ethernet Type for
the packet, e.g. 0x0800 = IPv4, 0x08dd = IPv6, 0x080b = ARP, etc. |
| data |
String containing the
layer3 (network) header bytes |
| Class Method |
| layer3 |
Packet.layer3
->
aNewLayer3 |
|
Returns a Layer3 object,
containing it's link type and header bytes for this packet. |
| Class set Method |
| set_checksums |
Layer3.set_checksums
-> true or false |
|
Computes and sets TCP, UDP and ICMP
checksums for IPv4 and IPv6 packets, and IP checksum for IPv4 packets.
This can be useful when using a Layer3 object to anonymise a
packet.
Returns true if the checksums were set; they are set only if the Layer3 object came from a complete packet, i.e. one with capture_len == wire_len. |
Class Transport
| Instance
Variables |
| proto |
IP protocol
number, (provided this was an IP or IP6 packet), e.g. 6 = TCP, 17 =
UDP, 1 = ICMP |
| data |
String containing the
transport header bytes |
| Class Method |
| transport |
Packet.transport->
aNewTransport |
|
Returns a Transport object,
containing the protocol number and header bytes for this packet. |
Nevil Brownlee
Mon, 1 Jul 11 (NZST)