extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-03-11 13:18:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

add type for RuleSet

Browse Source
This commit is contained in:
Pascal Fischer 2023-06-28 14:09:23 +02:00
parent 54fe05f6d8
commit e074c24487
2 changed files with 14 additions and 11 deletions
client/firewall/uspfilter
uspfilter.gouspfilter_test.go

21
client/firewall/uspfilter/uspfilter.go
View File

@ -21,10 +21,13 @@ type IFaceMapper interface {
SetFilter(iface.PacketFilter) error SetFilter(iface.PacketFilter) error
} }
// RuleSet is a set of rules grouped by a string key
type RuleSet map[string]Rule
// Manager userspace firewall manager // Manager userspace firewall manager
type Manager struct { type Manager struct {
outgoingRules map[string]map[string]Rule outgoingRules map[string]RuleSet
incomingRules map[string]map[string]Rule incomingRules map[string]RuleSet
wgNetwork *net.IPNet wgNetwork *net.IPNet
decoders sync.Pool decoders sync.Pool
@ -60,8 +63,8 @@ func Create(iface IFaceMapper) (*Manager, error) {
return d return d
}, },
}, },
outgoingRules: make(map[string]map[string]Rule), outgoingRules: make(map[string]RuleSet),
incomingRules: make(map[string]map[string]Rule), incomingRules: make(map[string]RuleSet),
} }
if err := iface.SetFilter(m); err != nil { if err := iface.SetFilter(m); err != nil {
@ -126,12 +129,12 @@ func (m *Manager) AddFiltering(
m.mutex.Lock() m.mutex.Lock()
if direction == fw.RuleDirectionIN { if direction == fw.RuleDirectionIN {
if _, ok := m.incomingRules[r.ip.String()]; !ok { if _, ok := m.incomingRules[r.ip.String()]; !ok {
m.incomingRules[r.ip.String()] = make(map[string]Rule) m.incomingRules[r.ip.String()] = make(RuleSet)
} }
m.incomingRules[r.ip.String()][r.id] = r m.incomingRules[r.ip.String()][r.id] = r
} else { } else {
if _, ok := m.outgoingRules[r.ip.String()]; !ok { if _, ok := m.outgoingRules[r.ip.String()]; !ok {
m.outgoingRules[r.ip.String()] = make(map[string]Rule) m.outgoingRules[r.ip.String()] = make(RuleSet)
} }
m.outgoingRules[r.ip.String()][r.id] = r m.outgoingRules[r.ip.String()][r.id] = r
} }
@ -172,8 +175,8 @@ func (m *Manager) Reset() error {
m.mutex.Lock() m.mutex.Lock()
defer m.mutex.Unlock() defer m.mutex.Unlock()
m.outgoingRules = make(map[string]map[string]Rule) m.outgoingRules = make(map[string]RuleSet)
m.incomingRules = make(map[string]map[string]Rule) m.incomingRules = make(map[string]RuleSet)
return nil return nil
} }
@ -189,7 +192,7 @@ func (m *Manager) DropIncoming(packetData []byte) bool {
} }
// dropFilter imlements same logic for booth direction of the traffic // dropFilter imlements same logic for booth direction of the traffic
func (m *Manager) dropFilter(packetData []byte, rules map[string]map[string]Rule, isIncomingPacket bool) bool { func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isIncomingPacket bool) bool {
m.mutex.RLock() m.mutex.RLock()
defer m.mutex.RUnlock() defer m.mutex.RUnlock()

4
client/firewall/uspfilter/uspfilter_test.go
View File

@ -169,8 +169,8 @@ func TestAddUDPPacketHook(t *testing.T) {
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
manager := &Manager{ manager := &Manager{
incomingRules: map[string]map[string]Rule{}, incomingRules: map[string]RuleSet{},
outgoingRules: map[string]map[string]Rule{}, outgoingRules: map[string]RuleSet{},
} }
manager.AddUDPPacketHook(tt.in, tt.ip, tt.dPort, tt.hook) manager.AddUDPPacketHook(tt.in, tt.ip, tt.dPort, tt.hook)