go-conntrack icon indicating copy to clipboard operation
go-conntrack copied to clipboard
verified publisher icon florianl

Add the table and the group to the hook function

Open mastertheknife opened this issue 3 years ago • 2 comments

In the current situation, it is not possible to subscribe to multiple groups and to know what event had occurred.

This PR adds the table and the group the hook function, solving this limitation. Such code, is now possible:

HookFunc := func(c ct.Con, table ct.Table, group ct.NetlinkGroup) int {
	switch group {
		case ct.NetlinkCtNew:
			// do something
		case ct.NetlinkCtUpdate:
			// do something
		case ct.NetlinkCtDestroy:
			// do something
	}
}
nfct.Register(context.Background(), ct.Conntrack, ct.NetlinkCtNew|ct.NetlinkCtUpdate|ct.NetlinkCtDestroy, HookFunc)

mastertheknife avatar Sep 20 '22 11:09 mastertheknife

Hi, i made some comments, let me know what you think.

Also, a small clarification. I made this PR because i tried to register 3 different callbacks, one for new, one fo update, one for delete. What happened is that the wrong callbacks were fired. This is because for each register, a goroutine is created, and it receives messages from the netlink socket. Whatever goroutine receives the message first, dispatches it, even if its for the wrong event. This is why i made this PR, to be able to distinguish between new, update and delete.

mastertheknife avatar Sep 22 '22 08:09 mastertheknife

[..] This is because for each register, a goroutine is created, and it receives messages from the netlink socket. Whatever goroutine receives the message first, dispatches it, even if its for the wrong event.

Just an assumption, but I think all registered functions are using the very same netlink socket. In such a case where the very same netlink socket is used multiple times, your described behaviour is expected. To handle events in dedicated and separated ways I would recommend to use a dedicated netlink socket for each event type.

In the next few days I can only answer delayed. So if you continue working on this PR, please apologize in advance the delayed response.

florianl avatar Sep 30 '22 11:09 florianl

Hi, I've also been busy for a while with work.

About the table, yeah i agree, it can probably be relocated to be part of the object, but i don't think the event group should be relocated, because its not part of the object, it just represents the state of the object (created, updated, destroyed).

Also, if performance is in mind, i would replace net.IP with netip.Addr (Go 1.18+) because its much faster (no allocations), uses less space and is comparable (can be used as a map key).

Maybe the API breakage and the net.IP -> netip.Addr change can be done in some next major version, e.g. 2.0

mastertheknife avatar Nov 08 '22 13:11 mastertheknife

[..] but i don't think the event group should be relocated, because its not part of the object, it just represents the state of the object (created, updated, destroyed).

This enforces a negative performance impact on all users of this package while not every one is interested in or using this information/feature.

Maybe the API breakage and the net.IP -> netip.Addr change can be done in some next major version, e.g. 2.0

Currently the newest Go runtime to use on some major cloud providers is Go 1.16. netip.Addr was introduced with Go 1.18 and I'm well aware of its changes. Using netip.Addr is something that will happen, but it will happen in a careful way.

florianl avatar Nov 09 '22 08:11 florianl

@mastertheknife are you still working on this PR?

florianl avatar Nov 23 '22 20:11 florianl

Closing this PR as superseeded by https://github.com/florianl/go-conntrack/commit/2b1c41ba4c95b66d3d2039c58847bbff973bc8e8.

florianl avatar Dec 03 '22 09:12 florianl

I am not working on this but i am glad to see this feature made it in one way or another. Thank you. Looking forward to see netip.Addr replacing net.IP

mastertheknife avatar Dec 05 '22 16:12 mastertheknife