Support ctnetlink messages #9
Conversation
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
98ea7f8 to
2cb429b
Compare
| @@ -0,0 +1,4 @@ | |||
| // SPDX-License-Identifier: MIT | |||
|
|
|||
| pub mod message; | |||
There was a problem hiding this comment.
Let's not expose internal module path to public.
I prefer expose all types as netlink-packet-netfilter::conn_track::{ContrackAttr, etc}.
| }; | ||
|
|
||
| #[derive(Debug, Clone, PartialEq, Eq)] | ||
| pub struct CtAttr { |
| GetUnconfirmed(Option<Vec<FlowNla>>), | ||
| Other { | ||
| message_type: u8, | ||
| nlas: Vec<DefaultNla>, |
There was a problem hiding this comment.
Unless kernel code confirmed future data will always a array of Nla, we should use Other((u8, DefaultNla)).
There was a problem hiding this comment.
It seems NetfilterBuffer doesn't provide the method to parse it to a single DefaultNla, should I create a new method?
|
|
||
| // netflter/nfnetlink_conntrack.h | ||
| // There is no definitions in rust-lang/libc | ||
| pub const IPCTNL_MSG_CT_NEW: u8 = 0; |
There was a problem hiding this comment.
The netlink-packet-route has stopped exposing constants out.
I do not have time to polish here yet, but please do not add more lines to src/contants.rs.
Please:
- Remoev
pub. - Move constant to its user, this make our review easier.
| ]; | ||
|
|
||
| #[test] | ||
| fn test_ct_attr_parse() { |
There was a problem hiding this comment.
I am expecting test case looks like:
https://github.com/rust-netlink/netlink-packet-route/blob/main/src/link/tests/vrf.rs#L68
(You do not need to document every bits)
You may use nlmon to capture real netlink message:
https://github.com/rust-netlink/netlink-packet-route?tab=readme-ov-file#development
| pub struct ProtocolInfoTcp { | ||
| pub state: u8, | ||
| pub wscale_original: u8, | ||
| pub wscale_reply: u8, | ||
| pub flgas_original: u16, | ||
| pub flags_reply: u16, | ||
| } |
There was a problem hiding this comment.
Please consider to use NlaBuffer, example: https://github.com/rust-netlink/netlink-packet-route/blob/main/src/route/via.rs#L31
There was a problem hiding this comment.
I tried to use buffer macro like the following.
buffer!(ProtocolInfoTcpBuffer {
state: (u8, 0),
wscale_original: (u8, 1),
wscale_reply: (u8, 2),
flags_original: (u16, 3..5),
flags_reply: (u16, 5..7),
});But ProtocolInfoTcp cannot be parsed simply like the example you gave, because it consists of nested ConntrackAttribute.
I'm not familiar with using buffer macro, so if you have any better idea about this, could you give me any hints?
| use crate::constants::CTA_STATUS; | ||
|
|
||
| #[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)] | ||
| pub enum ConnectionStatusFlag { |
There was a problem hiding this comment.
Please use bitflags! here. Example: https://github.com/rust-netlink/netlink-packet-route/blob/main/src/route/next_hops.rs#L22
| // SPDX-License-Identifier: MIT | ||
|
|
||
| pub mod ct_attr; | ||
| pub mod flow; |
There was a problem hiding this comment.
do not expose module path out.
| Invalid(u32), | ||
| Ignore(u32), // no longer used | ||
| Delete(u32), // no longer used | ||
| DeleteList(u32), // no longer used |
There was a problem hiding this comment.
If no longer used, please remove it.
| @@ -4,4 +4,5 @@ pub(crate) mod buffer; | |||
| pub mod constants; | |||
| mod message; | |||
| pub use message::{NetfilterHeader, NetfilterMessage, NetfilterMessageInner}; | |||
| pub mod ctnetlink; | |||
There was a problem hiding this comment.
The crate name already contains netlink, how about conn_track?
There was a problem hiding this comment.
It is fine for me to change.
How about conntrack?
Upstream netfilter.org seems to use conntrack rather than conn_track.
This PR supports CtNetlink messages and add some example code to use it.
This is based on #8.
And as a reference implementation, I'm developing conntrack command in Rust with rust-netlink.
https://github.com/terassyi/rconntrack