Documentation
¶
Overview ¶
Go bindings for the NFQUEUE netfilter target libnetfilter_queue is a userspace library providing an API to access packets that have been queued by the Linux kernel packet filter.
This provides an easy way to filter packets from userspace, and use tools or libraries that are not accessible from kernelspace.
BUG(nfqueue): This package currently displays lots of debug information
Index ¶
- Variables
- func GoCallbackWrapper(ptr_q *unsafe.Pointer, ptr_nfad *unsafe.Pointer) int
- type Callback
- type Payload
- func (p *Payload) GetInDev() uint32
- func (p *Payload) GetNFMark() uint32
- func (p *Payload) GetOutDev() uint32
- func (p *Payload) GetPhysInDev() uint32
- func (p *Payload) GetPhysOutDev() uint32
- func (p *Payload) SetVerdict(verdict int) error
- func (p *Payload) SetVerdictModified(verdict int, data []byte) error
- type Queue
- func (q *Queue) Bind(af_family int) error
- func (q *Queue) Close()
- func (q *Queue) CreateQueue(queue_num int) error
- func (q *Queue) DestroyQueue() error
- func (q *Queue) Init() error
- func (q *Queue) Loop() error
- func (q *Queue) SetCallback(cb Callback) error
- func (q *Queue) SetMode(mode uint8) error
- func (q *Queue) SetQueueMaxLen(maxlen uint32) error
- func (q *Queue) StopLoop()
- func (q *Queue) Unbind(af_family int) error
- Bugs
Constants ¶
This section is empty.
Variables ¶
var ErrNotInitialized = errors.New("nfqueue: queue not initialized")
var ErrOpenFailed = errors.New("nfqueue: open failed")
var ErrRuntime = errors.New("nfqueue: runtime error")
var NFQNL_COPY_META uint8 = C.NFQNL_COPY_META
var NFQNL_COPY_NONE uint8 = C.NFQNL_COPY_NONE
var NFQNL_COPY_PACKET uint8 = C.NFQNL_COPY_PACKET
var NF_ACCEPT = C.NF_ACCEPT
var NF_DROP = C.NF_DROP
var NF_QUEUE = C.NF_QUEUE
var NF_REPEAT = C.NF_REPEAT
var NF_STOP = C.NF_STOP
Functions ¶
func GoCallbackWrapper ¶
Cast argument to Queue* before calling the real callback
Notes:
- export cannot be done in the same file (nfqueue.go) else it fails to build (multiple definitions of C functions) See https://github.com/golang/go/issues/3497 See https://github.com/golang/go/wiki/cgo
- this cast is caused by the fact that cgo does not support exporting structs See https://github.com/golang/go/wiki/cgo
This function must _nerver_ be called directly.
BUG(GoCallbackWrapper): The return value from the Go callback is used as a verdict. This works, and avoids packets without verdict to be queued, but prevents using out-of-order replies.
Types ¶
type Callback ¶
Prototype for a NFQUEUE callback. The callback receives the NFQUEUE ID of the packet, and the packet payload. Packet data start from the IP layer (ethernet information are not included). It must return the verdict for the packet.
type Payload ¶
type Payload struct {
// NFQueue ID of the packet
Id uint32
// Packet data
Data []byte
// contains filtered or unexported fields
}
Payload is a structure describing a packet received from the kernel
func (*Payload) GetPhysInDev ¶
Returns the physical interface that the packet was received through
func (*Payload) GetPhysOutDev ¶
Returns the physical interface that the packet will be routed out
func (*Payload) SetVerdict ¶
SetVerdict issues a verdict for a packet.
Every queued packet _must_ have a verdict specified by userspace.
type Queue ¶
type Queue struct {
// contains filtered or unexported fields
}
Queue is an opaque structure describing a connection to a kernel NFQUEUE, and the associated Go callback.
func (*Queue) Bind ¶
Bind binds a Queue to a given protocol family.
Usually, the family is syscall.AF_INET for IPv4, and syscall.AF_INET6 for IPv6
func (*Queue) CreateQueue ¶
Create a new queue handle
The queue must be initialized (using Init) and bound (using Bind), and a callback function must be set (using SetCallback).
func (*Queue) DestroyQueue ¶
Destroy a queue handle
This also unbind from the nfqueue handler, so you don't have to call Unbind() Note that errors from this function can usually be ignored.
func (*Queue) Init ¶
Init creates a netfilter queue which can be used to receive packets from the kernel.
func (*Queue) Loop ¶
Main loop: Loop starts a loop, receiving kernel events and processing packets using the callback function.
func (*Queue) SetCallback ¶
SetCallback sets the callback function, fired when a packet is received.
func (*Queue) SetMode ¶
SetMode sets the amount of packet data that nfqueue copies to userspace
Default mode is NFQNL_COPY_PACKET
func (*Queue) SetQueueMaxLen ¶
SetQueueMaxLen fixes the number of packets the kernel will store before internally before dropping upcoming packets
Notes ¶
Bugs ¶
This package currently displays lots of debug information
Source Files
Directories