conntrack - Pure-Go Conntrack implementation; for humans.

  •        129

Package conntrack implements the Conntrack subsystem of the Netfilter (Netlink) protocol family. The package is intended to be clear, user-friendly, thoroughly tested and easy to understand. It is purely written in Go, without any dependency on Cgo or any C library, kernel headers or userspace tools. It uses a native Netlink implementation (https://github.com/mdlayher/netlink) and does not parse or scrape any output of the conntrack command.

https://github.com/ti-mo/conntrack

Tags
Implementation
License
Platform

   




Related Projects

synsanity - netfilter (iptables) target for high performance lockless SYN cookies for SYN flood mitigation

  •    C

synsanity is a netfilter (iptables) target for high performance lockless SYN cookies for SYN flood mitigation, as used in production at GitHub.synsanity allows Linux servers running 3.x kernels to handle SYN floods with minimal (or at least less) performance impact. With default Linux kernel 3.x settings, a very small SYN flood causes complete CPU exhaustion as the kernel spinlocks on the LISTEN socket and in conntrack. synsanity moves much of this work into a netfilter (iptables) target and bypasses locks for this attack scenario, allowing high throughput syncookie generation before the packets hit the TCP stack.

tenus - Linux networking in Golang

  •    Go

tenus is a Golang package which allows you to configure and manage Linux network devices programmatically. It communicates with Linux Kernel via netlink to facilitate creation and configuration of network devices on the Linux host. The package also allows for more advanced network setups with Linux containers including Docker. tenus uses runc's implementation of netlink protocol. The package only works with newer Linux Kernels (3.10+) which are shipping reasonably new netlink protocol implementation, so if you are running older kernel this package won't be of much use to you I'm afraid. I have developed this package on Ubuntu Trusty Tahr which ships with 3.13+ and verified its functionality on Precise Pangolin with upgraded kernel to version 3.10. I could worked around the netlink issues by using ioctl syscalls, but I decided to prefer "pure netlink" implementation, so suck it old Kernels.

netlink - Simple netlink library for go.

  •    Go

The netlink package provides a simple netlink library for go. Netlink is the interface a user-space program in linux uses to communicate with the kernel. It can be used to add and remove interfaces, set ip addresses and routes, and configure ipsec. Netlink communication requires elevated privileges, so in most cases this code needs to be run as root. Since low-level netlink messages are inscrutable at best, the library attempts to provide an api that is loosely modeled on the CLI provided by iproute2. Actions like ip link add will be accomplished via a similarly named function like AddLink(). This library began its life as a fork of the netlink functionality in docker/libcontainer but was heavily rewritten to improve testability, performance, and to add new functionality like ipsec xfrm handling. Note NewLinkAttrs constructor, it sets default values in structure. For now it sets only TxQLen to -1, so kernel will set default by itself. If you're using simple initialization(LinkAttrs{Name: "foo"}) TxQLen will be set to 0 unless you specify it like LinkAttrs{Name: "foo", TxQLen: 1000}.

tenus - Linux networking in Go

  •    Go

tenus is a Golang package which allows you to configure and manage Linux network devices programmatically. It communicates with Linux Kernel via netlink to facilitate creation and configuration of network devices on the Linux host. The package also allows for more advanced network setups with Linux containers including Docker. tenus uses runc's implementation of netlink protocol. The package only works with newer Linux Kernels (3.10+) which are shipping reasonably new netlink protocol implementation, so if you are running older kernel this package won't be of much use to you I'm afraid. I have developed this package on Ubuntu Trusty Tahr which ships with 3.13+ and verified its functionality on Precise Pangolin with upgraded kernel to version 3.10. I could worked around the netlink issues by using ioctl syscalls, but I decided to prefer "pure netlink" implementation, so suck it old Kernels.

iplist

  •    Java

iplist is a list based packet handler which uses the netfilter netlink-queue library (kernel 2.6.14 or later). It filters by IP-address and is optimized for thousands of IP-address ranges.


sshttp - SSH/HTTP(S) multiplexer. Run a webserver and a sshd on the same port w/o changes.

  •    C++

In case your FW policy forbids SSH access to the DMZ or internal network from outside, but you still want to use ssh on machines which only have one open port, e.g. HTTP, you can use sshttpd. Be sure you run recent Linux kernel and install nf-conntrack as well as libcap and libcap-devel if you want to use the capability feature.

pyroute2 - Python netlink library — Linux network setup and monitoring

  •    Python

More samples you can read in the project documentation. Low-level IPRoute utility --- Linux network configuration. The IPRoute class is a 1-to-1 RTNL mapping. There are no implicit interface lookups and so on.

HiddenWall - Tool to generate a Linux kernel module for custom rules with Netfilter hooking. (block ports, Hidden mode, rootkit functions etc)

  •    C

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that block external access, because have a hook to netfilter on kernel land(think like a second layer for firewall).

Gettext - PHP library to collect and manipulate gettext (.po, .mo, .php, .json, etc)

  •    PHP

Gettext is a PHP (>=5.4) library to import/export/edit gettext from PO, MO, PHP, JS files, etc.

CEmu - Third-party TI-84 Plus CE / TI-83 Premium CE emulator, focused on developer features

  •    C++

CEmu is a third-party TI-84 Plus CE / TI-83 Premium CE calculator emulator, focused on developer features. CEmu works natively on Windows, macOS, and Linux. For performance and portability, the core is programmed in C and its customizable GUI in C++ with Qt. Note: CEmu is not a TI product nor is it TI-endorsed/affiliated. If you need an official TI CE emulator, TI-SmartView™ CE is for you.

Translate - Essential Toolkit for Localization Engineers.

  •    Python

At its core the software contains a set of classes for handling various localization storage formats: DTD, properties, OpenOffice.org GSI/SDF, CSV, MO, Qt .ts, TMX, TBX, WordFast txt, Gettext .mo, Windows RC, and of course PO and XLIFF. It also provides scripts to convert between these formats.

golang - Docker Official Image packaging for golang

  •    Dockerfile

This is the Git repo of the Docker "Official Image" for golang (not to be confused with any official golang image provided by golang upstream). See the Docker Hub page for the full readme on how to use this Docker image and for information regarding contributing and issues. The full description from Docker Hub is generated over in docker-library/docs, specifically in docker-library/docs/golang.

dotsql - A Golang library for using SQL.

  •    Go

A Golang library for using SQL. It is not an ORM, it is not a query builder. Dotsql is a library that helps you keep sql files in one place and use it with ease.

confluent-kafka-go - Confluent's Apache Kafka Golang client

  •    Go

confluent-kafka-go is Confluent's Golang client for Apache Kafka and the Confluent Platform.High performance - confluent-kafka-go is a lightweight wrapper around librdkafka, a finely tuned C client.

EGESPLOIT - EGESPLOIT is a golang library for malware development

  •    Go

EGESPLOIT is a golang library for malware development, it has few unique functions for meterpreter integration.

trollhunter - linux netfilter/iptables f

  •    Perl

a linux netfilter/iptables firewall log summarizer with graphical and command line interface that helps the sysadmin in his daily routine. points of interest can be examined closer to gain further information. you can also run it in command line mode and

Ufw - Uncomplicated Firewall

  •    Python

Ufw stands for Uncomplicated Firewall, and is program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.

unipdf - Golang PDF library for creating and processing PDF files (pure go)

  •    Go

UniDoc's UniPDF (formerly unidoc) is a PDF library for Go (golang) with capabilities for creating and reading, processing PDF files. The library is written and supported by FoxyUtils.com, where the library is used to power many of its services. Multiple examples are provided in our example repository https://github.com/unidoc/unidoc-examples as well as documented examples on our website.

goridge - High-performance PHP-to-Golang IPC bridge

  •    PHP

Goridge is high performance PHP-to-Golang codec library which works over native PHP sockets and Golang net/rpc package. The library allows you to call Go service methods from PHP with minimal footprint, structures and []byte support. The MIT License (MIT). Please see LICENSE for more information.

dicom - High Performance DICOM Medical Image Parser in Go

  •    Go

This is a library and command-line tool to read, write, and generally work with DICOM medical image files in native Go. The goal is to build a full-featured, high-performance, and readable DICOM parser for the Go community.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.