Skip to content

Commit

Permalink
Check that conntrack events are enabled in the kernel
Browse files Browse the repository at this point in the history
  • Loading branch information
Alfonso Acosta committed Jan 2, 2017
1 parent ab28a0b commit 64f1a5d
Showing 1 changed file with 18 additions and 11 deletions.
29 changes: 18 additions & 11 deletions probe/endpoint/conntrack.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import (
"bytes"
"fmt"
"io"
"os"
"io/ioutil"
"path/filepath"
"strconv"
"sync"
Expand All @@ -18,13 +18,13 @@ import (

const (
// From https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt
// Check a tcp-related file for existence since we need tcp tracking
procFileToCheck = "sys/net/netfilter/nf_conntrack_tcp_timeout_close"
timeWait = "TIME_WAIT"
tcpProto = "tcp"
newType = "[NEW]"
updateType = "[UPDATE]"
destroyType = "[DESTROY]"
eventsPath = "sys/net/netfilter/nf_conntrack_events"

timeWait = "TIME_WAIT"
tcpProto = "tcp"
newType = "[NEW]"
updateType = "[UPDATE]"
destroyType = "[DESTROY]"
)

var (
Expand Down Expand Up @@ -104,9 +104,16 @@ func newConntrackFlowWalker(useConntrack bool, procRoot string, bufferSize int,

// IsConntrackSupported returns true if conntrack is suppported by the kernel
var IsConntrackSupported = func(procRoot string) error {
procFile := filepath.Join(procRoot, procFileToCheck)
_, err := os.Stat(procFile)
return err
// Make sure events are enabled, the conntrack CLI doesn't verify it
f := filepath.Join(procRoot, eventsPath)
contents, err := ioutil.ReadFile(f)
if err != nil {
return err
}
if string(contents) == "0" {
return fmt.Errorf("conntrack events (%s) are disabled", f)
}
return nil
}

func (c *conntrackWalker) loop() {
Expand Down

0 comments on commit 64f1a5d

Please sign in to comment.