lua-netfilter_log - Lua bindings for libnetfilter_log

Warning

The Lua bindings for libnetfilter_log provided here are not complete and in a very early stage of development, thus do not use them in a production environment!

Build Dependencies

• cmake

• libnetfilter_log

Installing

Install from git

Clone the git repository

git clone git://github.com/morfoh/lua-netfilter_log.git

cd lua-netfilter_log

Prepare a dedicated build directory

mkdir build

cd build

Generate Makefiles and related build infrastructure

cmake ../

Alternatively you can specify the path where to install the module

cmake ../ -DINSTALL_CMOD=/usr/local/lib/lua/5.1

Compile the module

make

Install the module

sudo make install

Install using lua-rocks

curl -O "https://github.com/morfoh/lua-netfilter_log/raw/master/lua-netfilter_log-scm-0.rockspec"

luarocks install lua-netfilter_log-scm-0.rockspec

Simple Test

log all incoming ICMP

iptables -A INPUT --protocol icmp -j NFLOG --nflog-group 0 --nflog-prefix="icmp-in"

log all outgoing ICMP

iptables -A OUTPUT --protocol icmp -j NFLOG --nflog-group 1 --nflog-prefix="icmp-out"

run the test as superuser

sudo lua test.lua

nflog_unbind:   0
nflog_bind:     0
gh0 =   nflog_group: 0x8a28438, flags=1
gh1 =   nflog_group: 0x8a28568, flags=1
nflog_set_mode: 0
fd =    3
gh0:callback =  0
gh1:callback =  0

If you are going to use ping to send ICMP echo packets to some host, you should see log output similar to the following.

example log output

nflog_callback():       nflog_group: 0x8a28568, flags=1 userdata: 0xbf9e45cc    nflog_data: 0xbf9e447c, flags=0 nil
print_pkt(): nfmark=0 prefix=icmp-out hwtype=0 indev=0 physindev=0 outdev=3 physoutdev=0 hwhdrlen=0
handle_packet(): rc=    0
nflog_callback():       nflog_group: 0x8a28438, flags=1 userdata: 0xbf9e45cc    nflog_data: 0xbf9e447c, flags=0 nil
print_pkt(): nfmark=0 prefix=icmp-in hwtype=1 indev=3 physindev=0 outdev=0 physoutdev=0 hwhdrlen=14
handle_packet(): rc=    0

Development

Re-generating the bindings

By default CMake will use the pre-generated bindings that are include in the project.

To be able to re-generate the bindings, you will need to install LuaNativeObjects and set the CMake variable USE_PRE_GENERATED_BINDINGS to FALSE.

cmake ../ -DUSE_PRE_GENERATED_BINDINGS=FALSE

Mandantory for re-generating Lua bindings from *.nobj.lua files:

• LuaNativeObjects, this is the bindings generator used to convert the *.nobj.lua files into a native Lua module.

Optional for re-generating documentation

• luadoc

To not re-generate documentation by luadocs when re-generating the bindings you have to to set the CMake variable GENERATE_LUADOCS to FALSE.

cmake ../ -DUSE_PRE_GENERATED_BINDINGS=FALSE -DGENERATE_LUADOCS=FALSE