60 lines
1.3 KiB
Go
60 lines
1.3 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
//go:build linux
|
|
// +build linux
|
|
|
|
package iptables
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
"os/exec"
|
|
)
|
|
|
|
// iptablesExecutor implements IptablesProvider using exec.Cmd.
|
|
type iptablesExecutor struct {
|
|
commands []*exec.Cmd
|
|
cfg Config
|
|
}
|
|
|
|
func (i *iptablesExecutor) AddRule(name string, args ...string) {
|
|
if i.cfg.NetNS != "" {
|
|
// If network namespace is provided, then we need to execute the command in the given network namespace.
|
|
nsenterArgs := []string{fmt.Sprintf("--net=%s", i.cfg.NetNS), "--", name}
|
|
nsenterArgs = append(nsenterArgs, args...)
|
|
cmd := exec.Command("nsenter", nsenterArgs...)
|
|
i.commands = append(i.commands, cmd)
|
|
} else {
|
|
i.commands = append(i.commands, exec.Command(name, args...))
|
|
}
|
|
}
|
|
|
|
func (i *iptablesExecutor) ApplyRules() error {
|
|
_, err := exec.LookPath("iptables")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, cmd := range i.commands {
|
|
var cmdOutput bytes.Buffer
|
|
cmd.Stdout = &cmdOutput
|
|
cmd.Stderr = &cmdOutput
|
|
err := cmd.Run()
|
|
if err != nil {
|
|
return fmt.Errorf("failed to run command: %s, err: %v, output: %s", cmd.String(), err, string(cmdOutput.Bytes()))
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (i *iptablesExecutor) Rules() []string {
|
|
var rules []string
|
|
for _, cmd := range i.commands {
|
|
rules = append(rules, cmd.String())
|
|
}
|
|
|
|
return rules
|
|
}
|