mirror of
https://github.com/netbirdio/netbird.git
synced 2026-05-31 13:09:55 +00:00
Rename interface to firewaller
This commit is contained in:
Zoltán Papp
@@ -8,13 +8,13 @@ import (
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/netbirdio/netbird/client/firewall/interface"
|
||||
"github.com/netbirdio/netbird/client/firewall/firewaller"
|
||||
"github.com/netbirdio/netbird/client/firewall/uspfilter"
|
||||
"github.com/netbirdio/netbird/client/internal/statemanager"
|
||||
)
|
||||
|
||||
// NewFirewall creates a firewall manager instance
|
||||
func NewFirewall(iface IFaceMapper, _ *statemanager.Manager) (_interface.Firewall, error) {
|
||||
func NewFirewall(iface IFaceMapper, _ *statemanager.Manager) (firewaller.Firewall, error) {
|
||||
if !iface.IsUserspaceBind() {
|
||||
return nil, fmt.Errorf("not implemented for this OS: %s", runtime.GOOS)
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ import (
|
||||
"github.com/google/nftables"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/netbirdio/netbird/client/firewall/interface"
|
||||
"github.com/netbirdio/netbird/client/firewall/firewaller"
|
||||
nbiptables "github.com/netbirdio/netbird/client/firewall/iptables"
|
||||
nbnftables "github.com/netbirdio/netbird/client/firewall/nftables"
|
||||
"github.com/netbirdio/netbird/client/firewall/uspfilter"
|
||||
@@ -33,7 +33,7 @@ const SKIP_NFTABLES_ENV = "NB_SKIP_NFTABLES_CHECK"
|
||||
// FWType is the type for the firewall type
|
||||
type FWType int
|
||||
|
||||
func NewFirewall(iface IFaceMapper, stateManager *statemanager.Manager) (_interface.Firewall, error) {
|
||||
func NewFirewall(iface IFaceMapper, stateManager *statemanager.Manager) (firewaller.Firewall, error) {
|
||||
// on the linux system we try to user nftables or iptables
|
||||
// in any case, because we need to allow netbird interface traffic
|
||||
// so we use AllowNetbird traffic from these firewall managers
|
||||
@@ -50,7 +50,7 @@ func NewFirewall(iface IFaceMapper, stateManager *statemanager.Manager) (_interf
|
||||
return createUserspaceFirewall(iface, fm)
|
||||
}
|
||||
|
||||
func createNativeFirewall(iface IFaceMapper, stateManager *statemanager.Manager) (_interface.Firewall, error) {
|
||||
func createNativeFirewall(iface IFaceMapper, stateManager *statemanager.Manager) (firewaller.Firewall, error) {
|
||||
fm, err := createFW(iface)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("create firewall: %s", err)
|
||||
@@ -63,7 +63,7 @@ func createNativeFirewall(iface IFaceMapper, stateManager *statemanager.Manager)
|
||||
return fm, nil
|
||||
}
|
||||
|
||||
func createFW(iface IFaceMapper) (_interface.Firewall, error) {
|
||||
func createFW(iface IFaceMapper) (firewaller.Firewall, error) {
|
||||
switch check() {
|
||||
case IPTABLES:
|
||||
log.Info("creating an iptables firewall manager")
|
||||
@@ -77,7 +77,7 @@ func createFW(iface IFaceMapper) (_interface.Firewall, error) {
|
||||
}
|
||||
}
|
||||
|
||||
func createUserspaceFirewall(iface IFaceMapper, fm _interface.Firewall) (_interface.Firewall, error) {
|
||||
func createUserspaceFirewall(iface IFaceMapper, fm firewaller.Firewall) (firewaller.Firewall, error) {
|
||||
var errUsp error
|
||||
if fm != nil {
|
||||
fm, errUsp = uspfilter.CreateWithNativeFirewall(iface, fm)
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
package _interface
|
||||
package firewaller
|
||||
|
||||
import (
|
||||
"net"
|
||||
@@ -13,7 +13,7 @@ import (
|
||||
"github.com/google/uuid"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
firewall "github.com/netbirdio/netbird/client/firewall/interface"
|
||||
firewall "github.com/netbirdio/netbird/client/firewall/firewaller"
|
||||
"github.com/netbirdio/netbird/client/firewall/types"
|
||||
"github.com/netbirdio/netbird/client/firewall/uspfilter/conntrack"
|
||||
"github.com/netbirdio/netbird/client/iface"
|
||||
|
||||
@@ -15,7 +15,7 @@ import (
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
nberrors "github.com/netbirdio/netbird/client/errors"
|
||||
"github.com/netbirdio/netbird/client/firewall/interface"
|
||||
"github.com/netbirdio/netbird/client/firewall/firewaller"
|
||||
"github.com/netbirdio/netbird/client/firewall/types"
|
||||
"github.com/netbirdio/netbird/client/internal/acl/id"
|
||||
"github.com/netbirdio/netbird/client/ssh"
|
||||
@@ -31,14 +31,14 @@ type Manager interface {
|
||||
|
||||
// DefaultManager uses firewall manager to handle
|
||||
type DefaultManager struct {
|
||||
firewall _interface.Firewall
|
||||
firewall firewaller.Firewall
|
||||
ipsetCounter int
|
||||
peerRulesPairs map[id.RuleID][]types.Rule
|
||||
routeRules map[id.RuleID]struct{}
|
||||
mutex sync.Mutex
|
||||
}
|
||||
|
||||
func NewDefaultManager(fm _interface.Firewall) *DefaultManager {
|
||||
func NewDefaultManager(fm firewaller.Firewall) *DefaultManager {
|
||||
return &DefaultManager{
|
||||
firewall: fm,
|
||||
peerRulesPairs: make(map[id.RuleID][]types.Rule),
|
||||
|
||||
@@ -7,7 +7,6 @@ import (
|
||||
"github.com/golang/mock/gomock"
|
||||
|
||||
"github.com/netbirdio/netbird/client/firewall"
|
||||
"github.com/netbirdio/netbird/client/firewall/interface"
|
||||
"github.com/netbirdio/netbird/client/iface"
|
||||
"github.com/netbirdio/netbird/client/internal/acl/mocks"
|
||||
mgmProto "github.com/netbirdio/netbird/management/proto"
|
||||
@@ -56,7 +55,7 @@ func TestDefaultManager(t *testing.T) {
|
||||
t.Errorf("create firewall: %v", err)
|
||||
return
|
||||
}
|
||||
defer func(fw _interface.Firewall) {
|
||||
defer func(fw firewaller.Firewall) {
|
||||
_ = fw.Reset(nil)
|
||||
}(fw)
|
||||
acl := NewDefaultManager(fw)
|
||||
@@ -349,7 +348,7 @@ func TestDefaultManagerEnableSSHRules(t *testing.T) {
|
||||
t.Errorf("create firewall: %v", err)
|
||||
return
|
||||
}
|
||||
defer func(fw _interface.Firewall) {
|
||||
defer func(fw firewaller.Firewall) {
|
||||
_ = fw.Reset(nil)
|
||||
}(fw)
|
||||
acl := NewDefaultManager(fw)
|
||||
|
||||
@@ -9,7 +9,7 @@ import (
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
nberrors "github.com/netbirdio/netbird/client/errors"
|
||||
"github.com/netbirdio/netbird/client/firewall/interface"
|
||||
"github.com/netbirdio/netbird/client/firewall/firewaller"
|
||||
"github.com/netbirdio/netbird/client/firewall/types"
|
||||
)
|
||||
|
||||
@@ -20,13 +20,13 @@ const (
|
||||
)
|
||||
|
||||
type Manager struct {
|
||||
firewall _interface.Firewall
|
||||
firewall firewaller.Firewall
|
||||
|
||||
fwRules []types.Rule
|
||||
dnsForwarder *DNSForwarder
|
||||
}
|
||||
|
||||
func NewManager(fw _interface.Firewall) *Manager {
|
||||
func NewManager(fw firewaller.Firewall) *Manager {
|
||||
return &Manager{
|
||||
firewall: fw,
|
||||
}
|
||||
|
||||
@@ -25,7 +25,7 @@ import (
|
||||
|
||||
nberrors "github.com/netbirdio/netbird/client/errors"
|
||||
"github.com/netbirdio/netbird/client/firewall"
|
||||
"github.com/netbirdio/netbird/client/firewall/interface"
|
||||
"github.com/netbirdio/netbird/client/firewall/firewaller"
|
||||
"github.com/netbirdio/netbird/client/firewall/types"
|
||||
"github.com/netbirdio/netbird/client/iface"
|
||||
"github.com/netbirdio/netbird/client/iface/bind"
|
||||
@@ -170,7 +170,7 @@ type Engine struct {
|
||||
|
||||
statusRecorder *peer.Status
|
||||
|
||||
firewall _interface.Firewall
|
||||
firewall firewaller.Firewall
|
||||
routeManager routemanager.Manager
|
||||
acl acl.Manager
|
||||
dnsForwardMgr *dnsfwd.Manager
|
||||
|
||||
@@ -8,7 +8,7 @@ import (
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
nberrors "github.com/netbirdio/netbird/client/errors"
|
||||
"github.com/netbirdio/netbird/client/firewall/interface"
|
||||
"github.com/netbirdio/netbird/client/firewall/firewaller"
|
||||
"github.com/netbirdio/netbird/client/firewall/types"
|
||||
)
|
||||
|
||||
@@ -18,13 +18,13 @@ type RulePair struct {
|
||||
}
|
||||
|
||||
type Manager struct {
|
||||
firewall _interface.Firewall
|
||||
firewall firewaller.Firewall
|
||||
|
||||
rules map[string]RulePair // keys is the ID of the ForwardRule
|
||||
rulesMu sync.Mutex
|
||||
}
|
||||
|
||||
func NewManager(firewall _interface.Firewall) *Manager {
|
||||
func NewManager(firewall firewaller.Firewall) *Manager {
|
||||
return &Manager{
|
||||
firewall: firewall,
|
||||
rules: make(map[string]RulePair),
|
||||
|
||||
@@ -14,7 +14,7 @@ import (
|
||||
log "github.com/sirupsen/logrus"
|
||||
"golang.org/x/exp/maps"
|
||||
|
||||
"github.com/netbirdio/netbird/client/firewall/interface"
|
||||
"github.com/netbirdio/netbird/client/firewall/firewaller"
|
||||
"github.com/netbirdio/netbird/client/iface"
|
||||
"github.com/netbirdio/netbird/client/iface/configurer"
|
||||
"github.com/netbirdio/netbird/client/iface/netstack"
|
||||
@@ -44,7 +44,7 @@ type Manager interface {
|
||||
GetClientRoutesWithNetID() map[route.NetID][]*route.Route
|
||||
SetRouteChangeListener(listener listener.NetworkChangeListener)
|
||||
InitialRouteRange() []string
|
||||
EnableServerRouter(firewall _interface.Firewall) error
|
||||
EnableServerRouter(firewall firewaller.Firewall) error
|
||||
Stop(stateManager *statemanager.Manager)
|
||||
}
|
||||
|
||||
@@ -214,7 +214,7 @@ func (m *DefaultManager) initSelector() *routeselector.RouteSelector {
|
||||
return routeselector.NewRouteSelector()
|
||||
}
|
||||
|
||||
func (m *DefaultManager) EnableServerRouter(firewall _interface.Firewall) error {
|
||||
func (m *DefaultManager) EnableServerRouter(firewall firewaller.Firewall) error {
|
||||
if m.disableServerRoutes {
|
||||
log.Info("server routes are disabled")
|
||||
return nil
|
||||
|
||||
@@ -3,7 +3,7 @@ package routemanager
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/netbirdio/netbird/client/firewall/interface"
|
||||
"github.com/netbirdio/netbird/client/firewall/firewaller"
|
||||
"github.com/netbirdio/netbird/client/iface"
|
||||
"github.com/netbirdio/netbird/client/internal/listener"
|
||||
"github.com/netbirdio/netbird/client/internal/routeselector"
|
||||
@@ -78,7 +78,7 @@ func (m *MockManager) SetRouteChangeListener(listener listener.NetworkChangeList
|
||||
|
||||
}
|
||||
|
||||
func (m *MockManager) EnableServerRouter(firewall _interface.Firewall) error {
|
||||
func (m *MockManager) EnableServerRouter(firewall firewaller.Firewall) error {
|
||||
panic("implement me")
|
||||
}
|
||||
|
||||
|
||||
@@ -6,7 +6,6 @@ import (
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
"github.com/netbirdio/netbird/client/firewall/interface"
|
||||
"github.com/netbirdio/netbird/client/iface"
|
||||
"github.com/netbirdio/netbird/client/internal/peer"
|
||||
"github.com/netbirdio/netbird/route"
|
||||
@@ -22,6 +21,6 @@ func (r serverRouter) updateRoutes(map[route.ID]*route.Route) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func newServerRouter(context.Context, iface.IWGIface, _interface.Firewall, *peer.Status) (*serverRouter, error) {
|
||||
func newServerRouter(context.Context, iface.IWGIface, firewaller.Firewall, *peer.Status) (*serverRouter, error) {
|
||||
return nil, fmt.Errorf("server route not supported on this os")
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/netbirdio/netbird/client/firewall/interface"
|
||||
"github.com/netbirdio/netbird/client/firewall/firewaller"
|
||||
"github.com/netbirdio/netbird/client/firewall/types"
|
||||
"github.com/netbirdio/netbird/client/iface"
|
||||
"github.com/netbirdio/netbird/client/internal/peer"
|
||||
@@ -22,12 +22,12 @@ type serverRouter struct {
|
||||
mux sync.Mutex
|
||||
ctx context.Context
|
||||
routes map[route.ID]*route.Route
|
||||
firewall _interface.Firewall
|
||||
firewall firewaller.Firewall
|
||||
wgInterface iface.IWGIface
|
||||
statusRecorder *peer.Status
|
||||
}
|
||||
|
||||
func newServerRouter(ctx context.Context, wgInterface iface.IWGIface, firewall _interface.Firewall, statusRecorder *peer.Status) (*serverRouter, error) {
|
||||
func newServerRouter(ctx context.Context, wgInterface iface.IWGIface, firewall firewaller.Firewall, statusRecorder *peer.Status) (*serverRouter, error) {
|
||||
return &serverRouter{
|
||||
ctx: ctx,
|
||||
routes: make(map[route.ID]*route.Route),
|
||||
|
||||
Reference in New Issue
Block a user