1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

//! [![github]](https://github.com/rusty-bolt/conntrack-rs)
//!
//! [github]: https://img.shields.io/badge/github-rusty--bolt/conntrack--rs-blueviolet?style=for-the-badge&labelColor=555555&logo=github
//!
//! ---
//!
//! This library provides access to the [`conntrack`](https://conntrack-tools.netfilter.org/conntrack.html)
//! subsystem in the linux kernel leveraging netlink support via the [`neli`](https://docs.rs/neli/latest/neli/index.html)
//! library.
//!
//! The current version only supplies `Dump()` functionality for the `Conntrack` table. Leveraging the
//! [`conntrack-tools`](https://conntrack-tools.netfilter.org/) utility in linux, the `Dump()` behavior
//! is equivalent to: `conntrack -L`. Most of the model and attribute parsing supported in this library
//! extends beyond the `dump()` command, which allows this library to eventually cover the full feature set
//! of the conntrack subsystem.
//!
//! You can enable byte and packet counters using `sysctl -w net.netfilter.nf_conntrack_acct=1`
//!
//! # Privileges
//!
//! You need the `CAP_NET_ADMIN` capability in order to allow your application to receive events from and to send commands to kernel-space,
//! excepting the conntrack table dumping operation.
//!
//! ### WSL2 Conntrack
//!
//! Note that in order to enable connection tracking via `conntrack` on WSL2, you'll need to add the following iptable entry:
//! ```bash
//! iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
//! ```
//!
//! # Example
//!
//! ```rust
//! use conntrack::*;
//!
//! fn main() -> Result<()> {
//!     // Create the Conntrack table via netfilter socket syscall
//!     let mut ct = Conntrack::connect()?;
//!
//!     // Dump conntrack table as a Vec<Flow>
//!     let flows = ct.dump()?;
//!
//!     for flow in flows {
//!         log::info!("{flow:?}");
//!     }
//!
//!     Ok(())
//! }
//! ```
//!
//! <br>

pub use crate::connection::*;
pub use crate::error::*;
pub use crate::result::*;

pub mod attributes;
pub mod decoders;
pub mod message;
pub mod model;

mod connection;
mod error;
mod result;