README
¶
go-nflog 
This is go-nflog and it is written in golang. It provides a C-binding free API to the netfilter based log subsystem of the Linux kernel.
Example
func main() {
// Send outgoing pings to nflog group 100
// # sudo iptables -I OUTPUT -p icmp -j NFLOG --nflog-group 100
//Set configuration parameters
config := nflog.Config{
Group: 100,
Copymode: nflog.NfUlnlCopyPacket,
ReadTimeout: 10 * time.Millisecond,
}
nf, err := nflog.Open(&config)
if err != nil {
fmt.Println("could not open nflog socket:", err)
return
}
defer nf.Close()
ctx, _ := context.WithTimeout(context.Background(), 10*time.Second)
fn := func(attrs nflog.Attribute) int {
fmt.Printf("%v\n", attrs.Payload)
return 0
}
// Register your function to listen on nflog group 100
err = nf.Register(ctx, fn)
if err != nil {
fmt.Println(err)
return
}
// Block till the context expires
<-ctx.Done()
}
Privileges
This package processes information directly from the kernel and therefore it requires special privileges. You
can provide this privileges by adjusting the CAP_NET_ADMIN capabilities.
setcap 'cap_net_admin=+ep' /your/executable
For documentation and more examples please take a look at
Documentation
¶
Overview ¶
Package nflog provides an API to interact with the log subsystem of the netfilter family from the linux kernel.
This package processes information directly from the kernel and therefore it requires special privileges. You can provide this privileges by adjusting the CAP_NET_ADMIN capabilities.
setcap 'cap_net_admin=+ep' /your/executable
Index ¶
Examples ¶
Constants ¶
const ( // Available copy modes for Config.Copymode. NfUlnlCopyNone byte = 0x00 NfUlnlCopyMeta byte = 0x01 // Provides a complete copy of the packet in the Msg map. // But can be limited by setting Config.Bufsize. NfUlnlCopyPacket byte = 0x02 // Flags that can be set on a connection NfUlnlCfgFSeq uint16 = 0x0001 NfUlnlCfgFSeqGlobal uint16 = 0x0002 // Requires Kernel configuration of CONFIG_NETFILTER_NETLINK_GLUE_CT NfUlnlCfgFConntrack uint16 = 0x0004 )
Various constants
const (
GenericGroup uint16 = 0x1
)
Various optional settings
Variables ¶
var ( ErrCopyMode = errors.New("unsupported copy mode") ErrUnknownFlag = errors.New("unsupported flag") )
Various errors
Functions ¶
This section is empty.
Types ¶
type Attribute ¶
type Attribute struct {
Hook *uint8
Mark *uint32
Timestamp *time.Time
InDev *uint32
PhysInDev *uint32
OutDev *uint32
PhysOutDev *uint32
Payload *[]byte
Prefix *string
UID *uint32
Seq *uint32
SeqGlobal *uint32
GID *uint32
HwType *uint16
HwAddr *[]byte
HwHeader *[]byte
HwLen *uint16
HwProtocol *uint16
CtInfo *uint32
Ct *[]byte
}
Attribute contains various elements for nflog elements. As not every value is contained in every nflog message, the elements inside Attribute are pointers to these values or nil, if not present.
type Config ¶
type Config struct {
// Network namespace the Nflog needs to operate in. If set to 0 (default),
// no network namespace will be entered.
NetNS int
// Optional flags for the nflog communication
Flags uint16
// Specifies the number of packets in the group,
// until they will be pushed to userspace.
QThresh uint32
// Maximum time in 1/100s that a packet in the nflog group will be queued,
// until it is pushed to userspace.
Timeout uint32
// Nflog group this socket will be assigned to.
Group uint16
// Specifies how the kernel handles a packet in the nflog group.
Copymode uint8
// If NfUlnlCopyPacket is set as CopyMode,
// this parameter specifies the maximum number of bytes,
// that will be copied to userspace.
Bufsize uint32
// Optional settings to enable/disable features
Settings uint16
// Time till a read action times out - only available for Go >= 1.12
ReadTimeout time.Duration
// Interface to log internals.
Logger *log.Logger
}
Config contains options for a Conn.
type HookFunc ¶
HookFunc is a function, that receives events from a Netlinkgroup To stop receiving messages on this HookFunc, return something different than 0
type Nflog ¶
type Nflog struct {
// Con is the pure representation of a netlink socket
Con *netlink.Conn
// contains filtered or unexported fields
}
Nflog represents a netfilter log handler
func (*Nflog) Register ¶
Register your own function as callback for a netfilter log group. Errors other than net.Timeout() will be reported via the provided log interface and the receiving of netfilter log messages will be stopped.
Example ¶
// Send outgoing pings to nflog group 100
// # sudo iptables -I OUTPUT -p icmp -j NFLOG --nflog-group 100
//Set configuration parameters
config := nflog.Config{
Group: 100,
Copymode: nflog.NfUlnlCopyPacket,
ReadTimeout: 10 * time.Millisecond,
}
nf, err := nflog.Open(&config)
if err != nil {
fmt.Println("could not open nflog socket:", err)
return
}
defer nf.Close()
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
fn := func(attrs nflog.Attribute) int {
fmt.Printf("%v\n", attrs.Payload)
return 0
}
// Register your function to listen on nflog group 100
err = nf.Register(ctx, fn)
if err != nil {
fmt.Println(err)
return
}
// Block till the context expires
<-ctx.Done()
Output:
Source Files
Directories