README
¶
nfq-go
nfq-go is a Go library that wraps libnetfilter_queue. It aims to:
- contain a minimal amount of C code
- be thread-safe (including closing the queue handler)
Usage
Import
import nfq "github.com/hownetworks/nfq-go"
Create a New Queue Handle
To creaate a new queue handle call New with the queue number (0 in the following example) and a callback for receiving packets:
queue, err := nfq.New(0, func(pkt nfq.Packet) {
...
})
Give a Verdict
You should give every packet a verdict. Do this by calling one of the methods outlined below. Note that giving a verdict more than once for a single packet produces an error.
Let the packet pass the filter with a NF_ACCEPT verdict:
err := pkt.Accept()
Drop the packet with NF_DROP:
err := pkt.Drop()
Pass the packet through the filter again with NF_REPEAT:
err := pkt.Repeat()
Send the packet to some (other) queue with NF_QUEUE - this also requires the queue number:
err := pkt.Queue(5)
Modifying Packets
Use WithData(data []byte) and WithMark(mark uint32) to modify the packet's data and mark. Instead of modifying the original these methods return a new Packet and can be chained.
As an example, here's how to (re)queue the packet to queue number 5, this time its data set to newData and mark set to 1234:
err := pkt.WithData(newData).WithMark(1234).Queue(5)
Close
At any point you can close the queue handle:
queue.Close()
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Source Files
Directories