conntrack-go

conntrack-go implements a go native implementation for the conntrack netlink interface provided by Linux to the in-kernel connection tracking state table.

The library implements a subset of the functionality provided by https://www.netfilter.org/projects/libnetfilter_conntrack/

The library implements the following APIs

Listing/flushing Conntrack entries from kernel connection tracking table
Updating entries from kernel connection tracking table (currently supports Mark and Labels*)

This is a sample conntrack mark update which uses the conntrack library In this example we update the first entry in the conntrack with the given mark For this example to work the conntrack should not be empty Use conntrack -L or print the updated table by calling display.

# Functions

NewHandle

NewHandle which returns interface which implements Conntrack table get/set/flush.

# Constants

CTA_IP_V4_DST

enum ctattr_ip { CTA_IP_UNSPEC, CTA_IP_V4_SRC, CTA_IP_V4_DST, CTA_IP_V6_SRC, CTA_IP_V6_DST, __CTA_IP_MAX }; #define CTA_IP_MAX (__CTA_IP_MAX - 1).

CTA_IP_V4_SRC

enum ctattr_ip { CTA_IP_UNSPEC, CTA_IP_V4_SRC, CTA_IP_V4_DST, CTA_IP_V6_SRC, CTA_IP_V6_DST, __CTA_IP_MAX }; #define CTA_IP_MAX (__CTA_IP_MAX - 1).

CTA_IP_V6_DST

enum ctattr_ip { CTA_IP_UNSPEC, CTA_IP_V4_SRC, CTA_IP_V4_DST, CTA_IP_V6_SRC, CTA_IP_V6_DST, __CTA_IP_MAX }; #define CTA_IP_MAX (__CTA_IP_MAX - 1).

CTA_IP_V6_SRC

enum ctattr_ip { CTA_IP_UNSPEC, CTA_IP_V4_SRC, CTA_IP_V4_DST, CTA_IP_V6_SRC, CTA_IP_V6_DST, __CTA_IP_MAX }; #define CTA_IP_MAX (__CTA_IP_MAX - 1).

CTA_LABELS

enum ctattr_type { CTA_UNSPEC, CTA_TUPLE_ORIG, CTA_TUPLE_REPLY, CTA_STATUS, CTA_PROTOINFO, CTA_HELP, CTA_NAT_SRC, #define CTA_NAT CTA_NAT_SRC /* backwards compatibility */ CTA_TIMEOUT, CTA_MARK, CTA_COUNTERS_ORIG, CTA_COUNTERS_REPLY, CTA_USE, CTA_ID, CTA_NAT_DST, CTA_TUPLE_MASTER, CTA_SEQ_ADJ_ORIG, CTA_NAT_SEQ_ADJ_ORIG = CTA_SEQ_ADJ_ORIG, CTA_SEQ_ADJ_REPLY, CTA_NAT_SEQ_ADJ_REPLY = CTA_SEQ_ADJ_REPLY, CTA_SECMARK, /* obsolete */ CTA_ZONE, CTA_SECCTX, CTA_TIMESTAMP, CTA_MARK_MASK, CTA_LABELS, CTA_LABELS_MASK, __CTA_MAX };.

CTA_MARK

CTA_PROTO_DST_PORT

enum ctattr_l4proto { CTA_PROTO_UNSPEC, CTA_PROTO_NUM, CTA_PROTO_SRC_PORT, CTA_PROTO_DST_PORT, CTA_PROTO_ICMP_ID, CTA_PROTO_ICMP_TYPE, CTA_PROTO_ICMP_CODE, CTA_PROTO_ICMPV6_ID, CTA_PROTO_ICMPV6_TYPE, CTA_PROTO_ICMPV6_CODE, __CTA_PROTO_MAX }; #define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1).

enum ctattr_protoinfo { CTA_PROTOINFO_UNSPEC, CTA_PROTOINFO_TCP, CTA_PROTOINFO_DCCP, CTA_PROTOINFO_SCTP, __CTA_PROTOINFO_MAX }; #define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1).

CTA_PROTOINFO_TCP_FLAGS_ORIGINAL

enum ctattr_protoinfo_tcp { CTA_PROTOINFO_TCP_UNSPEC, CTA_PROTOINFO_TCP_STATE, CTA_PROTOINFO_TCP_WSCALE_ORIGINAL, CTA_PROTOINFO_TCP_WSCALE_REPLY, CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, CTA_PROTOINFO_TCP_FLAGS_REPLY, __CTA_PROTOINFO_TCP_MAX }; #define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1).

CTA_PROTOINFO_TCP_FLAGS_REPLY

CTA_PROTOINFO_TCP_STATE

CTA_PROTOINFO_TCP_WSCALE_ORIGINAL

CTA_PROTOINFO_TCP_WSCALE_REPLY

CTA_STATUS

CTA_TIMEOUT

CTA_TUPLE_IP

enum ctattr_tuple { CTA_TUPLE_UNSPEC, CTA_TUPLE_IP, CTA_TUPLE_PROTO, CTA_TUPLE_ZONE, __CTA_TUPLE_MAX }; #define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1).

CTA_TUPLE_ORIG

CTA_TUPLE_PROTO

enum ctattr_tuple { CTA_TUPLE_UNSPEC, CTA_TUPLE_IP, CTA_TUPLE_PROTO, CTA_TUPLE_ZONE, __CTA_TUPLE_MAX }; #define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1).

CTA_TUPLE_REPLY

DECRYPTED