Skip to content

Commit

Permalink
Merge pull request #41 from Zoruk/tproxy
Browse files Browse the repository at this point in the history 
feat: add support for tproxy
  • Loading branch information
@jwhb
jwhb committed Jul 8, 2024
2 parents 94da7d6 + a13a06d commit 82eca54
Show file tree
Hide file tree
Showing 3 changed files with 172 additions and 0 deletions.
144 changes: 144 additions & 0 deletions resources/test/json/tproxy.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
{
"nftables": [
{
"metainfo": {
"version": "1.0.9",
"release_name": "Old Doc Yak #3",
"json_schema_version": 1
}
},
{
"table": {
"family": "inet",
"name": "filter",
"handle": 1
}
},
{
"chain": {
"family": "inet",
"table": "filter",
"name": "tproxy_ipv4",
"handle": 1
}
},
{
"chain": {
"family": "inet",
"table": "filter",
"name": "tproxy_ipv6",
"handle": 2
}
},
{
"rule": {
"family": "inet",
"table": "filter",
"chain": "tproxy_ipv4",
"handle": 3,
"expr": [
{
"match": {
"op": "==",
"left": {
"meta": {
"key": "l4proto"
}
},
"right": "tcp"
}
},
{
"tproxy": {
"family": "ip",
"addr": "127.0.0.1",
"port": 12345
}
}
]
}
},
{
"rule": {
"family": "inet",
"table": "filter",
"chain": "tproxy_ipv4",
"handle": 4,
"expr": [
{
"match": {
"op": "==",
"left": {
"meta": {
"key": "l4proto"
}
},
"right": "tcp"
}
},
{
"tproxy": {
"family": "ip",
"port": 12345
}
}
]
}
},
{
"rule": {
"family": "inet",
"table": "filter",
"chain": "tproxy_ipv6",
"handle": 5,
"expr": [
{
"match": {
"op": "==",
"left": {
"meta": {
"key": "l4proto"
}
},
"right": "tcp"
}
},
{
"tproxy": {
"family": "ip6",
"addr": "::1",
"port": 12345
}
}
]
}
},
{
"rule": {
"family": "inet",
"table": "filter",
"chain": "tproxy_ipv6",
"handle": 6,
"expr": [
{
"match": {
"op": "==",
"left": {
"meta": {
"key": "l4proto"
}
},
"right": "tcp"
}
},
{
"tproxy": {
"family": "ip6",
"port": 12345
}
}
]
}
}
]
}
16 changes: 16 additions & 0 deletions resources/test/nft/tproxy.nft
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/sbin/nft -f

flush ruleset

table inet filter {

chain tproxy_ipv4 {
meta l4proto tcp tproxy ip to 127.0.0.1:12345
meta l4proto tcp tproxy ip to :12345
}

chain tproxy_ipv6 {
meta l4proto tcp tproxy ip6 to [::1]:12345
meta l4proto tcp tproxy ip6 to :12345
}
}
12 changes: 12 additions & 0 deletions src/stmt.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,8 @@ pub enum Statement {
/// This represents an xt statement from xtables compat interface.
/// Sadly, at this point, it is not possible to provide any further information about its content.
XT(Option<serde_json::Value>),

TProxy(TProxy),
}

#[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)]
Expand Down Expand Up @@ -420,6 +422,16 @@ pub struct CTCount {
pub inv: Option<bool>,
}

#[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
pub struct TProxy {
#[serde(skip_serializing_if = "Option::is_none")]
pub family: Option<String>,
pub port: u16,
#[serde(skip_serializing_if = "Option::is_none")]
pub addr: Option<String>,
}

#[derive(Debug, Clone, Copy, Eq, PartialEq, Hash, Serialize, Deserialize)]
/// Represents an operator for `Match`.
pub enum Operator {
Expand Down

0 comments on commit 82eca54

Please sign in to comment.