Add Chain API for managing nftables chains, including Add, Create, Delete, Clear, and Rename operations.
This commit is contained in:
36
chain/hook.go
Normal file
36
chain/hook.go
Normal file
@@ -0,0 +1,36 @@
|
||||
package chain
|
||||
|
||||
import "fmt"
|
||||
|
||||
type Hook int8
|
||||
|
||||
const (
|
||||
HookInput Hook = iota
|
||||
HookOutput
|
||||
HookForward
|
||||
HookPrerouting
|
||||
HookPostrouting
|
||||
HookIngress
|
||||
HookEgress
|
||||
)
|
||||
|
||||
func (h Hook) String() string {
|
||||
switch h {
|
||||
case HookInput:
|
||||
return "input"
|
||||
case HookOutput:
|
||||
return "output"
|
||||
case HookForward:
|
||||
return "forward"
|
||||
case HookPrerouting:
|
||||
return "prerouting"
|
||||
case HookPostrouting:
|
||||
return "postrouting"
|
||||
case HookIngress:
|
||||
return "ingress"
|
||||
case HookEgress:
|
||||
return "egress"
|
||||
default:
|
||||
return fmt.Sprintf("unknown hook %d", h)
|
||||
}
|
||||
}
|
||||
21
chain/policy.go
Normal file
21
chain/policy.go
Normal file
@@ -0,0 +1,21 @@
|
||||
package chain
|
||||
|
||||
import "fmt"
|
||||
|
||||
type Policy int8
|
||||
|
||||
const (
|
||||
PolicyAccept Policy = iota + 1
|
||||
PolicyDrop
|
||||
)
|
||||
|
||||
func (p Policy) String() string {
|
||||
switch p {
|
||||
case PolicyAccept:
|
||||
return "accept"
|
||||
case PolicyDrop:
|
||||
return "drop"
|
||||
default:
|
||||
return fmt.Sprintf("unknown policy %d", p)
|
||||
}
|
||||
}
|
||||
68
chain/type.go
Normal file
68
chain/type.go
Normal file
@@ -0,0 +1,68 @@
|
||||
package chain
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strconv"
|
||||
)
|
||||
|
||||
type ChainOptions interface {
|
||||
String() string
|
||||
}
|
||||
|
||||
type Type int8
|
||||
|
||||
const (
|
||||
TypeNone Type = iota
|
||||
TypeFilter
|
||||
TypeNat
|
||||
TypeRoute
|
||||
)
|
||||
|
||||
func (t Type) String() string {
|
||||
switch t {
|
||||
case TypeNone:
|
||||
return ""
|
||||
case TypeFilter:
|
||||
return "filter"
|
||||
case TypeNat:
|
||||
return "inet"
|
||||
case TypeRoute:
|
||||
return "nat"
|
||||
default:
|
||||
return fmt.Sprintf("unknown type %d", t)
|
||||
}
|
||||
}
|
||||
|
||||
type BaseChainOptions struct {
|
||||
Type Type
|
||||
Hook Hook
|
||||
Priority int32
|
||||
Policy Policy
|
||||
Device string
|
||||
}
|
||||
|
||||
func (b BaseChainOptions) String() string {
|
||||
if b.Type == TypeNone {
|
||||
return ""
|
||||
}
|
||||
|
||||
device := ""
|
||||
if b.Hook == HookEgress || b.Hook == HookIngress {
|
||||
if b.Device != "" {
|
||||
device = " device " + b.Device + " "
|
||||
}
|
||||
}
|
||||
|
||||
policy := ""
|
||||
if b.Type == TypeFilter {
|
||||
policy = "policy " + b.Policy.String() + " ; "
|
||||
}
|
||||
|
||||
return "{ type " + b.Type.String() + " hook " + b.Hook.String() + " " + device + " priority " + strconv.Itoa(int(b.Priority)) + " ; " + policy + " }"
|
||||
}
|
||||
|
||||
func NewBaseChainOptions(t Type) BaseChainOptions {
|
||||
return BaseChainOptions{
|
||||
Type: t,
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user