Linux::Netfilter::Log - Read packets logged using the NFLOG mechanism
use Linux::Netfilter::Log qw(:constants); use Socket qw(PF_INET); my $log = Linux::Netfilter::Log->open(); eval { $log->unbind_pf(PF_INET) }; $log->bind_pf(PF_INET); my $group = $log->bind_group(0); $group->callback_register(sub { my ($packet) = @_; ... }); while(1) { $log->recv_and_process_one() or warn "Buffer filled!"; }
This module provides a wrapper around libnetfilter_log, allowing a Perl program to process packets logged using the NFLOG iptables target.
The libnetfilter_log constants may be imported from this module individually or using the :constants import tag.
libnetfilter_log
:constants
Constructor. Sets up an nflog handle and underlying netlink socket.
Binds the given nflog handle to process packets belonging to the given protocol family (ie. PF_INET, PF_INET6, etc).
Unbinds the given nflog handle from processing packets belonging to the given protocol family.
Creates a new Linux::Netfilter::Log::Group object bound to the chosen group number. Throws on failure.
Returns the file descriptor of the underlying netlink socket, for polling with select or similar.
select
Reads one Netlink message from the socket and processes it, invoking callbacks registered with Group->callback_register().
A single message may contain multiple packets, if the callback throws an exception, any which have not yet been processesed will be lost.
Returns true on success, false if recv() failed with ENOBUFS (indicating the buffer filled up and some messages have been lost). Any other recv() errors will trigger an exception.
recv()
The size of the buffer used to read netlink messages is currently fixed at 64k.
This is probably bigger than most people need, but if you intend to copy large packet payloads from the kernel AND queue multiple packets at a time, it may not be big enough (recv_and_process_one() will emit warnings upon possible truncation).
recv_and_process_one()
I will change this to be dynamically sized automatically in the future if I come up with an efficient way to do it (suggestions welcome).
Linux::Netfilter::Log::Group
Daniel Collins <daniel.collins@smoothwall.net>
Copyright (C) 2016 Smoothwall Ltd.
This library is free software; you may redistribute it and/or modify it under the same terms as Perl itself.
To install Linux::Netfilter::Log, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Linux::Netfilter::Log
CPAN shell
perl -MCPAN -e shell install Linux::Netfilter::Log
For more information on module installation, please visit the detailed CPAN module installation guide.