florianl / go-nflog Goto Github PK

The bug was introduced in #4

We should check if this function is non-nil here.
https://github.com/florianl/go-nflog/blob/master/nflog.go#L190

    if nflog.setReadTimeout != nil {
        nflog.setReadTimeout()
    }

Otherwise, this will panic.

checkHeader() should return 4 for AF_BRIDGE family. I have create a PR: #31 for this issue.
Could you please take a look?

Version

v2.0.1

Phenomenon

Do not receive nflog information after 10 seconds

Reason

ctx-done will exit after 10 seconds

// in README.md
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)

// in RegisterWithErrorFunc
		go func() {
			// block until context is done
			<-ctx.Done()
			// Set the read deadline to a point in the past to interrupt
			// possible blocking Receive() calls.
			nflog.Con.SetReadDeadline(time.Now().Add(-1 * time.Second))
		}()

it will exit in 5 seconds

fmt.Println(time.Now())
ctx, _ := context.WithTimeout(context.Background(), 5*time.Second)
<-ctx.Done()
fmt.Println(time.Now())

removed :)

In the past git tag versioning and Go module versioning diverged on this repository. As a result there are pitfalls to using this Go package.

• Clarity and Consistency: Matching the Go module version with a Git tag creates a clear correspondence between the code and its version. This makes it easier for developers to understand exactly which code revision they are using.

• Dependency Management: The go tool relies on Git tags to identify specific versions of Go modules. When the module version and Git tag are aligned, the go tool can effortlessly download and manage dependencies. This ensures everyone using your module gets the intended version.

• Version Discovery: Proxy services like the Go proxy (https://proxy.golang.org/) use Git tags to discover new module versions. Aligning the versions allows for faster discovery and adoption of new releases by consumers of your module.

To start aligning git tags with Go module versions, the following changes are planned for May 2024::

Introduce a new major git tag

Use this new major git tag as Go module version

From this point onwards major git tags should always be aligned with Go module versions.

Currently, this project has four different git tags

• v3.0.0
• v2.0.0
• v1.1.0
• v1.0.0

All three of them are not reflected in https://github.com/florianl/go-nflog/blob/master/go.mod and vice versa. In addtion, this leads to confusion for some users - see #11.

As most users of this pkg are using go modules, I will delete these git tags to reduce confusion in the future.

Therefore, on September 1st 2020 I will delete the git tags.

If there are concerns with the removal of these git tags, please speak up.

When multiple iptables rules are set, the registered function will not be called after running for a period of time

In x-way/ctrmd#3 (comment) @x-way reported wrong values for nflog attributes.

Logger and caller's logger cannot be used together.

type Logger interface {
        Prinft(args ...string)
}

type Config struct {
         ...
	// Interface to log internals.
	Logger Logger
}

runtime: goroutine stack exceeds 1000000000-byte limit
fatal error: stack overflow

runtime stack:
runtime.throw(0x502b93, 0xe)
/opt/go/src/runtime/panic.go:605 +0x95
runtime.newstack(0x0)
/opt/go/src/runtime/stack.go:1050 +0x6e1
runtime.morestack()
/opt/go/src/runtime/asm_amd64.s:415 +0x86

goroutine 7 [running]:
github.com/mdlayher/netlink.(*sysSocket).SetReadDeadline(0xc4200785a0, 0xbfc8ec05aabd996e, 0xc5b69a, 0x59c160, 0x0, 0x0)
/opt/go/src/github.com/mdlayher/netlink/conn_linux.go:622 +0x6c fp=0xc44009a348 sp=0xc44009a340 pc=0x4b794c
github.com/mdlayher/netlink.(*sysSocket).SetReadDeadline(0xc4200785a0, 0xbfc8ec05aabd996e, 0xc5b69a, 0x59c160, 0x0, 0x0)
/opt/go/src/github.com/mdlayher/netlink/conn_linux.go:623 +0x49 fp=0xc44009a388 sp=0xc44009a348 pc=0x4b7929
github.com/mdlayher/netlink.(*sysSocket).SetReadDeadline(0xc4200785a0, 0xbfc8ec05aabd996e, 0xc5b69a, 0x59c160, 0x0, 0x0)
/opt/go/src/github.com/mdlayher/netlink/conn_linux.go:623 +0x49 fp=0xc44009a3c8 sp=0xc44009a388 pc=0x4b7929
github.com/mdlayher/netlink.(*sysSocket).SetReadDeadline(0xc4200785a0, 0xbfc8ec05aabd996e, 0xc5b69a, 0x59c160, 0x0, 0x0)
/opt/go/src/github.com/mdlayher/netlink/conn_linux.go:623 +0x49 fp=0xc44009a408 sp=0xc44009a3c8 pc=0x4b7929
github.com/mdlayher/netlink.(*sysSocket).SetReadDeadline(0xc4200785a0, 0xbfc8ec05aabd996e, 0xc5b69a, 0x59c160, 0x0, 0x0)
/opt/go/src/github.com/mdlayher/netlink/conn_linux.go:623 +0x49 fp=0xc44009a448 sp=0xc44009a408 pc=0x4b7929
github.com/mdlayher/netlink.(*sysSocket).SetReadDeadline(0xc4200785a0, 0xbfc8ec05aabd996e, 0xc5b69a, 0x59c160, 0x0, 0x0)
/opt/go/src/github.com/mdlayher/netlink/conn_linux.go:623 +0x49 fp=0xc44009a488 sp=0xc44009a448 pc=0x4b7929
github.com/mdlayher/netlink.(*sysSocket).SetReadDeadline(0xc4200785a0, 0xbfc8ec05aabd996e, 0xc5b69a, 0x59c160, 0x0, 0x0)

I did something almost identical to your example.
I have an iptable rule with -j NFLOG --nflog-group 100 and my registered callback does not seem to run.

However, I can see the packets hitting the rule if I do tcpdump -i nflog:100.
How would you go about debugging this?

My platform is linux kernel 3.14.

You have a 2.0.0 and 3.0.0 tags but you haven't set it up correctly to work with go modules. Could you change the tags to 1.2.0 and 1.3.0 respectively? The major tag changes should be when you make incompatible changes.