Simplest guide to using connlabel

Hello everyone, Today my post is going to be about an iptables/nftables match called connlabel. connlabels are similar to connmarks, except labels are bit-based; i.e. all labels may be attached to a flow at the same time. nftables supports 1024 connlabels. This LWN article covers about it. Now, you must be wondering that why am…

Testing with Scapy

Hi all, I mentioned about using Scapy to test my translation code in the last post. This post is going to reveal how I managed to find out if the translations that the code I wrote was providing were correct. Good thing is that they are correct. Some I have still to figure out but…

Working around with Scapy

Hello, Today I’m writing about the very famous tool Python Scapy. You must be wondering how is this related to my internship project. Well, the translations that I have provided for particular matches and targets of iptables require some testing and verification. I’m using Scapy for carrying that out.   Why Scapy? Because Scapy is…

iptables-translate (II)

Hi all, This is going to be one another post about the iptables-translate utility. This post is going to cover the importance of this tool and how it can be used to translate different kinds of targets and matches of iptables with examples. The first translation that I provided was for the match “mark”. For…

iptables-translate (I)

Hi all, I mentioned in my last post that there is a newer, better way of creating your own firewall than iptables which is named nftables. For a person new to nftables, it would be really tough to write the exact syntax for adding a particular rule. Now, let us assume that we are completely…

iptables vs nftables

Hi all, After getting accepted for Outreachy, I have been assigned the project ‘nftables’. According to the content that I have been able to read and understand, I’m going to give a fine description about nftables and what makes nftables better than iptables. First of all, everything is mentioned here : nftables HOWTO. I’ll try…

Clean the kernel code

Hi all, This post will cover about some widely used tools to clean up the Linux kernel code. I am going to write about the three tools that I use for serving the purpose. So, here goes the list: Sparse : a tool for static code analysis that helps kernel developers to detect coding errors.…