110 lines
2.7 KiB
Go
110 lines
2.7 KiB
Go
/*
|
|
* This file is part of nftables-http-api.
|
|
* Copyright (C) 2024 Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
*
|
|
* The nftables-http-api program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
|
|
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
|
|
* You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
package main
|
|
|
|
import (
|
|
"github.com/google/nftables"
|
|
"log"
|
|
"net"
|
|
)
|
|
|
|
type nftError struct {
|
|
Message string
|
|
}
|
|
|
|
func (nfterr nftError) Error() string {
|
|
return nfterr.Message
|
|
}
|
|
|
|
func handleNft(task string, set string) (any, error) {
|
|
nft, err := nftables.New()
|
|
if err != nil {
|
|
log.Println("handleNft():", err)
|
|
return "", err
|
|
}
|
|
|
|
if task == "get" {
|
|
nftResult, err := getNftSetElements(nft, set)
|
|
if err == nil {
|
|
return nftResult, nil
|
|
}
|
|
return nil, err
|
|
}
|
|
|
|
return "", nil
|
|
}
|
|
|
|
func getNftTable(nft *nftables.Conn) (*nftables.Table, error) {
|
|
targetTable := "filter" // TODO: make table configurable or smarter
|
|
|
|
foundTables, err := nft.ListTables()
|
|
if err != nil {
|
|
log.Printf("getNftTable(): %s", err)
|
|
return nil, err
|
|
}
|
|
|
|
exists := false
|
|
var table *nftables.Table
|
|
for _, foundTable := range foundTables {
|
|
if foundTable.Name == targetTable {
|
|
exists = true
|
|
table = foundTable
|
|
break
|
|
}
|
|
}
|
|
|
|
if !exists {
|
|
log.Printf("Table %s does not exist, cannot proceed", targetTable)
|
|
return nil, nftError{Message: "Table does not exist"}
|
|
}
|
|
|
|
return table, nil
|
|
}
|
|
|
|
func getNftSet(nft *nftables.Conn, setName string) (*nftables.Set, error) {
|
|
foundTable, err := getNftTable(nft)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
foundSet, err := nft.GetSetByName(foundTable, setName)
|
|
if err != nil || foundSet == nil {
|
|
log.Printf("Set lookup for %s failed, cannot proceed: %s", setName, err)
|
|
return nil, err
|
|
}
|
|
log.Printf("Found set %s", foundSet.Name)
|
|
|
|
return foundSet, nil
|
|
}
|
|
|
|
func getNftSetElements(nft *nftables.Conn, setName string) ([]string, error) {
|
|
set, err := getNftSet(nft, setName)
|
|
if err != nil {
|
|
log.Printf("Could not retrieve set elements")
|
|
return nil, err
|
|
}
|
|
|
|
setElements, err := nft.GetSetElements(set)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var returnElements []string
|
|
|
|
for i, element := range setElements {
|
|
ip := net.IP(element.Key)
|
|
log.Printf("Element %d: %s", i, ip)
|
|
returnElements = append(returnElements, ip.String())
|
|
}
|
|
|
|
return returnElements, nil
|
|
}
|