chore(all): use netip.Prefix for ip networks
- remove usage of `net.IPNet` - remove usage of `netaddr.IPPrefix`
This commit is contained in:
Quentin McGaw
@@ -98,7 +98,7 @@ func (c *Config) enable(ctx context.Context) (err error) {
|
||||
}
|
||||
|
||||
for _, network := range c.localNetworks {
|
||||
if err := c.acceptOutputFromIPToSubnet(ctx, network.InterfaceName, network.IP, *network.IPNet, remove); err != nil {
|
||||
if err := c.acceptOutputFromIPToSubnet(ctx, network.InterfaceName, network.IP, network.IPNet, remove); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = c.acceptIpv6MulticastOutput(ctx, network.InterfaceName, remove); err != nil {
|
||||
@@ -113,7 +113,7 @@ func (c *Config) enable(ctx context.Context) (err error) {
|
||||
// Allows packets from any IP address to go through eth0 / local network
|
||||
// to reach Gluetun.
|
||||
for _, network := range c.localNetworks {
|
||||
if err := c.acceptInputToSubnet(ctx, network.InterfaceName, *network.IPNet, remove); err != nil {
|
||||
if err := c.acceptInputToSubnet(ctx, network.InterfaceName, network.IPNet, remove); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@ package firewall
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net"
|
||||
"net/netip"
|
||||
"sync"
|
||||
|
||||
"github.com/qdm12/gluetun/internal/models"
|
||||
@@ -27,7 +27,7 @@ type Config struct { //nolint:maligned
|
||||
enabled bool
|
||||
vpnConnection models.Connection
|
||||
vpnIntf string
|
||||
outboundSubnets []net.IPNet
|
||||
outboundSubnets []netip.Prefix
|
||||
allowedInputPorts map[uint16]map[string]struct{} // port to interfaces set mapping
|
||||
stateMutex sync.Mutex
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"net/netip"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strings"
|
||||
@@ -108,9 +109,8 @@ func (c *Config) acceptInputThroughInterface(ctx context.Context, intf string, r
|
||||
))
|
||||
}
|
||||
|
||||
func (c *Config) acceptInputToSubnet(ctx context.Context, intf string, destination net.IPNet, remove bool) error {
|
||||
isIP4Subnet := destination.IP.To4() != nil
|
||||
|
||||
func (c *Config) acceptInputToSubnet(ctx context.Context, intf string,
|
||||
destination netip.Prefix, remove bool) error {
|
||||
interfaceFlag := "-i " + intf
|
||||
if intf == "*" { // all interfaces
|
||||
interfaceFlag = ""
|
||||
@@ -119,7 +119,7 @@ func (c *Config) acceptInputToSubnet(ctx context.Context, intf string, destinati
|
||||
instruction := fmt.Sprintf("%s INPUT %s -d %s -j ACCEPT",
|
||||
appendOrDelete(remove), interfaceFlag, destination.String())
|
||||
|
||||
if isIP4Subnet {
|
||||
if destination.Addr().Is4() {
|
||||
return c.runIptablesInstruction(ctx, instruction)
|
||||
}
|
||||
if c.ip6Tables == "" {
|
||||
@@ -157,8 +157,8 @@ func (c *Config) acceptOutputTrafficToVPN(ctx context.Context,
|
||||
|
||||
// Thanks to @npawelek.
|
||||
func (c *Config) acceptOutputFromIPToSubnet(ctx context.Context,
|
||||
intf string, sourceIP net.IP, destinationSubnet net.IPNet, remove bool) error {
|
||||
doIPv4 := sourceIP.To4() != nil && destinationSubnet.IP.To4() != nil
|
||||
intf string, sourceIP net.IP, destinationSubnet netip.Prefix, remove bool) error {
|
||||
doIPv4 := sourceIP.To4() != nil && destinationSubnet.Addr().Is4()
|
||||
|
||||
interfaceFlag := "-o " + intf
|
||||
if intf == "*" { // all interfaces
|
||||
|
||||
@@ -3,18 +3,18 @@ package firewall
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/netip"
|
||||
|
||||
"github.com/qdm12/gluetun/internal/subnet"
|
||||
)
|
||||
|
||||
func (c *Config) SetOutboundSubnets(ctx context.Context, subnets []net.IPNet) (err error) {
|
||||
func (c *Config) SetOutboundSubnets(ctx context.Context, subnets []netip.Prefix) (err error) {
|
||||
c.stateMutex.Lock()
|
||||
defer c.stateMutex.Unlock()
|
||||
|
||||
if !c.enabled {
|
||||
c.logger.Info("firewall disabled, only updating allowed subnets internal list")
|
||||
c.outboundSubnets = make([]net.IPNet, len(subnets))
|
||||
c.outboundSubnets = make([]netip.Prefix, len(subnets))
|
||||
copy(c.outboundSubnets, subnets)
|
||||
return nil
|
||||
}
|
||||
@@ -34,7 +34,7 @@ func (c *Config) SetOutboundSubnets(ctx context.Context, subnets []net.IPNet) (e
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *Config) removeOutboundSubnets(ctx context.Context, subnets []net.IPNet) {
|
||||
func (c *Config) removeOutboundSubnets(ctx context.Context, subnets []netip.Prefix) {
|
||||
const remove = true
|
||||
for _, subNet := range subnets {
|
||||
for _, defaultRoute := range c.defaultRoutes {
|
||||
@@ -49,7 +49,7 @@ func (c *Config) removeOutboundSubnets(ctx context.Context, subnets []net.IPNet)
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Config) addOutboundSubnets(ctx context.Context, subnets []net.IPNet) error {
|
||||
func (c *Config) addOutboundSubnets(ctx context.Context, subnets []netip.Prefix) error {
|
||||
const remove = false
|
||||
for _, subnet := range subnets {
|
||||
for _, defaultRoute := range c.defaultRoutes {
|
||||
|
||||
Reference in New Issue
Block a user