Since version 7.0, gdb has gained the ability to execute Python scripts.
This allows to write gdb extensions, commands, or manipulate data in a
very easy way. It can also allow to manipulate graphic data (by spawning
commands in threads), change the program, or even write a firewall (ahem
..). I’ll assume you’re familiar with both gdb commands and basic Python scripts.
The first and very basic test is to check a simple command
(gdb) python print "Hello, world !"
Hello, world !
So far so good. Yet, printing hello world won’t help us to debug our
programs :)
The reference documentation can be found
here,
but does not really help for really manipulating data. I’ll try to give
a few examples here.
The Python script
The first thing to do is to write a script (we’ll call it
gdb-wzdftpd.py) containing the Python commands.
We will define a command to print the Glib’s type
GList,
with nodes and content (which is stored using a void*).
To define a new command, we have to create a new class inherited from
gdb.Command. This class has two mandatory methods, __init__ and
invoke.
I’m currently trying to generated interactive (and animated) charts in
Python + Qt. The wanted library would be:
portable: this is one of the reasons of the choice of PyQt
simple: same reason
interactive: I want to be able to select, for example, the slices of
a pie chart. A signal of events like Qt’s would be perfect
animated: this is useless, but looking at things like
AnyChart
or FusionCharts,
the result is really nice !
light on dependencies: relying on tons of libs makes the project
hard to maintain and not portable, especially for windows where
there is not packaging and dependency system.
free software
A quick search gave me the following products:
matplotlib: mostly for
scientific plots, but there is a nice number of options, a
well-documented API.
pyQwt: Python bindings for Qwt.
Again, it’s more scientific plot than charts
cairoplot: projects looks
dead (or in the "yeah, the project’s not finished, but we’re
recoding it in \$LANG to be faster" syndrome, which is more or
less the same). It generates images, though item maps can be
extracted. The name tells it, it uses Cairo.
pyCha: some nice
charts, uses Cairo. Very simple API (not …
I just released nfqueue-bindings 0.2 and nflog-bindings 0.1. Despite the
difference of versions, functions are almost the same :)
Here is a short diff since previous version:
Add af_family argument to bind operations (allow IPv6 binds)
Add notes on set_queue_maxlen requiring a kernel >= 2.6.20
bugfix: use queue number when creating queue
bugfix: really link Perl binding to Perl library
Fix cmake warning
The code for nfqueue-bindings is now almost ready, I have made some
progress since last week:
you can now modify packets in live, and send the new packet with the verdict
new functions are wrapped, and the creation of the queue can be done in one function
more examples
I have presented a special script for SSTIC,
using the weather to decide if a packet should be accepted or dropped
:)While the utility of the module still has to be proven, it is a good
example of how easy it is to use the new bindings.
The slides can be found online
here,
and contains some code examples (with some funny things ;). They are in
french, but they should be quite easy to understand.
Random ideas:
The Netfilter workshop will be held in Paris from 30 September to 3 October 2008.
Eric has presented nf3d, a nice tool to view netfilter logs (from ulogd2) in 3D.
Gamers will recognize a nice try to convert network logs into Guitar
Hero tracks ;)
I am currently working (amongst other projects ..) on
nfqueue-bindings,
set of high-level modules for several languages (Python and Perl, for
the moment), for
libnetfilter_queue.
The goal is to provide a library to gain access to packets queued by the
kernel packet filter. For more details, see nfqueue-bindings project
site.
Current state
Actually, you can
access the module in Perl or Python
create a queue connected to netfilter
register a callback
access the contents of the packet. As I do not want to do what was already done many times, I use some other libraries to decode the packet:
