优化nftables查找程序

2025-11-04 07:40:56 +08:00 · 2023-04-05 09:33:03 +08:00
parent c44583f249
commit c71e68bdea
3 changed files with 25 additions and 29 deletions
--- a/internal/firewalls/ddos_protection.go
+++ b/internal/firewalls/ddos_protection.go
@@ -90,7 +90,7 @@ func (this *DDoSProtectionManager) Apply(config *ddosconfigs.ProtectionConfig) e
 	}
 	remotelogs.Println("FIREWALL", "change DDoS protection config")

-	if len(NftExePath()) == 0 {
+	if len(nftables.NftExePath()) == 0 {
 		return errors.New("can not find nft command")
 	}

@@ -156,7 +156,7 @@ func (this *DDoSProtectionManager) Apply(config *ddosconfigs.ProtectionConfig) e

 // 添加TCP规则
 func (this *DDoSProtectionManager) addTCPRules(tcpConfig *ddosconfigs.TCPConfig) error {
-	var nftExe = NftExePath()
+	var nftExe = nftables.NftExePath()
 	if len(nftExe) == 0 {
 		return nil
 	}
--- a/internal/firewalls/firewall_nftables.go
+++ b/internal/firewalls/firewall_nftables.go
@@ -16,33 +16,12 @@ import (
 	"github.com/google/nftables/expr"
 	"github.com/iwind/TeaGo/types"
 	"net"
-	"os"
-	"os/exec"
 	"regexp"
 	"runtime"
 	"strings"
 	"time"
 )

-// NftExePath 查找nftables可执行文件路径
-func NftExePath() string {
-	path, _ := exec.LookPath("nft")
-	if len(path) > 0 {
-		return path
-	}
-
-	for _, possiblePath := range []string{
-		"/usr/sbin/nft",
-	} {
-		_, err := os.Stat(possiblePath)
-		if err == nil {
-			return possiblePath
-		}
-	}
-
-	return ""
-}
-
 // check nft status, if being enabled we load it automatically
 func init() {
 	if !teaconst.IsMain {
@@ -58,7 +37,7 @@ func init() {
 					ticker.Stop()
 					break
 				}
-				var nftExe = NftExePath()
+				var nftExe = nftables.NftExePath()
 				if len(nftExe) > 0 {
 					nftablesFirewall, err := NewNFTablesFirewall()
 					if err != nil {
@@ -141,7 +120,7 @@ type NFTablesFirewall struct {

 func (this *NFTablesFirewall) init() error {
 	// check nft
-	var nftPath = NftExePath()
+	var nftPath = nftables.NftExePath()
 	if len(nftPath) == 0 {
 		return errors.New("'nft' not found")
 	}
--- a/internal/firewalls/nftables/installer.go
+++ b/internal/firewalls/nftables/installer.go
@@ -38,8 +38,7 @@ func init() {
 		}

 		if os.Getgid() == 0 { // root user only
-			_, err := exec.LookPath("nft")
-			if err == nil {
+			if len(NftExePath()) > 0 {
 				return
 			}
 			goman.New(func() {
@@ -53,6 +52,25 @@ func init() {
 	})
 }

+// NftExePath 查找nftables可执行文件路径
+func NftExePath() string {
+	path, _ := exec.LookPath("nft")
+	if len(path) > 0 {
+		return path
+	}
+
+	for _, possiblePath := range []string{
+		"/usr/sbin/nft",
+	} {
+		_, err := os.Stat(possiblePath)
+		if err == nil {
+			return possiblePath
+		}
+	}
+
+	return ""
+}
+
 type Installer struct {
 }

@@ -67,8 +85,7 @@ func (this *Installer) Install() error {
 	}

 	// 检查是否已经存在
-	_, err := exec.LookPath("nft")
-	if err == nil {
+	if len(NftExePath()) > 0  {
 		return nil
 	}