mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-02 04:53:51 +01:00
1012172f04
Handle routes updates from management Manage routing firewall rules Manage peer RIB table Add get peer and get notification channel from the status recorder Update interface peers allowed IPs
56 lines
1.4 KiB
Go
56 lines
1.4 KiB
Go
package routemanager
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"github.com/coreos/go-iptables/iptables"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
import "github.com/google/nftables"
|
|
|
|
const (
|
|
ipv6Forwarding = "netbird-rt-ipv6-forwarding"
|
|
ipv4Forwarding = "netbird-rt-ipv4-forwarding"
|
|
ipv6Nat = "netbird-rt-ipv6-nat"
|
|
ipv4Nat = "netbird-rt-ipv4-nat"
|
|
natFormat = "netbird-nat-%s"
|
|
forwardingFormat = "netbird-fwd-%s"
|
|
ipv6 = "ipv6"
|
|
ipv4 = "ipv4"
|
|
)
|
|
|
|
func genKey(format string, input string) string {
|
|
return fmt.Sprintf(format, input)
|
|
}
|
|
|
|
// NewFirewall if supported, returns an iptables manager, otherwise returns a nftables manager
|
|
func NewFirewall(parentCTX context.Context) firewallManager {
|
|
ctx, cancel := context.WithCancel(parentCTX)
|
|
|
|
if isIptablesSupported() {
|
|
log.Debugf("iptables is supported")
|
|
ipv4Client, _ := iptables.NewWithProtocol(iptables.ProtocolIPv4)
|
|
ipv6Client, _ := iptables.NewWithProtocol(iptables.ProtocolIPv6)
|
|
|
|
return &iptablesManager{
|
|
ctx: ctx,
|
|
stop: cancel,
|
|
ipv4Client: ipv4Client,
|
|
ipv6Client: ipv6Client,
|
|
rules: make(map[string]map[string][]string),
|
|
}
|
|
}
|
|
|
|
log.Debugf("iptables is not supported, using nftables")
|
|
|
|
manager := &nftablesManager{
|
|
ctx: ctx,
|
|
stop: cancel,
|
|
conn: &nftables.Conn{},
|
|
chains: make(map[string]map[string]*nftables.Chain),
|
|
rules: make(map[string]*nftables.Rule),
|
|
}
|
|
|
|
return manager
|
|
}
|