Network traffic

.github/workflows/pr_tests.yml

@@ -18,10 +18,11 @@ jobs:
       - uses: actions/checkout@v3
       - name: Build tests
         run: cd src && go test -c rol/tests -o ./tests/rol.test
-      - name: Setup CAP_NET_ADMIN for compiled tests
+      - name: Setup CAP_NET_RAW and CAP_NET_ADMIN for compiled tests
         if: matrix.os == 'ubuntu-22.04'
         run: |
           sudo setcap cap_net_admin+ep ./src/tests/rol.test
+          sudo setcap "cap_net_raw+ep cap_net_admin+ep" /usr/sbin/xtables-nft-multi
       - name: Run tests
         run: |
           cd src/tests && ./rol.test -test.v

docs/plantuml/controllers/HostNetworkTrafficGinController.puml

@@ -0,0 +1,41 @@
+@startuml
+
+!include ../services/HostNetworkService.puml
+remove HostNetworkBridgeDto
+remove HostNetworkBridgeUpdateDto
+remove HostNetworkBridgeCreateDto
+remove HostNetworkBridgeBaseDto
+remove HostNetworkVlanDto
+remove HostNetworkVlanUpdateDto
+remove HostNetworkVlanCreateDto
+
+package controllers {
+    class HostNetworkTrafficGinController {
+        -service *services.HostNetworkService
+        --
+        -logger  *logrus.Logger
+        --
+        +GetTableRules(ctx *gin.Context)
+        --
+        +Create(ctx *gin.Context)
+        --
+        +Delete(ctx *gin.Context)
+    }
+
+    note left of HostNetworkTrafficGinController::GetTableRules
+    Get selected netfilter table rules
+    end note
+
+    note left of HostNetworkTrafficGinController::Create
+    Create new traffic rule in specified table
+    end note
+
+    note left of HostNetworkTrafficGinController::Delete
+    Delete netfilter traffic rule in specified table
+    end note
+
+
+    HostNetworkService -up- HostNetworkTrafficGinController::service
+}
+
+@enduml

docs/plantuml/dto/HostNetworkTrafficRule/HostNetworkTrafficRuleBaseDto.puml

@@ -0,0 +1,16 @@
+@startuml
+
+package dtos {
+    class HostNetworkTrafficRuleBaseDto {
+        +Chain string
+        --
+        +Target string
+        --
+        +Source string
+        --
+        +Destination string
+    }
+}
+
+
+@enduml

docs/plantuml/dto/HostNetworkTrafficRule/HostNetworkTrafficRuleCreateDto.puml

@@ -0,0 +1,10 @@
+@startuml
+!include HostNetworkTrafficRuleBaseDto.puml
+
+package dtos {
+    class HostNetworkTrafficRuleCreateDto {
+    }
+
+    HostNetworkTrafficRuleCreateDto --* HostNetworkTrafficRuleBaseDto
+}
+@enduml

docs/plantuml/dto/HostNetworkTrafficRule/HostNetworkTrafficRuleDeleteDto.puml

@@ -0,0 +1,10 @@
+@startuml
+!include HostNetworkTrafficRuleBaseDto.puml
+
+package dtos {
+    class HostNetworkTrafficRuleDeleteDto {
+    }
+
+    HostNetworkTrafficRuleDeleteDto --* HostNetworkTrafficRuleBaseDto
+}
+@enduml

docs/plantuml/dto/HostNetworkTrafficRule/HostNetworkTrafficRuleDto.puml

@@ -0,0 +1,12 @@
+@startuml
+
+!include HostNetworkTrafficRuleBaseDto.puml
+
+package dtos {
+    class HostNetworkTrafficRuleDto {
+    }
+
+    HostNetworkTrafficRuleDto --* HostNetworkTrafficRuleBaseDto
+}
+
+@enduml

docs/plantuml/entities/HostNetworkConfig.puml

@@ -3,6 +3,7 @@
 !include HostNetworkDevice.puml
 !include HostNetworkVlan.puml
 !include HostNetworkBridge.puml
+!include HostNetworkTrafficRule.puml
 
 package domain {
     class HostNetworkConfig {
@@ -11,11 +12,42 @@ package domain {
         +Vlans   []HostNetworkVlan
         --
         +Bridges []HostNetworkBridge
+        --
+        +TrafficRules TrafficRules
+    }
+
+    class TrafficRules {
+        +Filter []HostNetworkTrafficRule
+        --
+        +NAT []HostNetworkTrafficRule
+        --
+        +Mangle []HostNetworkTrafficRule
+        --
+        +Raw []HostNetworkTrafficRule
+        --
+        +Security []HostNetworkTrafficRule
     }
 
     HostNetworkConfig::Devices -- HostNetworkDevice
     HostNetworkConfig::Vlans -- HostNetworkVlan
     HostNetworkConfig::Bridges -- HostNetworkBridge
+    HostNetworkConfig::TrafficRules -- TrafficRules
+
+    note as NetworkTrafficRuleNote
+        Since traffic rules are stored in the .yaml config
+         we need to split all netfilter tables into class fields
+    end note
+
+    TrafficRules .l[hidden]. NetworkTrafficRuleNote
+
+
+    TrafficRules::Filter .. NetworkTrafficRuleNote
+    TrafficRules::NAT .. NetworkTrafficRuleNote
+    TrafficRules::Mangle .. NetworkTrafficRuleNote
+    TrafficRules::Raw .. NetworkTrafficRuleNote
+    TrafficRules::Security .. NetworkTrafficRuleNote
+
+    NetworkTrafficRuleNote ..> HostNetworkTrafficRule
 }
 
 @enduml

docs/plantuml/entities/HostNetworkTrafficRule.puml

@@ -0,0 +1,15 @@
+@startuml Project
+
+package domain {
+    class HostNetworkTrafficRule {
+        Chain string
+        --
+        Target string
+        --
+        Source string
+        --
+        Destination string
+    }
+}
+
+@enduml

docs/plantuml/interfaces/IHostNetworkManager.puml

@@ -24,6 +24,14 @@ package app {
         --
         +AddrDelete(linkName string, addr net.IPNet) error
         --
+        +CreateTrafficRule(table string, rule HostNetworkTrafficRule) (HostNetworkTrafficRule, error)
+        --
+        +DeleteTrafficRule(table string, rule HostNetworkTrafficRule) error
+        --
+        +GetChainRules(table string, chain string) ([]HostNetworkTrafficRule, error)
+        --
+        +GetTableRules(table string) ([]HostNetworkTrafficRule, error)
+        --
         +SaveConfiguration() error
         --
         +RestoreFromBackup() error
@@ -73,6 +81,22 @@ package app {
     Delete ip address for network interface
     end note
 
+    note left of IHostNetworkManager::CreateTrafficRule
+    Create netfilter traffic rule for specified table
+    end note
+
+    note left of IHostNetworkManager::DeleteTrafficRule
+    Delete netfilter traffic rule in specified table
+    end note
+
+    note left of IHostNetworkManager::GetChainRules
+    Get selected netfilter chain rules at specified table
+    end note
+
+    note left of IHostNetworkManager::GetTableRules
+    Get specified netfilter table rules
+    end note
+
     note left of IHostNetworkManager::SaveConfiguration
     Save current host network configuration to the storage
     end note

docs/plantuml/services/HostNetworkService.puml

@@ -6,6 +6,9 @@
 !include ../dto/HostNetworkBridge/HostNetworkBridgeDto.puml
 !include ../dto/HostNetworkBridge/HostNetworkBridgeCreateDto.puml
 !include ../dto/HostNetworkBridge/HostNetworkBridgeUpdateDto.puml
+!include ../dto/HostNetworkTrafficRule/HostNetworkTrafficRuleDto.puml
+!include ../dto/HostNetworkTrafficRule/HostNetworkTrafficRuleCreateDto.puml
+!include ../dto/HostNetworkTrafficRule/HostNetworkTrafficRuleDeleteDto.puml
 
 !include ../managers/HostNetworkManager.puml
 
@@ -32,6 +35,14 @@ package app {
         +UpdateBridge(bridgeName string, updateDto dtos.HostNetworkBridgeUpdateDto) (dtos.HostNetworkBridgeDto, error)
         --
         +DeleteBridge(bridgeName string) error
+        --
+        +CreateTrafficRule(table string, ruleDto dtos.HostNetworkTrafficRuleCreateDto) (dtos.HostNetworkTrafficRuleDto, error)
+        --
+        +DeleteTrafficRule(table string, ruleDto dtos.HostNetworkTrafficRuleDeleteDto) error
+        --
+        +GetChainRules(table string, chain string) ([]dtos.HostNetworkTrafficRuleDto, error)
+        --
+        +GetTableRules(table string) ([]dtos.HostNetworkTrafficRuleDto, error)
     }
     HostNetworkService::manager -- HostNetworkManager
 
@@ -74,6 +85,22 @@ package app {
     note right of HostNetworkService::DeleteBridge
         Delete bridge interface from host
     end note
+
+    note right of HostNetworkService::CreateTrafficRule
+        Create netfilter traffic rule for specified table
+    end note
+
+    note right of HostNetworkService::DeleteTrafficRule
+        Delete netfilter traffic rule in specified table
+    end note
+
+    note right of HostNetworkService::GetChainRules
+        Get selected netfilter chain rules at specified table
+    end note
+
+    note right of HostNetworkService::GetTableRules
+        Get specified netfilter table rules
+    end note
 }
 
 @enduml

src/app/interfaces/IHostNetworkManager.go

@@ -1,6 +1,9 @@
 package interfaces
 
-import "net"
+import (
+	"net"
+	"rol/domain"
+)
 
 //IHostNetworkManager is an interface for network manager
 type IHostNetworkManager interface {
@@ -80,6 +83,40 @@ type IHostNetworkManager interface {
 	//Return:
 	//	error - if an error occurs, otherwise nil
 	AddrDelete(linkName string, addr net.IPNet) error
+	//CreateTrafficRule Create netfilter traffic rule for specified table
+	//
+	//Params:
+	//	table - table to create a rule
+	//	rule - rule entity
+	//Return:
+	//	domain.HostNetworkTrafficRule - new traffic rule
+	//	error - if an error occurs, otherwise nil
+	CreateTrafficRule(table string, rule domain.HostNetworkTrafficRule) (domain.HostNetworkTrafficRule, error)
+	//DeleteTrafficRule Delete netfilter traffic rule in specified table
+	//
+	//Params:
+	//	table - table to delete a rule
+	//	rule - rule entity
+	//Return:
+	//	error - if an error occurs, otherwise nil
+	DeleteTrafficRule(table string, rule domain.HostNetworkTrafficRule) error
+	//GetChainRules Get selected netfilter chain rules at specified table
+	//
+	//Params:
+	//	table - table to get a rules
+	//	chain - chain where we get the rules
+	//Return:
+	//	[]domain.HostNetworkTrafficRule - slice of rules
+	//	error - if an error occurs, otherwise nil
+	GetChainRules(table string, chain string) ([]domain.HostNetworkTrafficRule, error)
+	//GetTableRules Get specified netfilter table rules
+	//
+	//Params:
+	//	table - table to get a rules
+	//Return:
+	//	[]domain.HostNetworkTrafficRule - slice of rules
+	//	error - if an error occurs, otherwise nil
+	GetTableRules(table string) ([]domain.HostNetworkTrafficRule, error)
 	//SaveConfiguration save current host network configuration to the configuration storage
 	//
 	//Return:

src/app/mappers/NetworkTrafficRuleMapper.go

@@ -0,0 +1,38 @@
+package mappers
+
+import (
+	"github.com/coreos/go-iptables/iptables"
+	"rol/domain"
+	"rol/dtos"
+)
+
+//MapStatToTrafficRule map iptables.Stat to domain.HostNetworkTrafficRule
+func MapStatToTrafficRule(stat iptables.Stat, rule *domain.HostNetworkTrafficRule) {
+	rule.Source = stat.Source.String()
+	rule.Destination = stat.Destination.String()
+	rule.Action = stat.Target
+}
+
+//MapHostNetworkTrafficRuleEntityToDto map HostNetworkTrafficRule entity to dto
+func MapHostNetworkTrafficRuleEntityToDto(entity domain.HostNetworkTrafficRule, dto *dtos.HostNetworkTrafficRuleDto) {
+	dto.Chain = entity.Chain
+	dto.Action = entity.Action
+	dto.Source = entity.Source
+	dto.Destination = entity.Destination
+}
+
+//MapHostNetworkTrafficRuleCreateDtoToEntity map HostNetworkTrafficRuleCreateDto dto to entity
+func MapHostNetworkTrafficRuleCreateDtoToEntity(dto dtos.HostNetworkTrafficRuleCreateDto, entity *domain.HostNetworkTrafficRule) {
+	entity.Chain = dto.Chain
+	entity.Action = dto.Action
+	entity.Source = dto.Source
+	entity.Destination = dto.Destination
+}
+
+//MapHostNetworkTrafficRuleDeleteDtoToEntity map HostNetworkTrafficRuleDeleteDto dto to entity
+func MapHostNetworkTrafficRuleDeleteDtoToEntity(dto dtos.HostNetworkTrafficRuleDeleteDto, entity *domain.HostNetworkTrafficRule) {
+	entity.Chain = dto.Chain
+	entity.Action = dto.Action
+	entity.Source = dto.Source
+	entity.Destination = dto.Destination
+}