diff options
| -rw-r--r-- | examples/firewall.rs | 28 | ||||
| -rw-r--r-- | src/chain_methods.rs | 78 | ||||
| -rw-r--r-- | src/lib.rs | 2 |
3 files changed, 35 insertions, 73 deletions
diff --git a/examples/firewall.rs b/examples/firewall.rs index 0b5ea0c..46a0a4d 100644 --- a/examples/firewall.rs +++ b/examples/firewall.rs @@ -1,5 +1,5 @@ -use rustables::{Batch, Chain, ChainMethods, Direction, MatchError, ProtoFamily, - Protocol, Rule, RuleMethods, Table, MsgType, Verdict}; +use rustables::{Batch, Chain, ChainMethods, Hook, MatchError, ProtoFamily, + Protocol, Rule, RuleMethods, Table, MsgType, Policy}; use rustables::query::{send_batch, Error as QueryError}; use rustables::expr::{LogGroup, LogPrefix, LogPrefixError}; use ipnetwork::IpNetwork; @@ -44,36 +44,36 @@ pub struct Firewall { inbound: Rc<Chain>, _outbound: Rc<Chain>, _forward: Rc<Chain>, - _table: Rc<Table>, + table: Rc<Table>, } impl Firewall { pub fn new() -> Result<Self, Error> { let mut batch = Batch::new(); - let _table = Rc::new( + let table = Rc::new( Table::new(&CString::new(TABLE_NAME)?, ProtoFamily::Inet) ); - batch.add(&_table, MsgType::Add); + batch.add(&table, MsgType::Add); // Create base chains. Base chains are hooked into a Direction/Hook. let inbound = Rc::new( - Chain::from_direction(&Direction::Inbound, Rc::clone(&_table))? - .verdict(&Verdict::Drop) + Chain::from_hook(Hook::In, Rc::clone(&table)) + .verdict(Policy::Drop) .add_to_batch(&mut batch) ); let _outbound = Rc::new( - Chain::from_direction(&Direction::Outbound, Rc::clone(&_table))? - .verdict(&Verdict::Accept) + Chain::from_hook(Hook::Out, Rc::clone(&table)) + .verdict(Policy::Accept) .add_to_batch(&mut batch) ); let _forward = Rc::new( - Chain::from_direction(&Direction::Forward, Rc::clone(&_table))? - .verdict(&Verdict::Accept) + Chain::from_hook(Hook::Forward, Rc::clone(&table)) + .verdict(Policy::Accept) .add_to_batch(&mut batch) ); Ok(Firewall { - _table, + table, batch, inbound, _outbound, @@ -129,8 +129,8 @@ impl Firewall { } /// If there is any table with name TABLE_NAME, remove it. pub fn stop(mut self) -> Result<(), Error> { - self.batch.add(&self._table, MsgType::Add); - self.batch.add(&self._table, MsgType::Del); + self.batch.add(&self.table, MsgType::Add); + self.batch.add(&self.table, MsgType::Del); let mut finalized_batch = self.batch.finalize().unwrap(); send_batch(&mut finalized_batch)?; diff --git a/src/chain_methods.rs b/src/chain_methods.rs index 81b5fd1..8259d13 100644 --- a/src/chain_methods.rs +++ b/src/chain_methods.rs @@ -1,27 +1,35 @@ use crate::{Batch, Chain, Hook, MsgType, Policy, Table}; -use std::ffi::{CString, NulError}; +use std::ffi::CString; use std::rc::Rc; -use serde::{Deserialize, Serialize}; /// A helper trait over [`rustables::Chain`]. pub trait ChainMethods { - /// Create a new Chain instance from a [`Direction`] over a [`rustables::Table`]. - fn from_direction(direction: &Direction, table: Rc<Table>) -> Result<Self, NulError> where Self: std::marker::Sized; - /// Add a [`Verdict`] to the current Chain. - fn verdict(self, verdict: &Verdict) -> Self; + /// Create a new Chain instance from a [`rustables::Hook`] over a [`rustables::Table`]. + fn from_hook(hook: Hook, table: Rc<Table>) -> Self + where Self: std::marker::Sized; + /// Add a [`rustables::Policy`] to the current Chain. + fn verdict(self, policy: Policy) -> Self; fn add_to_batch(self, batch: &mut Batch) -> Self; } + impl ChainMethods for Chain { - fn from_direction(direction: &Direction, table: Rc<Table>) -> Result<Self, NulError> { - let chain_name = CString::new(direction.display())?; + fn from_hook(hook: Hook, table: Rc<Table>) -> Self { + let chain_name = match hook { + Hook::PreRouting => "prerouting", + Hook::Out => "out", + Hook::PostRouting => "postrouting", + Hook::Forward => "forward", + Hook::In => "in", + }; + let chain_name = CString::new(chain_name).unwrap(); let mut chain = Chain::new(&chain_name, table); - chain.set_hook(direction.get_hook(), 0); - Ok(chain) + chain.set_hook(hook, 0); + chain } - fn verdict(mut self, verdict: &Verdict) -> Self { - self.set_policy(verdict.get()); + fn verdict(mut self, policy: Policy) -> Self { + self.set_policy(policy); self } fn add_to_batch(self, batch: &mut Batch) -> Self { @@ -30,49 +38,3 @@ impl ChainMethods for Chain { } } -/// A Serializable wrapper type around [`rustables::Hook`]. -#[derive(Serialize, Deserialize, Debug, Clone, Eq, PartialEq, Hash)] -#[serde(rename_all = "snake_case")] -pub enum Direction { - Inbound, - Outbound, - Forward -} -impl Direction { - /// Return the Direction's [`rustables::Hook`], ie its representation inside rustables. Note that - /// there are Hooks not represented here, namely Prerouting and Postrouting. File a bug if - /// you need those. - pub fn get_hook(&self) -> Hook { - match self { - Direction::Inbound => Hook::In, - Direction::Outbound => Hook::Out, - Direction::Forward => Hook::Forward, - } - } - /// Return a string representation of the Direction. - pub fn display(&self) -> String { - let s = match self { - Direction::Inbound => "inbound", - Direction::Outbound => "outbound", - Direction::Forward => "forward", - }; - s.to_string() - } -} -/// A Serializable wrapper type around [`rustables::Policy`]. -#[derive(Serialize, Deserialize, Debug, Clone)] -#[serde(rename_all = "snake_case")] -pub enum Verdict { - Accept, - Drop -} -impl Verdict { - /// Return the rustables representation of a Verdict (ie, a [`rustables::Policy`]). - pub fn get(&self) -> Policy { - match self { - Verdict::Accept => Policy::Accept, - Verdict::Drop => Policy::Drop, - } - } -} - @@ -110,7 +110,7 @@ pub use chain::{get_chains_cb, list_chains_for_table}; pub use chain::{Chain, ChainType, Hook, Policy, Priority}; mod chain_methods; -pub use chain_methods::{ChainMethods, Direction, Verdict}; +pub use chain_methods::ChainMethods; pub mod query; |