[pve-devel] [PATCH proxmox-firewall 24/37] nftables: types: add conversion traits

Stefan Hanreich s.hanreich at proxmox.com
Tue Apr 2 19:16:16 CEST 2024 

Some parts of the firewall config map directly to nftables objects, so
we introduce conversion traits for convenient conversion into the
respective nftables objects / types.

They are guarded behind a feature, so the nftables crate can be used
standalone without depending on the proxmox-ve-config crate.

Co-authored-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
---
 proxmox-nftables/src/types.rs | 54 +++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/proxmox-nftables/src/types.rs b/proxmox-nftables/src/types.rs
index f9dc9b6..10e569c 100644
--- a/proxmox-nftables/src/types.rs
+++ b/proxmox-nftables/src/types.rs
@@ -7,6 +7,11 @@ use crate::{Expression, Statement};
 
 use serde::{Deserialize, Serialize};
 
+#[cfg(feature = "config-ext")]
+use proxmox_ve_config::firewall::types::address::Family;
+
+#[cfg(feature = "config-ext")]
+use proxmox_ve_config::firewall::types::ipset::IpsetName;
 
 #[derive(Clone, Debug, Eq, PartialEq, Deserialize, Serialize)]
 pub struct Handle(i32);
@@ -31,6 +36,15 @@ impl TableFamily {
             _ => vec![IpFamily::Ip, IpFamily::Ip6],
         }
     }
+
+    #[cfg(feature = "config-ext")]
+    pub fn families(&self) -> Vec<Family> {
+        match self {
+            TableFamily::Ip => vec![Family::V4],
+            TableFamily::Ip6 => vec![Family::V6],
+            _ => vec![Family::V4, Family::V6],
+        }
+    }
 }
 
 #[derive(Clone, Copy, Debug, Eq, PartialEq, Deserialize, Serialize)]
@@ -155,6 +169,21 @@ pub enum RateTimescale {
     Day,
 }
 
+#[cfg(feature = "config-ext")]
+use proxmox_ve_config::firewall::types::log::LogRateLimitTimescale;
+
+#[cfg(feature = "config-ext")]
+impl From<LogRateLimitTimescale> for RateTimescale {
+    fn from(value: LogRateLimitTimescale) -> Self {
+        match value {
+            LogRateLimitTimescale::Second => RateTimescale::Second,
+            LogRateLimitTimescale::Minute => RateTimescale::Minute,
+            LogRateLimitTimescale::Hour => RateTimescale::Hour,
+            LogRateLimitTimescale::Day => RateTimescale::Day,
+        }
+    }
+}
+
 #[derive(Clone, Debug, Deserialize, Serialize)]
 pub struct TableName {
     family: TableFamily,
@@ -584,6 +613,21 @@ impl SetName {
             name: name.into(),
         }
     }
+
+    #[cfg(feature = "config-ext")]
+    pub fn ipset_name(family: Family, name: &IpsetName, nomatch: bool) -> String {
+        let prefix = match family {
+            Family::V4 => "v4",
+            Family::V6 => "v6",
+        };
+
+        let suffix = match nomatch {
+            true => "-nomatch",
+            false => "",
+        };
+
+        format!("{prefix}-{name}{suffix}")
+    }
 }
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
@@ -786,6 +830,16 @@ pub enum L3Protocol {
     Ip6,
 }
 
+#[cfg(feature = "config-ext")]
+impl From<Family> for L3Protocol {
+    fn from(value: Family) -> Self {
+        match value {
+            Family::V4 => L3Protocol::Ip,
+            Family::V6 => L3Protocol::Ip6,
+        }
+    }
+}
+
 #[derive(Clone, Debug, Deserialize, Serialize)]
 #[serde(rename_all = "lowercase")]
 pub enum CtHelperProtocol {
-- 
2.39.2

More information about the pve-devel mailing list