forked from florianl/go-nflog
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathattribute.go
98 lines (90 loc) · 2.39 KB
/
attribute.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
//+build linux
package nflog
import (
"bytes"
"encoding/binary"
"log"
"time"
"github.com/mdlayher/netlink"
"golang.org/x/sys/unix"
)
func extractAttribute(m Msg, logger *log.Logger, data []byte) error {
ad, err := netlink.NewAttributeDecoder(data)
if err != nil {
return err
}
ad.ByteOrder = binary.BigEndian
for ad.Next() {
switch ad.Type() {
case nfUlaAttrPacketHdr:
m[AttrHwProtocol] = binary.BigEndian.Uint16(ad.Bytes()[:2])
m[AttrHook] = ad.Bytes()[3]
case nfUlaAttrMark:
m[AttrMark] = ad.Bytes()
case nfUlaAttrTimestamp:
var sec, usec int64
r := bytes.NewReader(ad.Bytes()[:8])
if err := binary.Read(r, binary.BigEndian, &sec); err != nil {
return err
}
r = bytes.NewReader(ad.Bytes()[8:])
if err := binary.Read(r, binary.BigEndian, &usec); err != nil {
return err
}
m[AttrTimestamp] = time.Unix(sec, usec*1000)
case nfUlaAttrIfindexIndev:
m[AttrIfindexIndev] = ad.Uint32()
case nfUlaAttrIfindexOutdev:
m[AttrIfindexOutdev] = ad.Uint32()
case nfUlaAttrIfindexPhysIndev:
m[AttrIfindexPhysIndev] = ad.Uint32()
case nfUlaAttrIfindexPhysOutdev:
m[AttrIfindexPhysOutdev] = ad.Uint32()
case nfUlaAttrHwaddr:
hwAddrLen := binary.BigEndian.Uint16(ad.Bytes()[:2])
m[AttrHwAddr] = (ad.Bytes())[4 : 4+hwAddrLen]
case nfUlaAttrPayload:
m[AttrPayload] = ad.Bytes()
case nfUlaAttrPrefix:
m[AttrPrefix] = ad.String()
case nfUlaAttrUID:
m[AttrUID] = ad.Uint32()
case nfUlaAttrSeq:
m[AttrSeq] = ad.Uint32()
case nfUlaAttrSeqGlobal:
m[AttrSeqGlobal] = ad.Uint32()
case nfUlaAttrGID:
m[AttrGID] = ad.Uint32()
case nfUlaAttrHwType:
m[AttrHwType] = ad.Uint16()
case nfUlaAttrHwHeader:
m[AttrHwHeader] = ad.Bytes()
case nfUlaAttrHwLen:
m[AttrHwLen] = ad.Uint16()
case nfUlaAttrCt + nlafNested:
m[AttrCt] = ad.Bytes()
case nfUlaAttrCtInfo:
m[AttrCtInfo] = ad.Uint32()
default:
logger.Printf("Unknown attribute: %d %v\n", ad.Type(), ad.Bytes())
}
}
if err := ad.Err(); err != nil {
return err
}
return nil
}
func checkHeader(data []byte) int {
if (data[0] == unix.AF_INET || data[0] == unix.AF_INET6) && data[1] == unix.NFNETLINK_V0 {
return 4
}
return 0
}
func extractAttributes(logger *log.Logger, msg []byte) (Msg, error) {
var data = make(Msg)
offset := checkHeader(msg[:2])
if err := extractAttribute(data, logger, msg[offset:]); err != nil {
return nil, err
}
return data, nil
}