3个版本 (破坏性更新)
| 0.3.0 | 2022年12月26日 |
|---|---|
| 0.2.0 | 2022年12月25日 |
| 0.1.0 | 2022年12月12日 |
在Unix APIs中排名685
每月下载量85
65KB
1.5K SLoC
nftables-json
Serde JSON模型,用于与nftables nft可执行文件交互
提供与nftables JSON对象模型直接映射的Rust类型,允许使用serde和serde_json将来自nft --json --file -命令的输入和输出进行序列化和反序列化。
贡献
本库根据Apache License, Version 2.0或MIT License的条款提供,您可任选其一。
除非您明确声明,否则您提交的任何有意贡献都将根据上述条款双许可,不附加任何额外条款或条件。
Copyright (c) nftables-json Developers
SPDX-License-Identifier: MIT OR Apache-2.0
请注意,本库的测试根据不同的许可提供。有关更多信息,请参阅tests/目录中的README。
lib.rs:
Serde JSON模型,用于与nftables nft可执行文件交互
提供与nftables JSON对象模型直接映射的Rust类型,允许使用serde和serde_json将来自nft --json --file -命令的输入和输出进行序列化和反序列化。
示例
创建可以管道到nft --json --file -的命令
use nftables_json::{command::*, expression::*, statement::*};
let mut commands = Commands::default();
commands.extend([
// flush rulesets for all families
Command::Flush(Flush::Ruleset(None)),
// create a new table called "default"
Command::Add(Add::Table(AddTable {
family: "inet".into(),
name: "default".into(),
..AddTable::default()
})),
// attach a chain to the "default" table called "input"
Command::Add(Add::Chain(AddChain {
family: "inet".into(),
table: "default".into(),
name: "input".into(),
r#type: Some("filter".into()),
hook: Some("input".into()),
prio: Some(0),
policy: Some("accept".into()),
..AddChain::default()
})),
Command::Add(Add::Rule(AddRule {
// attach a rule to the "input" chain in the "default" table that drops udp sport 53
family: "inet".into(),
table: "default".into(),
chain: "input".into(),
expr: Some(vec![
Statement::Match(Match {
left: Expression::Payload {
payload: Payload::Named { protocol: "udp".into(), field: "sport".into() },
}
.into(),
right: Expression::Immediate(Immediate::Number(53)).into(),
op: "==".into(),
}),
Statement::Drop(()),
]),
..AddRule::default()
})),
]);
// not shown: how to invoke `nft` from Rust and pipe json to stdin
println!("{}", commands.to_string().unwrap());
/*
{"nftables":[
{"flush":{"ruleset":null}},
{"add":{"table":{"family":"inet","name":"default"}}},
{"add":{"chain":{"family":"inet","table":"default","name":"input","policy":"accept","type":"filter","hook":"input","prio":0}}},
{"add":{"rule":{"family":"inet","table":"default","chain":"input","expr":[
{"match":{"left":{"payload":{"protocol":"udp","field":"sport"}},"right":53,"op":"=="}},
{"drop":null}
]}}}
]}
*/
示例
解析由 printf '{"nftables":[{"list":{"ruleset":null}}]}' | nft --json --file -
use nftables_json::{object::*, expression::*, statement::*};
// not shown: how to invoke `nft` from Rust and collect stdout
let output_str = r#"
{"nftables":[
{"metainfo":{"version":"0.9.8","release_name":"E.D.S.","json_schema_version":1}},
{"table":{"family":"inet","name":"default","handle":3}},
{"chain":{"family":"inet","table":"default","name":"input","handle":1,"type":"filter","hook":"input","prio":0,"policy":"accept"}},
{"rule":{"family":"inet","table":"default","chain":"input","handle":3,"expr":[
{"match":{"op":"==","left":{"payload":{"protocol":"udp","field":"sport"}},"right":53}},
{"drop":null}
]}},
{"chain":{"family":"inet","table":"default","name":"output","handle":2,"type":"filter","hook":"output","prio":0,"policy":"accept"}}
]}
"#;
let objects = Objects::from_str(output_str).unwrap();
for object in objects.iter() {
match object {
Object::Metainfo(Metainfo { json_schema_version, .. }) => {
eprintln!("[metainfo] schema version {json_schema_version}");
}
Object::Table(Table { family, name, .. }) => {
eprintln!("[table] {family} {name}");
}
Object::Chain(Chain { family, table, name, hook: Some(hook), .. }) => {
eprintln!("[chain] {family} {table} {name} hook {hook}");
}
Object::Rule(Rule { family, table, chain, .. }) => {
eprintln!("[rule] {family} {table} {chain}");
}
_ => {}
}
}
/*
schema version 1
table family inet name default
chain family inet table default name input hook input
rule family inet table default chain input
chain family inet table default name output hook output
*/
依赖项
~1.2–2MB
~43K SLoC