netlink

package

v0.0.0-...-353e10a Latest Latest Go to latest Published: Dec 8, 2024 License: GPL-3.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/evilsocket/opensnitch

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Constants
Variables
func AddrUpdateToAddr(addr *netlink.AddrUpdate) netlink.Addr
func FlushConnections()
func GetLocalAddrs() map[string]netlink.Addr
func GetSocketInfo(proto string, srcIP net.IP, srcPort uint, dstIP net.IP, dstPort uint) (uid int, inodes []int)
func KillAllSockets()
func KillSocket(proto string, srcIP net.IP, srcPort uint, dstIP net.IP, dstPort uint)
func KillSockets(fam, proto uint8, excludeLocal bool) error
func SocketKill(family, proto uint8, sockID SocketID) error
func SocketsAreEqual(aSocket, bSocket *Socket) bool
type Socket
type SocketID
type SocketRequest
- func (r *SocketRequest) Len() int
- func (r *SocketRequest) Serialize() []byte

Constants ¶

View Source

const (
	TCP_INVALID = iota
	TCP_ESTABLISHED
	TCP_SYN_SENT
	TCP_SYN_RECV
	TCP_FIN_WAIT1
	TCP_FIN_WAIT2
	TCP_TIME_WAIT
	TCP_CLOSE
	TCP_CLOSE_WAIT
	TCP_LAST_ACK
	TCP_LISTEN
	TCP_CLOSING
	TCP_NEW_SYN_REC
	TCP_MAX_STATES
)

https://elixir.bootlin.com/linux/latest/source/include/net/tcp_states.h

View Source

const (
	SOCK_DESTROY = 21
)

Variables ¶

View Source

var TCPStatesMap = map[uint8]string{
	TCP_INVALID:     "invalid",
	TCP_ESTABLISHED: "established",
	TCP_SYN_SENT:    "syn_sent",
	TCP_SYN_RECV:    "syn_recv",
	TCP_FIN_WAIT1:   "fin_wait1",
	TCP_FIN_WAIT2:   "fin_wait2",
	TCP_TIME_WAIT:   "time_wait",
	TCP_CLOSE:       "close",
	TCP_CLOSE_WAIT:  "close_wait",
	TCP_LAST_ACK:    "last_ack",
	TCP_LISTEN:      "listen",
	TCP_CLOSING:     "closing",
}

TCPStatesMap holds the list of TCP states

View Source

var (
	TCP_ALL = uint32(0xfff)
)

Functions ¶

func AddrUpdateToAddr ¶

func AddrUpdateToAddr(addr *netlink.AddrUpdate) netlink.Addr

AddrUpdateToAddr translates AddrUpdate struct to Addr.

func FlushConnections ¶

func FlushConnections()

FlushConnections flushes conntrack as soon as netfilter rule is set. This ensures that already-established connections will go to netfilter queue.

func GetLocalAddrs ¶

func GetLocalAddrs() map[string]netlink.Addr

GetLocalAddrs returns the list of local IPs

func GetSocketInfo ¶

func GetSocketInfo(proto string, srcIP net.IP, srcPort uint, dstIP net.IP, dstPort uint) (uid int, inodes []int)

GetSocketInfo asks the kernel via netlink for a given connection. If the connection is found, we return the uid and the possible associated inodes. If the outgoing connection is not found but there're entries with the source port and same protocol, add all the inodes to the list.

Some examples: outgoing connection as seen by netfilter || connection details dumped from kernel

47344:192.168.1.106 -> 151.101.65.140:443 || in kernel: 47344:192.168.1.106 -> 151.101.65.140:443 8612:192.168.1.5 -> 192.168.1.255:8612 || in kernel: 8612:192.168.1.105 -> 0.0.0.0:0 123:192.168.1.5 -> 217.144.138.234:123 || in kernel: 123:0.0.0.0 -> 0.0.0.0:0 45015:127.0.0.1 -> 239.255.255.250:1900 || in kernel: 45015:127.0.0.1 -> 0.0.0.0:0 50416:fe80::9fc2:ddcf:df22:aa50 -> fe80::1:53 || in kernel: 50416:254.128.0.0 -> 254.128.0.0:53 51413:192.168.1.106 -> 103.224.182.250:1337 || in kernel: 51413:0.0.0.0 -> 0.0.0.0:0

func KillAllSockets ¶

func KillAllSockets()

KillAllSockets kills the sockets for the given families and protocols.

func KillSocket ¶

func KillSocket(proto string, srcIP net.IP, srcPort uint, dstIP net.IP, dstPort uint)

KillSocket kills a socket given the properties of a connection.

func KillSockets ¶

func KillSockets(fam, proto uint8, excludeLocal bool) error

KillSockets kills all sockets given a family and a protocol. Be careful if you don't exclude local sockets, many local servers may misbehave, entering in an infinite loop.

func SocketKill ¶

func SocketKill(family, proto uint8, sockID SocketID) error

SocketKill kills a connection

func SocketsAreEqual ¶

func SocketsAreEqual(aSocket, bSocket *Socket) bool

SocketsAreEqual compares 2 different sockets to see if they match.

Types ¶

type Socket ¶

type Socket struct {
	Family  uint8
	State   uint8
	Timer   uint8
	Retrans uint8
	ID      SocketID
	Expires uint32
	RQueue  uint32
	WQueue  uint32
	UID     uint32
	INode   uint32
}

Socket represents a netlink socket.

func GetSocketInfoByInode ¶

func GetSocketInfoByInode(inodeStr string) (*Socket, error)

GetSocketInfoByInode dumps the kernel sockets table and searches the given inode on it.

func SocketGet ¶

func SocketGet(family uint8, proto uint8, srcPort, dstPort uint16, local, remote net.IP) ([]*Socket, error)

SocketGet returns the list of active connections in the kernel filtered by several fields. Currently it returns connections filtered by source port and protocol.

func SocketsDump ¶

func SocketsDump(family uint8, proto uint8) ([]*Socket, error)

SocketsDump returns the list of all connections from the kernel

type SocketID ¶

type SocketID struct {
	SourcePort      uint16
	DestinationPort uint16
	Source          net.IP
	Destination     net.IP
	Interface       uint32
	Cookie          [2]uint32
}

SocketID holds the socket information of a request/response to the kernel

type SocketRequest ¶

type SocketRequest struct {
	Family   uint8
	Protocol uint8
	Ext      uint8

	States uint32
	ID     SocketID
	// contains filtered or unexported fields
}

SocketRequest holds the request/response of a connection to the kernel

func (*SocketRequest) Len ¶

func (r *SocketRequest) Len() int

Len returns the size of a socket request

func (*SocketRequest) Serialize ¶

func (r *SocketRequest) Serialize() []byte

Serialize convert SocketRequest struct to bytes.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
procmon

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL