filter on IPv6 (or IPv4) hides events from the other IP family

[gtataranni]

I am playing with the library, using the example code provided, but using RegisterFiltered

var filterNoIPv6Loopback = []ct.ConnAttr{
	{ct.AttrOrigIPv6Src,
		net.IPv6loopback
		net.CIDRMask(128, net.IPv6len*8),
		true,
	},
}

func ExampleNfctRegister(ctx context.Context) {
	nfct, err := ct.Open(&ct.Config{AddConntrackInformation: true})
	if err != nil {
		log.Fatal(err)
		return
	}
	go func() {
		<-ctx.Done()
		nfct.Close()
	}()

	if err := nfct.RegisterFiltered(ctx, ct.Conntrack, ct.NetlinkCtNew, filterNoIPv6Loopback, printer); err != nil {
		fmt.Println("could not register callback:", err)
		return
	}
	fmt.Println("registered")
}

func printer(c ct.Con) int {
	jsonOut, _ := json.MarshalIndent(c, "", "  ")
	fmt.Println(string(jsonOut))
	fmt.Println("-------------------------")
	return 0
}

func main() {
	ctx, ctxCancel := context.WithCancel(context.Background())
	ExampleNfctRegister(ctx)

	c := make(chan os.Signal, 1)
	signal.Notify(c, os.Interrupt)
	go func() {
		for sig := range c {
			_ = sig
			ctxCancel()
			return
		}
	}()

	fmt.Println("waiting for SIGINT signal")
	<-ctx.Done()
}

Seems that by registering a filter for an IPv6 IP, only IPv6 events are received, but no IPv4 event.
The opposite is also true: registering a IPv4 filter will exclude all IPv6 events.

By registering no filter, both IPv4 and IPv6 events are received.

Is this expected?

[florianl]

Hi @gtataranni

the situation you describe is expected behaviour. It originates in the construction of BPF filters (not eBPF!) on the socket. So my recommendation would be just to open two netlink sockets, one for IPv6 and one for IPv4.

[gtataranni]

Ok, thanks for the answer! Can we add a documentation comment about it? Do you want me to open a PR?

[florianl]

Sure, improving documentation sounds good to me. Feel free to open a PR.

[florianl]

fixed with #58.