iptables-helper/pkg/utils/iptables/parser.go

package iptables

import (
	flag "github.com/spf13/pflag"
	"iptables-helper/pkg/logger"
	"strings"
)

// Parse
// iptables 规则解析
func Parse(rules string) Info {
	results := strings.Split(rules, "\n")

	policyList := make([]Policy, 0)
	chainList := make([]Chain, 0)
	ruleList := make([]Rule, 0)

	for _, rule := range results {
		rule = strings.TrimSpace(rule)
		if len(rule) == 0 {
			continue
		}

		logger.Log().Debug("解析规则: ", rule)

		//rule := "-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER"
		// 转化以便解析
		rule = strings.ReplaceAll(rule, "! -s", "--excludeS")
		rule = strings.ReplaceAll(rule, "! -d", "--excludeD")
		rule = strings.ReplaceAll(rule, "! -i", "--excludeI")
		rule = strings.ReplaceAll(rule, "! -o", "--excludeO")

		flagSet := flag.FlagSet{}
		flagSet.ParseErrorsWhitelist = flag.ParseErrorsWhitelist{UnknownFlags: true}

		//var reverse bool
		//var dst string

		// 优先解析/判断 P N A 三个基本类型
		var policy string
		// 策略
		flagSet.StringVarP(&policy, "policy", "P", "", "")
		var appendRule string
		// 追加规则
		flagSet.StringVarP(&appendRule, "append", "A", "", "")
		var newChain string
		// 创建自定义规则链
		flagSet.StringVarP(&newChain, "new-chain", "N", "", "")

		args := strings.Split(rule, " ")
		// 解析一部分
		_ = flagSet.Parse(args)

		if len(policy) > 0 {
			target := PolicyTarget(flagSet.Arg(0))
			chain := Chain(policy)
			chainList = append(chainList, chain)
			policyList = append(policyList, Policy{chain, target})
			continue
		} else if len(newChain) > 0 {
			chainList = append(chainList, Chain(newChain))
			continue
		} else if len(appendRule) > 0 {
			// 来源
			source := flagSet.StringP("source", "s", "", "")
			excludeSource := flagSet.String("excludeS", "", "")
			// 目标
			destination := flagSet.StringP("destination", "d", "", "")
			excludeDestination := flagSet.String("excludeD", "", "")

			inputInterface := flagSet.StringP("in-interface", "i", "", "")
			excludeInputInterface := flagSet.String("excludeI", "", "")

			outputInterface := flagSet.StringP("out-interface", "o", "", "")
			excludeOutputInterface := flagSet.String("excludeO", "", "")

			protocol := flagSet.StringP("protocol", "p", "", "")
			excludeProtocol := flagSet.String("excludeP", "", "")

			jump := flagSet.StringP("jump", "j", "", "")
			gotoChain := flagSet.StringP("goto", "g", "", "")
			match := flagSet.StringP("match", "m", "", "")

			srcPort := flagSet.String("sport", "", "")
			srcPorts := flagSet.String("sports", "", "")
			dstPort := flagSet.String("dport", "", "")
			dstPorts := flagSet.String("dports", "", "")

			limit := flagSet.String("limit", "", "")

			_ = flagSet.Parse(args)
			r := Rule{
				Chain:         Chain(appendRule),
				Source:        *source,
				ExcludeSource: *excludeSource,

				Destination:        *destination,
				ExcludeDestination: *excludeDestination,

				InputInterface:        *inputInterface,
				ExcludeInputInterface: *excludeInputInterface,

				OutputInterface:        *outputInterface,
				ExcludeOutputInterface: *excludeOutputInterface,

				Protocol:        *protocol,
				ExcludeProtocol: *excludeProtocol,
				Jump:            Chain(*jump),
				Goto:            Chain(*gotoChain),

				Match: *match,

				SrcPort:  *srcPort,
				SrcPorts: *srcPorts,

				DstPort:  *dstPort,
				DstPorts: *dstPorts,

				Limit: *limit,
				Cmd:   strings.Replace(rule, "-A ", "", 1),
			}
			ruleList = append(ruleList, r)
		} else {
			logger.Log().Warnf("无法解析的规则: %+v", rule)
		}
		//logger.Log().Debugf("appendRule %+v", appendRule)
		//logger.Log().Debugf("reverse %+v", reverse)
	}

	return Info{
		policyList,
		chainList,
		ruleList,
	}
}