mirror of
https://github.com/netbirdio/netbird.git
synced 2025-01-20 21:08:45 +01:00
0f0c7ec2ed
In case the route management feature is not supported then do not create unnecessary firewall and manager instances. This can happen if the nftables nor iptables is not available on the host OS. - Move the error handling to upper layer - Remove fake, useless implementations of interfaces - Update go-iptables because In Docker the old version can not determine well the path of executable file - update lib to 0.70
54 lines
1.3 KiB
Go
54 lines
1.3 KiB
Go
//go:build !android
|
|
|
|
package routemanager
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
const (
|
|
ipv6Forwarding = "netbird-rt-ipv6-forwarding"
|
|
ipv4Forwarding = "netbird-rt-ipv4-forwarding"
|
|
ipv6Nat = "netbird-rt-ipv6-nat"
|
|
ipv4Nat = "netbird-rt-ipv4-nat"
|
|
natFormat = "netbird-nat-%s"
|
|
forwardingFormat = "netbird-fwd-%s"
|
|
inNatFormat = "netbird-nat-in-%s"
|
|
inForwardingFormat = "netbird-fwd-in-%s"
|
|
ipv6 = "ipv6"
|
|
ipv4 = "ipv4"
|
|
)
|
|
|
|
func genKey(format string, input string) string {
|
|
return fmt.Sprintf(format, input)
|
|
}
|
|
|
|
// NewFirewall if supported, returns an iptables manager, otherwise returns a nftables manager
|
|
func NewFirewall(parentCTX context.Context) (firewallManager, error) {
|
|
manager, err := newNFTablesManager(parentCTX)
|
|
if err == nil {
|
|
log.Debugf("nftables firewall manager will be used")
|
|
return manager, nil
|
|
}
|
|
fMgr, err := newIptablesManager(parentCTX)
|
|
if err != nil {
|
|
log.Debugf("failed to initialize iptables for root mgr: %s", err)
|
|
return nil, err
|
|
}
|
|
log.Debugf("iptables firewall manager will be used")
|
|
return fMgr, nil
|
|
}
|
|
|
|
func getInPair(pair routerPair) routerPair {
|
|
return routerPair{
|
|
ID: pair.ID,
|
|
// invert source/destination
|
|
source: pair.destination,
|
|
destination: pair.source,
|
|
masquerade: pair.masquerade,
|
|
}
|
|
}
|