From e7b25a0d5eef08443aaa6ca1f6a9a64a66e22efb Mon Sep 17 00:00:00 2001 From: Quentin McGaw Date: Mon, 2 Mar 2026 23:20:47 +0000 Subject: [PATCH] chore(mod): simplify code and add more kernel config constants --- internal/mod/builtin_linux.go | 33 ------------------------------ internal/mod/configgz_linux.go | 37 +++++++++++++++++++++++++++------- internal/mod/probe_linux.go | 13 ++++-------- 3 files changed, 34 insertions(+), 49 deletions(-) delete mode 100644 internal/mod/builtin_linux.go diff --git a/internal/mod/builtin_linux.go b/internal/mod/builtin_linux.go deleted file mode 100644 index 35991204..00000000 --- a/internal/mod/builtin_linux.go +++ /dev/null @@ -1,33 +0,0 @@ -package mod - -import ( - "bufio" - "errors" - "fmt" - "os" - "path/filepath" - "strings" -) - -var errBuiltinModuleNotFound = errors.New("builtin module not found") - -func checkModulesBuiltin(modulesPath, moduleName string) error { - f, err := os.Open(filepath.Join(modulesPath, "modules.builtin")) - if err != nil { - return err - } - defer f.Close() - - moduleName = strings.TrimSuffix(moduleName, ".ko") - - scanner := bufio.NewScanner(f) - for scanner.Scan() { - line := scanner.Text() - line = strings.TrimSuffix(line, ".ko") - if strings.HasSuffix(line, "/"+moduleName) { - return nil - } - } - - return fmt.Errorf("%w: %s", errBuiltinModuleNotFound, moduleName) -} diff --git a/internal/mod/configgz_linux.go b/internal/mod/configgz_linux.go index a8a932e6..0e118ab7 100644 --- a/internal/mod/configgz_linux.go +++ b/internal/mod/configgz_linux.go @@ -76,28 +76,51 @@ func checkProcConfig(moduleName string) error { func moduleNameToKernelFeatureGroups(moduleName string) (featureGroups [][]string, ok bool) { moduleMap := map[string][][]string{ + "x_tables": {{"CONFIG_NETFILTER_XTABLES"}}, "nf_tables": {{"CONFIG_NF_TABLES"}}, // Netfilter Matches - "xt_conntrack": {{"CONFIG_NETFILTER_XT_MATCH_CONNTRACK"}}, + "xt_conntrack": { + {"CONFIG_NETFILTER_XT_MATCH_CONNTRACK"}, + {"CONFIG_IP_NF_MATCH_CONNTRACK"}, // old kernels + }, "xt_connmark": { {"CONFIG_NETFILTER_XT_CONNMARK"}, {"CONFIG_NETFILTER_XT_MATCH_CONNMARK", "CONFIG_NETFILTER_XT_TARGET_CONNMARK"}, }, "xt_mark": { {"CONFIG_NETFILTER_XT_MARK"}, - {"CONFIG_NETFILTER_XT_MATCH_MARK", "CONFIG_NETFILTER_XT_TARGET_MARK"}, + {"CONFIG_NETFILTER_XT_MATCH_MARK"}, }, + "nf_conntrack": {{"CONFIG_NF_CONNTRACK"}}, + "nf_conntrack_ipv4": {{"CONFIG_NF_CONNTRACK_IPV4"}}, + "nf_conntrack_ipv6": {{"CONFIG_NF_CONNTRACK_IPV6"}}, "nf_conntrack_netlink": {{"CONFIG_NF_CT_NETLINK"}}, - "nf_reject_ipv4": {{"CONFIG_NF_REJECT_IPV4"}}, + + // Nftables + "nft_compat": {{"CONFIG_NFT_COMPAT"}}, + "nft_ct": {{"CONFIG_NFT_CT"}}, + "nft_connmark": {{"CONFIG_NFT_CONNMARK"}}, + "nft_chain_filter": {{"CONFIG_NFT_CHAIN_FILTER_IPV4"}}, + "nft_chain_filter_ipv4": {{"CONFIG_NFT_CHAIN_FILTER_IPV4"}}, + "nft_chain_filter_ipv6": {{"CONFIG_NFT_CHAIN_FILTER_IPV6"}}, + "nft_chain_mangle_ipv4": {{"CONFIG_NFT_CHAIN_MANGLE_IPV4"}}, + "nft_chain_mangle_ipv6": {{"CONFIG_NFT_CHAIN_MANGLE_IPV6"}}, + "nft_reject": {{"CONFIG_NFT_REJECT_INET"}, {"CONFIG_NFT_REJECT_IPV4"}}, + + // Iptables + "iptable_filter": {{"CONFIG_IP_NF_FILTER"}}, + "ip6table_filter": {{"CONFIG_IP6_NF_FILTER"}}, + "ip_tables": {{"CONFIG_IP_NF_IPTABLES"}}, + "ip6_tables": {{"CONFIG_IP6_NF_IPTABLES"}}, // Common Netfilter Targets - "xt_log": {{"CONFIG_NETFILTER_XT_TARGET_LOG"}}, - "xt_reject": { + "xt_LOG": {{"CONFIG_NETFILTER_XT_TARGET_LOG"}}, + "xt_REJECT": { {"CONFIG_IP_NF_TARGET_REJECT", "CONFIG_NF_REJECT_IPV4"}, {"CONFIG_NETFILTER_XT_TARGET_REJECT", "CONFIG_NF_REJECT_IPV4"}, }, - "xt_masquerade": {{"CONFIG_NETFILTER_XT_TARGET_MASQUERADE"}}, + "xt_MASQUERADE": {{"CONFIG_NETFILTER_XT_TARGET_MASQUERADE"}}, // Additional Netfilter Matches "xt_addrtype": {{"CONFIG_NETFILTER_XT_MATCH_ADDRTYPE"}}, @@ -118,7 +141,7 @@ func moduleNameToKernelFeatureGroups(moduleName string) (featureGroups [][]strin "fuse": {{"CONFIG_FUSE_FS"}}, } - featureGroups, ok = moduleMap[strings.ToLower(moduleName)] + featureGroups, ok = moduleMap[moduleName] return featureGroups, ok } diff --git a/internal/mod/probe_linux.go b/internal/mod/probe_linux.go index 2bda6cf8..3e3151e6 100644 --- a/internal/mod/probe_linux.go +++ b/internal/mod/probe_linux.go @@ -10,9 +10,7 @@ import ( // It first tries to locate the modules directory in [getModulesPath]. // If it fails (like on WSL), it then only checks for the kernel feature // in /proc/config.gz with [checkProcConfig]. -// Otherwise, it first checks if the modules directory modules.builtin -// file contains the given module name in [checkModulesBuiltin]. -// If the module is not found, it then runs the classic [modProbe] behavior, +// Otherwise, it then runs the classic [modProbe] behavior, // trying to load the module in the kernel. // If this fails, it does one final try running [checkProcConfig]. func Probe(moduleName string) error { @@ -28,14 +26,11 @@ func Probe(moduleName string) error { return fmt.Errorf("getting modules path: %w", err) } - err = checkModulesBuiltin(modulesPath, moduleName) + err = modProbe(modulesPath, moduleName) if err != nil { - err = modProbe(modulesPath, moduleName) + err = checkProcConfig(moduleName) if err != nil { - err = checkProcConfig(moduleName) - if err != nil { - return fmt.Errorf("checking /proc/config.gz: %w", err) - } + return fmt.Errorf("checking /proc/config.gz: %w", err) } } return nil