mirror of
https://github.com/qdm12/gluetun.git
synced 2026-05-07 04:20:12 +02:00
Quentin McGaw
45 lines
1.1 KiB
Go
45 lines
1.1 KiB
Go
package netlink
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
|
|
"github.com/mdlayher/netlink"
|
|
"github.com/ti-mo/netfilter"
|
|
"golang.org/x/sys/unix"
|
|
)
|
|
|
|
var ErrConntrackNetlinkNotSupported = errors.New("nf_conntrack_netlink is not supported by the kernel")
|
|
|
|
func (n *NetLink) FlushConntrack() error {
|
|
conn, err := netfilter.Dial(nil)
|
|
if err != nil {
|
|
if !n.conntrackNetlink {
|
|
err = fmt.Errorf("%w: %w", err, ErrConntrackNetlinkNotSupported)
|
|
}
|
|
return fmt.Errorf("dialing netfilter: %w", err)
|
|
}
|
|
defer conn.Close()
|
|
|
|
const ipCtnlMsgCtDelete = netfilter.MessageType(2)
|
|
header := netfilter.Header{
|
|
SubsystemID: netfilter.NFSubsysCTNetlink,
|
|
MessageType: ipCtnlMsgCtDelete,
|
|
Family: unix.AF_UNSPEC,
|
|
Flags: netlink.Request | netlink.Acknowledge,
|
|
}
|
|
request, err := netfilter.MarshalNetlink(header, nil)
|
|
if err != nil {
|
|
return fmt.Errorf("encoding netlink request: %w", err)
|
|
}
|
|
|
|
_, err = conn.Query(request)
|
|
if err != nil {
|
|
if !n.conntrackNetlink {
|
|
err = fmt.Errorf("%w: %w", err, ErrConntrackNetlinkNotSupported)
|
|
}
|
|
return fmt.Errorf("querying netlink request: %w", err)
|
|
}
|
|
return nil
|
|
}
|