vanja/gluetun
1
0
Fork 0
mirror of https://github.com/qdm12/gluetun.git synced 2026-05-07 04:20:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

hotfix(netlink): specify IP family for conntrack calls and make conntrack failure a warning

Browse Source
This commit is contained in:
Quentin McGaw
2026-02-25 02:40:44 +00:00
parent 01487b5caf
commit 034f8f6331
4 changed files with 28 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/netlink/conntrack_linux.go
+25 -4
View File
@@ -3,15 +3,36 @@ package netlink
import (
"fmt"
"github.com/ti-mo/conntrack"
"github.com/mdlayher/netlink"
"github.com/ti-mo/netfilter"
)
func (n *NetLink) FlushConntrack() error {
conn, err := conntrack.Dial(nil)
conn, err := netfilter.Dial(nil)
if err != nil {
return fmt.Errorf("dialing conntrack: %w", err)
return fmt.Errorf("dialing netfilter: %w", err)
}
defer conn.Close()
return conn.Flush()
families := [...]netfilter.ProtoFamily{netfilter.ProtoIPv4, netfilter.ProtoIPv6}
for _, family := range families {
const IPCtnlMsgCtDelete = 2
request, err := netfilter.MarshalNetlink(
netfilter.Header{
SubsystemID: netfilter.NFSubsysCTNetlink,
MessageType: netfilter.MessageType(IPCtnlMsgCtDelete),
Family: family,
Flags: netlink.Request | netlink.Acknowledge,
},
nil)
if err != nil {
return fmt.Errorf("encoding netlink request: %w", err)
}
_, err = conn.Query(request)
if err != nil {
return fmt.Errorf("querying netlink request: %w", err)
}
}
return nil
}