Metadata-Version: 2.1
Name: fnfqueue
Version: 1.1.2
Summary: Fast python library encapsulating the nfqueue netlink interface.
Home-page: https://github.com/notti/fnfqueue
Author: Gernot Vormayr
Author-email: gvormayr@gmail.com
License: MIT
Keywords: nfqueue netfilter netlink iptables firewall mangle
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Other Environment
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Telecommunications Industry
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: C
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Internet
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries
Classifier: Topic :: System :: Operating System Kernels :: Linux
Description-Content-Type: text/markdown
License-File: LICENSE

fnfqueue
========

[![Build Status](https://github.com/notti/fnfqueue/actions/workflows/main.yml/badge.svg)](https://github.com/notti/fnfqueue/actions)
[![Python Versions](https://img.shields.io/pypi/pyversions/fnfqueue.svg)](https://pypi.org/project/fnfqueue/)
[![PyPI - License](https://img.shields.io/pypi/l/fnfqueue.svg)](https://pypi.org/project/fnfqueue/)

Fast netfilter nfqueue python and C interface. Gets the speed from

- avoiding memory allocation
- batching reads (uses `recv_mmsg`)

It also does not use the callback-like interface of libnetfilter-queue and provides a more python like iterator interface. Additionally, it doesn't assume anything and therefore doesn't automatically set verdicts on packets (unlike python-nfqueue in debian which accepts everything after you return from the callback...)

It can handle `ping -f` (even `iperf` if the moon is in the right spot) to localhost from within python.

Focus is on a python like interface.

Short example for mangling packets:

```bash
iptables -A OUTPUT <filter here> -j NFQUEUE --queue-num 1
```

```python
import fnfqueue

queue = 1
conn = fnfqueue.Connection()

try:
    q = conn.bind(queue)
    q.set_mode(0xffff, fnfqueue.COPY_PACKET)
except PermissionError:
    print("Access denied; Do I have root rights or the needed capabilities?")
    sys.exit(-1)

while True:
    try:
        for packet in conn:
            packet.payload = packet.payload # modify the packet here
            packet.mangle()
    except fnfqueue.BufferOverflowException:
        print("buffer error")
        pass

conn.close() # this can be called concurrently to cancel the above for loop
```

Help is provided as python docs.

No C libraries are needed. Needs cffi for building. Kernel and libc must be recent enough to support `nfqueue` and `recvmmsg` (linux 2.6.33, glibc 2.12 - more recent kernels provide better performance).
