An API providing access to the Conntrack subsystem of the Linux kernel written in rust 🦀
This library provides access to the conntrack
subsystem in the linux kernel leveraging netlink support via the neli
library.
The current version only supplies Dump()
functionality for the Conntrack
table. Leveraging the
conntrack-tools
utility in linux, the Dump()
behavior
is equivalent to: conntrack -L
. Most of the model and attribute parsing supported in this library
extends beyond the dump()
command, which allows this library to eventually cover the full feature set
of the conntrack subsystem.
You can enable byte and packet counters using sysctl -w net.netfilter.nf_conntrack_acct=1
You need the CAP_NET_ADMIN
capability in order to allow your application to receive events from and to send commands to kernel-space,
excepting the conntrack table dumping operation.
Note that in order to enable connection tracking via conntrack
on WSL2, you'll need to add the following iptable entry:
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
use conntrack::*;
fn main() -> Result<()> {
// Create the Conntrack table via netfilter socket syscall
let mut ct = Conntrack::connect()?;
// Dump conntrack table as a Vec<Flow>
let flows = ct.dump()?;
for flow in flows {
log::info!("{flow:?}");
}
Ok(())
}