Categorygithub.com/codingjzy/netlink-gonflog

package

1.42.1

Repository: https://github.com/codingjzy/netlink-go.git

Documentation: pkg.go.dev

# README

nflog-go

nflog-go implements a go native implementation for the nflog netlink interface provided by Linux to the in-kernel packets logged by the kernel packet filter.

The library implements a subset of the functionality provided by https://www.netfilter.org/projects/libnetfilter_log/

The library implements the following APIs

Receiving logs (packets) from kernel based on groups and chains from iptables

# Packages

example

No description provided by the author

# Functions

BindAndListenForLogs

BindAndListenForLogs -- a complete set to open/unbind/bind/bindgroup and listen for logs group -- group to bind with and listen packetSize -- max expected packetSize (0:unlimited).

NewNFLog

NewNFLog -- Create a new Nflog handle.

NfaAlign16

NfaAlign16 -- To align payload.

# Constants

IPVersion

No description provided by the author

NFULA_CFG_CMD

nfulnl_msg_config_cmd */.

NFULA_CFG_FLAGS

__u16 */.

NFULA_CFG_MODE

nfulnl_msg_config_mode */.

NFULA_CFG_NLBUFSIZ

__u32 buffer size */.

NFULA_CFG_QTHRESH

__u32 */.

NFULA_CFG_TIMEOUT

__u32 in 1/100 s */.

NFULA_CFG_UNSPEC

enum nfulnl_attr_config.

NFULA_CT

nf_conntrack_netlink.h */.

NFULA_CT_INFO

enum ip_conntrack_info */.

NFULA_GID

group id of socket */.

NFULA_HWADDR

nfulnl_msg_packet_hw */.

NFULA_HWHEADER

hardware header */.

NFULA_HWLEN

hardware header length */.

NFULA_HWTYPE

hardware type */.

NFULA_IFINDEX_INDEV

__u32 ifindex */.

NFULA_IFINDEX_OUTDEV

__u32 ifindex */.

NFULA_IFINDEX_PHYSINDEV

__u32 ifindex */.

NFULA_IFINDEX_PHYSOUTDEV

__u32 ifindex */.

NFULA_MARK

__u32 nfmark */.

NFULA_PACKET_HDR

enum nfulnl_attr_type.

NFULA_PAYLOAD

opaque data payload */.

NFULA_PREFIX

string prefix */.

NFULA_SEQ

instance-local sequence number */.

NFULA_SEQ_GLOBAL

global sequence number */.

NFULA_TIMESTAMP

nfulnl_msg_packet_timestamp */.

NFULA_UID

user id of socket */.

NFULA_UNSPEC

enum nfulnl_attr_type.

NFULNL_CFG_CMD_BIND

enum nfulnl_msg_config_cmds.

NFULNL_CFG_CMD_NONE

enum nfulnl_msg_config_cmds.

NFULNL_CFG_CMD_PF_BIND

enum nfulnl_msg_config_cmds.

NFULNL_CFG_CMD_PF_UNBIND

enum nfulnl_msg_config_cmds.

NFULNL_CFG_CMD_UNBIND

enum nfulnl_msg_config_cmds.

NFULNL_COPY_META

No description provided by the author

NFULNL_COPY_NONE

No description provided by the author

NFULNL_COPY_PACKET

No description provided by the author

NFULNL_MSG_CONFIG

enum nfulnl_msg_types.

NFULNL_MSG_MAX

enum nfulnl_msg_types.

NFULNL_MSG_PACKET

enum nfulnl_msg_types.

SizeofMsgConfigCommand

No description provided by the author

SizeofMsgConfigMode

No description provided by the author

# Structs

IPLayer

IPLayer -- IPLayer struct.

NflMsgConfigCommand

NflMsgConfigCommand -- NflMsgConfigCommand struct for configs (ex: bind).

NflMsgConfigMode

NflMsgConfigMode -- NflMsgConfigMode struct for copy range and mode (ex: copy meta).

NfLog

NfLog -- Nflog struct Groups -- Nflog group to bind with.

NfPacket

NfPacket -- NfPacket struct for parsing logs Payload -- Complete packet with ethernet,tcp and ip IPLayer -- Iplayer struct TCPLayer -- Tcplayer struct PacketPayload -- Tcp payload.

PacketPayload

PacketPayload -- PacketPayload struct.

Ports

Ports -- Generic struct for TCP and UDP ports.

SockHandles

SockHandles -- Sock handle of netlink socketfd -- fd of socketrcvbufSize -- rcv buffer Sizelsa -- local address.

# Interfaces

NFLog

NFLog -- This is the interface which has all the necessary functions to read logs from kernel This is needed if we don't want to call BindAndListenForLogs() Useful for testing and debugging.

SockHandle

SockHandle Opaque interface with unexported functions.