refactor: update iptables and nftables methods to use receiver functions

2025-12-18 17:56:25 +00:00 · 2025-11-12 00:56:05 +08:00 · 2025-11-12 00:56:05 +08:00 · 90097acb85
commit 90097acb85
parent ba1ec470ee
2 changed files with 16 additions and 14 deletions
--- a/src/internal/server/netlink/iptables.go
+++ b/src/internal/server/netlink/iptables.go
@ -36,19 +36,19 @@ func (s *Server) iptSetup() error {
 		return err
 	}
 	if s.cfg.SetTTL {
-		err = IptSetTTL(ipt)
+		err = s.IptSetTTL(ipt)
 		if err != nil {
 			return err
 		}
 	}
 	if s.cfg.DelTCPTimestamp && !s.cfg.SetIPID {
-		err = IptDelTCPTS(ipt)
+		err = s.IptDelTCPTS(ipt)
 		if err != nil {
 			return err
 		}
 	}
 	if s.cfg.SetIPID {
-		err = IptSetIP(ipt)
+		err = s.IptSetIP(ipt)
 		if err != nil {
 			return err
 		}
@ -67,7 +67,7 @@ func (s *Server) iptCleanup() error {
 	return nil
 }
-func IptSetTTL(ipt *iptables.IPTables) error {
+func (s *Server) IptSetTTL(ipt *iptables.IPTables) error {
 	err := ipt.Append(table, chain, RuleTTL...)
 	if err != nil {
 		return err
@ -75,7 +75,7 @@ func IptSetTTL(ipt *iptables.IPTables) error {
 	return nil
 }
-func IptDelTCPTS(ipt *iptables.IPTables) error {
+func (s *Server) IptDelTCPTS(ipt *iptables.IPTables) error {
 	err := ipt.Append(table, chain, RuleDelTCPTS...)
 	if err != nil {
 		return err
@ -83,7 +83,7 @@ func IptDelTCPTS(ipt *iptables.IPTables) error {
 	return nil
 }
-func IptSetIP(ipt *iptables.IPTables) error {
+func (s *Server) IptSetIP(ipt *iptables.IPTables) error {
 	err := ipt.Append(table, chain, RuleIP...)
 	if err != nil {
 		return err
--- a/src/internal/server/netlink/nftables.go
+++ b/src/internal/server/netlink/nftables.go
@ -4,6 +4,7 @@ package netlink
 import (
 	"context"
 	"fmt"
 	"sigs.k8s.io/knftables"
 )
@ -18,13 +19,13 @@ func (s *Server) nftSetup() error {
 	tx.Add(s.nftable)
 	if s.cfg.SetTTL {
-		NftSetTTL(tx, s.nftable)
+		s.NftSetTTL(tx, s.nftable)
 	}
 	if s.cfg.DelTCPTimestamp && !s.cfg.SetIPID {
-		NftDelTCPTS(tx, s.nftable)
+		s.NftDelTCPTS(tx, s.nftable)
 	}
 	if s.cfg.SetIPID {
-		NftSetIP(tx, s.nftable)
+		s.NftSetIP(tx, s.nftable)
 	}
 	if err := nft.Run(context.TODO(), tx); err != nil {
@ -48,7 +49,7 @@ func (s *Server) nftCleanup() error {
 	return nil
 }
-func NftSetTTL(tx *knftables.Transaction, table *knftables.Table) {
+func (s *Server) NftSetTTL(tx *knftables.Transaction, table *knftables.Table) {
 	chain := &knftables.Chain{
 		Name:     "TTL64",
 		Type:     knftables.PtrTo(knftables.FilterType),
@ -66,7 +67,7 @@ func NftSetTTL(tx *knftables.Transaction, table *knftables.Table) {
 	tx.Add(rule)
 }
-func NftDelTCPTS(tx *knftables.Transaction, table *knftables.Table) {
+func (s *Server) NftDelTCPTS(tx *knftables.Transaction, table *knftables.Table) {
 	chain := &knftables.Chain{
 		Name:     "HELPER_QUEUE",
 		Type:     knftables.PtrTo(knftables.FilterType),
@ -77,14 +78,15 @@ func NftDelTCPTS(tx *knftables.Transaction, table *knftables.Table) {
 	rule := &knftables.Rule{
 		Chain: chain.Name,
 		Rule: knftables.Concat(
-			"tcp flags syn counter queue num 10301 bypass",
+			"tcp flags syn",
 			fmt.Sprintf("counter queue num %d bypass", s.nfqServer.QueueNum),
 		),
 	}
 	tx.Add(chain)
 	tx.Add(rule)
 }
-func NftSetIP(tx *knftables.Transaction, table *knftables.Table) {
+func (s *Server) NftSetIP(tx *knftables.Transaction, table *knftables.Table) {
 	chain := &knftables.Chain{
 		Name:     "HELPER_QUEUE",
 		Type:     knftables.PtrTo(knftables.FilterType),
@ -95,7 +97,7 @@ func NftSetIP(tx *knftables.Transaction, table *knftables.Table) {
 	rule := &knftables.Rule{
 		Chain: chain.Name,
 		Rule: knftables.Concat(
-			"counter queue num 10301 bypass",
+			fmt.Sprintf("counter queue num %d bypass", s.nfqServer.QueueNum),
 		),
 	}
 	tx.Add(chain)