nflog

package
v1.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 8, 2017 License: Apache-2.0 Imports: 11 Imported by: 0

README

nflog-go

nflog-go implements a go native implementation for the nflog netlink interface provided by Linux to the in-kernel packets logged by the kernel packet filter.

The library implements a subset of the functionality provided by https://www.netfilter.org/projects/libnetfilter_log/

The library implements the following APIs

  • Receiving logs (packets) from kernel based on groups and chains from iptables

Documentation

Index

Constants

View Source
const (
	NFULNL_MSG_PACKET = iota
	NFULNL_MSG_CONFIG
	NFULNL_MSG_MAX
)

enum nfulnl_msg_types

View Source
const (
	NFULNL_CFG_CMD_NONE = iota
	NFULNL_CFG_CMD_BIND
	NFULNL_CFG_CMD_UNBIND
	NFULNL_CFG_CMD_PF_BIND
	NFULNL_CFG_CMD_PF_UNBIND
)

enum nfulnl_msg_config_cmds

View Source
const (
	NFULNL_COPY_NONE = iota
	NFULNL_COPY_META
	NFULNL_COPY_PACKET
)
View Source
const (
	NFULA_CFG_UNSPEC   = iota
	NFULA_CFG_CMD      /* nfulnl_msg_config_cmd */
	NFULA_CFG_MODE     /* nfulnl_msg_config_mode */
	NFULA_CFG_NLBUFSIZ /* __u32 buffer size */
	NFULA_CFG_TIMEOUT  /* __u32 in 1/100 s */
	NFULA_CFG_QTHRESH  /* __u32 */
	NFULA_CFG_FLAGS    /* __u16 */

)

enum nfulnl_attr_config

View Source
const (
	NFULA_UNSPEC = iota
	NFULA_PACKET_HDR
	NFULA_MARK               /* __u32 nfmark */
	NFULA_TIMESTAMP          /* nfulnl_msg_packet_timestamp */
	NFULA_IFINDEX_INDEV      /* __u32 ifindex */
	NFULA_IFINDEX_OUTDEV     /* __u32 ifindex */
	NFULA_IFINDEX_PHYSINDEV  /* __u32 ifindex */
	NFULA_IFINDEX_PHYSOUTDEV /* __u32 ifindex */
	NFULA_HWADDR             /* nfulnl_msg_packet_hw */
	NFULA_PAYLOAD            /* opaque data payload */
	NFULA_PREFIX             /* string prefix */
	NFULA_UID                /* user id of socket */
	NFULA_SEQ                /* instance-local sequence number */
	NFULA_SEQ_GLOBAL         /* global sequence number */
	NFULA_GID                /* group id of socket */
	NFULA_HWTYPE             /* hardware type */
	NFULA_HWHEADER           /* hardware header */
	NFULA_HWLEN              /* hardware header length */
	NFULA_CT                 /* nf_conntrack_netlink.h */
	NFULA_CT_INFO            /* enum ip_conntrack_info */

)

enum nfulnl_attr_type

View Source
const (
	SizeofMsgConfigCommand = 0x4

	SizeofMsgConfigMode uint32 = uint32(unsafe.Sizeof(NflMsgConfigMode{}))
)

Variables

This section is empty.

Functions

func BindAndListenForLogs

func BindAndListenForLogs(groups []uint16, packetSize uint32, callback func(*NfPacket, interface{}), errorCallback func(err error)) error

BindAndListenForLogs -- a complete set to open/unbind/bind/bindgroup and listen for logs group -- group to bind with and listen packetSize -- max expected packetSize (0:unlimited)

func NfaAlign16

func NfaAlign16(v uint16) uint16

Types

type IPLayer

type IPLayer struct {
	SrcIP    net.IP
	DstIP    net.IP
	Version  uint8
	Protocol layers.IPProtocol
	Length   uint16
}

IPLayer -- IPLayer struct

type NFLog

type NFLog interface {
	NFlogOpen() (SockHandle, error)
	NFlogUnbind() error
	NFlogBind() error
	NFlogBindGroup(group []uint16, data func(packet *NfPacket, callback interface{}), errorCallback func(err error)) error
	NFlogSetMode(groups []uint16, copyrange uint32) error
	ReadLogs()
	NFlogClose()
	// contains filtered or unexported methods
}

NFLog -- This is the interface which has all the necessary functions to read logs from kernel This is needed if we don't want to call BindAndListenForLogs() Useful for testing and debugging

func NewNFLog

func NewNFLog() NFLog

NewNFLog -- Create a new Nflog handle

type NfLog

type NfLog struct {
	Groups    []uint16
	CopyRange uint16

	Socket   SockHandle
	Syscalls syscallwrappers.Syscalls
	// contains filtered or unexported fields
}

NfLog -- Nflog struct Groups -- Nflog group to bind with. max 32 CopyRange -- Nflog packetsize. 0: Unlimited

func (*NfLog) NFlogBind

func (nl *NfLog) NFlogBind() error

NFlogBind -- Bind to a PF family

func (*NfLog) NFlogBindGroup

func (nl *NfLog) NFlogBindGroup(groups []uint16, callback func(*NfPacket, interface{}), errorCallback func(err error)) error

NFlogBindGroup -- Bind to a group group -- group to bind with

func (*NfLog) NFlogClose

func (nl *NfLog) NFlogClose()

NFlogClose -- close the current socket

func (*NfLog) NFlogOpen

func (nl *NfLog) NFlogOpen() (SockHandle, error)

NFlogOpen Open a new netlink socket Create a new sock handle and return the handle Open a new socket and return it in the NflogHandle. The fd for the socket is stored in an unexported handle

func (*NfLog) NFlogSetMode

func (nl *NfLog) NFlogSetMode(groups []uint16, packetSize uint32) error

NFlogSetMode -- Set queue mode CopyMeta packetSize -- The range of bytes from packets to copy

func (*NfLog) NFlogUnbind

func (nl *NfLog) NFlogUnbind() error

NFlogUnbind -- passes an unbind command to nfnetlink for AF_INET.

func (*NfLog) ReadLogs

func (nl *NfLog) ReadLogs()

ReadLogs -- Listen for logs on the current socket

type NfPacket

type NfPacket struct {
	Prefix  string
	Payload []byte
	IPLayer
	Ports
	PacketPayload
}

NfPacket -- NfPacket struct for parsing logs Payload -- Complete packet with ethernet,tcp and ip IPLayer -- Iplayer struct TCPLayer -- Tcplayer struct PacketPayload -- Tcp payload

type NflMsgConfigCommand

type NflMsgConfigCommand struct {
	// contains filtered or unexported fields
}

NflMsgConfigCommand -- NflMsgConfigCommand struct for configs (ex: bind)

func (*NflMsgConfigCommand) Length

func (r *NflMsgConfigCommand) Length() uint32

Length -- Return length of struct

func (*NflMsgConfigCommand) ToWireFormat

func (r *NflMsgConfigCommand) ToWireFormat() []byte

ToWireFormat -- Convert NflMsgConfigCommand to byte slice

type NflMsgConfigMode

type NflMsgConfigMode struct {
	// contains filtered or unexported fields
}

NflMsgConfigMode -- NflMsgConfigMode struct for copy range and mode (ex: copy meta)

func (*NflMsgConfigMode) Length

func (r *NflMsgConfigMode) Length() uint32

Length -- Return length of struct

func (*NflMsgConfigMode) ToWireFormat

func (r *NflMsgConfigMode) ToWireFormat() []byte

ToWireFormat -- Convert NflMsgConfigMode to byte slice

type PacketPayload

type PacketPayload struct {
	AppPayload []byte
}

PacketPayload -- PacketPayload struct

type Ports added in v1.0.7

type Ports struct {
	SrcPort int
	DstPort int
}

Ports -- Generic struct for TCP and UDP ports

type SockHandle

type SockHandle interface {
	// contains filtered or unexported methods
}

SockHandle Opaque interface with unexported functions

type SockHandles

type SockHandles struct {
	Syscalls syscallwrappers.Syscalls
	// contains filtered or unexported fields
}

SockHandle -- Sock handle of netlink socket fd -- fd of socket rcvbufSize -- rcv buffer Size lsa -- local address

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL