nfqueue to hyperscan and stream match, removed proxyregex

2025-02-02 19:54:42 +01:00
parent 3de629ebd5
commit 2d8f19679f
54 changed files with 1134 additions and 3092 deletions
--- a/backend/modules/nfregex/nftables.py
+++ b/backend/modules/nfregex/nftables.py
@@ -45,36 +45,35 @@ class FiregexTables(NFTableManager):
            {"delete":{"chain":{"table":self.table_name,"family":"inet", "name":self.output_chain}}},
        ])

-    def add(self, srv:Service, queue_range_input, queue_range_output):
+    def add(self, srv:Service, queue_range):
        
        for ele in self.get():
            if ele.__eq__(srv): return
                
-        init, end = queue_range_output
+        init, end = queue_range
        if init > end: init, end = end, init
-        self.cmd({ "insert":{ "rule": {
-            "family": "inet",
-            "table": self.table_name,
-            "chain": self.output_chain,
-            "expr": [
-                    {'match': {'left': {'payload': {'protocol': ip_family(srv.ip_int), 'field': 'saddr'}}, 'op': '==', 'right': nftables_int_to_json(srv.ip_int)}},
-                    {'match': {"left": { "payload": {"protocol": str(srv.proto), "field": "sport"}}, "op": "==", "right": int(srv.port)}},
-                    {"queue": {"num": str(init) if init == end else {"range":[init, end] }, "flags": ["bypass"]}}
+        self.cmd(
+            { "insert":{ "rule": {
+                "family": "inet",
+                "table": self.table_name,
+                "chain": self.output_chain,
+                "expr": [
+                        {'match': {'left': {'payload': {'protocol': ip_family(srv.ip_int), 'field': 'saddr'}}, 'op': '==', 'right': nftables_int_to_json(srv.ip_int)}},
+                        {'match': {"left": { "payload": {"protocol": str(srv.proto), "field": "sport"}}, "op": "==", "right": int(srv.port)}},
+                        {"queue": {"num": str(init) if init == end else {"range":[init, end] }, "flags": ["bypass"]}}
                ]
-        }}})
-        
-        init, end = queue_range_input
-        if init > end: init, end = end, init
-        self.cmd({"insert":{"rule":{
-            "family": "inet",
-            "table": self.table_name,
-            "chain": self.input_chain,
-            "expr": [
-                    {'match': {'left': {'payload': {'protocol': ip_family(srv.ip_int), 'field': 'daddr'}}, 'op': '==', 'right': nftables_int_to_json(srv.ip_int)}},
-                    {'match': {"left": { "payload": {"protocol": str(srv.proto), "field": "dport"}}, "op": "==", "right": int(srv.port)}},
-                    {"queue": {"num": str(init) if init == end else {"range":[init, end] }, "flags": ["bypass"]}}
-                ]
-        }}})
+            }}},
+            {"insert":{"rule":{
+                "family": "inet",
+                "table": self.table_name,
+                "chain": self.input_chain,
+                "expr": [
+                        {'match': {'left': {'payload': {'protocol': ip_family(srv.ip_int), 'field': 'daddr'}}, 'op': '==', 'right': nftables_int_to_json(srv.ip_int)}},
+                        {'match': {"left": { "payload": {"protocol": str(srv.proto), "field": "dport"}}, "op": "==", "right": int(srv.port)}},
+                        {"queue": {"num": str(init) if init == end else {"range":[init, end] }, "flags": ["bypass"]}}
+                    ]
+            }}}
+        )


    def get(self) -> list[FiregexFilter]: