简单解析测试

2023-11-02 15:02:55 +08:00 · 2023-11-02 15:02:55 +08:00 · 5d19f406ec
commit 5d19f406ec
parent 7edd8d52ef
3 changed files with 129 additions and 67 deletions
--- a/pkg/utils/iptables/flag_test.go
+++ b/pkg/utils/iptables/flag_test.go
@ -1,77 +1,12 @@
 package iptables

 import (
-	"fmt"
-	flag "github.com/spf13/pflag"
-	"iptables-helper/pkg/logger"
 	"iptables-helper/pkg/utils/command"
-	"strings"
 	"testing"
 )

 func TestFlag(t *testing.T) {
 	cmder := command.Commander{}
 	result := cmder.ExecuteWithResult("sudo iptables -S")
-	results := strings.Split(result, "\n")
-
-	policyList := make([]Policy, 0)
-	chainList := make([]Chain, 0)
-
-	for _, rule := range results {
-		logger.Log().Debug("解析规则: ", rule)
-
-		//rule := "-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER"
-		// 转化以便解析
-		rule = strings.ReplaceAll(rule, " ! ", " -! ")
-
-		flagSet := flag.FlagSet{}
-		flagSet.ParseErrorsWhitelist = flag.ParseErrorsWhitelist{UnknownFlags: true}
-
-		var reverse bool
-		var dst string
-
-		// 优先解析/判断 P N A 三个基本类型
-		var policy string
-		// 策略
-		flagSet.StringVarP(&policy, "policy", "P", "", "")
-		var appendRule string
-		// 追加规则
-		flagSet.StringVarP(&appendRule, "append", "A", "", "")
-		var newChain string
-		// 创建自定义规则链
-		flagSet.StringVarP(&newChain, "new-chain", "N", "", "")
-
-		flagSet.BoolVarP(&reverse, "!", "!", false, "")
-		flagSet.StringVarP(&dst, "destination", "d", "", "")
-
-		_ = flagSet.Parse(strings.Split(rule, " "))
-
-		if len(policy) > 0 {
-			target := flagSet.Arg(0)
-			logger.Log().Infof("默认策略 %+v %+v", policy, target)
-			chain := Chain(policy)
-			chainList = append(chainList, chain)
-			policyList = append(policyList, Policy{chain, PolicyTarget(target)})
-			continue
-		}
-
-		if len(newChain) > 0 {
-			chainList = append(chainList, Chain(newChain))
-			continue
-		}
-
-		//logger.Log().Debugf("appendRule %+v", appendRule)
-		//logger.Log().Debugf("reverse %+v", reverse)
-	}
-
-	for i := 0; i < 50; i++ {
-		fmt.Print("=")
-	}
-	fmt.Println()
-	for _, policy := range policyList {
-		logger.Log().Infof("默认策略： %s => %s", policy.Name, policy.Target)
-	}
-	for _, chain := range chainList {
-		logger.Log().Infof("自定义规则链： %s", chain)
-	}
+	Parse(result)
 }
--- a/pkg/utils/iptables/iptables.go
+++ b/pkg/utils/iptables/iptables.go
@ -19,5 +19,31 @@ type Chain string

 type Rule struct {
 	Chain Chain `json:"chain"`
-	Jump  Chain `json:"jump"`
+	// -j [target Chain]
+	Jump Chain `json:"jump"`
+
+	// -i [interface]
+	InputInterface string `json:"inputInterface"`
+	// ! -i [interface]
+	ExcludeInputInterface string `json:"excludeInputInterface"`
+
+	// -o [interface]
+	OutputInterface string `json:"outputInterface"`
+	// ! -o [interface]
+	ExcludeOutputInterface string `json:"excludeOutputInterface"`
+
+	// -s [source] example: 192.168.1.1, 192.168.1.0/24
+	Source string `json:"source"`
+	// ! -s [source] example: 192.168.1.1, 192.168.1.0/24
+	ExcludeSource string `json:"excludeSource"`
+
+	// -d [dest] example: 192.168.1.1, 192.168.1.0/24
+	Destination string `json:"destination"`
+	// ! -s [source] example: 192.168.1.1, 192.168.1.0/24
+	ExcludeDestination string `json:"excludeDestination"`
+
+	// -p [proto] example: all, tcp, udp, icmp
+	Protocol string `json:"protocol"`
+	// ! -p [proto] example: all, tcp, udp, icmp
+	ExcludeProtocol string `json:"excludeProtocol"`
 }
--- a/pkg/utils/iptables/parser.go
+++ b/pkg/utils/iptables/parser.go
@ -0,0 +1,101 @@
+package iptables
+
+import (
+	"fmt"
+	flag "github.com/spf13/pflag"
+	"iptables-helper/pkg/logger"
+	"strings"
+)
+
+// Parse
+// iptables 规则解析
+func Parse(rules string) {
+	results := strings.Split(rules, "\n")
+
+	policyList := make([]Policy, 0)
+	chainList := make([]Chain, 0)
+	ruleList := make([]Rule, 0)
+
+	for _, rule := range results {
+		logger.Log().Debug("解析规则: ", rule)
+
+		//rule := "-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER"
+		// 转化以便解析
+		rule = strings.ReplaceAll(rule, "! -s", "--excludeS")
+		rule = strings.ReplaceAll(rule, "! -d", "--excludeD")
+		rule = strings.ReplaceAll(rule, "! -i", "--excludeI")
+		rule = strings.ReplaceAll(rule, "! -o", "--excludeO")
+
+		flagSet := flag.FlagSet{}
+		flagSet.ParseErrorsWhitelist = flag.ParseErrorsWhitelist{UnknownFlags: true}
+
+		//var reverse bool
+		//var dst string
+
+		// 优先解析/判断 P N A 三个基本类型
+		var policy string
+		// 策略
+		flagSet.StringVarP(&policy, "policy", "P", "", "")
+		var appendRule string
+		// 追加规则
+		flagSet.StringVarP(&appendRule, "append", "A", "", "")
+		var newChain string
+		// 创建自定义规则链
+		flagSet.StringVarP(&newChain, "new-chain", "N", "", "")
+
+		args := strings.Split(rule, " ")
+		// 解析一部分
+		_ = flagSet.Parse(args)
+
+		if len(policy) > 0 {
+			target := PolicyTarget(flagSet.Arg(0))
+			chain := Chain(policy)
+			chainList = append(chainList, chain)
+			policyList = append(policyList, Policy{chain, target})
+			continue
+		}
+
+		if len(newChain) > 0 {
+			chainList = append(chainList, Chain(newChain))
+			continue
+		}
+
+		if len(appendRule) > 0 {
+			// 来源
+			source := flagSet.StringP("source", "s", "", "")
+			excludeSource := flagSet.String("excludeS", "", "")
+			// 目标
+			destination := flagSet.StringP("destination", "d", "", "")
+			excludeDestination := flagSet.String("excludeD", "", "")
+
+			_ = flagSet.Parse(args)
+			r := Rule{
+				Chain:         Chain(appendRule),
+				Source:        *source,
+				ExcludeSource: *excludeSource,
+
+				Destination:        *destination,
+				ExcludeDestination: *excludeDestination,
+				//Jump: Chain(),
+			}
+			ruleList = append(ruleList, r)
+		}
+		//logger.Log().Debugf("appendRule %+v", appendRule)
+		//logger.Log().Debugf("reverse %+v", reverse)
+	}
+
+	for i := 0; i < 50; i++ {
+		fmt.Print("=")
+	}
+	fmt.Println()
+	for _, policy := range policyList {
+		logger.Log().Infof("默认策略： %s => %s", policy.Name, policy.Target)
+	}
+	for _, chain := range chainList {
+		logger.Log().Infof("自定义规则链： %s", chain)
+	}
+
+	for _, rule := range ruleList {
+		logger.Log().Infof("规则： %+v", rule)
+	}
+}