Lunatik v4.3.1

What's Changed

• autogen: alias always-y onto always for kernel < 5.10 by @lneto in #560

Full Changelog: v4.3...v4.3.1

Lunatik v4.3

New Modules

• io: kernel I/O library backed by the kernel VFS — enables Lua's standard liolib in kernel space by mocking the libc FILE interface (fopen/fclose via filp_open/filp_close, buffered read/write via kernel_read/kernel_write, fseek via vfs_llseek)
• autogen: kbuild-driven extractor that replaces configure.lua; drives the kernel build to produce autogen/linux/<module>.lua from header specs, covering eth, stat, signal, notify, kbd, vt, netdev, xdp, task, socket.* (sock, af, msg, ipproto), nf.* (proto, inet, netdev, arp, ip.pri, br, br.pri, action), and syscall.numbers

API Changes

• LUNATIK_OPT_HARDIRQ: new runtime flag for classes whose handlers fire in hardirq context (e.g. kprobes); uses spin_lock_irqsave, disabling hardware interrupts. LUNATIK_OPT_IRQ is the shared base flag for SOFTIRQ and HARDIRQ; lunatik_isirq() tests for either
• Multi-class modules: LUNATIK_NEWLIB now supports multiple classes per module, and classes within a module may be of different execution contexts (process, softirq, hardirq) — context mismatches are caught at object creation time via lunatik_checkruntime
• luanotifier split (breaking): keyboard and vterm chains (ATOMIC_NOTIFIER_HEAD) moved to a new luanotifier_hardirq_class; netdevice stays in luanotifier_process_class. stop() becomes a soft stop (removes only the Lua callback from the registry); the real unregister_*_notifier runs in release under process context
• luacrypto consolidated into a single luacrypto.ko: source split across luacrypto_{shash,skcipher,aead,rng,comp}.c with luacrypto_core.c as glue; require("crypto") returns one table with all constructors. Kconfig collapses five CRYPTO_* symbols into LUNATIK_CRYPTO
• Class opener pattern: lunatik_require previously used Lua's require() via the package file searcher, which can sleep (file I/O on SquashFS), causing "scheduling while atomic" from atomic context (e.g. lunatik_monitorobject holding a spinlock) — classes are now required via a class opener that avoids file I/O
• Constant tables migrated out of C into autogen across luasocket, luanetfilter, luaxdp, lualinux, luasignal, luasyscall, luanotifier

Bug Fixes

• Fix kernel crash on luaprobe kprobe handler firings (closes #96) — kprobe handlers run in exception context: in_interrupt() returns false but preemption is disabled between pre_handler and setup_singlestep. A mutex fails with "scheduling while atomic"; SOFTIRQ also fails because spin_unlock_bh → local_bh_enable fires do_softirq() in exception context before setup_singlestep completes, corrupting kprobe_ctlblk. Fix: use LUNATIK_OPT_HARDIRQ (spin_lock_irqsave), whose unlock only restores IRQ flags
• Fix luarcu map() crash on boolean and integer values — map_handle was calling lunatik_pushobject unconditionally; switched to lunatik_pushvalue
• Fix luaskb build on kernels < 5.6 — wrap luaskb_checkfraglist in #ifdef SKB_GSO_FRAGLIST
• Fix luahid build on kernels < 5.18 — move for-loop counter declaration before the for statement (older kernels compile modules with -std=gnu89)

Examples

• ifquarantine: new example composing notifier.netdevice with netfilter across two runtimes — process runtime registers the netdevice notifier and exposes /dev/ifquarantine; softirq child runtime registers netfilter hooks that drop packets for quarantined ifindices. Pre-existing interfaces are covered via the synchronous NETDEV_REGISTER replay at registration time
• spyglass: rewritten as two-runtime pattern — hardirq runtime registers the keyboard notifier and pushes captured chars into a shared fifo; process runtime creates the fifo, exposes /dev/spyglass, drains on read. Legacy UDP-forwarding mode dropped
• systrack: refactored into probe.lua + device.lua sharing state via rcu.table; requires a hardirq runtime

Tests

• New tests/io/ suite
• New tests/notifier/ suite (init_dispatch, context_mismatch)
• New tests/probe/kprobe_concurrent — registers probes on all syscalls with a hardirq runtime, generates concurrent load across all CPUs for 3s, verifies clean teardown
• New tests/rcu/map_values (boolean/integer coverage) and tests/rcu/map_sync concurrency test

Contributors

Thank you to everyone who contributed to this release:

• @carloslack — rcu.map() support for boolean and integer values, rcu/map_sync concurrency test
• @ArifAlam — luaskb guard for SKB_GSO_FRAGLIST on kernels < 5.6

Full Changelog: v4.2...v4.3

Lunatik v4.2

Lunatik 4.2

New Modules

• luaskb: wraps struct sk_buff for direct packet manipulation from Lua — skb:data([layer]), skb:forward(), skb:copy(), skb:resize(n), skb:ifindex(), skb:vlan(), with IPv6 checksum support; skb:copy() guards against FRAGLIST GSO skbs
• darken + lighten: AES-256-CTR encrypted Lua script support — darken (C module) decrypts and executes scripts in-kernel; lighten (Lua) provides the high-level interface

API Changes

• lunatik.runtime(script, context): the sleep boolean parameter is now a context string — "softirq" replaces false for non-sleepable runtimes; CLI: lunatik run <script> softirq
• data.new(size, mode): new optional mode parameter ("single", "shared") controls object sharing semantics
• data:checksum(): new method — raw IP checksum over the data buffer; luadata_reset no longer takes an offset parameter
• socket.unix: rewritten from a dynamic factory pattern to explicit OOP-style classes (unix.stream, unix.dgram) with full method set; tests added
• lunatik_opt_t (C API): new bitmask type replaces the bool sleep and bool shared parameters throughout the API — lunatik_runtime(), lunatik_newobject(), lunatik_createobject(), and lunatik_class_t all take lunatik_opt_t now; flags: LUNATIK_OPT_SOFTIRQ (non-sleepable), LUNATIK_OPT_MONITOR (spinlock serialization), LUNATIK_OPT_SINGLE (no monitor overhead for per-object instances), LUNATIK_OPT_EXTERNAL (externally-owned pointer)
• luarcu (C API): entries now store lunatik_value_t (tagged union) instead of raw object pointers — supports nil, boolean, integer, and Lunatik objects as values

CLI and REPL

• Full REPL rewrite: multi-line input, readline support, expression auto-detection, multiple return values
• New lunatik test [suite] command
• Argument validation for run/spawn/stop
• Globals and runner state now initialized correctly when modules are pre-loaded (e.g., via modprobe at boot) without calling lunatik load first

Bug Fixes

• Fix GC finalizers running under spinlock in lunatik_monitor (scheduling-while-atomic crash)
• Fix opaque error messages in lunatik_monitor — errors now include method name and Lua traceback
• Fix module refcount leak on runtime error path
• Fix shouldstop() crash when called outside kthread context
• Fix thread.run error during module load

Removed

• luaxtable module removed

Examples

• New tcpreject: TCP RST injection via netfilter mark, with IPv6 support

Tests

• KTAP shell framework introduced for all test suites
• New regression tests: GC-under-spinlock, rcu_shared, resume_shared, shouldstop, spawn-during-module-load, opt_guards, opt_skb_single
• New socket/unix test suites (STREAM and DGRAM)

Contributors

Thank you to everyone who contributed to this release:

• @sneaky-potato — opaque error messages in lunatik_monitor, non-shared objects in shared class, remove Lua traceback from lunatik_fixerror, README fix
• @carloslack — data:checksum() (raw IP checksum), skb:vlan(), removed unneeded includes
• @Suryansh-Dey — fix sockaddr version guard (first contribution! 🎉)

Full Changelog: v4.1.1...v4.2

Lunatik v4.1.1

What's Changed

• fix race condition on bin/lunatik by @lneto in #427

Full Changelog: v4.1...v4.1.1

Lunatik v4.1

What's Changed

• Add GitHub Actions workflow for building modules by @Physic69 in #355
• Auto generate network constants for lua (cont) by @sneaky-potato in #395
• Add Kconfig to Lunatik for Modularization by @Zapper9982 in #404
• allow lunatik_closeobject to be called multiple times by @lneto in #415
• Update lldp example after lualinux ifaddr addition by @carloslack in #412
• autogenerate lunatik config from makefile flags by @abhijeetw035 in #400
• build lunatik on linux 5.4.164 by @ArifAlam in #419
• wrap class methods eagerly instead of via __index by @sneaky-potato in #410
• fix gendefines.lua by @lneto in #421
• fix LUA_PATH detection during install in Makefile by @sneaky-potato in #424
• refactor configure.lua by @lneto in #425
• fix unsafe_memcpy for kernel 5.x by @lneto in #426

New Contributors

• @ArifAlam made their first contribution in #419

Full Changelog: v4.0...v4.1

Lunatik v4.0

What's Changed

Updated Lua to v5.5

Lunatik now embeds Lua 5.5, a major language release with significant improvements after years since 5.4.

Key enhancements include:

• External strings, allowing immutable strings to be stored outside Lua.
• Explicit global variable declarations to reduce bugs from accidental globals.
• More compact arrays with up to ~60% memory savings for large tables.
• Incremental major garbage collection, reducing pause times and improving responsiveness.
• Read-only for loop variables and other language refinements.
• New utility features such as table.create, improved UTF-8 support.
• See more on the official Lua 5.5 release highlights.

Added luahid module (HID devices)

New binding for HID devices, including example scripts.
(Developed by @qrsikno2 – GSoC 2025)

Added luacpu module (per-CPU operations)

Provides per-CPU operations and CPU statistics export.
(Developed by @endersonmaia)

Added UNIX Domain Sockets support (AF_UNIX / AF_LOCAL)

Available via luasocket.

Added SKB resize support

Enables dynamic resizing of sk_buff (available via luadata).
(Developed by @abhijeetw035 based on @ArifAlam's draft)

Introduced high-level RAW socket API (AF_PACKET)

Simplified and standardized RAW socket handling.
(Developed by @sneaky-potato)

Added POSIX signals API

Support for signal delivery.
(Developed by @Physic69)

Netfilter hooks now expose network interface index (ifindex)

(Developed by @carloslack)

64-bit integer support on 32-bit platforms

Enables correct use of time APIs (e.g., on RAMIPS).

Improved error messages

(Developed by @abhijeetw035)

Fixed many bugs

• page fault and memory leaks on luacrypto_{aead, skcipher}
• deref SKB after running callback on luanetfilter and luaxtable

New Contributors

• @endersonmaia made their first contribution in #318
• @Aditya-Sarna made their first contribution in #332
• @abhijeetw035 made their first contribution in #334
• @Zapper9982 made their first contribution in #338
• @carloslack made their first contribution in #352
• @MarcFontaine made their first contribution in #371
• @ArifAlam made their first contribution in #324

Full Changelog: v3.7.1...v4.0

Lunatik v3.6.4

Full Changelog: v3.6.3...v3.6.4

Lunatik v3.7.1

What's Changed

• add minimum kernel support ver to README by @sheharyaar in #308
• Ifdef comp kernelverion by @qrsikno2 in #314
• moving the newbuffer marco from netfilter to the core by @qrsikno2 in #313
• fix struct sockaddr version check by @lneto in #317

Full Changelog: v3.7...v3.7.1

Lunatik v3.7

What's Changed

• Fix : add kernel version guard to luaxdp_exit() for compatibility with < 6.4 by @ShivamVashisth28 in #263
• move lunatik_setstring into lunatik.h by @qrsikno2 in #266
• hotfix: correct function name to fix build failure by @qrsikno2 in #267
• add support for LDoc by @lneto in #271
• Fix fib api change in kernel >= 6.15 by @jperon in #278
• move luanetfilter_setinteger/optinteger into lunatik.h by @qrsikno2 in #282
• Update README.md to point to LDoc. by @jperon in #284
• Add lualinux_kill() by @Physic69 in #280
• update the optinteger with removed nil version by @qrsikno2 in #285
• Linux crypto api: crypto_shash by @jperon in #283
• Add crypto_shash to Makefile by @jperon in #287
• crypto_shash tests by @jperon in #286
• HKDF tests: Add tls13_expand_label by @jperon in #288
• crypto_skcipher by @jperon in #289
• Add crypto_skcipher to documentation by @jperon in #291
• Fix compilation warning by @jperon in #292
• fix missing semi-colon in cleanup script by @sheharyaar in #299
• add zlua.ko module order to fix sym conflict by @sheharyaar in #298
• crypto_aead by @jperon in #296
• crypto_rng by @jperon in #293
• update lua/ to v5.4.8 by @lneto in #303

New Contributors

• @ShivamVashisth28 made their first contribution in #263
• @Physic69 made their first contribution in #280

Full Changelog: v3.6.2...v3.7

Lunatik v3.6.2

What's Changed

• fix luarcu_map synchronization by @lneto in #244
• luaskel: use LUNATIK_PRIVATECHECKER by @jperon in #246
• Test case for rcu map sync by @jperon in #247
• fix spurious address on luasocket_send() by @lneto in #251
• add support for setting skb->mark on luanetfilter by @lneto in #261

Full Changelog: v3.6.1...v3.6.2