RubyGems - nfqueue - Versions diffs - 1.0.1 → 1.0.2 - Mend

nfqueue 1.0.1 → 1.0.2

Files changed (5) hide show

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3665707fbf433eb685f566b9bffc521b066e6d67
+  data.tar.gz: ddb59d9dd9094b3720dc052ea8a60a5e0368733b
+SHA512:
+  metadata.gz: 3b7d4d82ecf55fc514b779c08e38313bfa69511c80715baba78e1dd372b967c1dbf6b070142c97b6851a3f48a6f4c5eedaa877709c28fa3653530f37dfbe1918
+  data.tar.gz: f83e2aaa2ed7f1d3054fea5a6c39ae17145d51284aab1255122e5eaeaec264eb4f4e9ac9fb4806952b71c1bf3e40a16e5feb445b4f1ecdac560a8e22d1925329

data/README CHANGED

@@ -3,7 +3,6 @@
 * Description of nfqueue
 nfqueue is a tiny wrapper around libnetfilter_queue. It allows you to do some packet filtering very simply in a Ruby environment.
-Network packets can either be inspected or modified on-the-fly.
 For example, plugging on the #0 queue:
@@ -12,7 +11,7 @@ require 'nfqueue'
 system('sudo iptables -A OUTPUT -p tcp --dport 80 -j NFQUEUE --queue-num 0')
 Netfilter::Queue.create(0) do |packet|
-  puts "Inspecting packet #" + packet.id
+  puts "Inspecting packet ##{packet.id}"
   p packet.data
   Netfilter::Packet::ACCEPT

data/lib/nfqueue.rb CHANGED

@@ -3,13 +3,13 @@
 =begin
 = File
-	nfqueue.rb
+  nfqueue.rb
 = Author
-  Guillaume Delugré, guillaume(at)security-labs.org
+  Guillaume Delugré <guillaume AT security-labs DOT org>
 = Info
-	This program is free software: you can redistribute it and/or modify
+  This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.
@@ -19,7 +19,7 @@
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
-  You should have received a copy of the GNU Lesser General Public License
+  You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 =end
@@ -28,268 +28,313 @@
 require 'rubygems'
 require 'ffi'
 require 'socket'
+require 'nfnetlink'
 module Netfilter
-  #
-  # This class represents a packet filtered by a Netfilter::Queue.
-  #
-  class Packet
+    #
+    # This class represents a packet filtered by a Netfilter::Queue.
+    #
+    class Packet
-    class Timeval < FFI::Struct #:nodoc:
-      layout :tv_sec, :ulong,
-        :tv_usec, :ulong
-    end
+        class Timeval < FFI::Struct #:nodoc:
+            layout :tv_sec, :ulong,
+                :tv_usec, :ulong
+        end
-    class Header < FFI::Struct #:nodoc:
-      layout :packet_id, :uint32,
-        :hw_protocol, :uint16,
-        :hook, :uint8
-    end
+        class Header < FFI::Struct #:nodoc:
+            layout :packet_id, :uint32,
+                :hw_protocol, :uint16,
+                :hook, :uint8
+        end
-    class HardwareAddress < FFI::Struct #:nodoc:
-      layout :hw_addrlen, :uint16,
-        :__pad, :uint16,
-        :hw_addr, [:uint8, 8]
-    end
+        class HardwareAddress < FFI::Struct #:nodoc:
+            layout :hw_addrlen, :uint16,
+                :__pad, :uint16,
+                :hw_addr, [:uint8, 8]
+        end
-    DROP    = 0
-    ACCEPT  = 1
-    STOLEN  = 2
-    QUEUE   = 3
-    REPEAT  = 4
-    STOP    = 5
+        DROP    = 0
+        ACCEPT  = 1
+        STOLEN  = 2
+        QUEUE   = 3
+        REPEAT  = 4
+        STOP    = 5
-    attr_reader :id
-    attr_writer :data
+        attr_reader :id
+        attr_writer :data
-    def initialize(nfad) #:nodoc:
-      @nfad = nfad
+        def initialize(nfad) #:nodoc:
+            @nfad = nfad
-      phdr = Queue.nfq_get_msg_packet_hdr(nfad)
-      hdr = Header.new(phdr)
+            phdr = Queue.nfq_get_msg_packet_hdr(nfad)
+            hdr = Header.new(phdr)
-      @id = [ hdr[:packet_id] ].pack("N").unpack("V")[0]
-    end
+            @id = [ hdr[:packet_id] ].pack("N").unpack("V")[0]
+        end
-    #
-    # The packet timestamp.
-    #
-    def timestamp
-      ptv = FFI::MemoryPointer.new :pointer
-      tv = Timeval.new(ptv)
-      if Queue.nfq_get_timestamp(@nfad, ptv) < 0
-        0
-      else
-        Time.at(tv[:tv_sec])
-      end
-    end
+        #
+        # The packet timestamp.
+        #
+        def timestamp
+            ptv = FFI::MemoryPointer.new :pointer
+            tv = Timeval.new(ptv)
+            if Queue.nfq_get_timestamp(@nfad, ptv) < 0
+                0
+            else
+                Time.at(tv[:tv_sec])
+            end
+        end
-    #
-    # The index of the device the queued packet was received via.
-    # If the return index is 0, the packet was locally generated or the input interface is not known (ie. POSTROUTING?).
-    #
-    def indev
-      Queue.nfq_get_indev(@nfad)
-    end
+        #
+        # The index of the device the queued packet was received via.
+        # If the return index is 0, the packet was locally generated or the input interface is not known (ie. POSTROUTING?).
+        #
+        def indev
+            Queue.nfq_get_indev(@nfad)
+        end
-    #
-    # The index of the physical device the queued packet was received via.
-    # If the returned index is 0, the packet was locally generated or the physical input interface is no longer known (ie. POSTROUTING).
-    #
-    def phys_indev
-      Queue.nfq_get_physindev(@nfad)
-    end
+        #
+        # The name of the interface this packet was received through.
+        #
+        def indev_name
+            get_interface_name(self.indev)
+        end
-    #
-    # The index of the device the queued packet will be sent out.
-    # It the returned index is 0, the packet is destined for localhost or the output interface is not yet known (ie. PREROUTING?).
-    #
-    def outdev
-      Queue.nfq_get_outdev(@nfad)
-    end
+        #
+        # The index of the physical device the queued packet was received via.
+        # If the returned index is 0, the packet was locally generated or the physical input interface is no longer known (ie. POSTROUTING).
+        #
+        def phys_indev
+            Queue.nfq_get_physindev(@nfad)
+        end
-    #
-    # The index of the physical device the queued packet will be sent out.
-    # If the returned index is 0, the packet is destined for localhost or the physical output interface is not yet known (ie. PREROUTING).
-    #
-    def phys_outdev
-      Queue.nfq_get_physoutdev(@nfad)
-    end
+        #
+        # The name of the physical interface this packet was received through.
+        #
+        def phys_indev_name
+            get_interface_name(self.phys_indev)
+        end
-    #
-    # The source hardware address.
-    #
-    def hw_addr
-      phw = Queue.nfq_get_packet_hw(@nfad)
-      return nil if phw.null?
+        #
+        # The index of the device the queued packet will be sent out.
+        # It the returned index is 0, the packet is destined for localhost or the output interface is not yet known (ie. PREROUTING?).
+        #
+        def outdev
+            Queue.nfq_get_outdev(@nfad)
+        end
-      hw = HardwareAddress.new(phw)
-      hw[:hw_addr][0, hw[:hw_addrlen]]
-    end
+        #
+        # The name of the interface this packet will be routed to.
+        #
+        def outdev_name
+            get_interface_name(self.outdev)
+        end
-    #
-    # The packet contents.
-    #
-    def data
-      if @data.nil?
-        pdata = FFI::MemoryPointer.new(:pointer, 1)
-        size = Queue.nfq_get_payload(@nfad, pdata)
-        if size < 0
-          raise QueueError, "nfq_get_payload has failed"
+        #
+        # The index of the physical device the queued packet will be sent out.
+        # If the returned index is 0, the packet is destined for localhost or the physical output interface is not yet known (ie. PREROUTING).
+        #
+        def phys_outdev
+            Queue.nfq_get_physoutdev(@nfad)
         end
+        #
+        # The name of the physical interface this packet will be routed to.
+        #
+        def phys_outdev_name
+            get_interface_name(self.phys_outdev)
+        end
+        #
+        # The source hardware address.
+        #
+        def hw_addr
+            phw = Queue.nfq_get_packet_hw(@nfad)
+            return nil if phw.null?
+            hw = HardwareAddress.new(phw)
+            hw_addrlen = [ hw[:hw_addrlen] ].pack('v').unpack('n')[0]
+            hw[:hw_addr].to_ptr.read_bytes(hw_addrlen)
+        end
+        #
+        # The packet contents.
+        #
+        def data
+            if @data.nil?
+                pdata = FFI::MemoryPointer.new(:pointer, 1)
+                size = Queue.nfq_get_payload(@nfad, pdata)
+                if size < 0
+                    raise QueueError, "nfq_get_payload has failed"
+                end
-        @data = pdata.read_pointer.read_string(size)
-      else
-        @data
-      end
-    end
-  end
-  #
-  # Class representing a Netfilter Queue.
-  #
-  class QueueError < Exception; end
-  class Queue
-    extend FFI::Library
-    ffi_lib 'libnetfilter_queue'
-    attach_function 'nfq_open', [], :pointer
-    attach_function 'nfq_open_nfnl', [:pointer], :pointer
-    attach_function 'nfq_close', [:pointer], :int
-    attach_function 'nfq_bind_pf', [:pointer, :uint16], :int
-    attach_function 'nfq_unbind_pf', [:pointer, :uint16], :int
-    attach_function 'nfq_nfnlh', [:pointer], :pointer
-    attach_function 'nfq_fd', [:pointer], :int
-    callback :nfq_callback, [:pointer, :pointer, :pointer, :buffer_in], :int
-    attach_function 'nfq_create_queue', [:pointer, :uint16, :nfq_callback, :buffer_in], :pointer
-    attach_function 'nfq_destroy_queue', [:pointer], :int
-    attach_function 'nfq_handle_packet', [:pointer, :buffer_in, :int], :int
-    attach_function 'nfq_set_mode', [:pointer, :uint8, :uint32], :int
-    attach_function 'nfq_set_queue_maxlen', [:pointer, :uint32], :int
-    attach_function 'nfq_set_verdict', [:pointer, :uint32, :uint32, :uint32, :buffer_in], :int
-    attach_function 'nfq_set_verdict_mark', [:pointer, :uint32, :uint32, :uint32, :uint32, :buffer_in], :int
-    attach_function 'nfq_get_msg_packet_hdr', [:pointer], :pointer
-    attach_function 'nfq_get_nfmark', [:pointer], :uint32
-    attach_function 'nfq_get_timestamp', [:pointer, :pointer], :int
-    attach_function 'nfq_get_indev', [:pointer], :int
-    attach_function 'nfq_get_physindev', [:pointer], :int
-    attach_function 'nfq_get_outdev', [:pointer], :int
-    attach_function 'nfq_get_physoutdev', [:pointer], :int
-    attach_function 'nfq_get_packet_hw', [:pointer], :pointer
-    attach_function 'nfq_get_payload', [:pointer, :pointer], :int
-    module CopyMode
-      NONE = 0
-      META = 1
-      PACKET = 2
+                @data = pdata.read_pointer.read_bytes(size)
+            else
+                @data
+            end
+        end
+        private
+        def get_interface_name(index)
+            iface = Netfilter::Netlink.interfaces[index]
+            if iface
+                iface[:name]
+            end
+        end
     end
     #
-    # Creates a new Queue at slot _qnumber_.
+    # Class representing a Netfilter Queue.
     #
-    def initialize(qnumber, mode = CopyMode::PACKET)
-      @conn_handle = Queue.nfq_open
-      raise QueueError, "nfq_open has failed" if @conn_handle.null?
-      if Queue.nfq_unbind_pf(@conn_handle, Socket::AF_INET) < 0
-        close
-        raise QueueError, "nfq_unbind_pf has failed"
-      end
+    class QueueError < Exception; end
+    class Queue
+        extend FFI::Library
+        begin
+            ffi_lib 'libnetfilter_queue'
+        rescue LoadError => exc
+            STDERR.puts(exc.message)
+            STDERR.puts "Please check that libnetfilter_queue is installed on your system."
+            abort
+        end
+        attach_function 'nfq_open', [], :pointer
+        attach_function 'nfq_open_nfnl', [:pointer], :pointer
+        attach_function 'nfq_close', [:pointer], :int
+        attach_function 'nfq_bind_pf', [:pointer, :uint16], :int
+        attach_function 'nfq_unbind_pf', [:pointer, :uint16], :int
+        attach_function 'nfq_nfnlh', [:pointer], :pointer
+        attach_function 'nfq_fd', [:pointer], :int
+        callback :nfq_callback, [:pointer, :pointer, :pointer, :buffer_in], :int
+        attach_function 'nfq_create_queue', [:pointer, :uint16, :nfq_callback, :buffer_in], :pointer
+        attach_function 'nfq_destroy_queue', [:pointer], :int
+        attach_function 'nfq_handle_packet', [:pointer, :buffer_in, :int], :int
+        attach_function 'nfq_set_mode', [:pointer, :uint8, :uint32], :int
+        attach_function 'nfq_set_queue_maxlen', [:pointer, :uint32], :int
+        attach_function 'nfq_set_verdict', [:pointer, :uint32, :uint32, :uint32, :buffer_in], :int
+        attach_function 'nfq_set_verdict_mark', [:pointer, :uint32, :uint32, :uint32, :uint32, :buffer_in], :int
+        attach_function 'nfq_get_msg_packet_hdr', [:pointer], :pointer
+        attach_function 'nfq_get_nfmark', [:pointer], :uint32
+        attach_function 'nfq_get_timestamp', [:pointer, :pointer], :int
+        attach_function 'nfq_get_indev', [:pointer], :int
+        attach_function 'nfq_get_physindev', [:pointer], :int
+        attach_function 'nfq_get_outdev', [:pointer], :int
+        attach_function 'nfq_get_physoutdev', [:pointer], :int
+        attach_function 'nfq_get_packet_hw', [:pointer], :pointer
+        attach_function 'nfq_get_payload', [:pointer, :pointer], :int
+        module CopyMode
+          NONE = 0
+          META = 1
+          PACKET = 2
+        end
+        #
+        # Creates a new Queue at slot _qnumber_.
+        #
+        def initialize(qnumber, mode = CopyMode::PACKET)
+            @conn_handle = Queue.nfq_open
+            raise QueueError, "nfq_open has failed" if @conn_handle.null?
+            if Queue.nfq_unbind_pf(@conn_handle, Socket::AF_INET) < 0
+                close
+                raise QueueError, "nfq_unbind_pf has failed"
+            end
-      if Queue.nfq_bind_pf(@conn_handle, Socket::AF_INET) < 0
-        close
-        raise QueueError, "nfq_unbind_pf has failed"
-      end
-      @qhandle = Queue.nfq_create_queue(@conn_handle, qnumber, method(:callback_handler), nil)
-      if @qhandle.null?
-        close
-        raise QueueError, "nfq_create_queue has failed" if @qhandle.null?
-      end
-      set_mode(mode)
-    end
+            if Queue.nfq_bind_pf(@conn_handle, Socket::AF_INET) < 0
+                close
+                raise QueueError, "nfq_unbind_pf has failed"
+            end
+            @qhandle = Queue.nfq_create_queue(@conn_handle, qnumber, method(:callback_handler), nil)
+            if @qhandle.null?
+                close
+                raise QueueError, "nfq_create_queue has failed" if @qhandle.null?
+            end
+            set_mode(mode)
+        end
-    #
-    # Changes the copy mode for the queue.
-    #
-    def set_mode(mode, range = 0xffff_ffff)
-      if Queue.nfq_set_mode(@qhandle, mode, range) < 0
-        raise QueueError, "nfq_set_mode has failed"
-      end
+        #
+        # Changes the copy mode for the queue.
+        #
+        def set_mode(mode, range = 0xffff_ffff)
+            if Queue.nfq_set_mode(@qhandle, mode, range) < 0
+                raise QueueError, "nfq_set_mode has failed"
+            end
-      self
-    end
+            self
+        end
-    #
-    # Sets the maximum number of elements in the queue.
-    #
-    def set_max_length(len)
-      if Queue.nfq_set_queue_maxlen(@qhandle, len) < 0
-        raise QueueError, "nfq_queue_maxlen has failed"
-      end
+        #
+        # Sets the maximum number of elements in the queue.
+        #
+        def set_max_length(len)
+            if Queue.nfq_set_queue_maxlen(@qhandle, len) < 0
+                raise QueueError, "nfq_queue_maxlen has failed"
+            end
-      self
-    end
+            self
+        end
-    #
-    # Processes packets in the queue, passing them through the provided callback.
-    #
-    def process(&callback)
-      @callback = callback
+        #
+        # Processes packets in the queue, passing them through the provided callback.
+        #
+        def process(&callback)
+            @callback = callback
-      fd = Queue.nfq_fd(@conn_handle)
-      raise QueueError, "nfq_fd has failed" if fd < 0
+            fd = Queue.nfq_fd(@conn_handle)
+            raise QueueError, "nfq_fd has failed" if fd < 0
-      io = IO.new(fd)
-      while data = io.sysread(4096)
-        Queue.nfq_handle_packet(@conn_handle, data, data.size)
-      end
-    end
+            io = IO.new(fd)
+            while data = io.sysread(4096)
+                Queue.nfq_handle_packet(@conn_handle, data, data.size)
+            end
+        end
-    #
-    # Close the queue.
-    #
-    def destroy
-      LibNetfilterQueue.nfq_destroy_queue(@qhandle)
-      close
-    end
+        #
+        # Close the queue.
+        #
+        def destroy
+            Queue.nfq_destroy_queue(@qhandle)
+            close
+        end
-    #
-    # Creates a new Queue with the provided callback.
-    # The queue will be automatically destroyed at return.
-    #
-    def self.create(qnumber, mode = CopyMode::PACKET, &callback)
-      queue = self.new(qnumber, mode)
-      queue.process(&callback)
-      queue.destroy
-    end
+        #
+        # Creates a new Queue with the provided callback.
+        # The queue will be automatically destroyed at return.
+        #
+        def self.create(qnumber, mode = CopyMode::PACKET, &callback)
+            queue = self.new(qnumber, mode)
+            queue.process(&callback)
+            queue.destroy
+        end
-    private
+        private
-    def callback_handler(qhandler, nfmsg, nfad, data) #:nodoc:
-      packet = Packet.new(nfad)
-      verdict = @callback[packet]
+        def callback_handler(qhandler, nfmsg, nfad, data) #:nodoc:
+            packet = Packet.new(nfad)
+            verdict = @callback[packet]
-      data = packet.data
-      Queue.nfq_set_verdict(
-        qhandler,
-        packet.id,
-        verdict,
-        data.size,
-        data
-      )
-    end
+            data = packet.data
+            Queue.nfq_set_verdict(
+                qhandler,
+                packet.id,
+                verdict,
+                data.size,
+                data
+            )
+        end
-    def close #:nodoc:
-      Queue.nfq_close(@conn_handle)
-    end
+        def close #:nodoc:
+            Queue.nfq_close(@conn_handle)
+        end
-  end
+    end
 end
 __END__
@@ -299,9 +344,9 @@ __END__
 system('sudo iptables -A OUTPUT -p tcp --dport 80 -j NFQUEUE --queue-num 0')
 Netfilter::Queue.create(0) do |packet|
-  puts packet.id
+    puts packet.id
-  p packet.data
-  Netfilter::Packet::ACCEPT
+    p packet.data
+    Netfilter::Packet::ACCEPT
 end

data/samples/packetdump.rb ADDED

@@ -0,0 +1,21 @@
+#!/usr/bin/env ruby
+require 'nfqueue'
+def mac_address(packet)
+    hw_addr = packet.hw_addr
+    return '??:??:??:??:??:??' if hw_addr.nil?
+    hw_addr.unpack('C*').map{|c| "%02x" % c}.join(':')
+end
+Netfilter::Queue.create(0) do |packet|
+    puts "New packet ##{packet.id} from interface #{packet.indev_name}"
+    puts "Ethernet address: #{mac_address(packet)}"
+    puts
+    puts packet.data.unpack('H*')[0]
+    puts '--'
+    Netfilter::Packet::ACCEPT
+end

metadata CHANGED

@@ -1,85 +1,78 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: nfqueue
-version: !ruby/object:Gem::Version
-  hash: 21
-  prerelease: false
-  segments:
-  - 1
-  - 0
-  - 1
-  version: 1.0.1
+version: !ruby/object:Gem::Version
+  version: 1.0.2
 platform: ruby
-authors:
-- "Guillaume Delugr\xC3\xA9"
+authors:
+- Guillaume Delugré
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-05-30 00:00:00 +02:00
-default_executable:
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2014-12-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
   prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: nfnetlink
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: |
   nfqueue is a tiny wrapper around libnetfilter_queue. It allows you to very simply intercept and modify network traffic in a Ruby environment.
-  Network packets can either be inspected or modified on-the-fly.
-email: guillaume at security-labs dot org
+email: guillaume AT security-labs DOT org
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
-- README
+files:
 - COPYING
+- README
 - lib/nfqueue.rb
-has_rdoc: true
-homepage:
-licenses:
-- GPL-3
+- samples/packetdump.rb
+homepage: http://code.google.com/p/ruby-nfqueue
+licenses:
+- GPL
+metadata: {}
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
-requirements:
-- Support for NFQUEUE in your kernel, libnetfilter_queue installed and Ruby FFI
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements:
+- Support for NFQUEUE in your Linux kernel, libnetfilter_queue installed and Ruby
+  FFI
 rubyforge_project:
-rubygems_version: 1.3.7
+rubygems_version: 2.2.2
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: nfqueue is a simple wrapper around libnetfilter_queue using FFI.
 test_files: []