Clean up linter errors
This commit is contained in:
Daniel
@@ -27,6 +27,8 @@ func init() {
|
||||
queues = make(map[uint16]*NFQueue)
|
||||
}
|
||||
|
||||
// NFQueue holds a Linux NFQ Handle and associated information.
|
||||
//nolint:maligned // FIXME
|
||||
type NFQueue struct {
|
||||
DefaultVerdict uint32
|
||||
Timeout time.Duration
|
||||
@@ -41,6 +43,7 @@ type NFQueue struct {
|
||||
Packets chan packet.Packet
|
||||
}
|
||||
|
||||
// NewNFQueue initializes a new netfilter queue.
|
||||
func NewNFQueue(qid uint16) (nfq *NFQueue, err error) {
|
||||
if os.Geteuid() != 0 {
|
||||
return nil, errors.New("must be root to intercept packets")
|
||||
@@ -61,96 +64,98 @@ func NewNFQueue(qid uint16) (nfq *NFQueue, err error) {
|
||||
return nfq, nil
|
||||
}
|
||||
|
||||
func (this *NFQueue) init() error {
|
||||
func (nfq *NFQueue) init() error {
|
||||
var err error
|
||||
if this.h, err = C.nfq_open(); err != nil || this.h == nil {
|
||||
if nfq.h, err = C.nfq_open(); err != nil || nfq.h == nil {
|
||||
return fmt.Errorf("could not open nfqueue: %s", err)
|
||||
}
|
||||
|
||||
//if this.qh, err = C.nfq_create_queue(this.h, qid, C.get_cb(), unsafe.Pointer(nfq)); err != nil || this.qh == nil {
|
||||
//if nfq.qh, err = C.nfq_create_queue(nfq.h, qid, C.get_cb(), unsafe.Pointer(nfq)); err != nil || nfq.qh == nil {
|
||||
|
||||
this.Packets = make(chan packet.Packet, 1)
|
||||
nfq.Packets = make(chan packet.Packet, 1)
|
||||
|
||||
if C.nfq_unbind_pf(this.h, C.AF_INET) < 0 {
|
||||
this.Destroy()
|
||||
if C.nfq_unbind_pf(nfq.h, C.AF_INET) < 0 {
|
||||
nfq.Destroy()
|
||||
return errors.New("nfq_unbind_pf(AF_INET) failed, are you root?")
|
||||
}
|
||||
if C.nfq_unbind_pf(this.h, C.AF_INET6) < 0 {
|
||||
this.Destroy()
|
||||
if C.nfq_unbind_pf(nfq.h, C.AF_INET6) < 0 {
|
||||
nfq.Destroy()
|
||||
return errors.New("nfq_unbind_pf(AF_INET6) failed")
|
||||
}
|
||||
|
||||
if C.nfq_bind_pf(this.h, C.AF_INET) < 0 {
|
||||
this.Destroy()
|
||||
if C.nfq_bind_pf(nfq.h, C.AF_INET) < 0 {
|
||||
nfq.Destroy()
|
||||
return errors.New("nfq_bind_pf(AF_INET) failed")
|
||||
}
|
||||
if C.nfq_bind_pf(this.h, C.AF_INET6) < 0 {
|
||||
this.Destroy()
|
||||
if C.nfq_bind_pf(nfq.h, C.AF_INET6) < 0 {
|
||||
nfq.Destroy()
|
||||
return errors.New("nfq_bind_pf(AF_INET6) failed")
|
||||
}
|
||||
|
||||
if this.qh, err = C.create_queue(this.h, C.uint16_t(this.qid)); err != nil || this.qh == nil {
|
||||
C.nfq_close(this.h)
|
||||
if nfq.qh, err = C.create_queue(nfq.h, C.uint16_t(nfq.qid)); err != nil || nfq.qh == nil {
|
||||
C.nfq_close(nfq.h)
|
||||
return fmt.Errorf("could not create queue: %s", err)
|
||||
}
|
||||
|
||||
this.fd = int(C.nfq_fd(this.h))
|
||||
nfq.fd = int(C.nfq_fd(nfq.h))
|
||||
|
||||
if C.nfq_set_mode(this.qh, C.NFQNL_COPY_PACKET, 0xffff) < 0 {
|
||||
this.Destroy()
|
||||
if C.nfq_set_mode(nfq.qh, C.NFQNL_COPY_PACKET, 0xffff) < 0 {
|
||||
nfq.Destroy()
|
||||
return errors.New("nfq_set_mode(NFQNL_COPY_PACKET) failed")
|
||||
}
|
||||
if C.nfq_set_queue_maxlen(this.qh, 1024*8) < 0 {
|
||||
this.Destroy()
|
||||
if C.nfq_set_queue_maxlen(nfq.qh, 1024*8) < 0 {
|
||||
nfq.Destroy()
|
||||
return errors.New("nfq_set_queue_maxlen(1024 * 8) failed")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (this *NFQueue) Destroy() {
|
||||
this.lk.Lock()
|
||||
defer this.lk.Unlock()
|
||||
// Destroy closes all the nfqueues.
|
||||
func (nfq *NFQueue) Destroy() {
|
||||
nfq.lk.Lock()
|
||||
defer nfq.lk.Unlock()
|
||||
|
||||
if this.fd != 0 && this.Valid() {
|
||||
syscall.Close(this.fd)
|
||||
if nfq.fd != 0 && nfq.Valid() {
|
||||
syscall.Close(nfq.fd)
|
||||
}
|
||||
if this.qh != nil {
|
||||
C.nfq_destroy_queue(this.qh)
|
||||
this.qh = nil
|
||||
if nfq.qh != nil {
|
||||
C.nfq_destroy_queue(nfq.qh)
|
||||
nfq.qh = nil
|
||||
}
|
||||
if this.h != nil {
|
||||
C.nfq_close(this.h)
|
||||
this.h = nil
|
||||
if nfq.h != nil {
|
||||
C.nfq_close(nfq.h)
|
||||
nfq.h = nil
|
||||
}
|
||||
|
||||
// TODO: don't close, we're exiting anyway
|
||||
// if this.Packets != nil {
|
||||
// close(this.Packets)
|
||||
// if nfq.Packets != nil {
|
||||
// close(nfq.Packets)
|
||||
// }
|
||||
}
|
||||
|
||||
func (this *NFQueue) Valid() bool {
|
||||
return this.h != nil && this.qh != nil
|
||||
// Valid returns whether the NFQueue is still valid.
|
||||
func (nfq *NFQueue) Valid() bool {
|
||||
return nfq.h != nil && nfq.qh != nil
|
||||
}
|
||||
|
||||
//export go_nfq_callback
|
||||
func go_nfq_callback(id uint32, hwproto uint16, hook uint8, mark *uint32,
|
||||
version, protocol, tos, ttl uint8, saddr, daddr unsafe.Pointer,
|
||||
sport, dport, checksum uint16, payload_len uint32, payload, data unsafe.Pointer) (v uint32) {
|
||||
sport, dport, checksum uint16, payloadLen uint32, payload, data unsafe.Pointer) (v uint32) {
|
||||
|
||||
qidptr := (*uint16)(data)
|
||||
qid := uint16(*qidptr)
|
||||
qid := *qidptr
|
||||
|
||||
// nfq := (*NFQueue)(nfqptr)
|
||||
ipVersion := packet.IPVersion(version)
|
||||
ipsz := C.int(ipVersion.ByteSize())
|
||||
bs := C.GoBytes(payload, (C.int)(payload_len))
|
||||
bs := C.GoBytes(payload, (C.int)(payloadLen))
|
||||
|
||||
verdict := make(chan uint32, 1)
|
||||
pkt := Packet{
|
||||
QueueId: qid,
|
||||
Id: id,
|
||||
QueueID: qid,
|
||||
ID: id,
|
||||
HWProtocol: hwproto,
|
||||
Hook: hook,
|
||||
Mark: *mark,
|
||||
|
||||
Reference in New Issue
Block a user