56 lines
991 B
Go
56 lines
991 B
Go
package netfilterHelper
|
|
|
|
import (
|
|
"fmt"
|
|
"github.com/vishvananda/netlink"
|
|
"net"
|
|
"os"
|
|
)
|
|
|
|
type IPSet struct {
|
|
SetName string
|
|
}
|
|
|
|
func (r *IPSet) Add(addr net.IP, timeout *uint32) error {
|
|
err := netlink.IpsetAdd(r.SetName, &netlink.IPSetEntry{
|
|
IP: addr,
|
|
Timeout: timeout,
|
|
Replace: true,
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("failed to add address: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (r *IPSet) Create() error {
|
|
err := r.Destroy()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
defaultTimeout := uint32(300)
|
|
err = netlink.IpsetCreate(r.SetName, "hash:ip", netlink.IpsetCreateOptions{
|
|
Timeout: &defaultTimeout,
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("failed to create ipset: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (r *IPSet) Destroy() error {
|
|
err := netlink.IpsetDestroy(r.SetName)
|
|
if err != nil && !os.IsNotExist(err) {
|
|
return fmt.Errorf("failed to destroy ipset: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (nh *NetfilterHelper) IPSet(name string) *IPSet {
|
|
return &IPSet{
|
|
SetName: name,
|
|
}
|
|
}
|