chore(mod): simplify code and add more kernel config constants

internal/mod/builtin_linux.go

@@ -1,33 +0,0 @@
-package mod
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-)
-
-var errBuiltinModuleNotFound = errors.New("builtin module not found")
-
-func checkModulesBuiltin(modulesPath, moduleName string) error {
-	f, err := os.Open(filepath.Join(modulesPath, "modules.builtin"))
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	moduleName = strings.TrimSuffix(moduleName, ".ko")
-
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		line := scanner.Text()
-		line = strings.TrimSuffix(line, ".ko")
-		if strings.HasSuffix(line, "/"+moduleName) {
-			return nil
-		}
-	}
-
-	return fmt.Errorf("%w: %s", errBuiltinModuleNotFound, moduleName)
-}

internal/mod/configgz_linux.go

@@ -76,28 +76,51 @@ func checkProcConfig(moduleName string) error {
 
 func moduleNameToKernelFeatureGroups(moduleName string) (featureGroups [][]string, ok bool) {
 	moduleMap := map[string][][]string{
+		"x_tables":  {{"CONFIG_NETFILTER_XTABLES"}},
 		"nf_tables": {{"CONFIG_NF_TABLES"}},
 
 		// Netfilter Matches
-		"xt_conntrack": {{"CONFIG_NETFILTER_XT_MATCH_CONNTRACK"}},
+		"xt_conntrack": {
+			{"CONFIG_NETFILTER_XT_MATCH_CONNTRACK"},
+			{"CONFIG_IP_NF_MATCH_CONNTRACK"}, // old kernels
+		},
 		"xt_connmark": {
 			{"CONFIG_NETFILTER_XT_CONNMARK"},
 			{"CONFIG_NETFILTER_XT_MATCH_CONNMARK", "CONFIG_NETFILTER_XT_TARGET_CONNMARK"},
 		},
 		"xt_mark": {
 			{"CONFIG_NETFILTER_XT_MARK"},
-			{"CONFIG_NETFILTER_XT_MATCH_MARK", "CONFIG_NETFILTER_XT_TARGET_MARK"},
+			{"CONFIG_NETFILTER_XT_MATCH_MARK"},
 		},
+		"nf_conntrack":         {{"CONFIG_NF_CONNTRACK"}},
+		"nf_conntrack_ipv4":    {{"CONFIG_NF_CONNTRACK_IPV4"}},
+		"nf_conntrack_ipv6":    {{"CONFIG_NF_CONNTRACK_IPV6"}},
 		"nf_conntrack_netlink": {{"CONFIG_NF_CT_NETLINK"}},
-		"nf_reject_ipv4":       {{"CONFIG_NF_REJECT_IPV4"}},
+
+		// Nftables
+		"nft_compat":            {{"CONFIG_NFT_COMPAT"}},
+		"nft_ct":                {{"CONFIG_NFT_CT"}},
+		"nft_connmark":          {{"CONFIG_NFT_CONNMARK"}},
+		"nft_chain_filter":      {{"CONFIG_NFT_CHAIN_FILTER_IPV4"}},
+		"nft_chain_filter_ipv4": {{"CONFIG_NFT_CHAIN_FILTER_IPV4"}},
+		"nft_chain_filter_ipv6": {{"CONFIG_NFT_CHAIN_FILTER_IPV6"}},
+		"nft_chain_mangle_ipv4": {{"CONFIG_NFT_CHAIN_MANGLE_IPV4"}},
+		"nft_chain_mangle_ipv6": {{"CONFIG_NFT_CHAIN_MANGLE_IPV6"}},
+		"nft_reject":            {{"CONFIG_NFT_REJECT_INET"}, {"CONFIG_NFT_REJECT_IPV4"}},
+
+		// Iptables
+		"iptable_filter":  {{"CONFIG_IP_NF_FILTER"}},
+		"ip6table_filter": {{"CONFIG_IP6_NF_FILTER"}},
+		"ip_tables":       {{"CONFIG_IP_NF_IPTABLES"}},
+		"ip6_tables":      {{"CONFIG_IP6_NF_IPTABLES"}},
 
 		// Common Netfilter Targets
-		"xt_log": {{"CONFIG_NETFILTER_XT_TARGET_LOG"}},
-		"xt_reject": {
+		"xt_LOG": {{"CONFIG_NETFILTER_XT_TARGET_LOG"}},
+		"xt_REJECT": {
 			{"CONFIG_IP_NF_TARGET_REJECT", "CONFIG_NF_REJECT_IPV4"},
 			{"CONFIG_NETFILTER_XT_TARGET_REJECT", "CONFIG_NF_REJECT_IPV4"},
 		},
-		"xt_masquerade": {{"CONFIG_NETFILTER_XT_TARGET_MASQUERADE"}},
+		"xt_MASQUERADE": {{"CONFIG_NETFILTER_XT_TARGET_MASQUERADE"}},
 
 		// Additional Netfilter Matches
 		"xt_addrtype":  {{"CONFIG_NETFILTER_XT_MATCH_ADDRTYPE"}},
@@ -118,7 +141,7 @@ func moduleNameToKernelFeatureGroups(moduleName string) (featureGroups [][]strin
 		"fuse":    {{"CONFIG_FUSE_FS"}},
 	}
 
-	featureGroups, ok = moduleMap[strings.ToLower(moduleName)]
+	featureGroups, ok = moduleMap[moduleName]
 	return featureGroups, ok
 }
 

internal/mod/probe_linux.go

@@ -10,9 +10,7 @@ import (
 // It first tries to locate the modules directory in [getModulesPath].
 // If it fails (like on WSL), it then only checks for the kernel feature
 // in /proc/config.gz with [checkProcConfig].
-// Otherwise, it first checks if the modules directory modules.builtin
-// file contains the given module name in [checkModulesBuiltin].
-// If the module is not found, it then runs the classic [modProbe] behavior,
+// Otherwise, it then runs the classic [modProbe] behavior,
 // trying to load the module in the kernel.
 // If this fails, it does one final try running [checkProcConfig].
 func Probe(moduleName string) error {
@@ -28,14 +26,11 @@ func Probe(moduleName string) error {
 		return fmt.Errorf("getting modules path: %w", err)
 	}
 
-	err = checkModulesBuiltin(modulesPath, moduleName)
+	err = modProbe(modulesPath, moduleName)
 	if err != nil {
-		err = modProbe(modulesPath, moduleName)
+		err = checkProcConfig(moduleName)
 		if err != nil {
-			err = checkProcConfig(moduleName)
-			if err != nil {
-				return fmt.Errorf("checking /proc/config.gz: %w", err)
-			}
+			return fmt.Errorf("checking /proc/config.gz: %w", err)
 		}
 	}
 	return nil