mirror of
https://github.com/netbirdio/netbird.git
synced 2026-04-16 15:26:40 +00:00
106 lines
2.6 KiB
Go
106 lines
2.6 KiB
Go
package iptables
|
|
|
|
import (
|
|
"fmt"
|
|
"sync"
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
"github.com/netbirdio/netbird/client/iface"
|
|
"github.com/netbirdio/netbird/client/iface/wgaddr"
|
|
)
|
|
|
|
type InterfaceState struct {
|
|
NameStr string `json:"name"`
|
|
WGAddress wgaddr.Address `json:"wg_address"`
|
|
UserspaceBind bool `json:"userspace_bind"`
|
|
MTU uint16 `json:"mtu"`
|
|
}
|
|
|
|
func (i *InterfaceState) Name() string {
|
|
return i.NameStr
|
|
}
|
|
|
|
func (i *InterfaceState) Address() wgaddr.Address {
|
|
return i.WGAddress
|
|
}
|
|
|
|
func (i *InterfaceState) IsUserspaceBind() bool {
|
|
return i.UserspaceBind
|
|
}
|
|
|
|
type ShutdownState struct {
|
|
sync.Mutex
|
|
|
|
InterfaceState *InterfaceState `json:"interface_state,omitempty"`
|
|
|
|
RouteRules routeRules `json:"route_rules,omitempty"`
|
|
RouteIPsetCounter *ipsetCounter `json:"route_ipset_counter,omitempty"`
|
|
|
|
ACLEntries aclEntries `json:"acl_entries,omitempty"`
|
|
ACLIPsetStore *ipsetStore `json:"acl_ipset_store,omitempty"`
|
|
|
|
// IPv6 counterparts
|
|
RouteRules6 routeRules `json:"route_rules_v6,omitempty"`
|
|
RouteIPsetCounter6 *ipsetCounter `json:"route_ipset_counter_v6,omitempty"`
|
|
ACLEntries6 aclEntries `json:"acl_entries_v6,omitempty"`
|
|
ACLIPsetStore6 *ipsetStore `json:"acl_ipset_store_v6,omitempty"`
|
|
}
|
|
|
|
func (s *ShutdownState) Name() string {
|
|
return "iptables_state"
|
|
}
|
|
|
|
func (s *ShutdownState) Cleanup() error {
|
|
mtu := s.InterfaceState.MTU
|
|
if mtu == 0 {
|
|
mtu = iface.DefaultMTU
|
|
}
|
|
ipt, err := Create(s.InterfaceState, mtu)
|
|
if err != nil {
|
|
return fmt.Errorf("create iptables manager: %w", err)
|
|
}
|
|
|
|
if s.RouteRules != nil {
|
|
ipt.router.rules = s.RouteRules
|
|
}
|
|
if s.RouteIPsetCounter != nil {
|
|
ipt.router.ipsetCounter.LoadData(s.RouteIPsetCounter)
|
|
}
|
|
|
|
if s.ACLEntries != nil {
|
|
ipt.aclMgr.entries = s.ACLEntries
|
|
}
|
|
if s.ACLIPsetStore != nil {
|
|
ipt.aclMgr.ipsetStore = s.ACLIPsetStore
|
|
}
|
|
|
|
// Clean up v6 state even if the current run has no IPv6.
|
|
// The previous run may have left ip6tables rules behind.
|
|
if !ipt.hasIPv6() {
|
|
if err := ipt.createIPv6Components(s.InterfaceState, mtu); err != nil {
|
|
log.Warnf("failed to create v6 components for cleanup: %v", err)
|
|
}
|
|
}
|
|
if ipt.hasIPv6() {
|
|
if s.RouteRules6 != nil {
|
|
ipt.router6.rules = s.RouteRules6
|
|
}
|
|
if s.RouteIPsetCounter6 != nil {
|
|
ipt.router6.ipsetCounter.LoadData(s.RouteIPsetCounter6)
|
|
}
|
|
if s.ACLEntries6 != nil {
|
|
ipt.aclMgr6.entries = s.ACLEntries6
|
|
}
|
|
if s.ACLIPsetStore6 != nil {
|
|
ipt.aclMgr6.ipsetStore = s.ACLIPsetStore6
|
|
}
|
|
}
|
|
|
|
if err := ipt.Close(nil); err != nil {
|
|
return fmt.Errorf("reset iptables manager: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|