nfqueue

package

v0.2.1 Latest Latest Go to latest Published: Feb 12, 2019 License: AGPL-3.0, Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Safing/portmaster

Links

Open Source Insights

README ¶

Go-NFQueue

Go Wrapper For Creating IPTables' NFQueue clients in Go

Usage

Check the examples/main.go file

	cd $GOPATH/github.com/OneOfOne/go-nfqueue/examples
	go build -race && sudo ./examples

Open another terminal :

sudo iptables -I INPUT 1 -m conntrack --ctstate NEW -j NFQUEUE --queue-num 0
#or
sudo iptables -I INPUT -i eth0 -m conntrack --ctstate NEW -j NFQUEUE --queue-num 0
curl --head localhost
ping localhost
sudo iptables -D INPUT -m conntrack --ctstate NEW -j NFQUEUE --queue-num 0

Then you can ctrl+c the program to exit.

If you have recent enough iptables/nfqueue you could also use a balanced (multithreaded queue).
check the example in examples/mq/multiqueue.go

iptables -I INPUT 1  -m conntrack --ctstate NEW -j NFQUEUE --queue-balance 0:5 --queue-cpu-fanout

Notes

You must run the executable as root. This is WIP, but all patches are welcome.

License

Copyright (c) 2014 Ahmed W.

Documentation ¶

Index ¶

Constants
Variables
type NFQueue
- func NewNFQueue(qid uint16) (nfq *NFQueue, err error)
- func (this *NFQueue) Destroy()
- func (this *NFQueue) Valid() bool
type Packet

Constants ¶

View Source

const (
	NFQ_DROP   uint32 = 0 // discarded the packet
	NFQ_ACCEPT uint32 = 1 // the packet passes, continue iterations
	NFQ_STOLEN uint32 = 2 // gone away
	NFQ_QUEUE  uint32 = 3 // inject the packet into a different queue (the target queue number is in the high 16 bits of the verdict)
	NFQ_REPEAT uint32 = 4 // iterate the same cycle once more
	NFQ_STOP   uint32 = 5 // accept, but don't continue iterations
)

Variables ¶

View Source

var (
	ErrVerdictSentOrTimedOut error = fmt.Errorf("The verdict was already sent or timed out.")
)

Functions ¶

This section is empty.

Types ¶

type NFQueue ¶

type NFQueue struct {
	DefaultVerdict uint32
	Timeout        time.Duration

	Packets chan packet.Packet
	// contains filtered or unexported fields
}

func NewNFQueue ¶

func NewNFQueue(qid uint16) (nfq *NFQueue, err error)

func (*NFQueue) Destroy ¶

func (this *NFQueue) Destroy()

func (*NFQueue) Valid ¶

func (this *NFQueue) Valid() bool

type Packet ¶

type Packet struct {
	packet.PacketBase

	QueueId    uint16
	Id         uint32
	HWProtocol uint16
	Hook       uint8
	Mark       uint32
	// contains filtered or unexported fields
}

func (*Packet) Accept ¶

func (pkt *Packet) Accept() error

func (*Packet) Block ¶

func (pkt *Packet) Block() error

func (*Packet) Drop ¶

func (pkt *Packet) Drop() error

func (*Packet) PermanentAccept ¶

func (pkt *Packet) PermanentAccept() error

func (*Packet) PermanentBlock ¶

func (pkt *Packet) PermanentBlock() error

func (*Packet) PermanentDrop ¶

func (pkt *Packet) PermanentDrop() error

func (*Packet) RerouteToNameserver ¶

func (pkt *Packet) RerouteToNameserver() error

func (*Packet) RerouteToTunnel ¶

func (pkt *Packet) RerouteToTunnel() error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL