Other articles

1. NFQueue bindings (2)

   The code for nfqueue-bindings is now almost ready, I have made some progress since last week:

   • you can now modify packets in live, and send the new packet with the verdict
   • new functions are wrapped, and the creation of the queue can be done in one function
   • more examples

   I have presented a special script for SSTIC, using the weather to decide if a packet should be accepted or dropped :)While the utility of the module still has to be proven, it is a good example of how easy it is to use the new bindings.

   The slides can be found online here, and contains some code examples (with some funny things ;). They are in french, but they should be quite easy to understand.

   Random ideas:

   • The Netfilter workshop will be held in Paris from 30 September to 3 October 2008.
   • Eric has presented nf3d, a nice tool to view netfilter logs (from ulogd2) in 3D.

   Gamers will recognize a nice try to convert network logs into Guitar Hero tracks ;)

   • Some people have weird habits at SSTIC !

   read more

2. NFQueue bindings

   I am currently working (amongst other projects ..) on nfqueue-bindings, set of high-level modules for several languages (Python and Perl, for the moment), for libnetfilter_queue.

   The goal is to provide a library to gain access to packets queued by the kernel packet filter. For more details, see nfqueue-bindings project site.

   Current state

   Actually, you can

   • access the module in Perl or Python
   • create a queue connected to netfilter
   • register a callback
   • access the contents of the packet. As I do not want to do what was already done many times, I use some other libraries to decode the packet:
   • NetPacket::IP for Perl
   • dpkg for Python.
   • • If you know some other libraries, please let me know.
   • set the verdict (decision) to ACCEPT or DROP for the packet

   I have written some scripts to show what can be done in a few lines of code. The current examples are:

   • example Perl script
   • example Python script
   • Packet dumper, in pcap format (use scapy)
   • HTTP request checker
   • A surprise I will present in a lightning talk at SSTIC :)

   I will make a release as soon as the code is stable (and can be installed).

   Examples

   Create and bind the queue (Perl)

   use nfqueue;
   
   use …

   read more

Page 1 / 1