Documentation ¶
Overview ¶
Package nflog provides an API to interact with the log subsystem of the netfilter family from the linux kernel.
Index ¶
Examples ¶
Constants ¶
View Source
const ( // Available copy modes for Config.Copymode. NfUlnlCopyNone byte = 0x00 NfUlnlCopyMeta byte = 0x01 // Provides a complete copy of the packet in the Msg map. // But can be limited by setting Config.Bufsize. NfUlnlCopyPacket byte = 0x02 // Flags that can be set on a connection NfUlnlCfgFSeq uint16 = 0x0001 NfUlnlCfgFSeqGlobal uint16 = 0x0002 // Requires Kernel configuration of CONFIG_NETFILTER_NETLINK_GLUE_CT NfUlnlCfgFConntrack uint16 = 0x0004 )
Various constants
View Source
const ( AttrHwProtocol = iota AttrHook AttrMark AttrTimestamp AttrIfindexIndev AttrIfindexOutdev AttrIfindexPhysIndev AttrIfindexPhysOutdev AttrHwAddr AttrPayload AttrPrefix AttrUID AttrSeq AttrSeqGlobal AttrGID AttrHwType AttrHwHeader AttrHwLen AttrCt AttrCtInfo )
Various identifier,that can be the key of Msg map A Msg map don't need to contain all of these keys.
Variables ¶
View Source
var ( ErrCopyMode = errors.New("Unsupported copy mode") ErrUnknownFlag = errors.New("Unsupported flag") )
Various errors
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // Network namespace the Nflog needs to operate in. If set to 0 (default), // no network namespace will be entered. NetNS int // Optional flags Flags uint16 // Specifies the number of packets in the group, // until they will be pushed to userspace. QThresh uint32 // Maximum time in 1/100s that a packet in the nflog group will be queued, // until it is pushed to userspace. Timeout uint32 // Nflog group this socket will be assigned to. Group uint16 // Specifies how the kernel handles a packet in the nflog group. Copymode uint8 // If NfUlnlCopyPacket is set as CopyMode, // this parameter specifies the maximum number of bytes, // that will be copied to userspace. Bufsize uint32 // Interface to log internals. Logger *log.Logger }
Config contains options for a Conn.
type HookFunc ¶
HookFunc is a function, that receives events from a Netlinkgroup To stop receiving messages on this HookFunc, return something different than 0
type Nflog ¶
type Nflog struct { // Con is the pure representation of a netlink socket Con *netlink.Conn // contains filtered or unexported fields }
Nflog represents a netfilter log handler
func (*Nflog) Register ¶
Register your own function as callback for a netfilter log group
Example ¶
// Send outgoing pings to nflog group 100 // # sudo iptables -I OUTPUT -p icmp -j NFLOG --nflog-group 100 //Set configuration parameters config := nflog.Config{ Group: 100, Copymode: nflog.NfUlnlCopyPacket, } nf, err := nflog.Open(&config) if err != nil { fmt.Println("could not open nflog socket:", err) return } defer nf.Close() ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() fn := func(m nflog.Msg) int { fmt.Printf("%v\n", m[nflog.AttrPayload]) return 0 } // Register your function to listen on nflog group 100 err = nf.Register(ctx, fn) if err != nil { fmt.Println(err) return } // Block till the context expires <-ctx.Done()
Output:
Click to show internal directories.
Click to hide internal directories.