Core infrastructure of the pakond
This branch implements bunch of core infrastructure for the pakond. While the work is scattered through several places and topis, the visible features are:
- It logs (it is not yet configurable, for now it dumps everything to stderr)
- It can be configured with a lua configuration file (or multiple ones)
- It handles some signals (SIGHUP to reload configuration, SIGTERM and others to properly shut down)
- It listens on listed in-kernel NFQueues and accepts all packets seen there
Obviously, a lot is still missing to call it even a prototype. You can use this to test it:
iptables -A INPUT -j NFQUEUE --queue-num 0
ip6tables -A INPUT -j NFQUEUE --queue-num 1Note that the IPv4 and IPv6 tables need to be different. But the same queue may be used in both in and out direction (INPUT and OUTPUT, for example).
The corresponding lua configuration would be:
queue({src = "eth0"}, 100, {0}, {1})As the configuration is not yet stable, there's no documentation for it yet. You call sudo ./bin/pakond config.lua.
Also, I know the branch is somewhat bigger. I hope the future branches will be smaller, but I wanted to have something that actually does some stuff before I hand it over. And yes, some parts are a bit denser code. If you wish more comments about what and how is being done, just ask. Or if you want some in-person explanation or pair-review, it is also possible.
It may be easier to read it as a sequence of commits instead of the whole diff at once. It might make a bit more sense and there's not much code that's been removed through the development.