kor-elf-shield/go-nftables-client
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Refactor table management to use a dedicated API and improve command handling.

Browse Source
This commit is contained in:
Leonid Nikitin
2025-10-19 22:50:14 +05:00
parent d056f5dbf8
commit 5b19993343
5 changed files with 107 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
family_type.go → family/type.go
View File

@@ -1,18 +1,18 @@
package nft package family
import "fmt" import "fmt"
type FamilyType int8 type Type int8
const ( const (
IP FamilyType = iota + 1 IP Type = iota + 1
IP6 IP6
INET INET
ARP ARP
BRIDGE BRIDGE
) )
func (f FamilyType) String() string { func (f Type) String() string {
switch f { switch f {
case IP: case IP:
return "ip" return "ip"

37
internal/command/command.go Normal file
View File

@@ -0,0 +1,37 @@
package command
import (
"errors"
"os/exec"
)
type NFT interface {
Run(arg ...string) error
}
type execNFT struct {
nftPath string
}
func New(path string) (NFT, error) {
if err := checkingNFT(path); err != nil {
return nil, err
}
return &execNFT{
nftPath: path,
}, nil
}
func (r *execNFT) Run(arg ...string) error {
cmd := exec.Command(r.nftPath, arg...)
out, err := cmd.CombinedOutput()
if err != nil {
if len(out) > 0 {
return errors.New(string(out))
}
return err
}
return nil
}

15
utils.go → internal/command/utils.go
View File

@@ -1,4 +1,4 @@
package nft package command
import ( import (
"errors" "errors"
@@ -8,19 +8,6 @@ import (
"strings" "strings"
) )
func executeCommand(name string, arg ...string) error {
cmd := exec.Command(name, arg...)
out, err := cmd.CombinedOutput()
if err != nil {
if len(out) > 0 {
return errors.New(string(out))
}
return err
}
return nil
}
func checkingNFT(path string) error { func checkingNFT(path string) error {
if path == "" { if path == "" {
return errors.New("path is empty") return errors.New("path is empty")

51
internal/table/table.go Normal file
View File

@@ -0,0 +1,51 @@
package table
import (
"git.kor-elf.net/kor-elf-shield/go-nftables-client/family"
"git.kor-elf.net/kor-elf-shield/go-nftables-client/internal/command"
)
type API interface {
// AddTable adds a new table.
//
// This command is equivalent to:
// nft add table (ip|ip6|inet|arp|bridge) {table_name}
Add(family family.Type, tableName string) error
// DeleteTable deletes a table.
//
// This command is equivalent to:
// nft delete table (ip|ip6|inet|arp|bridge) {table_name}
Delete(family family.Type, tableName string) error
// ClearTable clears all rules in a table.
//
// This command is equivalent to:
// nft flush table (ip|ip6|inet|arp|bridge) {table_name}
Clear(family family.Type, tableName string) error
}
type table struct {
command command.NFT
}
func New(command command.NFT) API {
return &table{
command: command,
}
}
func (t *table) Add(family family.Type, tableName string) error {
args := []string{"add", "table", family.String(), tableName}
return t.command.Run(args...)
}
func (t *table) Delete(family family.Type, tableName string) error {
args := []string{"delete", "table", family.String(), tableName}
return t.command.Run(args...)
}
func (t *table) Clear(family family.Type, tableName string) error {
args := []string{"flush", "table", family.String(), tableName}
return t.command.Run(args...)
}

48
nft.go
View File

@@ -2,6 +2,9 @@ package nft
import ( import (
"errors" "errors"
"git.kor-elf.net/kor-elf-shield/go-nftables-client/internal/command"
"git.kor-elf.net/kor-elf-shield/go-nftables-client/internal/table"
) )
// NFT A client for working with nftables // NFT A client for working with nftables
@@ -12,27 +15,13 @@ type NFT interface {
// nft flush ruleset // nft flush ruleset
Clear() error Clear() error
// AddTable adds a new table. // Table returns an API for working with tables.
// Table() table.API
// This command is equivalent to:
// nft add table (ip|ip6|inet|arp|bridge) {table_name}
AddTable(family FamilyType, tableName string) error
// DeleteTable deletes a table.
//
// This command is equivalent to:
// nft delete table (ip|ip6|inet|arp|bridge) {table_name}
DeleteTable(family FamilyType, tableName string) error
// ClearTable clears all rules in a table.
//
// This command is equivalent to:
// nft flush table (ip|ip6|inet|arp|bridge) {table_name}
ClearTable(family FamilyType, tableName string) error
} }
type nft struct { type nft struct {
path string command command.NFT
table table.API
} }
// New Returns a client for working with nftables. // New Returns a client for working with nftables.
@@ -51,31 +40,22 @@ func New() (NFT, error) {
// NewWithPath Returns the client for working with nftables with its path specified. // NewWithPath Returns the client for working with nftables with its path specified.
func NewWithPath(path string) (NFT, error) { func NewWithPath(path string) (NFT, error) {
if err := checkingNFT(path); err != nil { nftCommand, err := command.New(path)
if err != nil {
return nil, err return nil, err
} }
return &nft{ return &nft{
path: path, command: nftCommand,
table: table.New(nftCommand),
}, nil }, nil
} }
func (n *nft) Clear() error { func (n *nft) Clear() error {
args := []string{"flush", "ruleset"} args := []string{"flush", "ruleset"}
return executeCommand(n.path, args...) return n.command.Run(args...)
} }
func (n *nft) AddTable(family FamilyType, tableName string) error { func (n *nft) Table() table.API {
args := []string{"add", "table", family.String(), tableName} return n.table
return executeCommand(n.path, args...)
}
func (n *nft) DeleteTable(family FamilyType, tableName string) error {
args := []string{"delete", "table", family.String(), tableName}
return executeCommand(n.path, args...)
}
func (n *nft) ClearTable(family FamilyType, tableName string) error {
args := []string{"flush", "table", family.String(), tableName}
return executeCommand(n.path, args...)
} }