zishuo/netlink
1
0
Fork 0
mirror of https://github.com/vishvananda/netlink.git synced 2025-10-30 02:42:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add labelFilter for conntrack

Browse Source 
This PR adds support for filtering flows
based on conntrack labels. It adds two
filters `ConntrackMatchLabels` &&
`ConntackUnmatchLabels` through which user can
provide a list of labels as type "bytes" which
will then be compared to flow.Labels to see if
any matches were found.

ConntrackMatchLabels: Every label passed should
be contained in flow.Labels for a match to be true
ConntrackUmmatchLabels: Every label passed should
not be contained in the flow.Labels for a match to
be true

Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
This commit is contained in:
Surya Seetharaman
2022-07-04 18:53:43 +02:00
committed by Alessandro Boch
parent eab52eee5a
commit 8e1ce9665a
3 changed files with 97 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
conntrack_test.go
View File

@@ -380,6 +380,7 @@ func TestConntrackFilter(t *testing.T) {
DstPort: 5000,
Protocol: 6,
},
Labels: []byte{0, 0, 0, 0, 3, 4, 61, 141, 207, 170, 2, 0, 0, 0, 0, 0},
},
ConntrackFlow{
FamilyType: unix.AF_INET6,
@@ -732,6 +733,28 @@ func TestConntrackFilter(t *testing.T) {
if v4Match != 1 || v6Match != 1 {
t.Fatalf("Error, there should be only 1 match, v4:%d, v6:%d", v4Match, v6Match)
}
// Labels filter
filterV4 = &ConntrackFilter{}
var labels [][]byte
labels = append(labels, []byte{3, 4, 61, 141, 207, 170})
labels = append(labels, []byte{0x2})
err = filterV4.AddLabels(ConntrackMatchLabels, labels)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
filterV6 = &ConntrackFilter{}
err = filterV6.AddLabels(ConntrackUnmatchLabels, labels)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
v4Match, v6Match = applyFilter(flowList, filterV4, filterV6)
if v4Match != 1 || v6Match != 0 {
t.Fatalf("Error, there should be only 1 match, v4:%d, v6:%d", v4Match, v6Match)
}
}
func TestParseRawData(t *testing.T) {
@@ -826,9 +849,12 @@ func TestParseRawData(t *testing.T) {
16, 0, 20, 128,
/* >>>> CTA_TIMESTAMP_START */
12, 0, 1, 0,
22, 134, 80, 142, 230, 127, 74, 166},
22, 134, 80, 142, 230, 127, 74, 166,
/* >> CTA_LABELS */
20, 0, 22, 0,
0, 0, 0, 0, 5, 0, 18, 172, 66, 2, 1, 0, 0, 0, 0, 0},
expConntrackFlow: "udp\t17 src=192.168.0.10 dst=192.168.0.3 sport=48385 dport=53 packets=1 bytes=55\t" +
"src=192.168.0.3 dst=192.168.0.10 sport=53 dport=48385 packets=1 bytes=71 mark=0x5 " +
"src=192.168.0.3 dst=192.168.0.10 sport=53 dport=48385 packets=1 bytes=71 mark=0x5 labels=0x00000000050012ac4202010000000000 " +
"start=2021-06-07 13:41:30.39632247 +0000 UTC stop=1970-01-01 00:00:00 +0000 UTC timeout=32(sec)",
},
{