nlink 0.19.0

Async netlink library for Linux network configuration
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

//! One-line watch wrappers — ENOBUFS-resilient event
//! subscription. Plan 200 §2.3.
//!
//! Each entry point opens a `Connection<P>` + builds the
//! `ConnectionFactory<P>` + returns the resync stream, so
//! callers don't write the same 8-line factory closure
//! every time. For the polling-based WG watcher (which has
//! no native multicast — see Plan 199's kernel research),
//! the wrapper builds a `WireguardWatcher` instead.

use std::sync::Arc;

use crate::netlink::genl::wireguard::{WireguardWatchOptions, WireguardWatcher};
use crate::netlink::namespace;
use crate::netlink::nftables::resync::OwnedResyncStream as NftablesResyncStream;
use crate::netlink::{Nftables, Route, Wireguard};
use crate::netlink::resync::ConnectionFactory;
use crate::netlink::route_resync::OwnedResyncStream as RouteResyncStream;
use crate::{Connection, Result};

// =============================================================================
// RTNETLINK — Plan 191
// =============================================================================

/// Watch RTNETLINK changes in the host's default namespace.
///
/// Returns a `ResyncStream` of `NetworkEvent`s with ENOBUFS
/// recovery built in. The factory closure (which opens a
/// fresh connection on every overflow) is constructed for
/// you.
///
/// 0.19 Finding B — now `async`.
pub async fn route_changes() -> Result<RouteResyncStream> {
    let conn = Connection::<Route>::new()?;
    let factory: ConnectionFactory<Route> =
        Arc::new(|| Box::pin(async { Connection::<Route>::new() }));
    conn.into_events_with_resync(factory).await
}

/// Watch RTNETLINK changes inside a named namespace.
///
/// 0.19 Finding B — now `async`.
pub async fn route_changes_in_namespace(ns: &str) -> Result<RouteResyncStream> {
    let conn = namespace::connection_for::<Route>(ns)?;
    let ns_owned = ns.to_string();
    let factory: ConnectionFactory<Route> = Arc::new(move || {
        let ns = ns_owned.clone();
        Box::pin(async move { namespace::connection_for::<Route>(&ns) })
    });
    conn.into_events_with_resync(factory).await
}

// =============================================================================
// nftables — Plan 185
// =============================================================================

/// Watch nftables ruleset mutations in the host's default
/// namespace.
///
/// 0.19 Finding B — now `async`.
pub async fn nftables_changes() -> Result<NftablesResyncStream> {
    let conn = Connection::<Nftables>::new()?;
    let factory: ConnectionFactory<Nftables> =
        Arc::new(|| Box::pin(async { Connection::<Nftables>::new() }));
    conn.into_events_with_resync(factory).await
}

/// Watch nftables ruleset mutations inside a named namespace.
///
/// 0.19 Finding B — now `async`.
pub async fn nftables_changes_in_namespace(ns: &str) -> Result<NftablesResyncStream> {
    let conn = namespace::connection_for::<Nftables>(ns)?;
    let ns_owned = ns.to_string();
    let factory: ConnectionFactory<Nftables> = Arc::new(move || {
        let ns = ns_owned.clone();
        Box::pin(async move { namespace::connection_for::<Nftables>(&ns) })
    });
    conn.into_events_with_resync(factory).await
}

// =============================================================================
// WireGuard — Plan 199 (polling watcher; kernel has no mcast)
// =============================================================================

/// Build a WireGuard polling watcher for the host's default
/// namespace.
///
/// **WireGuard has no native multicast** — the kernel module
/// declares `n_mcgrps = 0` (verified upstream). Every WG
/// monitoring tool polls; this wrapper opens the GENL
/// connection + returns a [`WireguardWatcher`] you drive via
/// [`WireguardWatcher::next_events`]. See Plan 199's
/// migration-guide section for the kernel-source ground
/// truth + the deferred-multicast patch history.
pub async fn wireguard_changes(opts: WireguardWatchOptions) -> Result<WireguardWatcher> {
    let conn = Connection::<Wireguard>::new_async().await?;
    WireguardWatcher::new(conn, opts)
}

/// Same as [`wireguard_changes`] inside a named namespace.
pub async fn wireguard_changes_in_namespace(
    ns: &str,
    opts: WireguardWatchOptions,
) -> Result<WireguardWatcher> {
    let conn = namespace::connection_for_async::<Wireguard>(ns).await?;
    WireguardWatcher::new(conn, opts)
}