Packet inspection with gopacket and nfqueue...
Packet inspection with golang, gopacket and nfqueue…
# prerequisitesgo get github.com/google/gopacketapt-get install libpcap-devapt-get install libnetfilter-queue-dev# how to run...cd /[golang path]/src/github.com/tgogos/gopacket_nfqueuego install .sudo $GOPATH/bin/gopacket_nfqueue
Virtualbox with three Ubuntu VMs set up like this:
+-----------+ +-------------------+ +-----------+| client VM |-------| pkt inspection VM |-------| server VM |+-----------+ +-------------------+ +-----------+eth1 eth1 eth2 eth1client VM eth1 (host-only): 192.168.4.2server VM eth1 (host-only): 192.168.5.2pkt inspection VM eth1 (host-only): 192.168.4.3pkt inspection VM eth2 (host-only): 192.168.5.3
The client must forward traffic to the pkt inspection VM eth1 so a route must be added:
route add -net 192.168.5.0 netmask 255.255.255.0 gw 192.168.4.3 dev eth1
The server must forward traffic to the pkt inspection VM eth2 so a route must be added:
route add -net 192.168.4.0 netmask 255.255.255.0 gw 192.168.5.3 dev eth1
The following commands set up the packet forwarding and the routing rules in order to use NFQUEUE:
sysctl -w net.ipv4.ip_forward=1iptables -t raw -A PREROUTING -i eth1 -j NFQUEUE --queue-num 0iptables -t raw -A PREROUTING -i eth2 -j NFQUEUE --queue-num 0
To list or flush the above iptables rules:
sudo iptables -t raw -S # listsudo iptables -t raw -F # flush