add NF-Queue packet capture driver

[david415]

Dear gopacket developers,

I would like to add a Linux NF Queue packet capture driver to gopacket. I'd be willing to add another type of driver... but my goal is to allow Linux users to isolate the traffic via the iptables owner module. The user can create a rule-set that uses a user-id to match traffic and directs the traffic to an NF Queue target.

I've got code here: https://github.com/david415/go-netfilter-queue

What do you think?

[lhausermann]

Hi David

Personaly I think that's a good idea. NF Queue does not have a super great performance, I would remember but that a nice way to grab some packet on Linux... as mostly every host has iptables enabled and that enables to "cherry pick" some packets without settings the whole interface into promiscuous mode.

Laurent

[david415]

Yes the NF Queue AND NF Log... either would work for my purposes. I suspect NF Log is faster but not sure. Implementing a gopacket sniffer for an iptables target is qualitatively different than simply implementing a low level BPF because it allows the user to create arbitrary iptables rule-sets to match the traffic.

[AkihiroSuda]

Just FYI, my fork for go-netfilter-queue supports Go 1.6 (there was cgo-related issue) https://github.com/AkihiroSuda/go-netfilter-queue

[david415]

@AkihiroSuda does it also support packet injection as well as packet capture?

[AkihiroSuda]

You can inject delay (NF_ACCEPT) and fault(NF_DROP), but it doesn't support injecting modified buffer yet

[david415]

@AkihiroSuda nope. wrong. incorrect. you can in fact inject modified packets all day long. i do it all the time. if your nfqueue api doesn't support this then it's not really an nfqueue api now is it?

also... why does everyone keep rewriting go netfilter queue c binding!? i did it. someone else did it. you did it and now looky here subgraph has one too: https://github.com/subgraph/fw-daemon/tree/master/nfqueue