Get libnetfilter_log AND Working Examples For ULOG and NFLOG

One of the things that bothers me about the oh so glorious Opensource is the lack of updated examples. Sure there is the "you-can-read-the-code" yourself attitude, which I find has a repugnant and arrogant odor to it... or the smash your head into the keyboard attitude until you figure it out. Thankfully, I did the smashing and realized that the ULOG and NFLOG examples in the libnetfilter_log code are incorrect. In fact, the ULOG component is outdated and NFLOG is its replacement, but I found a copy of working source in ULOGD's source code - I needed ULOG functionality for old code.

What I have done is packaged up the working code, modified the examples a bit and wrote how to use them. Assuming that you already have iptables already installed and for the sake of making things easy lets grab libnfnetlink.

Grab these tarballs:

  • https://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnfnetlink.git;a=snapshot;h=4248314d4018739ba3d9a5b2b7b82097a1298a5b;sf=tgz
  • https://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_log.git;a=snapshot;h=fee63b81ee432d0b3e03ffcf9f54cda99476f267;sf=tgz
  • My Libnetfilter ULOG/NFLOG Fixes Tarball

Next untar them, using tar -xzvf Package name

  1. tar -xzvf libnfnetlink-HEAD-4248314.tar.gz
  2. tar -xzvf libnetfilter_log-HEAD-fee63b8.tar.gz

Change directories so you are in libnfnetlink and run the following commands:

  1. cd libnfnetlink-HEAD-4248314
  2. ./autogen.sh
  3. ./configure
  4. make
  5. sudo make install

Untar my adjusted files that are contained in libnfnetfilter_log_mod.tar.gz and run the following commands

  1. tar -xzvf libnetfilter_log_mod.tar.gz
  2. cd libnetfilter_log_mod
  3. cp ulog_test.c nfulnl_test.c ../libnetfilter_log-HEAD-fee63b8/utils
  4. cp libipulog.c ../libnetfilter_log-HEAD-fee63b8/src/libipulog_compat.c
  5. cp libipulog.h ../libnetfilter_log-HEAD-fee63b8/include/libnetfilter_log/libipulog.h

Change directories so you are in libnfnetfilter_log and run the following commands:

  1. cd ../libnetfilter_log-HEAD-fee63b8
  2. ./autogen.sh
  3. ./configure
  4. make
  5. sudo make install

Testing libnetfilter_log

Now go into the utils directory and run the following commands to build the example programs:

  1. make ulog_test
  2. make nfulnl_test

To use these test applications you must have some firewall rules that will allow ULOG/NFLOG to send messages to these applications from the Kernel. Create a shell script that looks like:

  1. #!/bin/sh
  2. # Chain name for accept and log
  3. CN_AnLOG="LOGTARGET"
  4. # Ulog Snap length
  5. ULOG_SNAP_LEN="256"
  6. # Ulog NLGroup
  7. ULOG_NLGROUP="10"
  8. # Log prefix
  9. PREFIX_STR="ulog-test"
  10. # Setup chains
  11. iptables -N $ULOG_Chain 2>/dev/null 1>/dev/null
  12. iptables -F $ULOG_Chain 2>/dev/null 1>/dev/null
  13. # prep ULOG for LOGGED PACKETS
  14. iptables -N $ULOG_Chain 2>/dev/null 1>/dev/null
  15. iptables -F $ULOG_Chain 2>/dev/null 1>/dev/null
  16. iptables -A $ULOG_Chain -j ULOG --ulog-nlgroup $ULOG_NLGROUP --ulog-cprange $ULOG_SNAP_LEN --ulog-prefix $PREFIX_STR --ulog-qthreshold 1
  17. iptables -A $ULOG_Chain -j NFLOG --nflog-group $ULOG_NLGROUP --nflog-range $ULOG_SNAP_LEN --nflog-prefix $PREFIX_STR --nflog-threshold 1
  18. iptables -A INPUT -j LOGTARGET
  19. iptables -A $ULOG_Chain -j ACCEPT

Then these test applications can be ran using - note 10 is the nlgroup that these applications will be listening on:

  1. ping whateverIPyourApplicationIsOn
  2. sudo ./ulog_test 1000 10 1
  3. sudo ./nfulnl_test 10

Compiling Your Program Using libnetfilter_log library

Should you want to use libnetfilter_log in your program - make sure that you have the following headers:

  1. #include <libnetfilter_log/libipulog.h>
  2. #include <libnetfilter_log/libnetfilter_log.h>

Then your makefile contains a directive so that the linker knows to look in /usr/local/lib and you should also run sudo ldconfig /usr/local/lib"

Blog tags: 

AttachmentSize
libnetfilter_log_mod.tar.gz4.34 KB

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.