Key Pages: [ Rope Home Page | Basics (tutorial) | Language Reference | Download ]

Testing IpTables ROPE Modules In Userland

The ROPE module interpreter is normally run as an IpTables module in KernelLand (ie: in the linux kernel itself). However: as a debug aid, the intepreter can also be run as a user process, acting on IP packets stored in datafiles. This allows ROPE module developers to test their modules before installing them into the kernel.

To use this mode, the following steps must be taken.

  • Compile the user-program version of the interpreter and the rddump utility using the commands
    • cc -D_USERLAND_ -I . rope.c -o rope (versions before 20050101)
    • cc -D_USERLAND_ -I . rope.c userland.c -o rope (versions after 20050101)
    • cc rddump.c -o rddump
  • Capture some IP packets to test against using the linux "tcpdump" utility while running an application that generates traffic of interest.
    • tcpdump -w tcpdump.dat -s 8000
  • Convert the saved file to ascii text format
    • tcpdump -r tcpdump.dat -X > tcpdump.txt
  • Edit the tcpdump output to retain only the packet of interest. You want to end up with a text file that looks something like this..
0x0000   4500 006c 40b4 4000 8006 4506 c0a8 0066        E..l@.@...E....f
0x0010   c41e efa4 0729 1ae2 b65b 7e40 bc89 e335        .....)...[~@...5
0x0020   5019 ffff cf93 0000 1342 6974 546f 7272        P........BitTorr
0x0030   656e 7420 7072 6f74 6f63 6f6c 0000 0000        ent.protocol....
0x0040   0000 0000 9f42 6ffd f801 3595 2350 0ed8        .....Bo...5.#P..
0x0050   7aae aae8 5c54 8c45 2d41 5a32 3230 302d        z...\T.E-AZ2200-
0x0060   7a59 5044 324e 644f 5852 784e                  zYPD2NdOXRxN
  • Convert the packet source into a binary packet dump file.
    • rddump < tcpdump.txt > packet.bin
  • If you want to verify the generated file's contents, you can use the hexdump utility (part of the util-linux software).
    • hexdump -C packet.bin
  • Write the ROPE module.
    • vi mymodule.rope
  • Compile it (see Compiling)
    • ropec mymodule.rope
  • Run the module using the "rope" command against the saved packet (for full details of the "rope" utility syntax, see: UserLandSyntax).
    • rope mymodule.rp packet.bin


    • rope -d mymodule.rp packet.bin

Note - the data and text file names used above can be changed to taste.

See Also

Basics, KernelLand, Compiling

Scroll to Top