refactor: use enums for subsystem and message types

This refactors the crate to use type-safe enums for netfilter subsystems and message types, for a safer and more idiomatic API.

- Introduces a `Subsystem` enum to replace raw `u8` identifiers for `NfLog` and `Conntrack` subsystems.

- Introduces `NfLogMessageType` and `ConntrackMessageType` enums to provide type safety for messages within each subsystem.

- Makes the top-level `NetfilterMessage::message_type()` function private to guide users towards the safer pattern of matching on `NetfilterMessageInner`.

- Updates the internal parsing logic in `buffer.rs` to use the new `Subsystem` enum.

Signed-off-by: Shivang K Raghuvanshi <[email protected]>

Author: shivkr6

examples/nflog.rs

@@ -17,15 +17,15 @@ use netlink_packet_netfilter::{
             config::{ConfigCmd, ConfigFlags, ConfigMode, Timeout},
             packet::PacketNla,
         },
-        NfLogMessage,
+        ULogMessage,
     },
     NetfilterMessage, NetfilterMessageInner,
 };
 use netlink_sys::{constants::NETLINK_NETFILTER, Socket};
 
 fn get_packet_nlas(message: &NetlinkMessage<NetfilterMessage>) -> &[PacketNla] {
     if let NetlinkPayload::InnerMessage(NetfilterMessage {
-        inner: NetfilterMessageInner::NfLog(NfLogMessage::Packet(nlas)),
+        inner: NetfilterMessageInner::ULog(ULogMessage::Packet(nlas)),
         ..
     }) = &message.payload
     {

src/buffer.rs

@@ -3,10 +3,10 @@
 use crate::{
     conntrack::ConntrackMessage,
     message::{
-        NetfilterHeader, NetfilterMessage, NetfilterMessageInner,
+        NetfilterHeader, NetfilterMessage, NetfilterMessageInner, Subsystem,
         NETFILTER_HEADER_LEN,
     },
-    nflog::NfLogMessage,
+    nflog::ULogMessage,
 };
 use netlink_packet_core::{
     buffer, fields, DecodeError, DefaultNla, ErrorContext, NlaBuffer,
@@ -53,17 +53,17 @@ impl<'a, T: AsRef<[u8]> + ?Sized>
             .context("failed to parse netfilter header")?;
         let subsys = (message_type >> 8) as u8;
         let message_type = message_type as u8;
-        let inner = match subsys {
-            NfLogMessage::SUBSYS => NetfilterMessageInner::NfLog(
-                NfLogMessage::parse_with_param(buf, message_type)
+        let inner = match Subsystem::from(subsys) {
+            Subsystem::ULog => NetfilterMessageInner::ULog(
+                ULogMessage::parse_with_param(buf, message_type)
                     .context("failed to parse nflog payload")?,
             ),
-            ConntrackMessage::SUBSYS => NetfilterMessageInner::Conntrack(
+            Subsystem::Conntrack => NetfilterMessageInner::Conntrack(
                 ConntrackMessage::parse_with_param(buf, message_type)
                     .context("failed to parse conntrack payload")?,
             ),
-            _ => NetfilterMessageInner::Other {
-                subsys,
+            subsys_enum @ Subsystem::Other(_) => NetfilterMessageInner::Other {
+                subsys: subsys_enum,
                 message_type,
                 attributes: buf.default_nlas()?,
             },

src/conntrack/message.rs

@@ -1,9 +1,7 @@
 // SPDX-License-Identifier: MIT
 
 use crate::{
-    buffer::NetfilterBuffer,
-    conntrack::attributes::ConntrackAttribute,
-    constants::{IPCTNL_MSG_CT_GET, NFNL_SUBSYS_CTNETLINK},
+    buffer::NetfilterBuffer, conntrack::attributes::ConntrackAttribute,
 };
 use netlink_packet_core::{
     DecodeError, DefaultNla, Emitable, Parseable, ParseableParametrized,
@@ -19,13 +17,40 @@ pub enum ConntrackMessage {
     },
 }
 
-impl ConntrackMessage {
-    pub(crate) const SUBSYS: u8 = NFNL_SUBSYS_CTNETLINK;
+const IPCTNL_MSG_CT_GET: u8 = 1;
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+#[non_exhaustive]
+pub enum ConntrackMessageType {
+    Get,
+    Other(u8),
+}
+
+impl From<u8> for ConntrackMessageType {
+    fn from(value: u8) -> Self {
+        match value {
+            IPCTNL_MSG_CT_GET => Self::Get,
+            v => Self::Other(v),
+        }
+    }
+}
 
-    pub fn message_type(&self) -> u8 {
+impl From<ConntrackMessageType> for u8 {
+    fn from(value: ConntrackMessageType) -> Self {
+        match value {
+            ConntrackMessageType::Get => IPCTNL_MSG_CT_GET,
+            ConntrackMessageType::Other(v) => v,
+        }
+    }
+}
+
+impl ConntrackMessage {
+    pub fn message_type(&self) -> ConntrackMessageType {
         match self {
-            ConntrackMessage::Get(_) => IPCTNL_MSG_CT_GET,
-            ConntrackMessage::Other { message_type, .. } => *message_type,
+            ConntrackMessage::Get(_) => ConntrackMessageType::Get,
+            ConntrackMessage::Other { message_type, .. } => {
+                (*message_type).into()
+            }
         }
     }
 }
@@ -61,17 +86,19 @@ impl<'a, T: AsRef<[u8]> + ?Sized>
         buf: &NetfilterBuffer<&'a T>,
         message_type: u8,
     ) -> Result<Self, DecodeError> {
-        Ok(match message_type {
-            IPCTNL_MSG_CT_GET => {
+        Ok(match ConntrackMessageType::from(message_type) {
+            ConntrackMessageType::Get => {
                 let attributes = buf.parse_all_nlas(|nla_buf| {
                     ConntrackAttribute::parse(&nla_buf)
                 })?;
                 ConntrackMessage::Get(attributes)
             }
-            _ => ConntrackMessage::Other {
-                message_type,
-                attributes: buf.default_nlas()?,
-            },
+            ConntrackMessageType::Other(message_type) => {
+                ConntrackMessage::Other {
+                    message_type,
+                    attributes: buf.default_nlas()?,
+                }
+            }
         })
     }
 }

src/conntrack/mod.rs

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: MIT
 
 mod message;
-pub use message::ConntrackMessage;
+pub use message::{ConntrackMessage, ConntrackMessageType};
 mod attributes;
 pub use attributes::{
     ConntrackAttribute, IPTuple, ProtoInfo, ProtoInfoTCP, ProtoTuple, Protocol,

src/constants.rs

@@ -43,10 +43,8 @@ pub const AF_ALG: u8 = libc::AF_ALG as u8;
 pub const NFNETLINK_V0: u8 = libc::NFNETLINK_V0 as u8;
 
 pub const NFNL_SUBSYS_NONE: u8 = libc::NFNL_SUBSYS_NONE as u8;
-pub const NFNL_SUBSYS_CTNETLINK: u8 = libc::NFNL_SUBSYS_CTNETLINK as u8;
 pub const NFNL_SUBSYS_CTNETLINK_EXP: u8 = libc::NFNL_SUBSYS_CTNETLINK_EXP as u8;
 pub const NFNL_SUBSYS_QUEUE: u8 = libc::NFNL_SUBSYS_QUEUE as u8;
-pub const NFNL_SUBSYS_ULOG: u8 = libc::NFNL_SUBSYS_ULOG as u8;
 pub const NFNL_SUBSYS_OSF: u8 = libc::NFNL_SUBSYS_OSF as u8;
 pub const NFNL_SUBSYS_IPSET: u8 = libc::NFNL_SUBSYS_IPSET as u8;
 pub const NFNL_SUBSYS_ACCT: u8 = libc::NFNL_SUBSYS_ACCT as u8;
@@ -83,8 +81,3 @@ pub const NFULA_HWHEADER: u16 = libc::NFULA_HWHEADER as u16;
 pub const NFULA_HWLEN: u16 = libc::NFULA_HWLEN as u16;
 pub const NFULA_CT: u16 = libc::NFULA_CT as u16;
 pub const NFULA_CT_INFO: u16 = libc::NFULA_CT_INFO as u16;
-
-pub const NFULNL_MSG_CONFIG: u8 = libc::NFULNL_MSG_CONFIG as u8;
-pub const NFULNL_MSG_PACKET: u8 = libc::NFULNL_MSG_PACKET as u8;
-
-pub(crate) const IPCTNL_MSG_CT_GET: u8 = 1;

src/lib.rs

@@ -3,7 +3,9 @@
 pub(crate) mod buffer;
 pub mod constants;
 mod message;
-pub use message::{NetfilterHeader, NetfilterMessage, NetfilterMessageInner};
+pub use message::{
+    NetfilterHeader, NetfilterMessage, NetfilterMessageInner, Subsystem,
+};
 pub mod conntrack;
 pub mod nflog;
 #[cfg(test)]

src/message.rs

@@ -7,7 +7,7 @@ use netlink_packet_core::{
 };
 
 use crate::{
-    buffer::NetfilterBuffer, conntrack::ConntrackMessage, nflog::NfLogMessage,
+    buffer::NetfilterBuffer, conntrack::ConntrackMessage, nflog::ULogMessage,
 };
 
 pub(crate) const NETFILTER_HEADER_LEN: usize = 4;
@@ -60,21 +60,53 @@ impl<T: AsRef<[u8]>> Parseable<NetfilterHeaderBuffer<T>> for NetfilterHeader {
     }
 }
 
+// Defined in Linux kernel: include/uapi/linux/netfilter/nfnetlink.h
+pub const NFNL_SUBSYS_CTNETLINK: u8 = 1;
+pub const NFNL_SUBSYS_ULOG: u8 = 4;
+
+#[derive(Debug, PartialEq, Eq, Clone, Copy)]
+#[non_exhaustive]
+pub enum Subsystem {
+    ULog,
+    Conntrack,
+    Other(u8),
+}
+
+impl From<u8> for Subsystem {
+    fn from(value: u8) -> Self {
+        match value {
+            NFNL_SUBSYS_ULOG => Self::ULog,
+            NFNL_SUBSYS_CTNETLINK => Self::Conntrack,
+            v => Self::Other(v),
+        }
+    }
+}
+
+impl From<Subsystem> for u8 {
+    fn from(value: Subsystem) -> Self {
+        match value {
+            Subsystem::ULog => NFNL_SUBSYS_ULOG,
+            Subsystem::Conntrack => NFNL_SUBSYS_CTNETLINK,
+            Subsystem::Other(v) => v,
+        }
+    }
+}
+
 #[derive(Debug, PartialEq, Eq, Clone)]
 #[non_exhaustive]
 pub enum NetfilterMessageInner {
-    NfLog(NfLogMessage),
+    ULog(ULogMessage),
     Conntrack(ConntrackMessage),
     Other {
-        subsys: u8,
+        subsys: Subsystem,
         message_type: u8,
         attributes: Vec<DefaultNla>,
     },
 }
 
-impl From<NfLogMessage> for NetfilterMessageInner {
-    fn from(message: NfLogMessage) -> Self {
-        Self::NfLog(message)
+impl From<ULogMessage> for NetfilterMessageInner {
+    fn from(message: ULogMessage) -> Self {
+        Self::ULog(message)
     }
 }
 impl From<ConntrackMessage> for NetfilterMessageInner {
@@ -86,7 +118,7 @@ impl From<ConntrackMessage> for NetfilterMessageInner {
 impl Emitable for NetfilterMessageInner {
     fn buffer_len(&self) -> usize {
         match self {
-            NetfilterMessageInner::NfLog(message) => message.buffer_len(),
+            NetfilterMessageInner::ULog(message) => message.buffer_len(),
             NetfilterMessageInner::Conntrack(message) => message.buffer_len(),
             NetfilterMessageInner::Other { attributes, .. } => {
                 attributes.as_slice().buffer_len()
@@ -96,7 +128,7 @@ impl Emitable for NetfilterMessageInner {
 
     fn emit(&self, buffer: &mut [u8]) {
         match self {
-            NetfilterMessageInner::NfLog(message) => message.emit(buffer),
+            NetfilterMessageInner::ULog(message) => message.emit(buffer),
             NetfilterMessageInner::Conntrack(message) => message.emit(buffer),
             NetfilterMessageInner::Other { attributes, .. } => {
                 attributes.as_slice().emit(buffer)
@@ -123,19 +155,21 @@ impl NetfilterMessage {
         }
     }
 
-    pub fn subsys(&self) -> u8 {
+    pub fn subsys(&self) -> Subsystem {
         match self.inner {
-            NetfilterMessageInner::NfLog(_) => NfLogMessage::SUBSYS,
-            NetfilterMessageInner::Conntrack(_) => ConntrackMessage::SUBSYS,
+            NetfilterMessageInner::ULog(_) => Subsystem::ULog,
+            NetfilterMessageInner::Conntrack(_) => Subsystem::Conntrack,
             NetfilterMessageInner::Other { subsys, .. } => subsys,
         }
     }
 
-    pub fn message_type(&self) -> u8 {
+    fn message_type(&self) -> u8 {
         match self.inner {
-            NetfilterMessageInner::NfLog(ref message) => message.message_type(),
+            NetfilterMessageInner::ULog(ref message) => {
+                message.message_type().into()
+            }
             NetfilterMessageInner::Conntrack(ref message) => {
-                message.message_type()
+                message.message_type().into()
             }
             NetfilterMessageInner::Other { message_type, .. } => message_type,
         }
@@ -155,7 +189,7 @@ impl Emitable for NetfilterMessage {
 
 impl NetlinkSerializable for NetfilterMessage {
     fn message_type(&self) -> u16 {
-        ((self.subsys() as u16) << 8) | self.message_type() as u16
+        ((u8::from(self.subsys()) as u16) << 8) | self.message_type() as u16
     }
 
     fn buffer_len(&self) -> usize {