Merge branch 'main' into userspace-router

2026-05-20 23:59:55 +00:00 · 2025-01-29 22:00:41 +01:00
parent a0ca3edb9f 771c99a523
commit 4d635e3c2f
24 changed files with 338 additions and 303 deletions
--- a/client/firewall/nftables/acl_linux.go
+++ b/client/firewall/nftables/acl_linux.go
@@ -2,7 +2,6 @@ package nftables

 import (
 	"bytes"
-	"encoding/binary"
 	"fmt"
 	"net"
 	"slices"
@@ -349,6 +348,10 @@ func (m *AclManager) addIOFiltering(
 		UserData: userData,
 	})

+	if err := m.rConn.Flush(); err != nil {
+		return nil, fmt.Errorf(flushError, err)
+	}
+
 	rule := &Rule{
 		nftRule:    nftRule,
 		mangleRule: m.createPreroutingRule(expressions, userData),
@@ -360,6 +363,7 @@ func (m *AclManager) addIOFiltering(
 	if ipset != nil {
 		m.ipsetStore.AddReferenceToIpset(ipset.Name)
 	}
+
 	return rule, nil
 }

@@ -700,12 +704,6 @@ func generatePeerRuleId(ip net.IP, sPort *firewall.Port, dPort *firewall.Port, a
 	return "set:" + ipset.Name + rulesetID
 }

-func encodePort(port firewall.Port) []byte {
-	bs := make([]byte, 2)
-	binary.BigEndian.PutUint16(bs, uint16(port.Values[0]))
-	return bs
-}
-
 func ifname(n string) []byte {
 	b := make([]byte, 16)
 	copy(b, n+"\x00")