feat: conntrack new message type

Implemented the `New`/`IPCTNL_MSG_CT_NEW` conntrack message type.

Added a test for adding new TCP/IPv4 conntrack entries.

Signed-off-by: Shivang K Raghuvanshi <[email protected]>

Author: shivkr6

src/conntrack/message.rs

@@ -10,6 +10,7 @@ use netlink_packet_core::{
 #[derive(Debug, PartialEq, Eq, Clone)]
 #[non_exhaustive]
 pub enum ConntrackMessage {
+    New(Vec<ConntrackAttribute>),
     Get(Vec<ConntrackAttribute>),
     Delete(Vec<ConntrackAttribute>),
     Other {
@@ -18,12 +19,14 @@ pub enum ConntrackMessage {
     },
 }
 
+const IPCTNL_MSG_CT_NEW: u8 = 0;
 const IPCTNL_MSG_CT_GET: u8 = 1;
 const IPCTNL_MSG_CT_DELETE: u8 = 2;
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 #[non_exhaustive]
 pub enum ConntrackMessageType {
+    New,
     Get,
     Delete,
     Other(u8),
@@ -32,6 +35,7 @@ pub enum ConntrackMessageType {
 impl From<u8> for ConntrackMessageType {
     fn from(value: u8) -> Self {
         match value {
+            IPCTNL_MSG_CT_NEW => Self::New,
             IPCTNL_MSG_CT_GET => Self::Get,
             IPCTNL_MSG_CT_DELETE => Self::Delete,
             v => Self::Other(v),
@@ -42,6 +46,7 @@ impl From<u8> for ConntrackMessageType {
 impl From<ConntrackMessageType> for u8 {
     fn from(value: ConntrackMessageType) -> Self {
         match value {
+            ConntrackMessageType::New => IPCTNL_MSG_CT_NEW,
             ConntrackMessageType::Get => IPCTNL_MSG_CT_GET,
             ConntrackMessageType::Delete => IPCTNL_MSG_CT_DELETE,
             ConntrackMessageType::Other(v) => v,
@@ -52,6 +57,7 @@ impl From<ConntrackMessageType> for u8 {
 impl ConntrackMessage {
     pub fn message_type(&self) -> ConntrackMessageType {
         match self {
+            ConntrackMessage::New(_) => ConntrackMessageType::New,
             ConntrackMessage::Get(_) => ConntrackMessageType::Get,
             ConntrackMessage::Delete(_) => ConntrackMessageType::Delete,
             ConntrackMessage::Other { message_type, .. } => {
@@ -64,6 +70,9 @@ impl ConntrackMessage {
 impl Emitable for ConntrackMessage {
     fn buffer_len(&self) -> usize {
         match self {
+            ConntrackMessage::New(attributes) => {
+                attributes.as_slice().buffer_len()
+            }
             ConntrackMessage::Get(attributes) => {
                 attributes.as_slice().buffer_len()
             }
@@ -78,6 +87,9 @@ impl Emitable for ConntrackMessage {
 
     fn emit(&self, buffer: &mut [u8]) {
         match self {
+            ConntrackMessage::New(attributes) => {
+                attributes.as_slice().emit(buffer)
+            }
             ConntrackMessage::Get(attributes) => {
                 attributes.as_slice().emit(buffer)
             }
@@ -99,6 +111,12 @@ impl<'a, T: AsRef<[u8]> + ?Sized>
         message_type: u8,
     ) -> Result<Self, DecodeError> {
         Ok(match ConntrackMessageType::from(message_type) {
+            ConntrackMessageType::New => {
+                let attributes = buf.parse_all_nlas(|nla_buf| {
+                    ConntrackAttribute::parse(&nla_buf)
+                })?;
+                ConntrackMessage::New(attributes)
+            }
             ConntrackMessageType::Get => {
                 let attributes = buf.parse_all_nlas(|nla_buf| {
                     ConntrackAttribute::parse(&nla_buf)

src/tests.rs

@@ -375,3 +375,99 @@ fn test_delete_conntrack_udp_ipv6() {
         expected
     );
 }
+
+// wireshark capture of nlmon against command (netlink message header removed):
+//  conntrack -I -p tcp --src 192.168.1.100 --dst 10.0.0.1 --sport 12345 --dport
+// 80 --state SYN_SENT --timeout 60
+#[test]
+fn test_new_conntrack() {
+    let raw: Vec<u8> = vec![
+        0x02, 0x00, 0x00, 0x00, 0x34, 0x00, 0x01, 0x80, 0x14, 0x00, 0x01, 0x80,
+        0x08, 0x00, 0x01, 0x00, 0xc0, 0xa8, 0x01, 0x64, 0x08, 0x00, 0x02, 0x00,
+        0x0a, 0x00, 0x00, 0x01, 0x1c, 0x00, 0x02, 0x80, 0x05, 0x00, 0x01, 0x00,
+        0x06, 0x00, 0x00, 0x00, 0x06, 0x00, 0x02, 0x00, 0x30, 0x39, 0x00, 0x00,
+        0x06, 0x00, 0x03, 0x00, 0x00, 0x50, 0x00, 0x00, 0x34, 0x00, 0x02, 0x80,
+        0x14, 0x00, 0x01, 0x80, 0x08, 0x00, 0x01, 0x00, 0x0a, 0x00, 0x00, 0x01,
+        0x08, 0x00, 0x02, 0x00, 0xc0, 0xa8, 0x01, 0x64, 0x1c, 0x00, 0x02, 0x80,
+        0x05, 0x00, 0x01, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06, 0x00, 0x02, 0x00,
+        0x00, 0x50, 0x00, 0x00, 0x06, 0x00, 0x03, 0x00, 0x30, 0x39, 0x00, 0x00,
+        0x08, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x20, 0x00, 0x04, 0x80,
+        0x1c, 0x00, 0x01, 0x80, 0x05, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
+        0x06, 0x00, 0x04, 0x00, 0x0a, 0x0a, 0x00, 0x00, 0x06, 0x00, 0x05, 0x00,
+        0x0a, 0x0a, 0x00, 0x00,
+    ];
+
+    let orig_src_addr =
+        IPTuple::SourceAddress(IpAddr::V4("192.168.1.100".parse().unwrap()));
+    let orig_dst_addr =
+        IPTuple::DestinationAddress(IpAddr::V4("10.0.0.1".parse().unwrap()));
+
+    let orig_proto_num = ProtoTuple::Protocol(Protocol::Tcp);
+    let orig_src_port = ProtoTuple::SourcePort(12345);
+    let orig_dst_port = ProtoTuple::DestinationPort(80);
+
+    let orig_ip_tuple = Tuple::Ip(vec![orig_src_addr, orig_dst_addr]);
+    let orig_proto_tuple =
+        Tuple::Proto(vec![orig_proto_num, orig_src_port, orig_dst_port]);
+
+    let reply_src_addr =
+        IPTuple::SourceAddress(IpAddr::V4("10.0.0.1".parse().unwrap()));
+    let reply_dst_addr = IPTuple::DestinationAddress(IpAddr::V4(
+        "192.168.1.100".parse().unwrap(),
+    ));
+
+    let reply_proto_num = ProtoTuple::Protocol(Protocol::Tcp);
+    let reply_src_port = ProtoTuple::SourcePort(80);
+    let reply_dst_port = ProtoTuple::DestinationPort(12345);
+
+    let reply_ip_tuple = Tuple::Ip(vec![reply_src_addr, reply_dst_addr]);
+    let reply_proto_tuple =
+        Tuple::Proto(vec![reply_proto_num, reply_src_port, reply_dst_port]);
+
+    let timeout = 60;
+
+    let proto_info = ProtoInfo::TCP(vec![
+        ProtoInfoTCP::State(1),
+        ProtoInfoTCP::OriginalFlags(TCPFlags {
+            flags: 10,
+            mask: 10,
+        }),
+        ProtoInfoTCP::ReplyFlags(TCPFlags {
+            flags: 10,
+            mask: 10,
+        }),
+    ]);
+
+    let attributes = vec![
+        ConntrackAttribute::CtaTupleOrig(vec![orig_ip_tuple, orig_proto_tuple]),
+        ConntrackAttribute::CtaTupleReply(vec![
+            reply_ip_tuple,
+            reply_proto_tuple,
+        ]),
+        ConntrackAttribute::CtaTimeout(timeout),
+        ConntrackAttribute::CtaProtoInfo(vec![proto_info]),
+    ];
+
+    let expected: NetfilterMessage = NetfilterMessage::new(
+        NetfilterHeader::new(ProtoFamily::ProtoIPv4, 0, 0),
+        ConntrackMessage::New(attributes),
+    );
+
+    let mut buffer = vec![0; expected.buffer_len()];
+    expected.emit(&mut buffer);
+
+    // Check if the serialization was correct
+    assert_eq!(buffer, raw);
+
+    let message_type = ((u8::from(Subsystem::Conntrack) as u16) << 8)
+        | (u8::from(ConntrackMessageType::New) as u16);
+    // Check if the deserialization was correct
+    assert_eq!(
+        NetfilterMessage::parse_with_param(
+            &NetfilterBuffer::new(&raw),
+            message_type
+        )
+        .unwrap(),
+        expected
+    );
+}