//Create and bind to queue specified by queueId
func NewNFQueue(queueId uint16, maxPacketsInQueue uint32, packetSize uint32) (*NFQueue, error) {
var nfq = NFQueue{}
var err error
var ret C.int
if nfq.h, err = C.nfq_open(); err != nil {
return nil, fmt.Errorf("Error opening NFQueue handle: %v\n", err)
}
if ret, err = C.nfq_unbind_pf(nfq.h, AF_INET); err != nil || ret < 0 {
return nil, fmt.Errorf("Error unbinding existing NFQ handler from AF_INET protocol family: %v\n", err)
}
if ret, err := C.nfq_bind_pf(nfq.h, AF_INET); err != nil || ret < 0 {
return nil, fmt.Errorf("Error binding to AF_INET protocol family: %v\n", err)
}
nfq.packets = make(chan NFPacket)
if nfq.qh, err = C.CreateQueue(nfq.h, C.u_int16_t(queueId), unsafe.Pointer(&nfq.packets)); err != nil || nfq.qh == nil {
C.nfq_close(nfq.h)
return nil, fmt.Errorf("Error binding to queue: %v\n", err)
}
if ret, err = C.nfq_set_queue_maxlen(nfq.qh, C.u_int32_t(maxPacketsInQueue)); err != nil || ret < 0 {
C.nfq_destroy_queue(nfq.qh)
C.nfq_close(nfq.h)
return nil, fmt.Errorf("Unable to set max packets in queue: %v\n", err)
}
if C.nfq_set_mode(nfq.qh, C.u_int8_t(2), C.uint(packetSize)) < 0 {
C.nfq_destroy_queue(nfq.qh)
C.nfq_close(nfq.h)
return nil, fmt.Errorf("Unable to set packets copy mode: %v\n", err)
}
if nfq.fd, err = C.nfq_fd(nfq.h); err != nil {
C.nfq_destroy_queue(nfq.qh)
C.nfq_close(nfq.h)
return nil, fmt.Errorf("Unable to get queue file-descriptor. %v", err)
}
go nfq.run()
return &nfq, nil
}
func (this *nfQueue) Destroy() {
this.lk.Lock()
defer this.lk.Unlock()
if this.fd != 0 && this.Valid() {
syscall.Close(this.fd)
}
if this.qh != nil {
C.nfq_destroy_queue(this.qh)
this.qh = nil
}
if this.h != nil {
C.nfq_close(this.h)
this.h = nil
}
if this.pktch != nil {
close(this.pktch)
}
}
//Unbind and close the queue
func (nfq *NFQueue) Close() {
C.nfq_destroy_queue(nfq.qh)
C.nfq_close(nfq.h)
}