9. NFQueue bindings

   I am currently working (amongst other projects ..) on nfqueue-bindings, set of high-level modules for several languages (Python and Perl, for the moment), for libnetfilter_queue.

   The goal is to provide a library to gain access to packets queued by the kernel packet filter. For more details, see nfqueue-bindings project site.

   Current state

   Actually, you can

   • access the module in Perl or Python
   • create a queue connected to netfilter
   • register a callback
   • access the contents of the packet. As I do not want to do what was already done many times, I use some other libraries to decode the packet:
   • NetPacket::IP for Perl
   • dpkg for Python.
   • • If you know some other libraries, please let me know.
   • set the verdict (decision) to ACCEPT or DROP for the packet

   I have written some scripts to show what can be done in a few lines of code. The current examples are:

   • example Perl script
   • example Python script
   • Packet dumper, in pcap format (use scapy)
   • HTTP request checker
   • A surprise I will present in a lightning talk at SSTIC :)

   I will make a release as soon as the code is stable (and can be installed).

   Examples

   Create and bind the queue (Perl)

   use nfqueue;
   
   use …

   read more

10. Sections and variables initialization

    Default init

    ANSI C requires all uninitialized static and global variables to be initialized with 0 (§6.7.8 of the C99 definition). This means you can rely on the following behavior:

    int global;
    void function() {
      printf("%d\n",global);
    }
    

    This will print 0, and it is guaranteed by the standard.

    However, this is not handled by the compiler. All you will be able to see is that the variable is put in the bss section:

    08049560 l     O .bss   00000004              static_var.1279
    08049564 g     O .bss   00000004              global_var
    

    It is the startup code of the linker which initializes the variables.

    The C compiler usually puts variables that are supposed to be initialized with 0 in the .bss section instead of the .data section. Opposed to the .data section, the .bss section does not contain actual data, it just specifies the size of all elements it contains. The C compiler just *assumes* that the linker, loader, or the startup code of the C library initializes this block of memory with 0. This is an optimization; .data elements occupy space in the image (or ROM or flash memory) and in RAM whereas .bss elements need to occupy RAM space only if …

    read more

11. bash hates twisted (me too, sometimes)

    I have a strange bug with bash shebang: when I try to give twistd as interpreter, bash tries to execute the script as a shell script !

    Here is a simple, not working, twisted script with a shebang:

    1 2	#! /usr/bin/twistd -y from twisted.application import internet, service

    Bash execution:

    $ bash -c ./test.tac
    from: can't read /var/mail/twisted.application
    

    Bash is trying to execute the script as a shell script ! (from is a shell command).

    Zsh execution:

    $ zsh -c ./test.tac
    Failed to load application: 'application'
    

    The error is correct (there is no application defined in the twisted script). It really looks like a bug in bash ..

    read more

12. Quilt, a patch management system (how to survive with many patches)

    Quilt is a nice tool to manage series of patches, and is particularly adapted to subversion (not very useful for git, the concept of patch series is integrated). It can manage dependant patches, edition, updating patches for a code change, etc.

    Start by telling quilt where to store patches:

    $ export QUILT_PATCHES=debian/patches
    

    Quilt will create the directory automatically when creating the first patch.

    Now, suppose we want to create a new patch, called my_nice_patch:

    $ quilt new my_nice_patch
    Patch my_nice_patch is now on top
    

    \On top\ ? quilt manages patches as a stack, so you will have to push patches to apply them, and pop to deapply.Now that we have a patch name, we have to mark the files we will modify in this patch:

    $ quilt add reports.py gather.py
    File reports.py added to patch my_nice_patch
    File gather.py added to patch my_nice_patch
    

    So far so good. Three commands, and we have done nothing :) Files can be modified using your favorite editor (subliminal hint: vim), as usual. At any moment, you can get the diff between your modifications and the unpatched files:

    quilt diff
    

    will print a standard diff.

    At this point, you have finished your patch. If …

    read more

« Page 2 / 2