forked from florianl/go-nfqueue
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtypes.go
148 lines (128 loc) · 3.48 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
package nfqueue
import (
"errors"
"log"
)
// HookFunc is a function, that receives events from a Netlinkgroup
// To stop receiving messages on this HookFunc, return something different than 0
type HookFunc func(m Msg) int
// Config contains options for a Conn.
type Config struct {
// Network namespace the Nflog needs to operate in. If set to 0 (default),
// no network namespace will be entered.
NetNS int
AfFamily uint8
NfQueue uint16
MaxQueueLen uint32
// Only used in combination with NfQnlCopyPacket
MaxPacketLen uint32
Flags uint32
FlagsMask uint32
// Interface to log internals.
Logger *log.Logger
}
// Various errors
var (
ErrAfFamily = errors.New("Unsupported AF_Family type")
ErrRecvMsg = errors.New("Received error message")
ErrUnexpMsg = errors.New("Received unexpected message from kernel")
ErrInvFlag = errors.New("Invalid Flag")
ErrNotLinux = errors.New("Not implemented for OS other than linux")
ErrInvalidVerdict = errors.New("Invalid verdict")
)
// Msg contains all the information of a connection
type Msg map[int]interface{}
// nfLogSubSysQueue the netlink subsystem we will query
const nfnlSubSysQueue = 0x03
// Various identifier,that can be the key of Msg map
const (
AttrPacketID = iota
AttrHook
AttrHwProtocol
AttrIfIndexInDev
AttrIfIndexOutDev
AttrIfIndexPhysInDev
AttrIfIndexPhysOutDev
AttrPayload
AttrCapLen
AttrTimestamp
AttrHwAddr
AttrMark
AttrUID
AttrGID
AttrL2HDR
AttrCt
AttrCtInfo
AttrSkbInfo
AttrExp
AttrSecCtx
AttrVlanProto
AttrVlanTCI
)
const (
nfQaUnspec = iota
nfQaPacketHdr
nfQaVerdictHdr /* nfqnl_msg_verdict_hrd */
nfQaMark /* __u32 nfmark */
nfQaTimestamp /* nfqnl_msg_packet_timestamp */
nfQaIfIndexInDev /* __u32 ifindex */
nfQaIfIndexOutDev /* __u32 ifindex */
nfQaIfIndexPhysInDev /* __u32 ifindex */
nfQaIfIndexPhysOutDev /* __u32 ifindex */
nfQaHwAddr /* nfqnl_msg_packet_hw */
nfQaPayload /* opaque data payload */
nfQaCt /* nf_conntrack_netlink.h */
nfQaCtInfo /* enum ip_conntrack_info */
nfQaCapLen /* __u32 length of captured packet */
nfQaSkbInfo /* __u32 skb meta information */
nfQaExp /* nf_conntrack_netlink.h */
nfQaUID /* __u32 sk uid */
nfQaGID /* __u32 sk gid */
nfQaSecCtx /* security context string */
nfQaVLAN /* nested attribute: packet vlan info */
nfQaL2HDR /* full L2 header */
)
const (
_ = iota
nfQaCfgCmd /* nfqnl_msg_config_cmd */
nfQaCfgParams /* nfqnl_msg_config_params */
nfQaCfgQueueMaxLen /* __u32 */
nfQaCfgMask /* identify which flags to change */
nfQaCfgFlags /* value of these flags (__u32) */
)
const (
_ = iota
nfUlnlCfgCmdBind
nfUlnlCfgCmdUnbind
nfUlnlCfgCmdPfBind
nfUlnlCfgCmdPfUnbind
)
const (
_ = iota
nfQnlMsgVerdict /* verdict from userspace to kernel */
nfQnlMsgConfig /* connect to a particular queue */
nfQnlMsgVerdictBatch /* batchv from userspace to kernel */
)
// Various configuration flags
const (
NfQaCfgFlagFailOpen = (1 << iota)
NfQaCfgFlagConntrack = (1 << iota)
NfQaCfgFlagGSO = (1 << iota)
NfQaCfgFlagUidGid = (1 << iota)
NfQaCfgFlagSecCx = (1 << iota)
nfQaCfgFlagMax = (1 << iota)
)
// copy modes
const (
NfQnlCopyNone = iota
NfQnlCopyMeta
NfQnlCopyPacket
)
// Verdicts
const (
NfDrop = iota
NfAccept
NfStolen
NfQeueue
NfRepeat
)