The goal is to provide a library to gain access to packets queued by the kernel packet filter. For more details, see nfqueue-bindings project site.
Actually, you can
- access the module in Perl or Python
- create a queue connected to netfilter
- register a callback
- access the contents of the packet. As I do not want to do what was already done many times, I use some other libraries to decode the packet:
- NetPacket::IP for Perl
- dpkg for Python.
- If you know some other libraries, please let me know.
- set the verdict (decision) to ACCEPT or DROP for the packet
I have written some scripts to show what can be done in a few lines of code. The current examples are:
- example Perl script
- example Python script
- Packet dumper, in pcap format (use scapy)
- HTTP request checker
- A surprise I will present in a lightning talk at SSTIC :)
I will make a release as soon as the code is stable (and can be installed).
Create and bind the queue (Perl)
use nfqueue; use ...