Expand description
This library provides access to the conntrack
subsystem in the linux kernel leveraging netlink support via the neli
library.
The current version only supplies Dump() functionality for the Conntrack table. Leveraging the
conntrack-tools utility in linux, the Dump() behavior
is equivalent to: conntrack -L. Most of the model and attribute parsing supported in this library
extends beyond the dump() command, which allows this library to eventually cover the full feature set
of the conntrack subsystem.
You can enable byte and packet counters using sysctl -w net.netfilter.nf_conntrack_acct=1
Privileges
You need the CAP_NET_ADMIN capability in order to allow your application to receive events from and to send commands to kernel-space,
excepting the conntrack table dumping operation.
WSL2 Conntrack
Note that in order to enable connection tracking via conntrack on WSL2, you’ll need to add the following iptable entry:
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Example
use conntrack::*;
fn main() -> Result<()> {
// Create the Conntrack table via netfilter socket syscall
let mut ct = Conntrack::connect()?;
// Dump conntrack table as a Vec<Flow>
let flows = ct.dump()?;
for flow in flows {
log::info!("{flow:?}");
}
Ok(())
}Modules
- Attributes
- Decoders
- Message
- Model
Structs
- The
Conntracktype is used to connect to a netfilter socket and execute conntrack table specific commands.
Enums
- Error consolidates and propagates all underlying error types.
Type Aliases
- Result is an alias for
core::result::Result<T, conntrack::error::Error>