bump google/nftables 0.1.0

crowdsecurity · Jul 20, 2023 · 22306e0 · 22306e0
1 parent b1938f0
commit 22306e0
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 11 deletions.
diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/crowdsecurity/crowdsec v1.5.3-rc1
 	github.com/crowdsecurity/go-cs-bouncer v0.0.7
 	github.com/crowdsecurity/go-cs-lib v0.0.2
-	github.com/google/nftables v0.0.0-20220808154552-2eca00135732
+	github.com/google/nftables v0.1.0
 	github.com/prometheus/client_golang v1.15.1
 	github.com/sirupsen/logrus v1.9.2
 	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1

diff --git a/go.sum b/go.sum
@@ -103,8 +103,8 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
-github.com/google/nftables v0.0.0-20220808154552-2eca00135732 h1:csc7dT82JiSLvq4aMyQMIQDL7986NH6Wxf/QrvOj55A=
-github.com/google/nftables v0.0.0-20220808154552-2eca00135732/go.mod h1:b97ulCCFipUC+kSin+zygkvUVpx0vyIAwxXFdY3PlNc=
+github.com/google/nftables v0.1.0 h1:T6lS4qudrMufcNIZ8wSRrL+iuwhsKxpN+zFLxhUWOqk=
+github.com/google/nftables v0.1.0/go.mod h1:b97ulCCFipUC+kSin+zygkvUVpx0vyIAwxXFdY3PlNc=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=

diff --git a/pkg/nftables/nftables_context.go b/pkg/nftables/nftables_context.go
@@ -19,12 +19,12 @@ import (
 )
 
 var HookNameToHookID = map[string]nftables.ChainHook{
-	"prerouting":  nftables.ChainHookPrerouting,
-	"input":       nftables.ChainHookInput,
-	"forward":     nftables.ChainHookForward,
-	"output":      nftables.ChainHookOutput,
-	"postrouting": nftables.ChainHookPostrouting,
-	"ingress":     nftables.ChainHookIngress,
+	"prerouting":  *nftables.ChainHookPrerouting,
+	"input":       *nftables.ChainHookInput,
+	"forward":     *nftables.ChainHookForward,
+	"output":      *nftables.ChainHookOutput,
+	"postrouting": *nftables.ChainHookPostrouting,
+	"ingress":     *nftables.ChainHookIngress,
 }
 
 type nftContext struct {
@@ -183,12 +183,14 @@ func (c *nftContext) initOwnTable(hooks []string, denyLog bool, denyLogPrefix st
 	c.set = set
 
 	for _, hook := range hooks {
+		hooknum := HookNameToHookID[hook]
+		priority := nftables.ChainPriority(c.priority)
 		chain := c.conn.AddChain(&nftables.Chain{
 			Name:     c.chainName + "-" + hook,
 			Table:    c.table,
 			Type:     nftables.ChainTypeFilter,
-			Hooknum:  HookNameToHookID[hook],
-			Priority: nftables.ChainPriority(c.priority),
+			Hooknum:  &hooknum,
+			Priority: &priority,
 		})
 
 		log.Debugf("nftables: ip%s chain '%s' created", c.version, chain.Name)