One of the things that bothers me about the oh so glorious Opensource is the lack of updated examples. Sure there is the "you-can-read-the-code" yourself attitude, which I find has a repugnant and arrogant odor to it... or the smash your head into the keyboard attitude until you figure it out. Thankfully, I did the smashing and realized that the ULOG and NFLOG examples in the libnetfilter_log code are incorrect. In fact, the ULOG component is outdated and NFLOG is its replacement, but I found a copy of
What I have done is packaged up the working code, modified the examples a bit and wrote how to use them. Assuming that you already have iptables already installed and for the sake of making things easy lets grab libnfnetlink.
Grab these tarballs:
- https://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnfnetlink.git;a=snapshot;h=4248314d4018739ba3d9a5b2b7b82097a1298a5b;sf=tgz
- https://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_log.git;a=snapshot;h=fee63b81ee432d0b3e03ffcf9f54cda99476f267;sf=tgz
- My Libnetfilter ULOG/NFLOG Fixes Tarball
Next untar them, using tar -xzvf Package name
-
tar -xzvf libnfnetlink-HEAD-4248314.tar.gz
-
tar -xzvf libnetfilter_log-HEAD-fee63b8.tar.gz
Change directories so you are in libnfnetlink and run the following commands:
-
cd libnfnetlink-HEAD-4248314
-
./autogen.sh
-
./configure
-
make
-
sudo make install
Untar my adjusted files that are contained in libnfnetfilter_log_mod.tar.gz and run the following commands
-
tar -xzvf libnetfilter_log_mod.tar.gz
-
cd libnetfilter_log_mod
-
cp ulog_test.c nfulnl_test.c ../libnetfilter_log-HEAD-fee63b8/utils
-
cp libipulog.c ../libnetfilter_log-HEAD-fee63b8/src/libipulog_compat.c
-
cp libipulog.h ../libnetfilter_log-HEAD-fee63b8/include/libnetfilter_log/libipulog.h
Change directories so you are in libnfnetfilter_log and run the following commands:
-
cd ../libnetfilter_log-HEAD-fee63b8
-
./autogen.sh
-
./configure
-
make
-
sudo make install
Testing libnetfilter_log
Now go into the utils directory and run the following commands to build the example programs:
-
make ulog_test
-
make nfulnl_test
To use these test applications you must have some firewall rules that will allow ULOG/NFLOG to send messages to these applications from the Kernel. Create a shell script that looks like:
-
#!/bin/sh
-
# Chain name for accept and log
-
CN_AnLOG="LOGTARGET"
-
# Ulog Snap length
-
ULOG_SNAP_LEN="256"
-
# Ulog NLGroup
-
ULOG_NLGROUP="10"
-
# Log prefix
-
PREFIX_STR="ulog-test"
-
# Setup chains
-
iptables -N $ULOG_Chain 2>/dev/null 1>/dev/null
-
iptables -F $ULOG_Chain 2>/dev/null 1>/dev/null
-
# prep ULOG for LOGGED PACKETS
-
iptables -N $ULOG_Chain 2>/dev/null 1>/dev/null
-
iptables -F $ULOG_Chain 2>/dev/null 1>/dev/null
-
iptables -A $ULOG_Chain -j ULOG --ulog-nlgroup $ULOG_NLGROUP --ulog-cprange $ULOG_SNAP_LEN --ulog-prefix $PREFIX_STR --ulog-qthreshold 1
-
iptables -A $ULOG_Chain -j NFLOG --nflog-group $ULOG_NLGROUP --nflog-range $ULOG_SNAP_LEN --nflog-prefix $PREFIX_STR --nflog-threshold 1
-
iptables -A INPUT -j LOGTARGET
-
iptables -A $ULOG_Chain -j ACCEPT
Then these test applications can be ran using - note 10 is the nlgroup that these applications will be listening on:
-
ping whateverIPyourApplicationIsOn
-
sudo ./ulog_test 1000 10 1
-
sudo ./nfulnl_test 10
Compiling Your Program Using libnetfilter_log library
Should you want to use libnetfilter_log in your program - make sure that you have the following headers:
-
#include <libnetfilter_log/libipulog.h>
-
#include <libnetfilter_log/libnetfilter_log.h>
Then your makefile contains a directive so that the linker knows to look in /usr/local/lib and you should also run sudo ldconfig /usr/local/lib"
Blog tags:
| Attachment | Size |
|---|---|
 libnetfilter_log_mod.tar.gz | 4.34 KB |
Add new comment