Documentation ¶
Index ¶
- Constants
- func GetPacketInfo(attr *common.NfAttrSlice) (int, int, []byte)
- func QueueID(msg *common.NfqGenMsg) uint16
- type CallbackFunc
- type ErrorCallbackFunc
- type NFPacket
- type NFQueue
- type NfQueue
- func (q *NfQueue) BindPf() error
- func (q *NfQueue) CreateQueue(num uint16, callback CallbackFunc, errorCallback ErrorCallbackFunc, ...) error
- func (q *NfQueue) GetNotificationChannel() chan *NFPacket
- func (q *NfQueue) NfqClose()
- func (q *NfQueue) NfqDestroyQueue() error
- func (q *NfQueue) NfqOpen() (SockHandle, error)
- func (q *NfQueue) NfqSetMode(mode nfqConfigMode, packetSize uint32) error
- func (q *NfQueue) NfqSetQueueMaxLen(queuelen uint32) error
- func (q *NfQueue) ProcessPackets()
- func (q *NfQueue) Recv() (*common.NfqGenMsg, *common.NfAttrSlice, error)
- func (q *NfQueue) SetVerdict(queueNum uint32, verdict uint32, packetLen uint32, packetID uint32, ...)
- func (q *NfQueue) SetVerdict2(queueNum uint32, verdict uint32, mark uint32, packetLen uint32, ...)
- func (q *NfQueue) UnbindPf() error
- type NfqMsgConfigCommand
- type NfqMsgConfigParams
- type NfqMsgConfigQueueLen
- type NfqMsgMarkHdr
- type NfqMsgVerdictHdr
- type NfqSockHandle
- type SockHandle
- type Verdict
Constants ¶
const ( //NfDefaultPacketSize the maximum size packet to expect on queue NfDefaultPacketSize = 0xffff //NfqaUnspec unspecified NfqaUnspec nfqaAttr = 0x0 //NfqaPacketHdr Attr header for Packet payload NfqaPacketHdr nfqaAttr = 0x1 //NfqaVerdictHdr Attr header for verdict payload NfqaVerdictHdr uint16 = 0x2 /* nfqnlmsg_verdict_hrd */ //NfqaMark Attr Header for Mark Payload NfqaMark nfqaAttr = 0x3 /* u_int32_t nfmark */ //NfqaTimestamp header for timestamp payload NfqaTimestamp nfqaAttr = 0x4 /* nfqnl_msg_packet_timestamp */ //NfqaIfindexIndev -- Ifindex for in device payload NfqaIfindexIndev nfqaAttr = 0x5 /* u_int32_t ifindex */ //NfqaIfindexOutdev -- Ifindex for out device payload NfqaIfindexOutdev nfqaAttr = 0x6 /* u_int32_t ifindex */ //NfqaIfindexPhysindev -- Physical Device NfqaIfindexPhysindev nfqaAttr = 0x7 /* u_int32_t ifindex */ //NfqaIfindexPhysoutdev -- Physical Device NfqaIfindexPhysoutdev nfqaAttr = 0x8 /* u_int32_t ifindex */ //NfqaHwaddr -- Hardware Address NfqaHwaddr nfqaAttr = 0x9 /* nfqnl_msg_packet_hw */ //NfqaPayload -- Packet Payload NfqaPayload nfqaAttr = 0xa /* opaque data payload */ //NfqnlCfgCmdnone -- None NfqnlCfgCmdnone nfqConfigCommands = 0x0 //NfqnlCfgCmdBind -- queue bind command NfqnlCfgCmdBind nfqConfigCommands = 0x1 //NfqnlCfgCmdUnbind -- queue unbind command NfqnlCfgCmdUnbind nfqConfigCommands = 0x2 //NfqnlCfgCmdPfBind -- bind family NfqnlCfgCmdPfBind nfqConfigCommands = 0x3 //NfqnlCfgCmdPfUnbind -- unbind family NfqnlCfgCmdPfUnbind nfqConfigCommands = 0x4 //NfqnlCopyNone -- Copy no packet bytes to userspace NfqnlCopyNone nfqConfigMode = 0x0 //NfqnlCopyMeta -- Copy only metadata NfqnlCopyMeta nfqConfigMode = 0x1 //NfqnlCopyPacket -- Copy packet bytes specified by Range NfqnlCopyPacket nfqConfigMode = 0x2 SizeofMsgConfigCommand = 0x4 SizeOfNfqMsgConfigParams uint32 = uint32(unsafe.Sizeof(NfqMsgConfigParams{})) //SizeOfNfqMsgConfigQueueLen -- Sizeof NfqMsgConfigQueueLen SizeOfNfqMsgConfigQueueLen uint32 = uint32(unsafe.Sizeof(NfqMsgConfigQueueLen{})) //SizeofNfqMsgVerdictHdr -- Sizeof verdict hdr struct SizeofNfqMsgVerdictHdr uint32 = 0x8 //SizeofNfqMsgMarkHdr -- sizeof mark hdr SizeofNfqMsgMarkHdr = 0x4 //APUNSPEC -- PF_UNSPEC/AF_UNSPEC APUNSPEC uint8 = syscall.AF_UNSPEC //NfqaCfgUnspec -- Unspec NfqaCfgUnspec uint32 = 0x0 //NfqaCfgCmd -- attr config command NfqaCfgCmd uint16 = 0x1 /* nfqnl_msg_config_cmd */ //NfqaCfgParams -- config parameters NfqaCfgParams uint16 = 0x2 /* nfqnl_msg_config_params */ //NfqaCfgQueueMaxLen -- MaxQueuelen NfqaCfgQueueMaxLen uint16 = 0x3 /* u_int32_t */ //NfqaCfgMask -- Mask NfqaCfgMask uint32 = 0x4 /* identify which flags to change */ //NfqaCfgFlags -- Config Flags NfqaCfgFlags uint32 = 0x5 /* value of these flags (__u32) */ )
Variables ¶
This section is empty.
Functions ¶
func GetPacketInfo ¶
func GetPacketInfo(attr *common.NfAttrSlice) (int, int, []byte)
GetPacketInfo -- Extract packet info from netlink response Returns mark,packetid and packet payload Mark is uint32
Types ¶
type CallbackFunc ¶
CallbackFunc is a function signature to provide a new packet to the application. The packet is not reused if the callback returns false. In such a case, its the applications responsibility to call a Free on the NFPacket
type ErrorCallbackFunc ¶
type ErrorCallbackFunc func(error, interface{})
ErrorCallbackFunc is the function signature to report errors file doing packet operations
type NFQueue ¶
type NFQueue interface { Verdict NfqOpen() (SockHandle, error) UnbindPf() error CreateQueue(num uint16, callback CallbackFunc, errorCallback ErrorCallbackFunc, privateData interface{}) error NfqSetMode(mode nfqConfigMode, packetSize uint32) error NfqSetQueueMaxLen(queuelen uint32) error NfqClose() NfqDestroyQueue() error Recv() (*common.NfqGenMsg, *common.NfAttrSlice, error) ProcessPackets() BindPf() error // contains filtered or unexported methods }
NFQueue -- Interface exposing internal Nfqueue functions. This is needed if we want to create and manage queues. Instead of calling the CreateAndStart function directly from the package
type NfQueue ¶
type NfQueue struct { SubscribedSubSys uint32 QueueNum uint16 NotificationChannel chan *NFPacket Syscalls syscallwrappers.Syscalls // contains filtered or unexported fields }
NfQueue Struct to hold global val for all instances of netlink socket
func (*NfQueue) CreateQueue ¶
func (q *NfQueue) CreateQueue(num uint16, callback CallbackFunc, errorCallback ErrorCallbackFunc, privateData interface{}) error
CreateQueue -- Create a queue handle -- handle representing the opne netlink socket num -- queue number data -- private data associated with the queue
func (*NfQueue) GetNotificationChannel ¶
GetNotificationChannel -- Return a handle to the notification channel
func (*NfQueue) NfqClose ¶
func (q *NfQueue) NfqClose()
NfqClose -- Close the netlink socket for this queue
func (*NfQueue) NfqDestroyQueue ¶
NfqDestroyQueue -- unbind queue
func (*NfQueue) NfqOpen ¶
func (q *NfQueue) NfqOpen() (SockHandle, error)
NfqOpen Open a new netlink socket Create a new queue handle and return the handle Open a new socket and return it in the NfqHandle. The fd for the socket is stored in an unexported handle
func (*NfQueue) NfqSetMode ¶
NfqSetMode -- Set queue mode copynone/copymeta/copypacket handle -- handle representing the opne netlink socket mode -- Copy mode for this queue packetSize -- The range of bytes from packets to copy
func (*NfQueue) NfqSetQueueMaxLen ¶
NfqSetQueueMaxLen -- THe maximum number of packets in queue handle -- handle representing the opne netlink socket queuelen -- Length of queue
func (*NfQueue) ProcessPackets ¶
func (q *NfQueue) ProcessPackets()
ProcessPackets -- Function to wait on socket to receive packets and post it back to channel
func (*NfQueue) Recv ¶
Recv -- Recv packets from socket and parse them return nfgen and nfattr slices
func (*NfQueue) SetVerdict ¶
func (q *NfQueue) SetVerdict(queueNum uint32, verdict uint32, packetLen uint32, packetID uint32, packet []byte)
SetVerdict -- SetVerdict on the packet -- accept/drop
type NfqMsgConfigCommand ¶
type NfqMsgConfigCommand struct { Command nfqConfigCommands // contains filtered or unexported fields }
NfqMsgConfigCommand -- config command Command -- the config command pf -- family
func (*NfqMsgConfigCommand) Length ¶
func (r *NfqMsgConfigCommand) Length() uint32
Length -- Return length of struct
func (*NfqMsgConfigCommand) ToWireFormat ¶
func (r *NfqMsgConfigCommand) ToWireFormat() []byte
ToWireFormat -- Convert NfqMsgConfigCommand to byte slice
type NfqMsgConfigParams ¶
type NfqMsgConfigParams struct {
// contains filtered or unexported fields
}
NfqMsgConfigParams -- Config params copyRange -- Range of bytes to copy copyMode -- copyMode meta/none/packet
func (*NfqMsgConfigParams) Length ¶
func (r *NfqMsgConfigParams) Length() uint32
Length -- Return length of struct
func (*NfqMsgConfigParams) ToWireFormat ¶
func (r *NfqMsgConfigParams) ToWireFormat() []byte
ToWireFormat -- Convert NfqMsgConfigParams to byte slice
type NfqMsgConfigQueueLen ¶
type NfqMsgConfigQueueLen struct {
// contains filtered or unexported fields
}
NfqMsgConfigQueueLen -- Queue length queueLen -- The length of queue
func (*NfqMsgConfigQueueLen) Length ¶
func (r *NfqMsgConfigQueueLen) Length() uint32
Length -- Return length of struct
func (*NfqMsgConfigQueueLen) ToWireFormat ¶
func (r *NfqMsgConfigQueueLen) ToWireFormat() []byte
ToWireFormat -- Convert NfqMsgConfigQueueLen to byte slice
type NfqMsgMarkHdr ¶
type NfqMsgMarkHdr struct {
// contains filtered or unexported fields
}
NfqMsgMarkHdr -- Mark Payload mark -- markval
func (*NfqMsgMarkHdr) Length ¶
func (r *NfqMsgMarkHdr) Length() uint32
Length -- Return length of struct
func (*NfqMsgMarkHdr) ToWireFormat ¶
func (r *NfqMsgMarkHdr) ToWireFormat() []byte
ToWireFormat -- Convert NfqMsgMarkHdr to byte slice
func (*NfqMsgMarkHdr) ToWireFormatBuf ¶
func (r *NfqMsgMarkHdr) ToWireFormatBuf(buf []byte) int
ToWireFormatBuf -- Convert struct to []byte and copy it passed buf
type NfqMsgVerdictHdr ¶
type NfqMsgVerdictHdr struct {
// contains filtered or unexported fields
}
NfqMsgVerdictHdr -- Verdict Hdr struct verdict -- accept/drop id -- packetid
func (*NfqMsgVerdictHdr) Length ¶
func (r *NfqMsgVerdictHdr) Length() uint32
Length -- return length of struct
func (*NfqMsgVerdictHdr) ToWireFormat ¶
func (r *NfqMsgVerdictHdr) ToWireFormat() []byte
ToWireFormat -- Convert NfqMsgVerdictHdr to byte slice
func (*NfqMsgVerdictHdr) ToWireFormatBuf ¶
func (r *NfqMsgVerdictHdr) ToWireFormatBuf(buf []byte) int
ToWireFormatBuf -- Convert structure to []byte and copy the []byte to passed buffer
type NfqSockHandle ¶
type NfqSockHandle struct { Syscalls syscallwrappers.Syscalls // contains filtered or unexported fields }
NfqSockHandle -- Sock handle of netlink socket fd -- fd of socket rcvbufSize -- rcv buffer Size lsa -- local address
type SockHandle ¶
type SockHandle interface {
// contains filtered or unexported methods
}
SockHandle Opaque interface with unexported functions
type Verdict ¶
type Verdict interface { SetVerdict2(queueNum uint32, verdict uint32, mark uint32, packetLen uint32, packetID uint32, packet []byte) SetVerdict(queueNum uint32, verdict uint32, packetLen uint32, packetID uint32, packet []byte) GetNotificationChannel() chan *NFPacket }
Verdict -- Interface exposing functionality to get a copy of the received packet and set a verdict
func CreateAndStartNfQueue ¶
func CreateAndStartNfQueue(queueID uint16, maxPacketsInQueue uint32, packetSize uint32, callback CallbackFunc, errorCallback ErrorCallbackFunc, privateData interface{}) (Verdict, error)
CreateAndStartNfQueue -- Wrapper to create/bind to queue set all its params and start listening for packets. queueID -- the queue to create/bind maxPacketsInQueue -- max number of packets in Queue packetSize -- The max expected packetsize privateData -- We will return this on NFpacket.Opaque data for this system.