nfqueue

package module

v0.0.0-...-3bdd8bd Latest Latest Go to latest Published: Apr 28, 2014 License: Apache-2.0 Imports: 9 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/OneOfOne/go-nfqueue

Links

Open Source Insights

README ¶

Go-NFQueue

Go Wrapper For Creating IPTables' NFQueue clients in Go

Usage

Check the examples/main.go file

	cd $GOPATH/github.com/OneOfOne/go-nfqueue/examples
	go build -race && sudo ./examples

Open another terminal :

sudo iptables -I INPUT 1 -m conntrack --ctstate NEW -j NFQUEUE --queue-num 0
#or
sudo iptables -I INPUT -i eth0 -m conntrack --ctstate NEW -j NFQUEUE --queue-num 0
curl --head localhost
ping localhost
sudo iptables -D INPUT -m conntrack --ctstate NEW -j NFQUEUE --queue-num 0

Then you can ctrl+c the program to exit.

If you have recent enough iptables/nfqueue you could also use a balanced (multithreaded queue).
check the example in examples/mq/multiqueue.go

iptables -I INPUT 1  -m conntrack --ctstate NEW -j NFQUEUE --queue-balance 0:5 --queue-cpu-fanout

Notes

You must run the executable as root. This is WIP, but all patches are welcome.

License

Copyright (c) 2014 Ahmed W.

Documentation ¶

Index ¶

Constants
Variables
func NewMultiQueue(min, max uint16) (mq *multiQueue)
func NewNFQueue(qid uint16) (nfq *nfQueue)
type IPHeader
type IPProtocol
- func (p IPProtocol) String() string
type IPVersion
- func (v IPVersion) Size() int
- func (v IPVersion) String() string
type Packet
type TCPUDPHeader
type Verdict
- func (v Verdict) String() string

Constants ¶

View Source

const (
	IPv4 = IPVersion(4)
	IPv6 = IPVersion(6)

	//convience really
	IGMP   = IPProtocol(syscall.IPPROTO_IGMP)
	RAW    = IPProtocol(syscall.IPPROTO_RAW)
	TCP    = IPProtocol(syscall.IPPROTO_TCP)
	UDP    = IPProtocol(syscall.IPPROTO_UDP)
	ICMP   = IPProtocol(syscall.IPPROTO_ICMP)
	ICMPv6 = IPProtocol(syscall.IPPROTO_ICMPV6)
)

Variables ¶

View Source

var (
	ErrVerdictSentOrTimedOut error = fmt.Errorf("The verdict was already sent or timed out.")
)

Functions ¶

func NewMultiQueue ¶

func NewMultiQueue(min, max uint16) (mq *multiQueue)

func NewNFQueue ¶

func NewNFQueue(qid uint16) (nfq *nfQueue)

Types ¶

type IPHeader ¶

type IPHeader struct {
	Version IPVersion

	Tos, TTL uint8
	Protocol IPProtocol
	Src, Dst net.IP
}

type IPProtocol ¶

type IPProtocol uint8

func (IPProtocol) String ¶

func (p IPProtocol) String() string

type IPVersion ¶

type IPVersion uint8

func (IPVersion) Size ¶

func (v IPVersion) Size() int

Returns the byte size of the ip, IPv4 = 4 bytes, IPv6 = 16

func (IPVersion) String ¶

func (v IPVersion) String() string

type Packet ¶

type Packet struct {
	QueueId    uint16
	Id         uint32
	HWProtocol uint16
	Hook       uint8
	Mark       uint32
	*IPHeader
	*TCPUDPHeader
	// contains filtered or unexported fields
}

func (*Packet) Accept ¶

func (pkt *Packet) Accept() error

func (*Packet) Drop ¶

func (pkt *Packet) Drop() error

func (*Packet) String ¶

func (pkt *Packet) String() string

type TCPUDPHeader ¶

type TCPUDPHeader struct {
	SrcPort, DstPort uint16
	Checksum         uint16 //not implemented
}

type Verdict ¶

type Verdict uint8

const (
	DROP Verdict = iota
	ACCEPT
	STOLEN
	QUEUE
	REPEAT
	STOP
)

func (Verdict) String ¶

func (v Verdict) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
examples
mq

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL