Главная Обзор Помощь
Вход
yosoyhendrix
/
psiphon-tunnel-core
зеркало из https://github.com/Psiphon-Labs/psiphon-tunnel-core
1
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: v2.0.35
Ветки Метки
psiphon-tunnel-...
/
vendor
/
tailscale.com
/
util
/
linuxfw
/
iptables.go

iptables.go 2.0 KB
Постоянная ссылка История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. // Copyright (c) Tailscale Inc & AUTHORS
    2. 

  2. // SPDX-License-Identifier: BSD-3-Clause
    3. 

  3. 

  4. // TODO(#8502): add support for more architectures
    5. 

  5. //go:build linux && (arm64 || amd64)
    6. 

  6. 

  7. package linuxfw
    8. 

  8. 

  9. import (
    10. 

  10. 	"fmt"
    11. 

  11. 	"os/exec"
    12. 

  12. 	"strings"
    13. 

  13. 	"unicode"
    14. 

  14. 

  15. 	"tailscale.com/types/logger"
    16. 

  16. 	"tailscale.com/util/multierr"
    17. 

  17. )
    18. 

  18. 

  19. // DebugNetfilter prints debug information about iptables rules to the
    20. 

  20. // provided log function.
    21. 

  21. func DebugIptables(logf logger.Logf) error {
    22. 

  22. 	// unused.
    23. 

  23. 	return nil
    24. 

  24. }
    25. 

  25. 

  26. // detectIptables returns the number of iptables rules that are present in the
    27. 

  27. // system, ignoring the default "ACCEPT" rule present in the standard iptables
    28. 

  28. // chains.
    29. 

  29. //
    30. 

  30. // It only returns an error when there is no iptables binary, or when iptables -S
    31. 

  31. // fails. In all other cases, it returns the number of non-default rules.
    32. 

  32. func detectIptables() (int, error) {
    33. 

  33. 	// run "iptables -S" to get the list of rules using iptables
    34. 

  34. 	// exec.Command returns an error if the binary is not found
    35. 

  35. 	cmd := exec.Command("iptables", "-S")
    36. 

  36. 	output, err := cmd.Output()
    37. 

  37. 	ip6cmd := exec.Command("ip6tables", "-S")
    38. 

  38. 	ip6output, ip6err := ip6cmd.Output()
    39. 

  39. 	var allLines []string
    40. 

  40. 	outputStr := string(output)
    41. 

  41. 	lines := strings.Split(outputStr, "\n")
    42. 

  42. 	ip6outputStr := string(ip6output)
    43. 

  43. 	ip6lines := strings.Split(ip6outputStr, "\n")
    44. 

  44. 	switch {
    45. 

  45. 	case err == nil && ip6err == nil:
    46. 

  46. 		allLines = append(lines, ip6lines...)
    47. 

  47. 	case err == nil && ip6err != nil:
    48. 

  48. 		allLines = lines
    49. 

  49. 	case err != nil && ip6err == nil:
    50. 

  50. 		allLines = ip6lines
    51. 

  51. 	default:
    52. 

  52. 		return 0, FWModeNotSupportedError{
    53. 

  53. 			Mode: FirewallModeIPTables,
    54. 

  54. 			Err:  fmt.Errorf("iptables command run fail: %w", multierr.New(err, ip6err)),
    55. 

  55. 		}
    56. 

  56. 	}
    57. 

  57. 

  58. 	// count the number of non-default rules
    59. 

  59. 	count := 0
    60. 

  60. 	for _, line := range allLines {
    61. 

  61. 		trimmedLine := strings.TrimLeftFunc(line, unicode.IsSpace)
    62. 

  62. 		if line != "" && strings.HasPrefix(trimmedLine, "-A") {
    63. 

  63. 			// if the line is not empty and starts with "-A", it is a rule appended not default
    64. 

  64. 			count++
    65. 

  65. 		}
    66. 

  66. 	}
    67. 

  67. 

  68. 	// return the count of non-default rules
    69. 

  69. 	return count, nil
    70. 

  70. }
    71.