README
¶
go-nfnetlink - A native Go library for interacting with netfilter subsystems
A library for communicating with Linux netfilter subsystems over netlink sockets.
What is 'netfilter netlink'?
Linux/net/netfilter/nfnetlink.c:
Netfilter messages via netlink sockets. Allows for user space protocol helpers and general
trouble making from userspace.
Netfilter is composed of several subsystems in the Linux kernel, some of which provide access from userland over a netlink socket interface. The protocol API for accessing these subsystems share a common set of protocol conventions called nfnetlink (netfilter netlink).
What is the nfqueue package?
A library for the netfilter queue subsystem built on top of the nfnetlink layer.
Here is a basic example of how to use it:
Set up IPTables
# iptables -A OUTPUT -p icmp -j NFQUEUE --queue-num 1 --queue-bypass
Read ICMP packets from queue number 1
q := nfqueue.NewNFQueue(1)
ps, err := q.Open()
if err != nil {
fmt.Printf("Error opening NFQueue: %v\n", err)
os.Exit(1)
}
defer q.Close()
for p := range ps {
fmt.Printf("Packet: %v\n", p.Packet)
p.Accept()
}
How can I implement support for other netfilter subsystems?
You'll probably have to read the C library code or the Linux kernel source to learn about the protocol as there is usually no documentation at all. Look at nfqueue for an example of how to implement the protocol using the nfnetlink layer.
We plan to add some basic support for conntrack in the near future. Pull requests welcome for new features and subsystems.
Documentation
¶
Index ¶
- Constants
- Variables
- type NLAttr
- type NetlinkSocket
- func (s *NetlinkSocket) ClearFlag(f SockFlags)
- func (s *NetlinkSocket) Close()
- func (s *NetlinkSocket) NewNfNlMsg() *NfNlMessage
- func (s *NetlinkSocket) Receive() <-chan *NfNlMessage
- func (s *NetlinkSocket) RecvErr() error
- func (s *NetlinkSocket) Send(msg *NfNlMessage) error
- func (s *NetlinkSocket) SetFlag(f SockFlags)
- type NfGenHdr
- type NfNlMessage
- func (m *NfNlMessage) AddAttribute(attr *NLAttr)
- func (m *NfNlMessage) AddAttributeData(atype uint16, data []byte)
- func (m *NfNlMessage) AddAttributeFields(atype uint16, fields ...interface{}) error
- func (m *NfNlMessage) AttrByType(atype uint16) *NLAttr
- func (m *NfNlMessage) Send() error
- func (m *NfNlMessage) Serialize() []byte
- func (m *NfNlMessage) String() string
- type SockFlags
Constants ¶
const NFGEN_HDRLEN = 4
Length in bytes of NfGenHdr structure
Variables ¶
var ErrShortResponse = errors.New("Got short response from netlink")
Functions ¶
This section is empty.
Types ¶
type NLAttr ¶
NLAttr represents a single netlink attribute.
func NewAttr ¶
NewAttr creates and returns a new NLAttr instance from the provided type and data payload
func NewAttrFromFields ¶
NewAttrFromFields creates and returns a new NLAttr instance by serializing the provided fields into a slice of bytes which is stored as the Data element of the attribute.
func ParseAttr ¶
ParseAttr reads a serialized attribute from r and parses it into an NLAttr instance.
func (*NLAttr) ReadFields ¶
ReadFields parses the attribute data into the provided array of fields using binary.Read() to parse each individual field.
type NetlinkSocket ¶
type NetlinkSocket struct {
// contains filtered or unexported fields
}
func NewNetlinkSocket ¶
func NewNetlinkSocket(bus int) (*NetlinkSocket, error)
NewNetlinkSocket creates a new NetlinkSocket
func (*NetlinkSocket) ClearFlag ¶
func (s *NetlinkSocket) ClearFlag(f SockFlags)
ClearFlag removes the flag f from the set of enabled flags for this socket
func (*NetlinkSocket) NewNfNlMsg ¶
func (s *NetlinkSocket) NewNfNlMsg() *NfNlMessage
NewNfNlMsg create and return a new NfNlMessage associated with socket s
func (*NetlinkSocket) Receive ¶
func (s *NetlinkSocket) Receive() <-chan *NfNlMessage
Receive returns a channel to read incoming event messages from.
func (*NetlinkSocket) RecvErr ¶
func (s *NetlinkSocket) RecvErr() error
RecvErr returns an error value if reception of messages ended with an error. When the channel returned by Receive() is closed this function should be called to determine the error, if any, that occurred.
func (*NetlinkSocket) Send ¶
func (s *NetlinkSocket) Send(msg *NfNlMessage) error
Send serializes msg and transmits in on the socket.
func (*NetlinkSocket) SetFlag ¶
func (s *NetlinkSocket) SetFlag(f SockFlags)
SetFlag adds the flag f to the set of enabled flags for this socket
type NfGenHdr ¶
type NfGenHdr struct {
Family uint8 // AF_XXX
Version uint8 // nfnetlink version
ResID uint16 // resource id
}
General address family dependent message header
type NfNlMessage ¶
type NfNlMessage struct {
syscall.NlMsghdr // Netlink message header
NfGenHdr // nfnetlink general header
// contains filtered or unexported fields
}
Netfilter netlink message
func (*NfNlMessage) AddAttribute ¶
func (m *NfNlMessage) AddAttribute(attr *NLAttr)
AddAttribute appends the provided NLAttr attribute to this message
func (*NfNlMessage) AddAttributeData ¶
func (m *NfNlMessage) AddAttributeData(atype uint16, data []byte)
AddAttributeData creates and appends a new NLAttr from the provided type and payload data
func (*NfNlMessage) AddAttributeFields ¶
func (m *NfNlMessage) AddAttributeFields(atype uint16, fields ...interface{}) error
AddAttributeFields creates and appends a new NLAttr by serializing the provided fields as the payload data for the new attribute
func (*NfNlMessage) AttrByType ¶
func (m *NfNlMessage) AttrByType(atype uint16) *NLAttr
AttrByType returns an attribute of the given type if this message contains one, or nil otherwise.
func (*NfNlMessage) Send ¶
func (m *NfNlMessage) Send() error
Send transmits the message on the associated netlink socket
func (*NfNlMessage) Serialize ¶
func (m *NfNlMessage) Serialize() []byte
Serialize the message and return the raw bytes
func (*NfNlMessage) String ¶
func (m *NfNlMessage) String() string
Source Files
Directories