Add experimental nfqueue interception backend

This commit adds a new experimental nfqueue interception backed based on github.com/florianl/go-nfqueue. It should add more stability to the interception of network packets and also eliminates the CGO and the runtime dependency on libnetfilter_queue. Note that this commit does not remove the old nfqueue backend yet but adds a --experimental-nfqueue flag to portmaster-core.
2020-07-30 08:04:40 +02:00
parent 53b0ea4a7c
commit 0451e99431
6 changed files with 296 additions and 17 deletions
--- a/firewall/interception/nfqueue/nfqueue.go
+++ b/firewall/interception/nfqueue/nfqueue.go
@@ -66,6 +66,11 @@ func NewNFQueue(qid uint16) (nfq *NFQueue, err error) {
 	return nfq, nil
 }

+// PacketChannel returns a packet channel
+func (nfq *NFQueue) PacketChannel() <-chan packet.Packet {
+	return nfq.Packets
+}
+
 func (nfq *NFQueue) init() error {
 	var err error
 	if nfq.h, err = C.nfq_open(); err != nil || nfq.h == nil {
--- a/firewall/interception/nfqueue/packet.go
+++ b/firewall/interception/nfqueue/packet.go
@@ -44,7 +44,7 @@ type Packet struct {
 //     pkt.QueueID, pkt.Id, pkt.Protocol, pkt.Src, pkt.SrcPort, pkt.Dst, pkt.DstPort, pkt.Mark, pkt.Checksum, pkt.Tos, pkt.TTL)
 // }

-//nolint:unparam // FIXME
+// nolint:unparam
 func (pkt *Packet) setVerdict(v uint32) (err error) {
 	defer func() {
 		if x := recover(); x != nil {