Crate nfqueue [−] [src]

Netfilter NFQUEUE high-level bindings

libnetfilter_queue is a userspace library providing an API to packets that have been queued by the kernel packet filter. It is is part of a system that deprecates the old ip_queue / libipq mechanism.

libnetfilter_queue homepage is: http://netfilter.org/projects/libnetfilter_queue/

The goal is to provide a library to gain access to packets queued by the kernel packet filter

Using NFQUEUE requires root privileges, or the CAP_NET_ADMIN capability

The code is available on Github

Example

extern crate libc;
extern crate nfqueue;
use std::fmt::Write;

fn callback(msg: &nfqueue::Message) {
    println!(" -> msg: {}", msg);

    let payload_data = msg.get_payload();
    let mut s = String::new();
    for &byte in payload_data {
        write!(&mut s, "{:X} ", byte).unwrap();
    }
    println!("{}", s);

    println!("XML\n{}", msg.as_xml_str(&[nfqueue::XMLFormatFlags::XmlAll]).unwrap());

    msg.set_verdict(nfqueue::Verdict::Accept);
}

fn main() {
    let mut q = nfqueue::Queue::new();

    q.open();

    let rc = q.bind(libc::AF_INET);
    assert!(rc == 0);

    q.create_queue(0, callback);
    q.set_mode(nfqueue::CopyMode::CopyPacket, 0xffff);

    q.set_callback(callback);
    q.run_loop();

    q.close();
}

Structs

HwAddr	Hardware (Ethernet) address
Message	Opaque struct `Message`: abstracts NFLOG data representing a packet data and metadata
NfMsgPacketHdr	Metaheader wrapping a packet
Queue	Opaque struct `Queue`: abstracts an NFLOG queue

Enums

CopyMode	Copy modes
NfqueueError
Verdict	Decision on the packet
XMLFormatFlags	XML formatting flags

Type Definitions

NfqueueCallback

Prototype for the callback function, triggered when a packet is received