interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix table monitor definition and bump go version to 1.18

This commit is contained in:
Auztin Zhai 2023-12-09 19:24:19 -05:00
parent 352d70194a
commit 8ebaf8696d
2 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -1,6 +1,6 @@
module github.com/google/nftables module github.com/google/nftables
go 1.17 go 1.18
require ( require (
github.com/mdlayher/netlink v1.7.1 github.com/mdlayher/netlink v1.7.1

24
monitor.go
View File

@ -15,6 +15,8 @@
package nftables package nftables
import ( import (
"math"
"strings"
"sync" "sync"
"github.com/mdlayher/netlink" "github.com/mdlayher/netlink"
@ -49,12 +51,12 @@ var (
monitorFlags = map[MonitorAction]map[MonitorObject]uint32{ monitorFlags = map[MonitorAction]map[MonitorObject]uint32{
MonitorActionAny: { MonitorActionAny: {
MonitorObjectAny: 0xffffffff, MonitorObjectAny: 0xffffffff,
MonitorObjectTables: 1<<unix.NFT_MSG_NEWTABLE | 1<<unix.NFT_MSG_DELCHAIN, MonitorObjectTables: 1<<unix.NFT_MSG_NEWTABLE | 1<<unix.NFT_MSG_DELTABLE,
MonitorObjectChains: 1<<unix.NFT_MSG_NEWCHAIN | 1<<unix.NFT_MSG_DELCHAIN, MonitorObjectChains: 1<<unix.NFT_MSG_NEWCHAIN | 1<<unix.NFT_MSG_DELCHAIN,
MonitorObjectRules: 1<<unix.NFT_MSG_NEWRULE | 1<<unix.NFT_MSG_DELRULE, MonitorObjectRules: 1<<unix.NFT_MSG_NEWRULE | 1<<unix.NFT_MSG_DELRULE,
MonitorObjectSets: 1<<unix.NFT_MSG_NEWSET | 1<<unix.NFT_MSG_DELSET, MonitorObjectSets: 1<<unix.NFT_MSG_NEWSET | 1<<unix.NFT_MSG_DELSET,
MonitorObjectElements: 1<<unix.NFT_MSG_NEWSETELEM | 1<<unix.NFT_MSG_DELSETELEM, MonitorObjectElements: 1<<unix.NFT_MSG_NEWSETELEM | 1<<unix.NFT_MSG_DELSETELEM,
MonitorObjectRuleset: 1<<unix.NFT_MSG_NEWTABLE | 1<<unix.NFT_MSG_DELCHAIN | MonitorObjectRuleset: 1<<unix.NFT_MSG_NEWTABLE | 1<<unix.NFT_MSG_DELTABLE |
1<<unix.NFT_MSG_NEWCHAIN | 1<<unix.NFT_MSG_DELCHAIN | 1<<unix.NFT_MSG_NEWCHAIN | 1<<unix.NFT_MSG_DELCHAIN |
1<<unix.NFT_MSG_NEWRULE | 1<<unix.NFT_MSG_DELRULE | 1<<unix.NFT_MSG_NEWRULE | 1<<unix.NFT_MSG_DELRULE |
1<<unix.NFT_MSG_NEWSET | 1<<unix.NFT_MSG_DELSET | 1<<unix.NFT_MSG_NEWSET | 1<<unix.NFT_MSG_DELSET |
@ -105,11 +107,12 @@ const (
EventTypeDelSetElem EventType = unix.NFT_MSG_DELSETELEM EventTypeDelSetElem EventType = unix.NFT_MSG_DELSETELEM
EventTypeNewObj EventType = unix.NFT_MSG_NEWOBJ EventTypeNewObj EventType = unix.NFT_MSG_NEWOBJ
EventTypeDelObj EventType = unix.NFT_MSG_DELOBJ EventTypeDelObj EventType = unix.NFT_MSG_DELOBJ
EventTypeOOB EventType = math.MaxInt
) )
type Event struct { type Event struct {
Type EventType Type EventType
Data interface{} Data any
Error error Error error
} }
@ -182,7 +185,19 @@ func (monitor *Monitor) monitor() {
for { for {
msgs, err := monitor.conn.Receive() msgs, err := monitor.conn.Receive()
if err != nil { if err != nil {
if strings.Contains(err.Error(), "use of closed file") {
// ignore the error that be closed
break break
} else {
// any other errors will be send to user, and then to close eventCh
event := &Event{
Type: EventTypeOOB,
Data: nil,
Error: err,
}
monitor.eventCh <- event
break
}
} }
for _, msg := range msgs { for _, msg := range msgs {
if msg.Header.Type&0xff00>>8 != netlink.HeaderType(unix.NFNL_SUBSYS_NFTABLES) { if msg.Header.Type&0xff00>>8 != netlink.HeaderType(unix.NFNL_SUBSYS_NFTABLES) {
@ -256,12 +271,13 @@ func (monitor *Monitor) monitor() {
func (monitor *Monitor) Close() { func (monitor *Monitor) Close() {
monitor.mu.Lock() monitor.mu.Lock()
defer monitor.mu.Unlock()
if monitor.status != monitorClosed { if monitor.status != monitorClosed {
monitor.status = monitorClosed monitor.status = monitorClosed
monitor.closer() monitor.closer()
close(monitor.eventCh) close(monitor.eventCh)
} }
monitor.mu.Unlock()
} }
// AddMonitor to perform the monitor immediately. The channel will be closed after // AddMonitor to perform the monitor immediately. The channel will be closed after