feat: conntrack get netlink netfilter message types

Implemented the following types required to successfully construct a conntrack get request:
* iptuple
* protoinfo
* protoinfotcp
* prototuple
* tcp_flags
* tuple

Signed-off-by: Shivang K Raghuvanshi <[email protected]>

Author: shivkr6

examples/nflog.rs

@@ -8,8 +8,7 @@
 
 use std::{net::Ipv4Addr, time::Duration};
 
-use byteorder::{ByteOrder, NetworkEndian};
-use netlink_packet_core::{NetlinkMessage, NetlinkPayload};
+use netlink_packet_core::{parse_u32_be, NetlinkMessage, NetlinkPayload};
 use netlink_packet_netfilter::{
     constants::*,
     nflog::{
@@ -103,12 +102,12 @@ fn main() {
 
                     for nla in get_packet_nlas(&rx_packet) {
                         if let PacketNla::Payload(payload) = nla {
-                            let src = Ipv4Addr::from(NetworkEndian::read_u32(
-                                &payload[12..],
-                            ));
-                            let dst = Ipv4Addr::from(NetworkEndian::read_u32(
-                                &payload[16..],
-                            ));
+                            let src = Ipv4Addr::from(
+                                parse_u32_be(&payload[12..]).unwrap(),
+                            );
+                            let dst = Ipv4Addr::from(
+                                parse_u32_be(&payload[16..]).unwrap(),
+                            );
                             println!("Packet from {} to {}", src, dst);
                             break;
                         }

src/buffer.rs

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: MIT
 
 use crate::{
+    conntrack::ConntrackMessage,
     message::{
         NetfilterHeader, NetfilterMessage, NetfilterMessageInner,
         NETFILTER_HEADER_LEN,
@@ -57,6 +58,10 @@ impl<'a, T: AsRef<[u8]> + ?Sized>
                 NfLogMessage::parse_with_param(buf, message_type)
                     .context("failed to parse nflog payload")?,
             ),
+            ConntrackMessage::SUBSYS => NetfilterMessageInner::Conntrack(
+                ConntrackMessage::parse_with_param(buf, message_type)
+                    .context("failed to parse conntrack payload")?,
+            ),
             _ => NetfilterMessageInner::Other {
                 subsys,
                 message_type,

src/conntrack/message.rs

@@ -0,0 +1,71 @@
+// SPDX-License-Identifier: MIT
+
+use crate::{
+    buffer::NetfilterBuffer,
+    conntrack::nlas::nla::ConntrackNla,
+    constants::{IPCTNL_MSG_CT_GET, NFNL_SUBSYS_CTNETLINK},
+};
+use netlink_packet_core::{
+    DecodeError, DefaultNla, Emitable, Parseable, ParseableParametrized,
+};
+
+#[derive(Debug, PartialEq, Eq, Clone)]
+pub enum ConntrackMessage {
+    Get(Vec<ConntrackNla>),
+    Other {
+        message_type: u8,
+        nlas: Vec<DefaultNla>,
+    },
+}
+
+impl ConntrackMessage {
+    pub const SUBSYS: u8 = NFNL_SUBSYS_CTNETLINK;
+
+    pub fn message_type(&self) -> u8 {
+        match self {
+            ConntrackMessage::Get(_) => IPCTNL_MSG_CT_GET,
+            ConntrackMessage::Other { message_type, .. } => *message_type,
+        }
+    }
+}
+
+impl Emitable for ConntrackMessage {
+    fn buffer_len(&self) -> usize {
+        match self {
+            ConntrackMessage::Get(nlas) => nlas.as_slice().buffer_len(),
+            ConntrackMessage::Other { nlas, .. } => {
+                nlas.as_slice().buffer_len()
+            }
+        }
+    }
+
+    fn emit(&self, buffer: &mut [u8]) {
+        match self {
+            ConntrackMessage::Get(nlas) => nlas.as_slice().emit(buffer),
+            ConntrackMessage::Other { nlas, .. } => {
+                nlas.as_slice().emit(buffer)
+            }
+        };
+    }
+}
+
+impl<'a, T: AsRef<[u8]> + ?Sized>
+    ParseableParametrized<NetfilterBuffer<&'a T>, u8> for ConntrackMessage
+{
+    fn parse_with_param(
+        buf: &NetfilterBuffer<&'a T>,
+        message_type: u8,
+    ) -> Result<Self, DecodeError> {
+        Ok(match message_type {
+            IPCTNL_MSG_CT_GET => {
+                let nlas = buf
+                    .parse_all_nlas(|nla_buf| ConntrackNla::parse(&nla_buf))?;
+                ConntrackMessage::Get(nlas)
+            }
+            _ => ConntrackMessage::Other {
+                message_type,
+                nlas: buf.default_nlas()?,
+            },
+        })
+    }
+}

src/conntrack/mod.rs

@@ -0,0 +1,5 @@
+// SPDX-License-Identifier: MIT
+
+mod message;
+pub use message::ConntrackMessage;
+pub mod nlas;

src/conntrack/nlas/iptuple.rs

@@ -0,0 +1,91 @@
+// SPDX-License-Identifier: MIT
+
+use derive_more::{From, IsVariant};
+use netlink_packet_core::{
+    parse_ip, DecodeError, DefaultNla, ErrorContext, Nla, NlaBuffer, Parseable,
+};
+use std::net::IpAddr;
+
+use crate::constants::{
+    CTA_IP_V4_DST, CTA_IP_V4_SRC, CTA_IP_V6_DST, CTA_IP_V6_SRC,
+};
+
+#[derive(Clone, Debug, PartialEq, Eq, From, IsVariant)]
+pub enum IPTuple {
+    SourceAddress(IpAddr),
+    #[from(ignore)]
+    DestinationAddress(IpAddr),
+    Other(DefaultNla),
+}
+
+pub const IPV4_LEN: usize = 4;
+pub const IPV6_LEN: usize = 16;
+
+// Helper function needed for implementing the Nla trait
+pub fn emit_ip(addr: &IpAddr, buf: &mut [u8]) {
+    match addr {
+        IpAddr::V4(ip) => {
+            buf[..IPV4_LEN].copy_from_slice(ip.octets().as_slice());
+        }
+        IpAddr::V6(ip) => {
+            buf[..IPV6_LEN].copy_from_slice(ip.octets().as_slice());
+        }
+    }
+}
+
+impl Nla for IPTuple {
+    fn value_len(&self) -> usize {
+        match self {
+            IPTuple::SourceAddress(attr) => match *attr {
+                IpAddr::V4(_) => IPV4_LEN,
+                IpAddr::V6(_) => IPV6_LEN,
+            },
+            IPTuple::DestinationAddress(attr) => match *attr {
+                IpAddr::V4(_) => IPV4_LEN,
+                IpAddr::V6(_) => IPV6_LEN,
+            },
+            IPTuple::Other(attr) => attr.value_len(),
+        }
+    }
+
+    fn kind(&self) -> u16 {
+        match self {
+            IPTuple::SourceAddress(attr) => match *attr {
+                IpAddr::V4(_) => CTA_IP_V4_SRC,
+                IpAddr::V6(_) => CTA_IP_V6_SRC,
+            },
+            IPTuple::DestinationAddress(attr) => match *attr {
+                IpAddr::V4(_) => CTA_IP_V4_DST,
+                IpAddr::V6(_) => CTA_IP_V6_DST,
+            },
+            IPTuple::Other(attr) => attr.kind(),
+        }
+    }
+
+    fn emit_value(&self, buffer: &mut [u8]) {
+        match self {
+            IPTuple::SourceAddress(attr) => emit_ip(attr, buffer),
+            IPTuple::DestinationAddress(attr) => emit_ip(attr, buffer),
+            IPTuple::Other(attr) => attr.emit_value(buffer),
+        }
+    }
+}
+impl<'buffer, T: AsRef<[u8]> + ?Sized> Parseable<NlaBuffer<&'buffer T>>
+    for IPTuple
+{
+    fn parse(buf: &NlaBuffer<&'buffer T>) -> Result<Self, DecodeError> {
+        let kind = buf.kind();
+        let payload = buf.value();
+        let nla = match kind {
+            CTA_IP_V4_SRC | CTA_IP_V6_SRC => Self::SourceAddress(
+                parse_ip(payload).context("invalid SourceAddress value")?,
+            ),
+            CTA_IP_V4_DST | CTA_IP_V6_DST => Self::DestinationAddress(
+                parse_ip(payload)
+                    .context("invalid DestinationAddress value")?,
+            ),
+            _ => IPTuple::Other(DefaultNla::parse(buf)?),
+        };
+        Ok(nla)
+    }
+}

src/conntrack/nlas/mod.rs

@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: MIT
+
+mod iptuple;
+pub mod nla;
+mod protoinfo;
+mod protoinfotcp;
+mod prototuple;
+mod tcp_flags;
+mod tuple;
+
+pub use iptuple::IPTuple;
+pub use protoinfo::ProtoInfo;
+pub use protoinfotcp::ProtoInfoTCP;
+pub use prototuple::ProtoTuple;
+pub use tcp_flags::TCPFlags;
+pub use tuple::Tuple;

src/conntrack/nlas/nla.rs

@@ -0,0 +1,96 @@
+// SPDX-License-Identifier: MIT
+
+use derive_more::{From, IsVariant};
+use netlink_packet_core::{
+    DecodeError, DefaultNla, Emitable, ErrorContext, Nla, NlaBuffer,
+    NlasIterator, Parseable,
+};
+
+use crate::{
+    conntrack::nlas::{protoinfo::ProtoInfo, tuple::Tuple},
+    constants::{CTA_PROTOINFO, CTA_TUPLE_ORIG},
+};
+
+#[derive(Clone, Debug, PartialEq, Eq, From, IsVariant)]
+pub enum ConntrackNla {
+    CtaTupleOrig(Vec<Tuple>),
+    CtaProtoInfo(Vec<ProtoInfo>),
+    Other(DefaultNla),
+}
+
+impl Nla for ConntrackNla {
+    fn value_len(&self) -> usize {
+        match self {
+            ConntrackNla::CtaTupleOrig(attr) => {
+                attr.iter().map(|op| op.buffer_len()).sum()
+            }
+            ConntrackNla::CtaProtoInfo(attr) => {
+                attr.iter().map(|op| op.buffer_len()).sum()
+            }
+            ConntrackNla::Other(attr) => attr.value_len(),
+        }
+    }
+
+    fn kind(&self) -> u16 {
+        match self {
+            ConntrackNla::CtaTupleOrig(_) => CTA_TUPLE_ORIG,
+            ConntrackNla::CtaProtoInfo(_) => CTA_PROTOINFO,
+            ConntrackNla::Other(attr) => attr.kind(),
+        }
+    }
+
+    fn emit_value(&self, buffer: &mut [u8]) {
+        match self {
+            ConntrackNla::CtaTupleOrig(attr) => {
+                let mut len = 0;
+                for op in attr {
+                    op.emit(&mut buffer[len..]);
+                    len += op.buffer_len();
+                }
+            }
+            ConntrackNla::CtaProtoInfo(attr) => {
+                let mut len = 0;
+                for op in attr {
+                    op.emit(&mut buffer[len..]);
+                    len += op.buffer_len();
+                }
+            }
+            ConntrackNla::Other(attr) => attr.emit_value(buffer),
+        }
+    }
+    fn is_nested(&self) -> bool {
+        matches!(
+            self,
+            ConntrackNla::CtaTupleOrig(_) | ConntrackNla::CtaProtoInfo(_)
+        )
+    }
+}
+
+impl<'buffer, T: AsRef<[u8]> + ?Sized> Parseable<NlaBuffer<&'buffer T>>
+    for ConntrackNla
+{
+    fn parse(buf: &NlaBuffer<&'buffer T>) -> Result<Self, DecodeError> {
+        let kind = buf.kind();
+        let payload = buf.value();
+        let nla = match kind {
+            CTA_TUPLE_ORIG => {
+                let mut tuples = Vec::new();
+                for nlas in NlasIterator::new(payload) {
+                    let nlas = &nlas.context("invalid CTA_TUPLE_ORIG value")?;
+                    tuples.push(Tuple::parse(nlas)?);
+                }
+                ConntrackNla::CtaTupleOrig(tuples)
+            }
+            CTA_PROTOINFO => {
+                let mut proto_infos = Vec::new();
+                for nlas in NlasIterator::new(payload) {
+                    let nlas = &nlas.context("invalid CTA_PROTOINFO value")?;
+                    proto_infos.push(ProtoInfo::parse(nlas)?);
+                }
+                ConntrackNla::CtaProtoInfo(proto_infos)
+            }
+            _ => ConntrackNla::Other(DefaultNla::parse(buf)?),
+        };
+        Ok(nla)
+    }
+}