Support ctnetlink messages #9
Conversation
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
Signed-off-by: terassyi <iscale821@gmail.com>
terassyi
force-pushed
the
support-ctnetlink-subsys
branch
from
98ea7f8 to
2cb429b
Compare
src/ctnetlink/mod.rs
Outdated
| @@ -0,0 +1,4 @@ | |||
| // SPDX-License-Identifier: MIT | |||
|
|
|||
| pub mod message; | |||
There was a problem hiding this comment.
Let's not expose internal module path to public.
I prefer expose all types as netlink-packet-netfilter::conn_track::{ContrackAttr, etc}.
src/ctnetlink/nlas/ct_attr.rs
Outdated
| }; | ||
|
|
||
| #[derive(Debug, Clone, PartialEq, Eq)] | ||
| pub struct CtAttr { |
| GetUnconfirmed(Option<Vec<FlowNla>>), | ||
| Other { | ||
| message_type: u8, | ||
| nlas: Vec<DefaultNla>, |
There was a problem hiding this comment.
Unless kernel code confirmed future data will always a array of Nla, we should use Other((u8, DefaultNla)).
There was a problem hiding this comment.
It seems NetfilterBuffer doesn't provide the method to parse it to a single DefaultNla, should I create a new method?
src/constants.rs
Outdated
|
|
||
| // netflter/nfnetlink_conntrack.h | ||
| // There is no definitions in rust-lang/libc | ||
| pub const IPCTNL_MSG_CT_NEW: u8 = 0; |
There was a problem hiding this comment.
The netlink-packet-route has stopped exposing constants out.
I do not have time to polish here yet, but please do not add more lines to src/contants.rs.
Please:
- Remoev
pub. - Move constant to its user, this make our review easier.
| ]; | ||
|
|
||
| #[test] | ||
| fn test_ct_attr_parse() { |
There was a problem hiding this comment.
I am expecting test case looks like:
(You do not need to document every bits)
You may use nlmon to capture real netlink message:
https://github.com/rust-netlink/netlink-packet-route?tab=readme-ov-file#development
| pub struct ProtocolInfoTcp { | ||
| pub state: u8, | ||
| pub wscale_original: u8, | ||
| pub wscale_reply: u8, | ||
| pub flgas_original: u16, | ||
| pub flags_reply: u16, | ||
| } |
There was a problem hiding this comment.
Please consider to use NlaBuffer, example: https://github.com/rust-netlink/netlink-packet-route/blob/main/src/route/via.rs#L31
There was a problem hiding this comment.
I tried to use buffer macro like the following.
buffer!(ProtocolInfoTcpBuffer {
state: (u8, 0),
wscale_original: (u8, 1),
wscale_reply: (u8, 2),
flags_original: (u16, 3..5),
flags_reply: (u16, 5..7),
});But ProtocolInfoTcp cannot be parsed simply like the example you gave, because it consists of nested ConntrackAttribute.
I'm not familiar with using buffer macro, so if you have any better idea about this, could you give me any hints?
src/ctnetlink/nlas/flow/status.rs
Outdated
| use crate::constants::CTA_STATUS; | ||
|
|
||
| #[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)] | ||
| pub enum ConnectionStatusFlag { |
There was a problem hiding this comment.
Please use bitflags! here. Example: https://github.com/rust-netlink/netlink-packet-route/blob/main/src/route/next_hops.rs#L22
| // SPDX-License-Identifier: MIT | ||
|
|
||
| pub mod ct_attr; | ||
| pub mod flow; |
There was a problem hiding this comment.
do not expose module path out.
src/ctnetlink/nlas/stat/nla.rs
Outdated
| Invalid(u32), | ||
| Ignore(u32), // no longer used | ||
| Delete(u32), // no longer used | ||
| DeleteList(u32), // no longer used |
There was a problem hiding this comment.
If no longer used, please remove it.
| @@ -4,4 +4,5 @@ pub(crate) mod buffer; | |||
| pub mod constants; | |||
| mod message; | |||
| pub use message::{NetfilterHeader, NetfilterMessage, NetfilterMessageInner}; | |||
| pub mod ctnetlink; | |||
There was a problem hiding this comment.
The crate name already contains netlink, how about conn_track?
There was a problem hiding this comment.
It is fine for me to change.
How about conntrack?
Upstream netfilter.org seems to use conntrack rather than conn_track.
terassyi
force-pushed
the
support-ctnetlink-subsys
branch
from
75efe13 to
83942c6
Compare
- rename from CtAttr to ConntrackAttribute - rename from FlowNla and StatNla to FlowAttribute and StatCpuAttribute - use buffier!() for ProtocolInfoTcp - use bitflags!() for ConnectionStatusFlag - remove constant values and enum variants that is no longer used - move values from src/constatnts.rs to its users - stop exposing internal modules - introduce StatGlobalAttribute that represents ctattr_stats_global in the kernel Signed-off-by: terassyi <iscale821@gmail.com>
terassyi
force-pushed
the
support-ctnetlink-subsys
branch
from
83942c6 to
17bb58f
Compare
| pub state: u8, | ||
| pub wscale_original: u8, | ||
| pub wscale_reply: u8, | ||
| pub flgas_original: u16, |
There was a problem hiding this comment.
typo: flgas_original -> flags_original
| pub struct ProtocolTuple { | ||
| pub src_port: u16, | ||
| pub dst_port: u16, | ||
| pub protocol: u8, | ||
| } |
There was a problem hiding this comment.
The protocol tuple doesn't always include ports, and might include other information (attributes). ICMP flows have id, type and code, and IGMP has no additional fields (only CTA_PROTO_NUM should always be present):
enum ctattr_l4proto {
CTA_PROTO_UNSPEC,
CTA_PROTO_NUM,
CTA_PROTO_SRC_PORT,
CTA_PROTO_DST_PORT,
CTA_PROTO_ICMP_ID,
CTA_PROTO_ICMP_TYPE,
CTA_PROTO_ICMP_CODE,
CTA_PROTO_ICMPV6_ID,
CTA_PROTO_ICMPV6_TYPE,
CTA_PROTO_ICMPV6_CODE,
__CTA_PROTO_MAX
};
This PR supports CtNetlink messages and add some example code to use it.
This is based on #8.
And as a reference implementation, I'm developing conntrack command in Rust with rust-netlink.
https://github.com/terassyi/rconntrack