diff --git a/family_type.go b/family/type.go similarity index 72% rename from family_type.go rename to family/type.go index 82b6dd1..d3c32e8 100644 --- a/family_type.go +++ b/family/type.go @@ -1,18 +1,18 @@ -package nft +package family import "fmt" -type FamilyType int8 +type Type int8 const ( - IP FamilyType = iota + 1 + IP Type = iota + 1 IP6 INET ARP BRIDGE ) -func (f FamilyType) String() string { +func (f Type) String() string { switch f { case IP: return "ip" diff --git a/internal/command/command.go b/internal/command/command.go new file mode 100644 index 0000000..560e8df --- /dev/null +++ b/internal/command/command.go @@ -0,0 +1,37 @@ +package command + +import ( + "errors" + "os/exec" +) + +type NFT interface { + Run(arg ...string) error +} + +type execNFT struct { + nftPath string +} + +func New(path string) (NFT, error) { + if err := checkingNFT(path); err != nil { + return nil, err + } + + return &execNFT{ + nftPath: path, + }, nil +} + +func (r *execNFT) Run(arg ...string) error { + cmd := exec.Command(r.nftPath, arg...) + out, err := cmd.CombinedOutput() + if err != nil { + if len(out) > 0 { + return errors.New(string(out)) + } + return err + } + + return nil +} diff --git a/utils.go b/internal/command/utils.go similarity index 79% rename from utils.go rename to internal/command/utils.go index 73ca09e..4e405a8 100644 --- a/utils.go +++ b/internal/command/utils.go @@ -1,4 +1,4 @@ -package nft +package command import ( "errors" @@ -8,19 +8,6 @@ import ( "strings" ) -func executeCommand(name string, arg ...string) error { - cmd := exec.Command(name, arg...) - out, err := cmd.CombinedOutput() - if err != nil { - if len(out) > 0 { - return errors.New(string(out)) - } - return err - } - - return nil -} - func checkingNFT(path string) error { if path == "" { return errors.New("path is empty") diff --git a/internal/table/table.go b/internal/table/table.go new file mode 100644 index 0000000..1f5b41f --- /dev/null +++ b/internal/table/table.go @@ -0,0 +1,51 @@ +package table + +import ( + "git.kor-elf.net/kor-elf-shield/go-nftables-client/family" + "git.kor-elf.net/kor-elf-shield/go-nftables-client/internal/command" +) + +type API interface { + // AddTable adds a new table. + // + // This command is equivalent to: + // nft add table (ip|ip6|inet|arp|bridge) {table_name} + Add(family family.Type, tableName string) error + + // DeleteTable deletes a table. + // + // This command is equivalent to: + // nft delete table (ip|ip6|inet|arp|bridge) {table_name} + Delete(family family.Type, tableName string) error + + // ClearTable clears all rules in a table. + // + // This command is equivalent to: + // nft flush table (ip|ip6|inet|arp|bridge) {table_name} + Clear(family family.Type, tableName string) error +} + +type table struct { + command command.NFT +} + +func New(command command.NFT) API { + return &table{ + command: command, + } +} + +func (t *table) Add(family family.Type, tableName string) error { + args := []string{"add", "table", family.String(), tableName} + return t.command.Run(args...) +} + +func (t *table) Delete(family family.Type, tableName string) error { + args := []string{"delete", "table", family.String(), tableName} + return t.command.Run(args...) +} + +func (t *table) Clear(family family.Type, tableName string) error { + args := []string{"flush", "table", family.String(), tableName} + return t.command.Run(args...) +} diff --git a/nft.go b/nft.go index 09aad18..7c4582d 100644 --- a/nft.go +++ b/nft.go @@ -2,6 +2,9 @@ package nft import ( "errors" + + "git.kor-elf.net/kor-elf-shield/go-nftables-client/internal/command" + "git.kor-elf.net/kor-elf-shield/go-nftables-client/internal/table" ) // NFT A client for working with nftables @@ -12,27 +15,13 @@ type NFT interface { // nft flush ruleset Clear() error - // AddTable adds a new table. - // - // This command is equivalent to: - // nft add table (ip|ip6|inet|arp|bridge) {table_name} - AddTable(family FamilyType, tableName string) error - - // DeleteTable deletes a table. - // - // This command is equivalent to: - // nft delete table (ip|ip6|inet|arp|bridge) {table_name} - DeleteTable(family FamilyType, tableName string) error - - // ClearTable clears all rules in a table. - // - // This command is equivalent to: - // nft flush table (ip|ip6|inet|arp|bridge) {table_name} - ClearTable(family FamilyType, tableName string) error + // Table returns an API for working with tables. + Table() table.API } type nft struct { - path string + command command.NFT + table table.API } // New Returns a client for working with nftables. @@ -51,31 +40,22 @@ func New() (NFT, error) { // NewWithPath Returns the client for working with nftables with its path specified. func NewWithPath(path string) (NFT, error) { - if err := checkingNFT(path); err != nil { + nftCommand, err := command.New(path) + if err != nil { return nil, err } return &nft{ - path: path, + command: nftCommand, + table: table.New(nftCommand), }, nil } func (n *nft) Clear() error { args := []string{"flush", "ruleset"} - return executeCommand(n.path, args...) + return n.command.Run(args...) } -func (n *nft) AddTable(family FamilyType, tableName string) error { - args := []string{"add", "table", family.String(), tableName} - return executeCommand(n.path, args...) -} - -func (n *nft) DeleteTable(family FamilyType, tableName string) error { - args := []string{"delete", "table", family.String(), tableName} - return executeCommand(n.path, args...) -} - -func (n *nft) ClearTable(family FamilyType, tableName string) error { - args := []string{"flush", "table", family.String(), tableName} - return executeCommand(n.path, args...) +func (n *nft) Table() table.API { + return n.table }