Gregor's miscellaneous tools and programs

Here you can find a small collection of small tools and scripts I've written. Some of them are quite a bit outdated by now but might still be helpful.
back to my homepage
back to all tools and programs

Overview:

libnetfilter_log documentation
Unifiy logging in netfilter using nf_log
netfico - IPv4/IPv6 NETwork and FIrewall COnfigurator using iptables.
IPv4/IPv6 DNS and DHCP config generator
Photocomments - Convert various forms of comments / descriptions from digital photos.
Other stuff

libnetfilter_log documentation

I wrote a API documentation for libnetfilter_log. A lot of the documentation was derived from Brad Fisher's documentation of libnetfilter_queue
I just added comments to the code of libnetfilter_log and run doxygen over it, since I didn't want to write the manpage with nroff ;-)

Unifiy logging in netfilter using nf_log

Although nf_log is meant as a general logging API for netfilter, not every module uses it. Furthermore modules can interfere with the logging of other modules. This patch tries to elimiate these ambiguties.
Kernel patch (against net-2.6.17): log-unification-take1.1.patch
iptables patch (against svn rev. 6554): iptables-xt_LOG-take1.patch
Once Kernel 2.6.16 is relaesed I plan to provide a patch for 2.6.16 along with an iptables patch for last release (iptables-1.3.5)

netfico - IPv4/IPv6 NETwork and FIrewall COnfigurator using iptables.

netfico is a complete Linux/netfilter (iptables) firewall and gateway configuration tool. It takes over the complete process of brining upi the network interfaces, configuring VLANs, setting IP addresses, setting routes and configure the netfilter/iptables rules. This also means that there is just one central place, where IP addresses and netmasks are configured, thus eliminating the redunancy between the system's network configuration scripts and the firewall setup code.

A central goal of netfico is to make handling of firewalls resp. gateways with dual stacked (i.e. IPv4 and/or IPv6) hosts and a larger number of subnets easy and feasable.

Combines network interface configuration and firewall rule setup
Supports IPv4 and IPv6. Rules are only written once and automaticly applied to IPv4 and IPv6.
Supports VLAN interfaces (automaticly configures VLAN)
Support for IPv6 in IPv4 tunnels planned
Different interfaces for the same subnet for IPv4 and IPv6 possible (e.g. when IPv6 is tunneled)
Easy handling of multiple subnets with "virtual firewalls"
Customizeable. Custom rules resp. rule templates can easily be added to netfico.

Download: netfico-0.0.2.tar.gz
README: netfico.README
Feature requests, bug reports and comments are more then welcome. Send them to gregor@majordomus.org

IPv4/IPv6 DNS and DHCP config generator

This tool can be used to generate DNS and DHCP configuration file stancas from one central configuration file. It supports IPv4 and IPv6 addresses and reverse zone.

Multiple Subnets resp. DHCP configuration files are supported
Multiple IPv4 networks are supported. addrconf will generate one reverse DNS-Zone for each /24 network.
One IPv6 reverse DNS-zone is supported. Preferably with a /48 prefix.
addrconf does not create complete config files. For the DHCP config files it created only the "host asdf {... }" stancas and for the DNS zonefiles it generates only the A, AAAA, and PTR records. These generated files can be included in the DNS and DHCP config files.

Gokdeniz Karadag has taken over this project. It's new name is netconfgen and you can find it here on launchpad.net

Old version: addrconf-0.1.1.tar.gz older versions: (0.1.1)
(0.1)
README: addrconf.README
Feature requests, bug reports and comments are more then welcome. Send them to gregor@majordomus.org

Photocomments

Convert various forms of comments / descriptions from digital photos. Supports descript.ion files (as used by ACDsee), jpeg internal comments and CSV files for use with gallery
Written in perl. Uses ImageMagick for the jpeg comment stuff.
Download: photocomments-0.1.tar.gz

Linux/Netfiler IPv6 stateful match target support (obsolete)

OBSOLETE match support is 2.6.16. This patch for the Linux Kernel adds a match target for IPv6 to the netfilter code. You will need ip6tables 1.3.5 (see http://www.netfilter.org/. You must enable the L3 independent connection tracking and the IPv6 support for new connection tracking.

Download: ip6t_state-2.6.15.2.patch

get_iat and iat_cmp

Two small programs to extract and to very basic analysis of packet inter arrival times (unfortunaly often wrongly called inter packet gaps) in a pcap network trace.
get_iat extracts the inter arrival times from and pcap trace and
iat_cmp compares several pcap traces and analyses if inter arrival times in these pcap traces differ (and much they differ)
Download: get_iat-0.1.tar.gz

Contact: Gregor Maier: gregor _AT_ majordomus.org