nfqueue-bindings
Introduction
nfqueue-bindings is a set of high-level modules for several languages (Python and Perl, for the moment), for libnetfilter_queue. Similar bindings are also available for NFLOG: nflog-bindings.
The goal is to provide a library to gain access to packets queued by the kernel packet filter.
It is important to note that these bindings will not follow blindly libnetfilter_queue API. For ex., some higher-level wrappers will be provided for the open/bind/create mechanism (using one function call instead of three).
Since libraries to decode ip packets are already available, the bindings will use them.
Remember that an application connection to libnetfilter_queue must run as root to be able to create the queue. Some extra steps may be required to drop privileges after if you need more security.
You must add rules in netfilter to send packets to the userspace queue. The number of the queue (--queue-num option in netfilter) must match the number provided to create_queue().
Example of iptables rules::
iptables -A OUTPUT --destination 1.2.3.4 -j NFQUEUE
Of course, you should be more restrictive, depending on your needs.
Download
Releases
Latest releases are available from the Downloads page
nfqueue-bindings-0.3.tar.gz: 22436 bytes MD5 : 279a78f132ddfc852ba09c3db84120d5 SHA1: ac9dda8956f0c5f6619b628ceaf209d97e4124d6
Older releases:
nfqueue-bindings-0.2.tar.gz: 21643 bytes MD5 : 8f433376dbfed9f616544f3d9913c71f SHA1: 704f07a8f6a7dd37811c482d560617948a65cc18 nfqueue-bindings-0.1.tar.gz: 21382 bytes MD5 : 6ce405f06493a52a60a8f04fa3fae186 SHA1: 074fcae0ae0652c4222d40b9e9f4e75f50a2489e
Source Code
Latest source code is available from git:
git clone http://git.inl.fr/git/nfqueue-bindings.git
or for browsing http://git.inl.fr/cgi-bin/gitweb.cgi?p=nfqueue-bindings.git;a=summary
Using nfqueue-bindings
Prerequisites
- cmake
- libnetfilter-queue
- swig
- python development files
- perl development files
Compilation
A Makefile has been written to wrap cmake call
Running 'make' will:
- Create a subdirectory build/
- Go in that directory and call cmake ..
- Call make to build the librairies
If the pkg-config files for libnetfilter-queue are in a non-standard directory, export the following variable before calling make:
export PKG_CONFIG_PATH=/path/to/prefix/lib/pkgconfig/
To remove the build files, run 'make clean' or just remove the build directory.
Installation
Edit the toplevel makefile, and set the PREFIX variable:
PREFIX = /usr/local
or, alternatively, set the contents of the value when running make:
make make PREFIX=/usr/local install
License
nfqueue-bindings is licensed under the GPLv3 terms.
Authors
nfqueue-bindings is written by Pierre Chifflier.
