Documentation
¶
Index ¶
- Variables
- func GoCallbackWrapper(ptr_q *unsafe.Pointer, ptr_nfad *unsafe.Pointer) int
- type Callback
- type Payload
- func (p *Payload) GetInDev() uint32
- func (p *Payload) GetNFMark() uint32
- func (p *Payload) GetOutDev() uint32
- func (p *Payload) GetPhysInDev() uint32
- func (p *Payload) GetPhysOutDev() uint32
- func (p *Payload) GetTimestamp() syscall.Timeval
- func (p *Payload) SetVerdict(verdict int) error
- func (p *Payload) SetVerdictModified(verdict int, data []byte) error
- type Queue
- func (q *Queue) Bind(af_family int) error
- func (q *Queue) Close()
- func (q *Queue) CreateQueue(queue_num uint16) error
- func (q *Queue) DestroyQueue() error
- func (q *Queue) Init() error
- func (q *Queue) Loop() error
- func (q *Queue) SetBufLen(bufLen C.uint64_t) error
- func (q *Queue) SetCallback(cb Callback) error
- func (q *Queue) SetMode(mode uint8) error
- func (q *Queue) SetQueueFlags(mask, flags uint32) error
- func (q *Queue) SetQueueMaxLen(maxlen uint32) error
- func (q *Queue) StopLoop()
- func (q *Queue) Unbind(af_family int) error
Constants ¶
This section is empty.
Variables ¶
var ErrNotInitialized = errors.New("nfqueue: queue not initialized")
var ErrOpenFailed = errors.New("nfqueue: open failed")
var ErrRuntime = errors.New("nfqueue: runtime error")
var NFQA_CFG_F_CONNTRACK uint32 = C.NFQA_CFG_F_CONNTRACK
var NFQA_CFG_F_FAIL_OPEN uint32 = C.NFQA_CFG_F_FAIL_OPEN
var NFQA_CFG_F_GSO uint32 = 1 << 2
These three variables seem not to be determinable by cgo, so they are statically * defined here. The values are taken from the ĺibnetfilter_queue source code (They are macros)
var NFQA_CFG_F_SECCTX uint32 = 1 << 4
var NFQA_CFG_F_UID_GID uint32 = 1 << 3
var NFQNL_COPY_META uint8 = C.NFQNL_COPY_META
var NFQNL_COPY_NONE uint8 = C.NFQNL_COPY_NONE
var NFQNL_COPY_PACKET uint8 = C.NFQNL_COPY_PACKET
var NF_ACCEPT = C.NF_ACCEPT
var NF_DROP = C.NF_DROP
var NF_QUEUE = C.NF_QUEUE
var NF_REPEAT = C.NF_REPEAT
var NF_STOP = C.NF_STOP
Functions ¶
func GoCallbackWrapper ¶
Cast argument to Queue* before calling the real callback
Notes:
- export cannot be done in the same file (nfqueue.go) else it fails to build (multiple definitions of C functions) See https://github.com/golang/go/issues/3497 See https://github.com/golang/go/wiki/cgo
- this cast is caused by the fact that cgo does not support exporting structs See https://github.com/golang/go/wiki/cgo
This function must _nerver_ be called directly.
Types ¶
type Callback ¶
Prototype for a NFQUEUE callback. The callback receives the NFQUEUE ID of the packet, and the packet payload. Packet data start from the IP layer (ethernet information are not included). It should return -1 on error to stop processing or >= 0 otherwise.
type Payload ¶
type Payload struct {
// NFQueue ID of the packet
Id uint32
// Packet data
Data []byte
// contains filtered or unexported fields
}
Payload is a structure describing a packet received from the kernel
func (*Payload) GetPhysInDev ¶
Returns the physical interface that the packet was received through
func (*Payload) GetPhysOutDev ¶
Returns the physical interface that the packet will be routed out
func (*Payload) GetTimestamp ¶
GetTimestamp gives you the timestamp of the packet. *
func (*Payload) SetVerdict ¶
SetVerdict issues a verdict for a packet.
Every queued packet _must_ have a verdict specified by userspace.
type Queue ¶
type Queue struct {
// contains filtered or unexported fields
}
Queue is an opaque structure describing a connection to a kernel NFQUEUE, and the associated Go callback.
func (*Queue) Bind ¶
Bind binds a Queue to a given protocol family.
Usually, the family is syscall.AF_INET for IPv4, and syscall.AF_INET6 for IPv6
func (*Queue) CreateQueue ¶
Create a new queue handle
The queue must be initialized (using Init) and bound (using Bind), and a callback function must be set (using SetCallback).
func (*Queue) DestroyQueue ¶
Destroy a queue handle
This also unbind from the nfqueue handler, so you don't have to call Unbind() Note that errors from this function can usually be ignored. WARNING: This function races with netlink sending messages and triggering the execution of the callback function! DO NOT rely on the callback function's negative return value to stop the netlink lib from calling the callback (because it doesn't)
func (*Queue) Init ¶
Init creates a netfilter queue which can be used to receive packets from the kernel.
func (*Queue) Loop ¶
Main loop: Loop starts a loop, receiving kernel events and processing packets using the callback function.
func (*Queue) SetCallback ¶
SetCallback sets the callback function, fired when a packet is received. Returning from the callback and evaluation its return value races with the netlink socket receiving a new packet from the kernel. Do not rely on the execution of the callback, at the end of which you return a negative value, to be the last execution of it.
func (*Queue) SetMode ¶
SetMode sets the amount of packet data that nfqueue copies to userspace
Default mode is NFQNL_COPY_PACKET
func (*Queue) SetQueueFlags ¶
func (*Queue) SetQueueMaxLen ¶
SetQueueMaxLen fixes the number of packets the kernel will store before internally before dropping upcoming packets
Source Files
Directories