Confused by neli, seems I can't make a valid conntract request

[zylthinking]

code like the below, the kernel returns -22 but I don't know where the error is,
I reuse Genlmsghdr as NfGenMsg, so the cmd is not the issue.

The TLV tree seems Ok, and I think maybe there are len/alignment issues, but I did not assign these by hand.

fn make_attr<T, P>(attr_type: T, nest: bool, payload: P) -> Result<Nlattr<T, Buffer>>
where
    P: Size + ToBytes,
    T: NlAttrType,
{
    Ok(NlattrBuilder::default()
        .nla_type(
            AttrTypeBuilder::default()
                .nla_type(attr_type)
                .nla_nested(nest)
                .build()?,
        )
        .nla_payload(payload)
        .build()?)
}

pub fn delete(&self, proto: u8, ip: &Ipv4Addr) -> Result<()> {
    let ip_attr = make_attr(
        IpTupleAttr::CtaIpv4Src,
        false,
        Buffer::from(ip.octets().to_vec()),
    )?;
    let ip_tuple = make_attr(TupleAttr::CtaTupleIp, true, ip_attr)?;
    let proto_attr = make_attr(
        ProtoTupleAttr::CtaProtoNum,
        false,
        Buffer::from((proto as u32).to_ne_bytes().to_vec()),
    )?;
    let proto_tuple = make_attr(TupleAttr::CtaTupleProto, true, proto_attr)?;

    let mut attr = make_attr(ConntrackAttr::CtaTupleOrig, true, ip_tuple)?;
    attr = attr.nest(&proto_tuple)?;
    let mut attrs = GenlBuffer::<ConntrackAttr, Buffer>::new();
    attrs.push(attr);

    let genlhdr = GenlmsghdrBuilder::default()
        .cmd(libc::AF_INET as u8)
        .version(libc::NFNETLINK_V0 as u8)
        .attrs(attrs)
        .build()?;

    let x: NlRouterReceiverHandle<u16, Buffer> = self.socket.send(
        CtNetlinkMessage::CtDelete, // CtDelete = subsys_message(CtNetlinkSubsys::CtNetlink, CtMessage::CtDelete),
        NlmF::ACK | NlmF::MATCH,
        NlPayload::Payload(genlhdr),
    )?;


    log::info!("waiting...");
    for r in x {
        log::info!("{r:?}"); // EINVAL reported
    }
    log::info!("done");
    Ok(())
}

[jbaublitz]

@zylthinking Would you be able to enable the extended ACK? That should contain additional error messages about what specifically is going wrong. I think there is an example in the examples directory for how to parse the extended ACK response.

[a-gavin]

@zylthinking If you can share a self-contained, reproducing example, I'd be happy to test for you.

[zylthinking]

@a-gavin

Sorry for lated response, I have uploaded the example to
https://github.com/zylthinking/conntrack/blob/main/conntrack/examples/conntrack_dump.rs

It is just a forked conntrack in which I added the delete function

[a-gavin]

@zylthinking No worries, thanks for doing that. I'll take a look when I can! We'll see if I can find anything 😉

[jbaublitz]

@zylthinking I attempted to compile the example but it appears that it's dependent on your crate. I would strongly recommend that you enable the extended ACK as it will likely give you a more informative error message on why this call is failing. If you need help enabling or parsing the extended ACK, please look at the examples in neli for for information.