完善iptables命令的构建，并添加几个新的服务接口

27bca390 · wutu · e641932a · 27bca390 · 27bca390 · 27bca390
Commit 27bca390 authored Oct 29, 2019 by wutu
5 changed files
--- a/bishe-utils/src/main/java/top/ninwoo/utils/entity/ChainEntity.java
+++ b/bishe-utils/src/main/java/top/ninwoo/utils/entity/ChainEntity.java
@@ -7,6 +7,7 @@ package top.ninwoo.utils.entity;
 */
 public class ChainEntity {
    // TODO: 亟待实现的一个类
+    private int id;
    private long pkts;
    private long bytes;
    private String target;
@@ -31,9 +32,11 @@ public class ChainEntity {
        this.source = builder.source;
        this.target = builder.target;
        this.type = builder.type;
+        this.id = builder.id;
    }

    public static class Builder {
+        private int id;
        private long pkts;
        private long bytes;
        private String target;
@@ -49,6 +52,15 @@ public class ChainEntity {
        public Builder() {
        }

+        public int id() {
+            return this.id;
+        }
+
+        public Builder id(int id) {
+            this.id = id;
+            return this;
+        }
+
        public String opt() {
            return this.opt;
        }
@@ -151,7 +163,8 @@ public class ChainEntity {
    @Override
    public String toString() {
        return "ChainEntity{" +
-                "pkts=" + pkts +
+                "id=" + id +
+                ", pkts=" + pkts +
                ", bytes=" + bytes +
                ", target='" + target + '\'' +
                ", prot='" + prot + '\'' +

--- a/bishe-utils/src/main/java/top/ninwoo/utils/entity/TableType.java
+++ b/bishe-utils/src/main/java/top/ninwoo/utils/entity/TableType.java
+package top.ninwoo.utils.entity;
+
+/**
+ * @Author joliu
+ * @Description
+ * @Date　Create in 下午5:11 2019/10/29
+ */
+public enum  TableType {
+    filter, raw
+}
--- a/bishe-utils/src/main/java/top/ninwoo/utils/util/IptablesUtils.java
+++ b/bishe-utils/src/main/java/top/ninwoo/utils/util/IptablesUtils.java
@@ -2,6 +2,7 @@ package top.ninwoo.utils.util;

 import top.ninwoo.utils.entity.ChainEntity;
 import top.ninwoo.utils.entity.ChainType;
+import top.ninwoo.utils.entity.TableType;

 import java.util.List;
 import java.util.Map;
@@ -15,6 +16,10 @@ public interface IptablesUtils {
    Map<String, List<ChainEntity>> showIptablesDetail(String containerId);

    String addIptable(String containerId, String kind, ChainType chainType, String source, String destination, String policy);
+
+    String delIptable(String containerId, ChainType chainType, String source, String destination, String policy);
+
+    String delIptable(String containerId, TableType tableType, ChainType chainType, int lineNumber);
    // 添加一个iptables项
    // 删除一个iptables项


--- a/bishe-utils/src/main/java/top/ninwoo/utils/util/impl/IptablesUtilsImpl.java
+++ b/bishe-utils/src/main/java/top/ninwoo/utils/util/impl/IptablesUtilsImpl.java
@@ -5,6 +5,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import top.ninwoo.utils.entity.ChainEntity;
 import top.ninwoo.utils.entity.ChainType;
+import top.ninwoo.utils.entity.TableType;
 import top.ninwoo.utils.util.DockerUtils;
 import top.ninwoo.utils.util.IptablesUtils;
 import top.ninwoo.utils.util.Utils;
@@ -44,7 +45,7 @@ public class IptablesUtilsImpl implements IptablesUtils {
        map.put("INPUT", new ArrayList<>());
        map.put("FORWARD", new ArrayList<>());
        map.put("OUTPUT", new ArrayList<>());
-        String result = dockerUtils.execInDocker(containerId, new String[]{"iptables", "-vnL"});
+        String result = dockerUtils.execInDocker(containerId, new String[]{"iptables", "--line", "-vnL"});
        String[] lines = result.split("\n");
        ChainEntity.Builder builder = ChainEntity.builder();
        String key = "";
@@ -73,16 +74,17 @@ public class IptablesUtilsImpl implements IptablesUtils {

            String[] s = lines[i].replaceAll(" +", " ").trim().split(" ");
            ChainEntity chain;
-            if(s.length == 9) {
-                chain = builder.pkts(Long.parseLong(s[0]))
-                        .bytes(Long.parseLong(s[1]))
-                        .target(s[2])
-                        .prot(s[3])
-                        .opt(s[4])
-                        .in(s[5])
-                        .out(s[6])
-                        .source(s[7])
-                        .destination(s[8])
+            if(s.length == 10) {
+                chain = builder.id(Integer.parseInt(s[0]))
+                        .pkts(Long.parseLong(s[1]))
+                        .bytes(Long.parseLong(s[2]))
+                        .target(s[3])
+                        .prot(s[4])
+                        .opt(s[5])
+                        .in(s[6])
+                        .out(s[7])
+                        .source(s[8])
+                        .destination(s[9])
                        .build();
                map.get(key).add(chain);
            }
@@ -91,6 +93,34 @@ public class IptablesUtilsImpl implements IptablesUtils {
        return map;
    }

+    @Override
+    public String addIptable(String containerId, String kind, ChainType chainType, String source, String destination, String policy) {
+        // TODO: 再简化些
+        return basicCommand(containerId, null, kind, chainType, source, destination, policy);
+    }
+
+    @Override
+    public String delIptable(String containerId, ChainType chainType, String source, String destination, String policy) {
+        // 删除
+        return basicCommand(containerId, null, "delete", chainType, source, destination, policy);
+    }
+
+    private String basicCommand(String containerId, TableType table, String kind, ChainType chainType, String source, String destination, String policy) {
+        return basicCommand(containerId, table, kind, chainType, source, destination, policy, 0);
+    }
+
+    @Override
+    public String delIptable(String containerId, TableType tableType, ChainType chainType, int lineNumber) {
+        return basicCommand(containerId, null, "delete", chainType, "", "", "", lineNumber);
+    }
+
+
+
+    public String basicCommand(String containerId, TableType table, String kind, ChainType chainType, String source, String destination, String policy, int lineNumber) {
+        String cmd = buildCommand(containerId, table, kind, chainType, source, destination, policy, lineNumber);
+        return dockerUtils.execInDocker(containerId, cmd.split(" "));
+    }
+
    /**
     * 添加iptable项
     * 这里应该还可以提供一个更加通用的模块，这里暂时先不实现
@@ -102,11 +132,23 @@ public class IptablesUtilsImpl implements IptablesUtils {
     * @param destination
     * @param policy
     */
-    @Override
-    public String addIptable(String containerId, String kind, ChainType chainType, String source, String destination, String policy) {
+    public String buildCommand(String containerId, TableType table, String kind, ChainType chainType, String source, String destination, String policy, int lineNumber) {
        // 构建iptables的命令
        String cmd = "iptables ";

+        if(table != null) {
+            switch (table) {
+                case raw:
+                    cmd += "-t filter ";
+                    break;
+                case filter:
+                    cmd += "-t filter ";
+                    break;
+                default:
+                    throw new RuntimeException("不支持的table[" + table + "]");
+            }
+        }
+
        switch (kind) {
            case "insert":
                cmd += "-I ";
@@ -114,6 +156,9 @@ public class IptablesUtilsImpl implements IptablesUtils {
            case "append":
                cmd += "-A ";
                break;
+            case "delete":
+                cmd += "-D ";
+                break;
            default:
                throw new RuntimeException("不支持的操作");
        }
@@ -125,13 +170,16 @@ public class IptablesUtilsImpl implements IptablesUtils {
        if(!"".equals(destination)) {
            cmd += "-d " + destination + " ";
        }
-        if("".equals(policy)) {
-            throw new RuntimeException("policy不能为空");
+        if(!"".equals(policy)) {
+            cmd += "-j " + policy;
+        }
+
+        if(lineNumber > 0 && cmd.contains("-D")) {
+            cmd += lineNumber;
        }

-        // TODO: 差一步校验
-        cmd += "-j " + policy;
        LOG.info("构建的cmd:[" + cmd + "]");
-        return dockerUtils.execInDocker(containerId, cmd.split(" "));
+        return cmd;
+        //return dockerUtils.execInDocker(containerId, cmd.split(" "));
    }
 }
--- a/bishe-utils/src/test/java/top/ninwoo/utils/IptablesUtilsTests.java
+++ b/bishe-utils/src/test/java/top/ninwoo/utils/IptablesUtilsTests.java
@@ -13,6 +13,7 @@ import top.ninwoo.utils.config.DockerConfig;
 import top.ninwoo.utils.entity.ChainEntity;
 import top.ninwoo.utils.entity.ChainType;
 import top.ninwoo.utils.entity.DockerContainer;
+import top.ninwoo.utils.entity.TableType;
 import top.ninwoo.utils.service.DockerService;
 import top.ninwoo.utils.util.IptablesUtils;

@@ -49,10 +50,15 @@ public class IptablesUtilsTests {
    @Test
    public void testAddIptables() {
        testShowIptablesDetail();
-        iptablesUtils.addIptable(dockerContainer.getId(), "insert", ChainType.INPUT, "172.0.17.2", "", "DROP");
+        String s = iptablesUtils.addIptable(dockerContainer.getId(), "insert", ChainType.INPUT, "172.0.17.2", "", "DROP");
+        System.out.println(s);
        iptablesUtils.addIptable(dockerContainer.getId(), "insert", ChainType.OUTPUT, "172.0.17.2", "", "DROP");
        iptablesUtils.addIptable(dockerContainer.getId(), "append", ChainType.INPUT, "172.0.17.3", "", "DROP");
        testShowIptablesDetail();
+        iptablesUtils.delIptable(dockerContainer.getId(), TableType.filter, ChainType.INPUT,1);
+        testShowIptablesDetail();
+        iptablesUtils.delIptable(dockerContainer.getId(), ChainType.INPUT, "172.0.17.3", "", "DROP");
+        testShowIptablesDetail();

    }