chifflier / nfqueue-go Goto Github PK
View Code? Open in Web Editor NEWGo bindings for NFQueue
License: GNU General Public License v2.0
Go bindings for NFQueue
License: GNU General Public License v2.0
Hi,
Do you know why this line in (CreateQueue):
q.c_qh = C.nfq_create_queue(q.c_h,C.u_int16_t(queue_num),(*C.nfq_callback)(C.c_nfq_cb),unsafe.Pointer(q))
Is halting build with the error:
panic: runtime error: cgo argument has Go pointer to Go pointer
Thanks
I know nfqueue can modify packets queued by linux kernel , but I cannot find the production situation of such cases, could you please give me some introduction ?
Thanks
With lines commented ReadMsgIP
works, uncommenting those lines make it block.
#sudo iptables -t nat -D OUTPUT -p tcp -m tcp --dport 80 -j NFQUEUE --queue-num 13 -m owner ! --gid-owner proxyclient
sudo iptables -t nat -D OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT
#sudo iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j NFQUEUE --queue-num 13 -m owner ! --gid-owner proxyclient
sudo iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT
package main
import (
"github.com/chifflier/nfqueue-go/nfqueue"
"syscall"
"net"
"fmt"
"log"
"math"
)
func handleQueue(payload *nfqueue.Payload) int {
payload.SetVerdict(nfqueue.NF_ACCEPT)
return nfqueue.NF_ACCEPT // Must return verdict
}
func createInputQueue() {
q := new(nfqueue.Queue)
q.SetCallback(handleQueue)
q.Init()
q.Unbind(syscall.AF_INET)
q.Bind(syscall.AF_INET)
q.CreateQueue(13)
q.Loop()
q.DestroyQueue()
q.Close()
}
func main() {
ipConn, err := net.ListenIP("ip:tcp", &net.IPAddr{IP: net.IPv4(127, 0, 0, 1)})
if err != nil {
fmt.Println("Try running under root rights.")
log.Fatal(err)
}
log.Println("Listening!")
maxIPPacketSize := math.MaxUint16
fmt.Println("BEFORE LOOP")
go func(){
for {
ipBuf := make([]byte, maxIPPacketSize)
oob := make([]byte, maxIPPacketSize)
fmt.Println("Blocking on read MSG")
/*n*/_, _, _, _, err := ipConn.ReadMsgIP(ipBuf, oob)
if err != nil {
log.Println(err)
continue
}
fmt.Println("UNBLOCKED")
// packetData := ipBuf[:n]
}
}()
createInputQueue()
}
source <(head -2 on.bash)
sudo groupadd proxyclient
sudo -g proxyclient ./test
go build test.go
, start it with sudo ./start.bash
./on.bash
./off.bash
./on.bash
./off.bash
Maybe because NF_ACCEPT verdict presumes all next rules in the chain are skipped?
Hi all,
Is it possible to have a callback method which is of any specific type?
example:
type nfqCallback struct {
pool *redis.Pool
}
func(n nfqCallback) real_callback(payload *nfqueue.Payload) int {
// access the pool here
}
// some where in main
w := nfqCallback{pool: p}
queue.SetCallback(w.real_callback)
I tried to run the code but it panic'ed with the following trace.
panic: runtime error: cgo argument has Go pointer to Go pointer
goroutine 10 [running]:
panic(0x995e40, 0xc42120ecc0)
/usr/local/go/src/runtime/panic.go:500 +0x1a1
bitbucket.org/acklio/vdm/vendor/github.com/chifflier/nfqueue-go/nfqueue._cgoCheckPointer0(0xc4212122a0, 0x0, 0x0, 0x0, 0x0)
??:0 +0x59
bitbucket.org/acklio/vdm/vendor/github.com/chifflier/nfqueue-go/nfqueue.(*Queue).CreateQueue(0xc4212122a0, 0x0, 0x0, 0x0)
/home/arun/work/src/bitbucket.org/acklio/vdm/vendor/github.com/chifflier/nfqueue-go/nfqueue/nfqueue.go:165 +0x155
I don't know if this is the right place, but I'm trying to build bettercap inside a Docker and it balks at this:
/go/pkg/mod/github.com/chifflier/[email protected]/nfqueue/nfqueue.go:187:29: could not determine kind of name for C.u_int16_t
/go/pkg/mod/github.com/chifflier/[email protected]/nfqueue/nfqueue.go:269:35: could not determine kind of name for C.u_int32_t
/go/pkg/mod/github.com/chifflier/[email protected]/nfqueue/nfqueue.go:257:27: could not determine kind of name for C.u_int8_t
My host OS runs go 1.18.5 and builds fine, but the Docker has 1.19.2 and I guess has the issue?
Hi, big thanks for your work on this package!
Sadly I can't find any information about code license. Can you please add some license file (MIT or BSD for example) to your repository?
Hello, how can i get ip from incoming packet?
An error occurs when libnetfilter-queue-dev(1.0.5-2) is installed:
Package libnetfilter_queue was not found in the pkg-config search path.
Perhaps you should add the directory containing `libnetfilter_queue.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libnetfilter_queue' found
pkg-config: exit status 1
I maked these...
// Returns the packet HW address
func (p *Payload) GetSrcHwAddr() []byte {
hwInfo := C.nfq_get_packet_hw(p.nfad)
addrl := int(C.ntohs(C.uint16_t(hwInfo.hw_addrlen)))
res := make([]byte, addrl)
for i := 0; i < addrl; i++ {
res[i] = byte(hwInfo.hw_addr[i])
}
return res
}
Does nfqueue handle tcp sessions (replies to tcp packets)?
I wrote a tcp proxy client that sends tcp packets to server (server accepts tcp connections), but it doesn't work and I think it's because replies are not handled. Is it true?
Server shows no TCP connections accepted.
Should I check packet destination address and return NF_QUEUE
for tcp replies?
package main
import (
"net"
"fmt"
"syscall"
"flag"
"sync"
"github.com/chifflier/nfqueue-go/nfqueue"
)
func run(payload *nfqueue.Payload) int {
fmt.Println("run")
handle(payload.Data)
return nfqueue.NF_ACCEPT
}
func handle(data []byte) {
fmt.Println("handle")
toTCP, err := net.ResolveTCPAddr("tcp", *remoteAddr)
if err != nil {
panic(nil)
}
fmt.Println("dial")
remote, err := net.DialTCP("tcp", nil, toTCP)
if err != nil {
panic(err)
}
defer remote.Close()
fmt.Println("write data...")
wcount, err := remote.Write(data)
if err != nil {
panic(err)
}
if wcount != len(data) {
panic(fmt.Sprintf("Not all data written: %s/%s", wcount, len(data)))
}
}
var remoteAddr *string = flag.String("r", "boom", "remote address")
func main() {
flag.Parse();
if *remoteAddr == "boom" {
panic("Specify proxy server address!")
}
fmt.Println("Starting server...")
q := new(nfqueue.Queue)
q.SetCallback(run)
q.Init()
q.Unbind(syscall.AF_INET)
q.Bind(syscall.AF_INET)
q.CreateQueue(13)
q.Loop()
q.DestroyQueue()
q.Close()
}
# Don't queue packets from proxyclient to proxyclient itself!
sudo iptables -A OUTPUT -p tcp -m tcp --dport 80 -j NFQUEUE --queue-num 13 -m owner ! --gid-owner proxyclient
sudo iptables -A OUTPUT -p tcp -m tcp --dport 443 -j NFQUEUE --queue-num 13 -m owner ! --gid-owner proxyclient
sudo -g proxyclient ./proxy-client -r $@
// server
listener, err := net.ListenTCP("tcp", p.fromTCP)
for each connection := listener.AcceptTCP() {
packet := new TCPPacket(connection.readPayload())
remote := net.DialTCP("tcp", nil, packet.destination)
defer remote.Close()
remote.Write(packet.asData)
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.