diff --git a/internal/firewalls/ddos_protection.go b/internal/firewalls/ddos_protection.go index ecb5c8f..14cd495 100644 --- a/internal/firewalls/ddos_protection.go +++ b/internal/firewalls/ddos_protection.go @@ -90,7 +90,7 @@ func (this *DDoSProtectionManager) Apply(config *ddosconfigs.ProtectionConfig) e } remotelogs.Println("FIREWALL", "change DDoS protection config") - if len(NftExePath()) == 0 { + if len(nftables.NftExePath()) == 0 { return errors.New("can not find nft command") } @@ -156,7 +156,7 @@ func (this *DDoSProtectionManager) Apply(config *ddosconfigs.ProtectionConfig) e // 添加TCP规则 func (this *DDoSProtectionManager) addTCPRules(tcpConfig *ddosconfigs.TCPConfig) error { - var nftExe = NftExePath() + var nftExe = nftables.NftExePath() if len(nftExe) == 0 { return nil } diff --git a/internal/firewalls/firewall_nftables.go b/internal/firewalls/firewall_nftables.go index 90d0d56..96cb1b9 100644 --- a/internal/firewalls/firewall_nftables.go +++ b/internal/firewalls/firewall_nftables.go @@ -16,33 +16,12 @@ import ( "github.com/google/nftables/expr" "github.com/iwind/TeaGo/types" "net" - "os" - "os/exec" "regexp" "runtime" "strings" "time" ) -// NftExePath 查找nftables可执行文件路径 -func NftExePath() string { - path, _ := exec.LookPath("nft") - if len(path) > 0 { - return path - } - - for _, possiblePath := range []string{ - "/usr/sbin/nft", - } { - _, err := os.Stat(possiblePath) - if err == nil { - return possiblePath - } - } - - return "" -} - // check nft status, if being enabled we load it automatically func init() { if !teaconst.IsMain { @@ -58,7 +37,7 @@ func init() { ticker.Stop() break } - var nftExe = NftExePath() + var nftExe = nftables.NftExePath() if len(nftExe) > 0 { nftablesFirewall, err := NewNFTablesFirewall() if err != nil { @@ -141,7 +120,7 @@ type NFTablesFirewall struct { func (this *NFTablesFirewall) init() error { // check nft - var nftPath = NftExePath() + var nftPath = nftables.NftExePath() if len(nftPath) == 0 { return errors.New("'nft' not found") } diff --git a/internal/firewalls/nftables/installer.go b/internal/firewalls/nftables/installer.go index 4f4e601..4c1e636 100644 --- a/internal/firewalls/nftables/installer.go +++ b/internal/firewalls/nftables/installer.go @@ -38,8 +38,7 @@ func init() { } if os.Getgid() == 0 { // root user only - _, err := exec.LookPath("nft") - if err == nil { + if len(NftExePath()) > 0 { return } goman.New(func() { @@ -53,6 +52,25 @@ func init() { }) } +// NftExePath 查找nftables可执行文件路径 +func NftExePath() string { + path, _ := exec.LookPath("nft") + if len(path) > 0 { + return path + } + + for _, possiblePath := range []string{ + "/usr/sbin/nft", + } { + _, err := os.Stat(possiblePath) + if err == nil { + return possiblePath + } + } + + return "" +} + type Installer struct { } @@ -67,8 +85,7 @@ func (this *Installer) Install() error { } // 检查是否已经存在 - _, err := exec.LookPath("nft") - if err == nil { + if len(NftExePath()) > 0 { return nil }