Documentation ¶
Overview ¶
Package nflog provides an API to interact with the log subsystem of the netfilter family from the linux kernel.
This package processes information directly from the kernel and therefore it requires special privileges. You can provide this privileges by adjusting the CAP_NET_ADMIN capabilities.
setcap 'cap_net_admin=+ep' /your/executable
Index ¶
Examples ¶
Constants ¶
const ( // Available copy modes for Config.Copymode. NfUlnlCopyNone byte = 0x00 NfUlnlCopyMeta byte = 0x01 // Provides a complete copy of the packet in the Msg map. // But can be limited by setting Config.Bufsize. NfUlnlCopyPacket byte = 0x02 // Flags that can be set on a connection NfUlnlCfgFSeq uint16 = 0x0001 NfUlnlCfgFSeqGlobal uint16 = 0x0002 // Requires Kernel configuration of CONFIG_NETFILTER_NETLINK_GLUE_CT NfUlnlCfgFConntrack uint16 = 0x0004 )
Various constants
const (
GenericGroup uint16 = 0x1
)
Various optional settings
Variables ¶
var ( ErrCopyMode = errors.New("unsupported copy mode") ErrUnknownFlag = errors.New("unsupported flag") )
Various errors
Functions ¶
This section is empty.
Types ¶
type Attribute ¶
type Attribute struct { Hook *uint8 Mark *uint32 Timestamp *time.Time InDev *uint32 PhysInDev *uint32 OutDev *uint32 PhysOutDev *uint32 Payload *[]byte Prefix *string UID *uint32 Seq *uint32 SeqGlobal *uint32 GID *uint32 HwType *uint16 HwAddr *[]byte HwHeader *[]byte HwLen *uint16 HwProtocol *uint16 CtInfo *uint32 Ct *[]byte }
Attribute contains various elements for nflog elements. As not every value is contained in every nflog message, the elements inside Attribute are pointers to these values or nil, if not present.
type Config ¶
type Config struct { // Network namespace the Nflog needs to operate in. If set to 0 (default), // no network namespace will be entered. NetNS int // Optional flags for the nflog communication Flags uint16 // Specifies the number of packets in the group, // until they will be pushed to userspace. QThresh uint32 // Maximum time in 1/100s that a packet in the nflog group will be queued, // until it is pushed to userspace. Timeout uint32 // Nflog group this socket will be assigned to. Group uint16 // Specifies how the kernel handles a packet in the nflog group. Copymode uint8 // If NfUlnlCopyPacket is set as CopyMode, // this parameter specifies the maximum number of bytes, // that will be copied to userspace. Bufsize uint32 // Optional settings to enable/disable features Settings uint16 // Time till a read action times out - only available for Go >= 1.12 ReadTimeout time.Duration // Interface to log internals. Logger *log.Logger }
Config contains options for a Conn.
type HookFunc ¶
HookFunc is a function, that receives events from a Netlinkgroup To stop receiving messages on this HookFunc, return something different than 0
type Nflog ¶
type Nflog struct { // Con is the pure representation of a netlink socket Con *netlink.Conn // contains filtered or unexported fields }
Nflog represents a netfilter log handler
func (*Nflog) Register ¶
Register your own function as callback for a netfilter log group. Errors other than net.Timeout() will be reported via the provided log interface and the receiving of netfilter log messages will be stopped.
Example ¶
// Send outgoing pings to nflog group 100 // # sudo iptables -I OUTPUT -p icmp -j NFLOG --nflog-group 100 //Set configuration parameters config := nflog.Config{ Group: 100, Copymode: nflog.NfUlnlCopyPacket, ReadTimeout: 10 * time.Millisecond, } nf, err := nflog.Open(&config) if err != nil { fmt.Println("could not open nflog socket:", err) return } defer nf.Close() ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() fn := func(attrs nflog.Attribute) int { fmt.Printf("%v\n", attrs.Payload) return 0 } // Register your function to listen on nflog group 100 err = nf.Register(ctx, fn) if err != nil { fmt.Println(err) return } // Block till the context expires <-ctx.Done()
Output: