mirror of
https://github.com/netbirdio/netbird.git
synced 2025-01-25 15:28:38 +01:00
09bdd271f1
- Update nftables library to v0.2.0 - Mark traffic that was originally destined for local and applies the input rules in the forward chain if said traffic was redirected (e.g. by Docker) - Add nft rules to internal map only if flush was successful - Improve error message if handle is 0 (= not found or hasn't been refreshed) - Add debug logging when route rules are added - Replace nftables userdata (rule ID) with a rule hash
65 lines
1.2 KiB
Go
65 lines
1.2 KiB
Go
package id
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"net/netip"
|
|
"strconv"
|
|
|
|
"github.com/netbirdio/netbird/client/firewall/manager"
|
|
)
|
|
|
|
type RuleID string
|
|
|
|
func (r RuleID) GetRuleID() string {
|
|
return string(r)
|
|
}
|
|
|
|
func GenerateRouteRuleKey(
|
|
sources []netip.Prefix,
|
|
destination netip.Prefix,
|
|
proto manager.Protocol,
|
|
sPort *manager.Port,
|
|
dPort *manager.Port,
|
|
action manager.Action,
|
|
) RuleID {
|
|
manager.SortPrefixes(sources)
|
|
|
|
h := sha256.New()
|
|
|
|
// Write all fields to the hasher, with delimiters
|
|
h.Write([]byte("sources:"))
|
|
for _, src := range sources {
|
|
h.Write([]byte(src.String()))
|
|
h.Write([]byte(","))
|
|
}
|
|
|
|
h.Write([]byte("destination:"))
|
|
h.Write([]byte(destination.String()))
|
|
|
|
h.Write([]byte("proto:"))
|
|
h.Write([]byte(proto))
|
|
|
|
h.Write([]byte("sPort:"))
|
|
if sPort != nil {
|
|
h.Write([]byte(sPort.String()))
|
|
} else {
|
|
h.Write([]byte("<nil>"))
|
|
}
|
|
|
|
h.Write([]byte("dPort:"))
|
|
if dPort != nil {
|
|
h.Write([]byte(dPort.String()))
|
|
} else {
|
|
h.Write([]byte("<nil>"))
|
|
}
|
|
|
|
h.Write([]byte("action:"))
|
|
h.Write([]byte(strconv.Itoa(int(action))))
|
|
hash := hex.EncodeToString(h.Sum(nil))
|
|
|
|
// prepend destination prefix to be able to identify the rule
|
|
return RuleID(fmt.Sprintf("%s-%s", destination.String(), hash[:16]))
|
|
}
|