MCPcopy
hub / github.com/evilsocket/opensnitch / SocketDiagPacket

Function SocketDiagPacket

daemon/netlink/socket_packet.go:143–172  ·  view source on GitHub ↗

SocketDiagPacket dumps AF_PACKET sockets from kernel

(proto uint8)

Source from the content-addressed store, hash-verified

141
142// SocketDiagPacket dumps AF_PACKET sockets from kernel
143func SocketDiagPacket(proto uint8) ([]*PacketDiagMsg, error) {
144 req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, syscall.NLM_F_DUMP)
145 req.AddData(&PacketDiagReq{
146 Family: unix.AF_PACKET,
147 Protocol: proto,
148 // TODO: dump bpf filters | PACKET_SHOW_FILTER
149 Show: PACKET_SHOW_INFO | PACKET_SHOW_MCLIST,
150 })
151 msgs, err := req.Execute(syscall.NETLINK_INET_DIAG, 0)
152 if err != nil {
153 log.Debug("[netlink] socket.packetRequest: %s", err)
154 return nil, err
155 }
156 if len(msgs) == 0 {
157 log.Debug("[netlink] socket.packetRequest: 0 msgs")
158 return []*PacketDiagMsg{}, nil
159 }
160
161 pkts := make([]*PacketDiagMsg, len(msgs))
162 for n, m := range msgs {
163 log.Trace("[netlink] AF_PACKET, size: %d, %+v", len(m), m)
164 p := &PacketDiagMsg{}
165 if err = p.deserialize(m); err != nil {
166 log.Trace("[%d] netlink socket.packet error: %s", n, err)
167 continue
168 }
169 pkts[n] = p
170 }
171 return pkts, nil
172}

Callers

nothing calls this directly

Calls 1

deserializeMethod · 0.95

Tested by

no test coverage detected