107 lines
2.6 KiB
Go
107 lines
2.6 KiB
Go
|
/*
|
||
|
* This file is part of nftables-http-api.
|
||
|
* Copyright (C) 2024 Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
||
|
*
|
||
|
* The nftables-http-api program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
|
||
|
|
||
|
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||
|
|
||
|
* You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||
|
*/
|
||
|
|
||
|
package main
|
||
|
|
||
|
import (
|
||
|
"github.com/google/nftables"
|
||
|
"log"
|
||
|
)
|
||
|
|
||
|
type nftError struct {
|
||
|
Message string
|
||
|
}
|
||
|
|
||
|
func (nfterr nftError) Error() string {
|
||
|
return nfterr.Message
|
||
|
}
|
||
|
|
||
|
func handleNft(task string, set string) (any, error) {
|
||
|
nft, err := nftables.New()
|
||
|
if err != nil {
|
||
|
log.Println("handleNft():", err)
|
||
|
return "", err
|
||
|
}
|
||
|
|
||
|
if task == "get" {
|
||
|
nftResult, err := getNftSetElements(nft, set)
|
||
|
if err == nil {
|
||
|
return nftResult, nil
|
||
|
}
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
return "", nil
|
||
|
}
|
||
|
|
||
|
func getNftTable(nft *nftables.Conn) (*nftables.Table, error) {
|
||
|
targetTable := "filter" // TODO: make table configurable or smarter
|
||
|
|
||
|
foundTables, err := nft.ListTables()
|
||
|
if err != nil {
|
||
|
log.Printf("getNftTable(): %s", err)
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
exists := false
|
||
|
var table *nftables.Table
|
||
|
for _, foundTable := range foundTables {
|
||
|
if foundTable.Name == targetTable {
|
||
|
exists = true
|
||
|
table = foundTable
|
||
|
break
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if !exists {
|
||
|
log.Printf("Table %s does not exist, cannot proceed", targetTable)
|
||
|
return nil, nftError{Message: "Table does not exist"}
|
||
|
}
|
||
|
|
||
|
return table, nil
|
||
|
}
|
||
|
|
||
|
func getNftSet(nft *nftables.Conn, setName string) (*nftables.Set, error) {
|
||
|
foundTable, err := getNftTable(nft)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
foundSet, err := nft.GetSetByName(foundTable, setName)
|
||
|
if err != nil || foundSet == nil {
|
||
|
log.Printf("Set lookup for %s failed, cannot proceed: %s", setName, err)
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
return foundSet, nil
|
||
|
}
|
||
|
|
||
|
func getNftSetElements(nft *nftables.Conn, setName string) ([]string, error) {
|
||
|
set, err := getNftSet(nft, setName)
|
||
|
if err != nil {
|
||
|
log.Printf("Could not retrieve set elements")
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
setElements, err := nft.GetSetElements(set)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
var returnElements []string
|
||
|
|
||
|
for _, element := range setElements {
|
||
|
log.Printf("element: %s", element.Key)
|
||
|
returnElements = append(returnElements, string(element.Key))
|
||
|
}
|
||
|
|
||
|
return returnElements, nil
|
||
|
}
|