Skip to content

Commit

Permalink
feat: add connmark support (#41)
Browse files Browse the repository at this point in the history
* feat: add connmark support

* chore: remove unused conntrack attributes

Signed-off-by: Toby <[email protected]>

---------

Signed-off-by: Toby <[email protected]>
  • Loading branch information
tobyxdd authored Dec 18, 2023
1 parent 2f82571 commit f2bdeb0
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 0 deletions.
48 changes: 48 additions & 0 deletions nfqueue.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,27 @@ func (nfqueue *Nfqueue) SetVerdictWithMark(id uint32, verdict, mark int) error {
return nfqueue.setVerdict(id, verdict, false, attributes)
}

// SetVerdictWithConnMark signals the kernel the next action and the connmark for a specified package id
func (nfqueue *Nfqueue) SetVerdictWithConnMark(id uint32, verdict, mark int) error {
buf := make([]byte, 4)
binary.BigEndian.PutUint32(buf, uint32(mark))
ctAttrs, err := netlink.MarshalAttributes([]netlink.Attribute{{
Type: ctaMark,
Data: buf,
}})
if err != nil {
return err
}
attributes, err := netlink.MarshalAttributes([]netlink.Attribute{{
Type: netlink.Nested | nfQaCt,
Data: ctAttrs,
}})
if err != nil {
return err
}
return nfqueue.setVerdict(id, verdict, false, attributes)
}

// SetVerdictModPacket signals the kernel the next action for an altered packet
func (nfqueue *Nfqueue) SetVerdictModPacket(id uint32, verdict int, packet []byte) error {
data, err := netlink.MarshalAttributes([]netlink.Attribute{{
Expand Down Expand Up @@ -73,6 +94,33 @@ func (nfqueue *Nfqueue) SetVerdictModPacketWithMark(id uint32, verdict, mark int
return nfqueue.setVerdict(id, verdict, false, data)
}

// SetVerdictModPacketWithConnMark signals the kernel the next action and connmark for an altered packet
func (nfqueue *Nfqueue) SetVerdictModPacketWithConnMark(id uint32, verdict, mark int, packet []byte) error {
buf := make([]byte, 4)
binary.BigEndian.PutUint32(buf, uint32(mark))
ctAttrs, err := netlink.MarshalAttributes([]netlink.Attribute{{
Type: ctaMark,
Data: buf,
}})
if err != nil {
return err
}
data, err := netlink.MarshalAttributes([]netlink.Attribute{
{
Type: nfQaPayload,
Data: packet,
},
{
Type: netlink.Nested | nfQaCt,
Data: ctAttrs,
},
})
if err != nil {
return err
}
return nfqueue.setVerdict(id, verdict, false, data)
}

// SetVerdict signals the kernel the next action for a specified package id
func (nfqueue *Nfqueue) SetVerdict(id uint32, verdict int) error {
return nfqueue.setVerdict(id, verdict, false, []byte{})
Expand Down
5 changes: 5 additions & 0 deletions types.go
Original file line number Diff line number Diff line change
Expand Up @@ -163,3 +163,8 @@ const (
NfQeueue
NfRepeat
)

// conntrack attributes
const (
ctaMark = 8
)

0 comments on commit f2bdeb0

Please sign in to comment.