yanistyle/podkop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 86 Wiki Activity

refactor: Add ip addresses to nft set for local ruleset handling

Browse Source
This commit is contained in:
Andrey Petelin
2025-09-08 10:46:29 +05:00
parent f54e92cd7a
commit 9496a88774
3 changed files with 38 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
podkop/files/usr/bin/podkop
View File

@@ -4,6 +4,7 @@
[ -r /lib/config/uci.sh ] && . /lib/config/uci.sh [ -r /lib/config/uci.sh ] && . /lib/config/uci.sh
PODKOP_LIB="/usr/lib/podkop" PODKOP_LIB="/usr/lib/podkop"
. "$PODKOP_LIB/constants.sh" . "$PODKOP_LIB/constants.sh"
. "$PODKOP_LIB/nft.sh"
. "$PODKOP_LIB/helpers.sh" . "$PODKOP_LIB/helpers.sh"
. "$PODKOP_LIB/sing_box_config_manager.sh" . "$PODKOP_LIB/sing_box_config_manager.sh"
. "$PODKOP_LIB/sing_box_config_facade.sh" . "$PODKOP_LIB/sing_box_config_facade.sh"
@@ -996,17 +997,17 @@ configure_local_domain_or_subnet_lists() {
case "$type" in case "$type" in
domains) domains)
config_list_foreach "$section" "local_domain_lists" import_local_domain_or_subnet_list_to_ruleset "$type" \ config_list_foreach "$section" "local_domain_lists" import_local_domain_or_subnet_list "$type" \
"$section" "$ruleset_filepath" "$section" "$ruleset_filepath"
_add_ruleset_to_dns_rules "$ruleset_tag" "$route_rule_tag" ;; _add_ruleset_to_dns_rules "$ruleset_tag" "$route_rule_tag" ;;
subnets) subnets)
config_list_foreach "$section" "local_subnet_lists" import_local_domain_or_subnet_list_to_ruleset "$type" \ config_list_foreach "$section" "local_subnet_lists" import_local_domain_or_subnet_list "$type" \
"$section" "$ruleset_filepath";; "$section" "$ruleset_filepath";;
*) log "Unsupported local rule set type: $type" "warn" ;; *) log "Unsupported local rule set type: $type" "warn" ;;
esac esac
} }
import_local_domain_or_subnet_list_to_ruleset() { import_local_domain_or_subnet_list() {
local filepath="$1" local filepath="$1"
local type="$2" local type="$2"
local section="$3" local section="$3"
@@ -1050,10 +1051,13 @@ import_local_domain_or_subnet_list_to_ruleset() {
return 0 return 0
fi fi
items="$(comma_string_to_json_array "$items")" items_json="$(comma_string_to_json_array "$items")"
case "$type" in case "$type" in
domains) sing_box_cm_patch_local_source_ruleset_rules "$ruleset_filepath" "domain_suffix" "$items" ;; domains) sing_box_cm_patch_local_source_ruleset_rules "$ruleset_filepath" "domain_suffix" "$items_json" ;;
subnets) sing_box_cm_patch_local_source_ruleset_rules "$ruleset_filepath" "ip_cidr" "$items" ;; subnets)
sing_box_cm_patch_local_source_ruleset_rules "$ruleset_filepath" "ip_cidr" "$items_json"
nft_add_set_elements "$NFT_TABLE_NAME" "$NFT_GENERAL_SET_NAME" "$items"
;;
esac esac
} }

5
podkop/files/usr/lib/constants.sh
View File

@@ -1,3 +1,8 @@
## nft
NFT_TABLE_NAME="PodkopTable"
NFT_GENERAL_SET_NAME="podkop_subnets"
## sing-box
# Log # Log
SB_DEFAULT_LOG_LEVEL="warn" SB_DEFAULT_LOG_LEVEL="warn"
# DNS # DNS

23
podkop/files/usr/lib/nft.sh Normal file
View File

@@ -0,0 +1,23 @@
# Create an nftables table in the inet family
nft_create_table() {
local name="$1"
nft add table inet "$name"
}
# Create a set within a table for storing IPv4 addresses
nft_create_ipv4_set() {
local table="$1"
local name="$2"
nft add set inet "$table" "$name" '{ type ipv4_addr; flags interval; auto-merge; }'
}
# Add one or more elements to a set
nft_add_set_elements() {
local table="$1"
local set="$2"
local elements="$3"
nft add element inet "$table" "$set" "{ $elements }"
}