Expand description
Netfilter NFQUEUE high-level bindings
libnetfilter_queue is a userspace library providing an API to packets that have been queued by the kernel packet filter. It is is part of a system that deprecates the old ip_queue / libipq mechanism.
libnetfilter_queue homepage is: http://netfilter.org/projects/libnetfilter_queue/
The goal is to provide a library to gain access to packets queued by the kernel packet filter
Using NFQUEUE requires root privileges, or the CAP_NET_ADMIN capability
The code is available on Github
§Example
ⓘ
extern crate libc;
extern crate nfqueue;
use std::fmt::Write;
fn callback(msg: &nfqueue::Message) {
println!(" -> msg: {}", msg);
let payload_data = msg.get_payload();
let mut s = String::new();
for &byte in payload_data {
write!(&mut s, "{:X} ", byte).unwrap();
}
println!("{}", s);
println!("XML\n{}", msg.as_xml_str(&[nfqueue::XMLFormatFlags::XmlAll]).unwrap());
msg.set_verdict(nfqueue::Verdict::Accept);
}
fn main() {
let mut q = nfqueue::Queue::new();
q.open();
let rc = q.bind(libc::AF_INET);
assert!(rc == 0);
q.create_queue(0, callback);
q.set_mode(nfqueue::CopyMode::CopyPacket, 0xffff);
q.set_callback(callback);
q.run_loop();
q.close();
}Structs§
- HwAddr
- Hardware (Ethernet) address
- Message
- Opaque struct
Message: abstracts NFLOG data representing a packet data and metadata - NfMsg
Packet Hdr - Metaheader wrapping a packet
- Queue
- Opaque struct
Queue: abstracts an NFLOG queue
Enums§
- Copy
Mode - Copy modes
- Nfqueue
Error - Verdict
- Decision on the packet
- XMLFormat
Flags - XML formatting flags
Type Aliases§
- Nfqueue
Callback - Prototype for the callback function, triggered when a packet is received