diff --git a/cmd/gluetun/main.go b/cmd/gluetun/main.go index 7dc27687..c736bb48 100644 --- a/cmd/gluetun/main.go +++ b/cmd/gluetun/main.go @@ -239,7 +239,7 @@ func _main(ctx context.Context, buildInfo models.BuildInformation, } err = netLinker.FlushConntrack() if err != nil { - return fmt.Errorf("flushing conntrack: %w", err) + logger.Warnf("flushing conntrack failed: %s", err) } } diff --git a/go.mod b/go.mod index 4475703e..fba262d8 100644 --- a/go.mod +++ b/go.mod @@ -11,6 +11,7 @@ require ( github.com/klauspost/compress v1.18.1 github.com/klauspost/pgzip v1.2.6 github.com/mdlayher/genetlink v1.3.2 + github.com/mdlayher/netlink v1.7.2 github.com/pelletier/go-toml/v2 v2.2.4 github.com/qdm12/dns/v2 v2.0.0-rc9.0.20260216151239-36b3306f2205 github.com/qdm12/gosettings v0.4.4 @@ -20,6 +21,7 @@ require ( github.com/qdm12/log v0.1.0 github.com/qdm12/ss-server v0.6.0 github.com/stretchr/testify v1.11.1 + github.com/ti-mo/netfilter v0.5.3 github.com/ulikunitz/xz v0.5.15 github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c @@ -43,7 +45,6 @@ require ( github.com/josharian/native v1.1.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mdlayher/netlink v1.7.2 // indirect github.com/mdlayher/socket v0.5.1 // indirect github.com/miekg/dns v1.1.62 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -55,8 +56,6 @@ require ( github.com/prometheus/procfs v0.15.1 // indirect github.com/qdm12/goservices v0.1.1-0.20251104135713-6bee97bd4978 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect - github.com/ti-mo/conntrack v0.6.0 // indirect - github.com/ti-mo/netfilter v0.5.3 // indirect golang.org/x/crypto v0.47.0 // indirect golang.org/x/mod v0.31.0 // indirect golang.org/x/sync v0.19.0 // indirect diff --git a/go.sum b/go.sum index 041ff809..d5baf78d 100644 --- a/go.sum +++ b/go.sum @@ -95,8 +95,6 @@ github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -github.com/ti-mo/conntrack v0.6.0 h1:laiW2+dzKyS2u0aVr6FeRQs+v7cj4t7q+twolL/ZkjQ= -github.com/ti-mo/conntrack v0.6.0/go.mod h1:4HZrFQQLOSuBzgQNid3H/wYyyp1kfGXUYxueXjIGibo= github.com/ti-mo/netfilter v0.5.3 h1:ikzduvnaUMwre5bhbNwWOd6bjqLMVb33vv0XXbK0xGQ= github.com/ti-mo/netfilter v0.5.3/go.mod h1:08SyBCg6hu1qyQk4s3DjjJKNrm3RTb32nm6AzyT972E= github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY= diff --git a/internal/netlink/conntrack_linux.go b/internal/netlink/conntrack_linux.go index 53b97670..9ece2722 100644 --- a/internal/netlink/conntrack_linux.go +++ b/internal/netlink/conntrack_linux.go @@ -3,15 +3,36 @@ package netlink import ( "fmt" - "github.com/ti-mo/conntrack" + "github.com/mdlayher/netlink" + "github.com/ti-mo/netfilter" ) func (n *NetLink) FlushConntrack() error { - conn, err := conntrack.Dial(nil) + conn, err := netfilter.Dial(nil) if err != nil { - return fmt.Errorf("dialing conntrack: %w", err) + return fmt.Errorf("dialing netfilter: %w", err) } defer conn.Close() - return conn.Flush() + families := [...]netfilter.ProtoFamily{netfilter.ProtoIPv4, netfilter.ProtoIPv6} + for _, family := range families { + const IPCtnlMsgCtDelete = 2 + request, err := netfilter.MarshalNetlink( + netfilter.Header{ + SubsystemID: netfilter.NFSubsysCTNetlink, + MessageType: netfilter.MessageType(IPCtnlMsgCtDelete), + Family: family, + Flags: netlink.Request | netlink.Acknowledge, + }, + nil) + if err != nil { + return fmt.Errorf("encoding netlink request: %w", err) + } + + _, err = conn.Query(request) + if err != nil { + return fmt.Errorf("querying netlink request: %w", err) + } + } + return nil }