0.6.0

Release

Author: cdosoftei

.travis.yml

@@ -1,13 +1,18 @@
 language: php
 
+arch:
+  - amd64
+  - arm64
+
 addons:
   apt:
     packages:
+      - dnsutils
       - libpcap-dev
 
 php:
-  - 7.4
-  - 8.0
+  - '7.4'
+  - nightly
 
 env:
   - REPORT_EXIT_STATUS=1 NO_INTERACTION=1
@@ -17,4 +22,4 @@ before_script:
   - phpize && ./configure && make
 
 # Run PHPs run-tests.php
-script: TEST_PHP_ARGS="-q --show-out" make test
+script: sudo TEST_PHP_ARGS="-q --show-out" make test

Dockerfile

@@ -4,7 +4,7 @@ RUN apk add $PHPIZE_DEPS && \
   cd /usr/src && \
   tar -xf php.tar.xz && \
   cd php-* && \
-  apk add libpcap libpcap-dev
+  apk add bind-tools libpcap libpcap-dev
 
 COPY . /usr/src/php-pcap-ext
 

README.md

@@ -2,16 +2,68 @@
 
 Stream driven PHP packet capture extension.
 
-[![Build Status](https://travis-ci.org/rtckit/php-pcap-ext.svg?branch=master)](https://travis-ci.org/rtckit/php-pcap-ext) ![Version](https://img.shields.io/badge/version-v0.6.0-green) ![License](https://img.shields.io/badge/license-MIT-blue)
+[![Build Status](https://travis-ci.com/rtckit/php-pcap-ext.svg?branch=master)](https://travis-ci.com/rtckit/php-pcap-ext) ![Version](https://img.shields.io/badge/version-v0.6.0-green) ![License](https://img.shields.io/badge/license-MIT-blue)
 
 ## Usage
 
 The `pcap` extension has been developed against PHP 7.4+ and regularly tested against the upcoming PHP 8.
 
-The extension provides bindings for [libpcap](https://github.com/the-tcpdump-group/libpcap) and exposes its functionality via PHP streams; the packet formatting is consistent with the `pcap` file format (learn more [here](https://wiki.wireshark.org/Development/LibpcapFileFormat) and [here](https://formats.kaitai.io/pcap/index.html)).
+The extension provides bindings for [libpcap](https://github.com/the-tcpdump-group/libpcap) and exposes its functionality via PHP streams; the packet formatting is consistent with the `pcap` file format (learn more [here](https://wiki.wireshark.org/Development/LibpcapFileFormat) and [here](https://formats.kaitai.io/pcap/index.html)). The functionality is deliberately limited to I/O operations, the actual packet parsing/crafting should be performed using pure PHP; such supporting libraries will be open sourced soon.
 
 It's also worth familiarizing yourself with [libpcap and tcpdump](https://www.tcpdump.org/index.html).
 
+A typical capture session can be initiated as follows:
+
+```php
+$fp = fopen('pcap://eth0', 'r');
+```
+
+The above will initiate the capture session on the `eth0` interface; one can retrieve all network interfaces via `net_get_interfaces()`. An `any` meta-interface is also available.
+
+There are several configuration options exposed through stream contexts:
+
+```php
+$context = stream_context_create([
+  'pcap' => [
+    'snaplen'   => 2048,  // Snapshot length (truncates packets)
+    'promisc'   => true,  // Enables promiscuous mode
+    'immediate' => true,  // Sets immediate mode (skips buffering)
+    'blocking'  => false, // Enables/disables blocking mode (useful in stream_select loops)
+    'timeout'   => 0.100, // I/O timeout, in seconds
+    'filter'    => 'dst port 53', // Reference: https://www.tcpdump.org/manpages/pcap-filter.7.html
+  ],
+]);
+
+$fp = fopen('pcap://any', 'r', false, $context);
+```
+
+All I/O operations are no different than any other PHP stream, for example:
+
+```php
+$fp = fopen('pcap://eth0', 'r');
+
+$header = unpack('LtsSec/LtsUsec/LcapLen/Llen', fread($fp, 16)); // pcap packet header, using local machine endianness
+$frame = fread($fp, $header['capLen']);
+
+var_dump($header)
+/*
+array(4) {
+  ["tsSec"]=>
+  int(1598997114)
+  ["tsUsec"]=>
+  int(239648)
+  ["capLen"]=>
+  int(96)
+  ["len"]=>
+  int(96)
+}
+*/
+
+// process($frame) ...
+```
+
+The [tests](https://github.com/rtckit/php-pcap-ext/tree/master/tests) directory show cases some usage examples.
+
 ## Build
 
 In order to build the extension from source, make sure the environment supports the typical C/C++ build essentials for your platform (`build-essential`), the PHP development files (`php-dev`) as well as the libpcap library and its respective development files (`libpcap-dev`).

pcap.c

@@ -12,10 +12,16 @@
 #include "ext/standard/url.h"
 #include "php_pcap.h"
 #include <Zend/zend_interfaces.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
 #include <pcap.h>
 
 void pcap_close_session(pcap_capture_session_t *sess)
 {
+  if (!sess) {
+    return;
+  }
+
   if (sess->pcap) {
     pcap_close(sess->pcap);
   }
@@ -26,7 +32,12 @@ void pcap_close_session(pcap_capture_session_t *sess)
     efree(sess->filter);
   }
 
+  sess->pcap = NULL;
+  sess->dev = NULL;
+  sess->filter = NULL;
+
   efree(sess);
+  sess = NULL;
 }
 
 pcap_capture_session_t * pcap_activate_session(pcap_capture_session_t *sess)
@@ -89,46 +100,26 @@ pcap_capture_session_t * pcap_activate_session(pcap_capture_session_t *sess)
 
   if (pcap_set_snaplen(sess->pcap, sess->snaplen) < 0) {
     php_error_docref(NULL, E_WARNING, "Cannot set snapshot length %d on device %s", sess->snaplen, sess->dev);
-
-    pcap_close_session(sess);
-
-    return NULL;
   }
 
-  if (pcap_set_promisc(sess->pcap, sess->promisc) < 0) {
+  if (sess->promisc && (pcap_set_promisc(sess->pcap, sess->promisc) < 0)) {
     php_error_docref(NULL, E_WARNING, "Cannot set promiscuous mode %d on device %s", sess->promisc, sess->dev);
-
-    pcap_close_session(sess);
-
-    return NULL;
   }
 
-  if (pcap_set_immediate_mode(sess->pcap, sess->immediate) < 0) {
+  if (sess->immediate && (pcap_set_immediate_mode(sess->pcap, sess->immediate) < 0)) {
     php_error_docref(NULL, E_WARNING, "Cannot set immediate mode %d on device %s", sess->immediate, sess->dev);
-
-    pcap_close_session(sess);
-
-    return NULL;
   }
 
   if (pcap_set_timeout(sess->pcap, sess->timeout) < 0) {
     php_error_docref(NULL, E_WARNING, "Cannot set timeout %ldms on device %s", sess->timeout, sess->dev);
-
-    pcap_close_session(sess);
-
-    return NULL;
   }
 
-  if (pcap_setnonblock(sess->pcap, sess->non_blocking, sess->errbuf) < 0) {
-    php_error_docref(NULL, E_WARNING, "Cannot set blocking options on device %s: %s", sess->dev, sess->errbuf);
-
-    pcap_close_session(sess);
-
-    return NULL;
+  if (sess->non_blocking && (pcap_setnonblock(sess->pcap, sess->non_blocking, sess->errbuf) < 0)) {
+    php_error_docref(NULL, E_WARNING, "Cannot set blocking option on device %s: %s", sess->dev, pcap_geterr(sess->pcap));
   }
 
   if (pcap_activate(sess->pcap) < 0) {
-    php_error_docref(NULL, E_WARNING, "Cannot activate live capture on device %s", sess->dev);
+    php_error_docref(NULL, E_WARNING, "Cannot activate live capture on device %s: %s", sess->dev, pcap_geterr(sess->pcap));
 
     pcap_close_session(sess);
 
@@ -140,18 +131,10 @@ pcap_capture_session_t * pcap_activate_session(pcap_capture_session_t *sess)
 
     if (pcap_compile(sess->pcap, &fp, sess->filter, 0, PCAP_NETMASK_UNKNOWN) < 0) {
       php_error_docref(NULL, E_WARNING, "Cannot parse filter '%s' on device %s: %s", sess->filter, sess->dev, pcap_geterr(sess->pcap));
-
-      pcap_close_session(sess);
-
-      return NULL;
-    }
-
-    if (pcap_setfilter(sess->pcap, &fp) < 0) {
-      php_error_docref(NULL, E_WARNING, "Cannot install filter '%s' on device %s: %s", sess->filter, sess->dev, pcap_geterr(sess->pcap));
-
-      pcap_close_session(sess);
-
-      return NULL;
+    } else {
+      if (pcap_setfilter(sess->pcap, &fp) < 0) {
+        php_error_docref(NULL, E_WARNING, "Cannot install filter '%s' on device %s: %s", sess->filter, sess->dev, pcap_geterr(sess->pcap));
+      }
     }
   }
 
@@ -163,7 +146,7 @@ static ssize_t php_pcap_stream_write(php_stream *stream, const char *buf, size_t
   pcap_capture_session_t *sess = (pcap_capture_session_t *) stream->abstract;
   ssize_t writestate = 0;
 
-  if (!sess->pcap && !pcap_activate_session(sess)) {
+  if (!sess || (!sess->pcap && !pcap_activate_session(sess))) {
     return -1;
   }
 
@@ -181,7 +164,7 @@ static ssize_t php_pcap_stream_read(php_stream *stream, char *buf, size_t count)
   pcap_capture_session_t *sess = (pcap_capture_session_t *) stream->abstract;
   ssize_t readstate = 0;
 
-  if (!sess->pcap && !pcap_activate_session(sess)) {
+  if (!sess || (!sess->pcap && !pcap_activate_session(sess))) {
     return -1;
   }
 
@@ -244,7 +227,9 @@ static int php_pcap_stream_close(php_stream *stream, int close_handle)
 {
   pcap_capture_session_t *sess = (pcap_capture_session_t *) stream->abstract;
 
-  pcap_close_session(sess);
+  if (sess) {
+    pcap_close_session(sess);
+  }
 
   return 0;
 }
@@ -254,7 +239,7 @@ static int php_pcap_stream_cast(php_stream *stream, int castas, void **ret)
   pcap_capture_session_t *sess = (pcap_capture_session_t *) stream->abstract;
   int fd = 0;
 
-  if (!sess->pcap && !pcap_activate_session(sess)) {
+  if (!sess || (!sess->pcap && !pcap_activate_session(sess))) {
     return FAILURE;
   }
 
@@ -283,10 +268,14 @@ static int php_pcap_stream_set_option(php_stream *stream, int option, int value,
   pcap_capture_session_t *sess = (pcap_capture_session_t *) stream->abstract;
   int ret = -1;
 
+  if(!sess || !sess->pcap) {
+    return -1;
+  }
+
   switch (option) {
     case PHP_STREAM_OPTION_BLOCKING:
       if (sess->pcap && pcap_setnonblock(sess->pcap, !value, sess->errbuf) == PCAP_ERROR) {
-        php_error_docref(NULL, E_WARNING, "Cannot set blocking option: %s", sess->errbuf);
+        php_error_docref(NULL, E_WARNING, "Cannot set blocking option: %s", pcap_geterr(sess->pcap));
       } else {
         ret = !sess->non_blocking;
         sess->non_blocking = !value;
@@ -297,7 +286,7 @@ static int php_pcap_stream_set_option(php_stream *stream, int option, int value,
       sess->timeout = ((struct timeval *) ptrparam)->tv_sec * 1000 + (((struct timeval *) ptrparam)->tv_usec / 1000);
 
       if (sess->pcap && (pcap_set_timeout(sess->pcap, sess->timeout) == PCAP_ERROR_ACTIVATED)) {
-        php_error_docref(NULL, E_WARNING, "Cannot set timeout option on active session: %s", sess->errbuf);
+        php_error_docref(NULL, E_WARNING, "Cannot set timeout option on active session: %s", pcap_geterr(sess->pcap));
       } else {
         ret = sess->timeout;
       }
@@ -322,15 +311,18 @@ php_stream_ops php_pcap_stream_ops = {
 /* {{{ php_pcap_fopen
  * pcap:// fopen wrapper
  */
-static php_stream *php_pcap_fopen(
-  php_stream_wrapper *wrapper,
-  const char *path,
-  const char *mode,
-  int options,
-  zend_string **opened_path,
-  php_stream_context *context STREAMS_DC
-)
+static php_stream *php_pcap_fopen(php_stream_wrapper *wrapper, const char *path, const char *mode, int options, zend_string **opened_path, php_stream_context *context STREAMS_DC)
 {
+  int raw = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
+
+  if (raw < 0) {
+    php_error_docref(NULL, E_WARNING, "Cannot open raw sockets (check privileges or CAP_NET_RAW capability)");
+
+    return NULL;
+  }
+
+  close(raw);
+
   php_url *parsed_url = php_url_parse(path);
   pcap_if_t* alldevsp = NULL;