ipset integration

This commit is contained in:
Vladimir Avtsenov 2024-08-30 04:40:46 +03:00
parent 3058a14f56
commit 3fd43f0d18
5 changed files with 29 additions and 3 deletions

View File

@ -9,7 +9,7 @@ Realized features:
- [x] IPTables rules to remap DNS server [1] - [x] IPTables rules to remap DNS server [1]
- [ ] Rule composer - [ ] Rule composer
- [ ] List loading/watching (temporary) - [ ] List loading/watching (temporary)
- [ ] IPSet integration - [X] IPSet integration
- [ ] Listing of interfaces - [ ] Listing of interfaces
- [ ] IPTables rules to IPSet [2] - [ ] IPTables rules to IPSet [2]
- [ ] It is not a concept now... REFACTORING TIME!!! - [ ] It is not a concept now... REFACTORING TIME!!!

1
go.mod
View File

@ -5,4 +5,5 @@ go 1.21
require ( require (
github.com/IGLOU-EU/go-wildcard/v2 v2.0.2 github.com/IGLOU-EU/go-wildcard/v2 v2.0.2
github.com/coreos/go-iptables v0.7.0 github.com/coreos/go-iptables v0.7.0
github.com/nadoo/ipset v0.5.0
) )

View File

@ -3,6 +3,7 @@ package main
import ( import (
"errors" "errors"
"fmt" "fmt"
"github.com/nadoo/ipset"
"strconv" "strconv"
"kvas2-go/models" "kvas2-go/models"
@ -17,6 +18,7 @@ type GroupOptions struct {
type Group struct { type Group struct {
*models.Group *models.Group
ipsetName string
options GroupOptions options GroupOptions
} }
@ -45,6 +47,15 @@ func (g *Group) Enable() error {
return errors.New(string(out)) return errors.New(string(out))
} }
err = ipset.Destroy(g.ipsetName)
if err != nil {
return fmt.Errorf("failed to destroy ipset: %w", err)
}
err = ipset.Create(g.ipsetName)
if err != nil {
return fmt.Errorf("failed to create ipset: %w", err)
}
g.options.Enabled = true g.options.Enabled = true
g.options.FWMark = fwmark g.options.FWMark = fwmark
g.options.Table = table g.options.Table = table
@ -67,6 +78,11 @@ func (g *Group) Disable() error {
return errors.New(string(out)) return errors.New(string(out))
} }
err = ipset.Destroy(g.ipsetName)
if err != nil {
return fmt.Errorf("failed to destroy ipset: %w", err)
}
g.options.Enabled = false g.options.Enabled = false
g.options.FWMark = 0 g.options.FWMark = 0
g.options.Table = 0 g.options.Table = 0

View File

@ -10,6 +10,8 @@ import (
"kvas2-go/models" "kvas2-go/models"
"kvas2-go/pkg/dns-proxy" "kvas2-go/pkg/dns-proxy"
"kvas2-go/pkg/iptables-helper" "kvas2-go/pkg/iptables-helper"
"github.com/nadoo/ipset"
) )
var ( var (
@ -20,6 +22,7 @@ var (
type Config struct { type Config struct {
MinimalTTL time.Duration MinimalTTL time.Duration
ChainPostfix string ChainPostfix string
IpSetPostfix string
TargetDNSServerAddress string TargetDNSServerAddress string
ListenPort uint16 ListenPort uint16
} }
@ -114,6 +117,7 @@ func (a *App) AppendGroup(group *models.Group) error {
a.Groups[group.ID] = &Group{ a.Groups[group.ID] = &Group{
Group: group, Group: group,
ipsetName: fmt.Sprintf("%s%d", a.Config.IpSetPostfix, group.ID),
} }
if a.isRunning { if a.isRunning {
@ -183,6 +187,10 @@ func (a *App) handleMessage(msg *dnsProxy.Message) {
func New(config Config) (*App, error) { func New(config Config) (*App, error) {
var err error var err error
if err = ipset.Init(); err != nil {
return nil, fmt.Errorf("failed to initialize ipset: %w", err)
}
app := &App{} app := &App{}
app.Config = config app.Config = config

View File

@ -14,6 +14,7 @@ func main() {
app, err := New(Config{ app, err := New(Config{
MinimalTTL: time.Hour, MinimalTTL: time.Hour,
ChainPostfix: "KVAS2_", ChainPostfix: "KVAS2_",
IpSetPostfix: "kvas2_",
TargetDNSServerAddress: "127.0.0.1:53", TargetDNSServerAddress: "127.0.0.1:53",
ListenPort: 7548, ListenPort: 7548,
}) })