Packet inspection with golang, gopacket and nfqueue...
# prerequisites
go get github.com/google/gopacket
apt-get install libpcap-dev
apt-get install libnetfilter-queue-dev
# how to run...
cd /[golang path]/src/github.com/tgogos/gopacket_nfqueue
go install .
sudo $GOPATH/bin/gopacket_nfqueueVirtualbox with three Ubuntu VMs set up like this:
+-----------+ +-------------------+ +-----------+
| client VM |-------| pkt inspection VM |-------| server VM |
+-----------+ +-------------------+ +-----------+
eth1 eth1 eth2 eth1
client VM eth1 (host-only): 192.168.4.2
server VM eth1 (host-only): 192.168.5.2
pkt inspection VM eth1 (host-only): 192.168.4.3
pkt inspection VM eth2 (host-only): 192.168.5.3
The client must forward traffic to the pkt inspection VM eth1 so a route must be added:
route add -net 192.168.5.0 netmask 255.255.255.0 gw 192.168.4.3 dev eth1
The server must forward traffic to the pkt inspection VM eth2 so a route must be added:
route add -net 192.168.4.0 netmask 255.255.255.0 gw 192.168.5.3 dev eth1
The following commands set up the packet forwarding and the routing rules in order to use NFQUEUE:
sysctl -w net.ipv4.ip_forward=1
iptables -t raw -A PREROUTING -i eth1 -j NFQUEUE --queue-num 0
iptables -t raw -A PREROUTING -i eth2 -j NFQUEUE --queue-num 0To list or flush the above iptables rules:
sudo iptables -t raw -S # list
sudo iptables -t raw -F # flush