Hello
As a part of my master thesis I developed PacketScript - a Netfilter
extension, which enables to extend Netfilter with Lua scripts. The Lua
scripts are loaded with iptables and provide an easy way to deal with
network packets. Here a short example:
# iptables -A INPUT -p tcp -j LUA --script /path/to/my/script.lua
and the /path/to/my/script.lua can contain a Lua function similar to
the following: (Lua uses -- for comments)
-- called by the Netfilter callback function, gets a 'raw' packet
function process_packet(raw)
-- apply the Ethernet dissector
ethernet = raw:data(packet_ethernet)
-- apply the IP dissector
ip = ethernet:data(packet_ip)
-- dissect IP source address
src = ip:saddr()
if src:get() == "192.168.1.1" then
-- rewrite IP source address
src:set("10.0.0.123")
-- accept packet
return NF_ACCEPT
end
-- drop packet
return NF_DROP
end
PacketScript was not build with a specific network protocol or
protocol layer in mind, so it offers a simple framework to extend it
with other protocols. The current version provides rudimentary support
for Ethernet, IP, ICMP, UDP, TCP, TFTP, and HTTP. For my thesis I also
developed the possibility to access the Linux workqueue interface
using Lua.
At the moment I am cleaning up the code and write the user
documentation. But, before I put too much extra effort into it I would
really like to know your opinion. Thank you!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
