nfqueue 1.0.2 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +38 -0
- data/lib/nfqueue.rb +33 -7
- data/samples/packetdump.rb +1 -0
- metadata +4 -4
- data/README +0 -32
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0e5269527d84dec2eac0a07da9f1dff4b70b8a41
|
4
|
+
data.tar.gz: 5cebd45b959d5cc698bad49c7ae4e5116f2d1c89
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: be8d86d168625c3b2b2d4606188c2ffb9ca2fe3d9b4c930628448bf0460d7233e9c390ca2501a44c6de4753489f1af8a719018f3ef82ff9d66bb9919bff1359e
|
7
|
+
data.tar.gz: bb5504db4774eade02d99c475322a029c3fe1803ed811b17933afa67561ba2c45b55b8af682ce4d8ced035ea05598b9433fec559eb64f95bb8113f99465b08c9
|
data/README.md
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
Description of nfqueue
|
2
|
+
----------------------
|
3
|
+
|
4
|
+
nfqueue is a tiny wrapper around libnetfilter\_queue. It allows you to do some packet filtering very simply in a Ruby environment.
|
5
|
+
|
6
|
+
For example, plugging on the #0 queue:
|
7
|
+
|
8
|
+
```ruby
|
9
|
+
require 'nfqueue'
|
10
|
+
|
11
|
+
Netfilter::Queue.create(0) do |packet|
|
12
|
+
puts "Inspecting packet ##{packet.id}"
|
13
|
+
|
14
|
+
p packet.data
|
15
|
+
Netfilter::Packet::ACCEPT
|
16
|
+
end
|
17
|
+
```
|
18
|
+
|
19
|
+
Setting up iptables
|
20
|
+
-------------------
|
21
|
+
|
22
|
+
This is an example for intercepting outgoing HTTP traffic:
|
23
|
+
|
24
|
+
```
|
25
|
+
iptables -A OUTPUT -p tcp --dport 80 -j NFQUEUE --queue-num 0 --queue-bypass
|
26
|
+
```
|
27
|
+
|
28
|
+
Dependencies
|
29
|
+
------------
|
30
|
+
|
31
|
+
You need to have kernel support for NFQUEUE and libnetfilter\_queue installed to get it working.
|
32
|
+
nfqueue depends on nfnetlink and ffi (https://github.com/ffi/ffi/wiki/)
|
33
|
+
|
34
|
+
|
35
|
+
Contact
|
36
|
+
-------
|
37
|
+
|
38
|
+
Guillaume Delugré, guillaume at security-labs dot org
|
data/lib/nfqueue.rb
CHANGED
@@ -62,15 +62,25 @@ module Netfilter
|
|
62
62
|
STOP = 5
|
63
63
|
|
64
64
|
attr_reader :id
|
65
|
+
attr_reader :protocol
|
65
66
|
attr_writer :data
|
66
67
|
|
67
|
-
def initialize(nfad) #:nodoc:
|
68
|
+
def initialize(queue, nfad) #:nodoc:
|
69
|
+
@queue = queue
|
68
70
|
@nfad = nfad
|
69
71
|
|
70
72
|
phdr = Queue.nfq_get_msg_packet_hdr(nfad)
|
71
73
|
hdr = Header.new(phdr)
|
72
74
|
|
73
75
|
@id = [ hdr[:packet_id] ].pack("N").unpack("V")[0]
|
76
|
+
@protocol = [ hdr[:hw_protocol] ].pack('n').unpack("v")[0]
|
77
|
+
end
|
78
|
+
|
79
|
+
#
|
80
|
+
# The netfilter mark.
|
81
|
+
#
|
82
|
+
def nfmark
|
83
|
+
Queue.nfq_get_nfmark(@nfad)
|
74
84
|
end
|
75
85
|
|
76
86
|
#
|
@@ -178,7 +188,7 @@ module Netfilter
|
|
178
188
|
private
|
179
189
|
|
180
190
|
def get_interface_name(index)
|
181
|
-
iface =
|
191
|
+
iface = @queue.net_interfaces[index]
|
182
192
|
if iface
|
183
193
|
iface[:name]
|
184
194
|
end
|
@@ -232,10 +242,16 @@ module Netfilter
|
|
232
242
|
PACKET = 2
|
233
243
|
end
|
234
244
|
|
245
|
+
attr_reader :queue_number
|
246
|
+
attr_reader :net_interfaces
|
247
|
+
|
235
248
|
#
|
236
249
|
# Creates a new Queue at slot _qnumber_.
|
237
250
|
#
|
238
251
|
def initialize(qnumber, mode = CopyMode::PACKET)
|
252
|
+
@queue_number = qnumber
|
253
|
+
@net_interfaces = Netfilter::Netlink.interfaces
|
254
|
+
|
239
255
|
@conn_handle = Queue.nfq_open
|
240
256
|
raise QueueError, "nfq_open has failed" if @conn_handle.null?
|
241
257
|
|
@@ -290,8 +306,14 @@ module Netfilter
|
|
290
306
|
raise QueueError, "nfq_fd has failed" if fd < 0
|
291
307
|
|
292
308
|
io = IO.new(fd)
|
293
|
-
|
294
|
-
|
309
|
+
io.autoclose = false
|
310
|
+
|
311
|
+
begin
|
312
|
+
while data = io.sysread(4096)
|
313
|
+
Queue.nfq_handle_packet(@conn_handle, data, data.size)
|
314
|
+
end
|
315
|
+
ensure
|
316
|
+
io.close
|
295
317
|
end
|
296
318
|
end
|
297
319
|
|
@@ -309,14 +331,18 @@ module Netfilter
|
|
309
331
|
#
|
310
332
|
def self.create(qnumber, mode = CopyMode::PACKET, &callback)
|
311
333
|
queue = self.new(qnumber, mode)
|
312
|
-
|
313
|
-
|
334
|
+
|
335
|
+
begin
|
336
|
+
queue.process(&callback)
|
337
|
+
ensure
|
338
|
+
queue.destroy
|
339
|
+
end
|
314
340
|
end
|
315
341
|
|
316
342
|
private
|
317
343
|
|
318
344
|
def callback_handler(qhandler, nfmsg, nfad, data) #:nodoc:
|
319
|
-
packet = Packet.new(nfad)
|
345
|
+
packet = Packet.new(self, nfad)
|
320
346
|
verdict = @callback[packet]
|
321
347
|
|
322
348
|
data = packet.data
|
data/samples/packetdump.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nfqueue
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Guillaume Delugré
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-12-
|
11
|
+
date: 2014-12-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|
@@ -46,10 +46,10 @@ extensions: []
|
|
46
46
|
extra_rdoc_files: []
|
47
47
|
files:
|
48
48
|
- COPYING
|
49
|
-
- README
|
49
|
+
- README.md
|
50
50
|
- lib/nfqueue.rb
|
51
51
|
- samples/packetdump.rb
|
52
|
-
homepage: http://
|
52
|
+
homepage: http://github.com/gdelugre/ruby-nfqueue
|
53
53
|
licenses:
|
54
54
|
- GPL
|
55
55
|
metadata: {}
|
data/README
DELETED
@@ -1,32 +0,0 @@
|
|
1
|
-
---
|
2
|
-
|
3
|
-
* Description of nfqueue
|
4
|
-
|
5
|
-
nfqueue is a tiny wrapper around libnetfilter_queue. It allows you to do some packet filtering very simply in a Ruby environment.
|
6
|
-
|
7
|
-
For example, plugging on the #0 queue:
|
8
|
-
|
9
|
-
require 'nfqueue'
|
10
|
-
|
11
|
-
system('sudo iptables -A OUTPUT -p tcp --dport 80 -j NFQUEUE --queue-num 0')
|
12
|
-
|
13
|
-
Netfilter::Queue.create(0) do |packet|
|
14
|
-
puts "Inspecting packet ##{packet.id}"
|
15
|
-
|
16
|
-
p packet.data
|
17
|
-
Netfilter::Packet::ACCEPT
|
18
|
-
end
|
19
|
-
|
20
|
-
|
21
|
-
You basically need to have kernel support for NFQUEUE and libnetfilter_queue installed to get it working.
|
22
|
-
|
23
|
-
|
24
|
-
* Dependencies
|
25
|
-
|
26
|
-
nfqueue depends on ffi (https://github.com/ffi/ffi/wiki/)
|
27
|
-
|
28
|
-
|
29
|
-
* Contact
|
30
|
-
|
31
|
-
Guillaume Delugré, guillaume at security-labs dot org
|
32
|
-
|