From ce9042d060bceb03d248ee60a9d98da1b7b3d359 Mon Sep 17 00:00:00 2001 From: Daman Arora Date: Thu, 5 Sep 2024 21:31:02 +0530 Subject: [PATCH] capture and return errors in ConntrackDeleteFilters Signed-off-by: Daman Arora --- conntrack_linux.go | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/conntrack_linux.go b/conntrack_linux.go index f1000306..51992c61 100644 --- a/conntrack_linux.go +++ b/conntrack_linux.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "net" + "strings" "time" "github.com/vishvananda/netlink/nl" @@ -158,6 +159,7 @@ func (h *Handle) ConntrackDeleteFilters(table ConntrackTableType, family InetFam } var matched uint + var errMsgs []string for _, dataRaw := range res { flow := parseRawData(dataRaw) for _, filter := range filters { @@ -165,14 +167,19 @@ func (h *Handle) ConntrackDeleteFilters(table ConntrackTableType, family InetFam req2 := h.newConntrackRequest(table, family, nl.IPCTNL_MSG_CT_DELETE, unix.NLM_F_ACK) // skip the first 4 byte that are the netfilter header, the newConntrackRequest is adding it already req2.AddRawData(dataRaw[4:]) - req2.Execute(unix.NETLINK_NETFILTER, 0) - matched++ - // flow is already deleted, no need to match on other filters and continue to the next flow. - break + if _, err = req2.Execute(unix.NETLINK_NETFILTER, 0); err != nil { + errMsgs = append(errMsgs, fmt.Sprintf("failed to delete conntrack flow '%s': %s", flow.String(), err.Error())) + } else { + matched++ + // flow is already deleted, no need to match on other filters and continue to the next flow. + break + } } } } - + if len(errMsgs) > 0 { + return matched, fmt.Errorf(strings.Join(errMsgs, "; ")) + } return matched, nil }