Fast python library encapsulating the nfqueue netlink interface.
Project description
fnfqueue
Fast netfilter nfqueue python and C interface. Gets the speed from
- avoiding memory allocation
- batching reads (uses
recv_mmsg)
It also does not use the callback-like interface of libnetfilter-queue and provides a more python like iterator interface. Additionally, it doesn't assume anything and therefore doesn't automatically set verdicts on packets (unlike python-nfqueue in debian which accepts everything after you return from the callback...)
It can handle ping -f (even iperf if the moon is in the right spot) to localhost from within python.
Focus is on a python like interface.
Short example for mangling packets:
iptables -A OUTPUT <filter here> -j NFQUEUE --queue-num 1
import fnfqueue
queue = 1
conn = nfqueue.Connection()
try:
q = conn.bind(queue)
q.set_mode(0xffff, nfqueue.COPY_PACKET)
except PermissionError:
print("Access denied; Do I have root rights or the needed capabilities?")
sys.exit(-1)
while True:
try:
for packet in conn:
packet.payload = packet.payload # modify the packet here
packet.mangle()
except nfqueue.BufferOverflowException:
print("buffer error")
pass
conn.close()
Help is provided as python docs.
No C libraries are needed. Needs cffi for building. Kernel and libc must be recent enough to support nfqueue and recvmmsg (linux 2.6.33, glibc 2.12 - more recent kernels provide better performance).
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file fnfqueue-1.0.tar.gz.
File metadata
- Download URL: fnfqueue-1.0.tar.gz
- Upload date:
- Size: 11.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
06f2e53f2231ab081f5cc6c3d1735493db0169369284fca6187f67ce3f2c53d1
|
|
| MD5 |
7b1c2532cf63d625992c813e766d1cee
|
|
| BLAKE2b-256 |
fd6a5091fb64da9d8d3b4e1c60cd0d19055b459422f388cb2fd3d8240dbee739
|
