Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conntrack support #213

Merged
merged 3 commits into from
Apr 5, 2017
Merged

Conntrack support #213

merged 3 commits into from
Apr 5, 2017

Conversation

fcrisciani
Copy link
Collaborator

These 2 commits are introducing the support for netfilter conntrack into the library.
This PR is a dependency for the fix of the bug: moby/moby#8795

The first commit adds the logic to support the GET/FLUSH/DELETE of conntrack through netlink
The second commit adds a test on top

@fcrisciani
Copy link
Collaborator Author

Looks like I will have to investigate the failure on Travis.
Was thinking was missing netcat but with my last commit the test should had been skip

@fcrisciani fcrisciani force-pushed the conntrack2 branch 3 times, most recently from 6dfa8d0 to f570540 Compare April 5, 2017 16:43
Introduce Conntrack support
4bdad73 
- Conntrack table FLUSH
- Conntrack table DELETE with filter
    The filter is only for IP field
- Conntrack table GET
  The flow information is not complete, but the method
  returns a simplified structure with basic flow info

Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
@fcrisciani
Copy link
Collaborator Author

The issue was the missing modules in the kernel, added them into Travis file.

Conntrack testing
2d3d0f8 
Added tests for:
Table FLUSH
Table GET
Table DELETE with filter
Filter match

Use a simple UDP client to create flows into the conntrack for testing purpose
Each test will run in a separate network namespace so can run in parallel
Added kernel module dependencies into the travis file

Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
@vishvananda
Copy link
Owner

This looks good. I'm thinking we may need a conntrack_unspecified.go with NotImplemented calls so that projects build on non-linux environments?

Added conntrack_unspecified
adc20f4 
Enable compilation in non linux environments

Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
@fcrisciani
Copy link
Collaborator Author

Sure, let me take care of that

@vishvananda vishvananda mentioned this pull request Apr 5, 2017
Closed
@fcrisciani
Copy link
Collaborator Author

@vishvananda done, should be ready to go now

@vishvananda vishvananda merged commit 0ac4d25 into vishvananda:master Apr 5, 2017
@fcrisciani fcrisciani deleted the conntrack2 branch April 5, 2017 23:42
@2opremio 2opremio mentioned this pull request Apr 25, 2017
Open
This was referenced May 2, 2017
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fcrisciani @vishvananda