On 20/09/10 22:04, André Graf wrote:
> Hello
>
> As a part of my master thesis I developed PacketScript - a Netfilter
> extension, which enables to extend Netfilter with Lua scripts. The Lua
> scripts are loaded with iptables and provide an easy way to deal with
> network packets. Here a short example:
>
> # iptables -A INPUT -p tcp -j LUA --script /path/to/my/script.lua
>
> and the /path/to/my/script.lua can contain a Lua function similar to
> the following: (Lua uses -- for comments)
>
> -- called by the Netfilter callback function, gets a 'raw' packet
> function process_packet(raw)
> -- apply the Ethernet dissector
> ethernet = raw:data(packet_ethernet)
>
> -- apply the IP dissector
> ip = ethernet:data(packet_ip)
>
> -- dissect IP source address
> src = ip:saddr()
> if src:get() == "192.168.1.1" then
> -- rewrite IP source address
> src:set("10.0.0.123")
> -- accept packet
> return NF_ACCEPT
> end
> -- drop packet
> return NF_DROP
> end
>
> PacketScript was not build with a specific network protocol or
> protocol layer in mind, so it offers a simple framework to extend it
> with other protocols. The current version provides rudimentary support
> for Ethernet, IP, ICMP, UDP, TCP, TFTP, and HTTP. For my thesis I also
> developed the possibility to access the Linux workqueue interface
> using Lua.
>
> At the moment I am cleaning up the code and write the user
> documentation. But, before I put too much extra effort into it I would
> really like to know your opinion. Thank you!
Interesting approach, I'd like to see how the code looks like to know
what approach you've followed.
BTW, do you have some performance numbers in matching packets with
lua-based script?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
