Merge pull request #8 from caseydavenport/casey-handle-prefix-elements

Handle set elements that are structured prefixes
kubernetes-sigs · May 10, 2024 · 5951417 · 5951417
2 parents a1caefd + ed2cf47
commit 5951417
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 1 deletion.
diff --git a/nftables.go b/nftables.go
@@ -415,7 +415,7 @@ func (nft *realNFTables) ListElements(ctx context.Context, objectType, name stri
 	return elements, nil
 }
 
-// parseElementValue parses a JSON element key/value, handling concatenations, and
+// parseElementValue parses a JSON element key/value, handling concatenations, prefixes, and
 // converting numeric or "verdict" values to strings.
 func parseElementValue(json interface{}) ([]string, error) {
 	// json can be:
@@ -424,6 +424,14 @@ func parseElementValue(json interface{}) ([]string, error) {
 	//
 	//   - a single number, e.g. 80
 	//
+	//   - a prefix, expressed as an object:
+	//     {
+	//       "prefix": {
+	//         "addr": "192.168.0.0",
+	//         "len": 16,
+	//       }
+	//     }
+	//
 	//   - a concatenation, expressed as an object containing an array of simple
 	//     values:
 	//        {
@@ -463,6 +471,17 @@ func parseElementValue(json interface{}) ([]string, error) {
 				}
 			}
 			return vals, nil
+		} else if prefix, _ := jsonVal[map[string]interface{}](val, "prefix"); prefix != nil {
+			// For prefix-type elements, return the element in CIDR representation.
+			addr, ok := jsonVal[string](prefix, "addr")
+			if !ok {
+				return nil, fmt.Errorf("could not parse 'addr' value as string: %q", prefix)
+			}
+			length, ok := jsonVal[float64](prefix, "len")
+			if !ok {
+				return nil, fmt.Errorf("could not parse 'len' value as number: %q", prefix)
+			}
+			return []string{fmt.Sprintf("%s/%d", addr, int(length))}, nil
 		} else if len(val) == 1 {
 			var verdict string
 			// We just checked that len(val) == 1, so this loop body will only

diff --git a/nftables_test.go b/nftables_test.go
@@ -368,6 +368,29 @@ func TestListElements(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:       "prefix type",
+			objectType: "set",
+			nftOutput:  `{"nftables": [{"metainfo": {"version": "1.0.1", "release_name": "Fearless Fosdick #3", "json_schema_version": 1}}, {"set": {"family": "ip", "name": "test", "table": "testing", "type": ["ipv4_addr"], "handle": 13, "flags": ["interval"], "elem": [{"prefix": {"addr": "192.168.0.0", "len": 16}}]}}]}`,
+			listOutput: []*Element{
+				{
+					Set: "test",
+					Key: []string{"192.168.0.0/16"},
+				},
+			},
+		},
+		{
+			name:       "prefix type - bad len value",
+			objectType: "set",
+			nftOutput:  `{"nftables": [{"metainfo": {"version": "1.0.1", "release_name": "Fearless Fosdick #3", "json_schema_version": 1}}, {"set": {"family": "ip", "name": "test", "table": "testing", "type": ["ipv4_addr"], "handle": 13, "flags": ["interval"], "elem": [{"prefix": {"addr": "192.168.0.0", "len": "16"}}]}}]}`,
+			nftError:   `could not parse 'len' value as number: map["addr":"192.168.0.0" "len":"16"]`,
+		},
+		{
+			name:       "prefix type - missing addr",
+			objectType: "set",
+			nftOutput:  `{"nftables": [{"metainfo": {"version": "1.0.1", "release_name": "Fearless Fosdick #3", "json_schema_version": 1}}, {"set": {"family": "ip", "name": "test", "table": "testing", "type": ["ipv4_addr"], "handle": 13, "flags": ["interval"], "elem": [{"prefix": {"len": "16"}}]}}]}`,
+			nftError:   `could not parse 'addr' value as string: map["len":"16"]`,
+		},
 		{
 			name:       "simple map",
 			objectType: "map",