maxmoehl/main.go Secret

## main.go
package main

import (
	"fmt"
	"net"
	"os"
	"strconv"

	"github.com/google/nftables"
	"github.com/google/nftables/expr"
)

func main() {
	_, lastingConn := os.LookupEnv("LASTING_CONN")

	rulesPerFlush := 100
	rulesPerFlushEnv, ok := os.LookupEnv("RULES_PER_FLUSH")
	if ok {
		var err error
		rulesPerFlush, err = strconv.Atoi(rulesPerFlushEnv)
		p(err)
	}

	var opts []nftables.ConnOption
	if lastingConn {
		opts = append(opts, nftables.AsLasting())
	}

	conn, err := nftables.New(opts...)
	p(err)

	t := &nftables.Table{
		Name:   "buffer-test",
		Family: nftables.TableFamilyIPv4,
	}
	conn.AddTable(t)

	c := &nftables.Chain{
		Name:  "chain1",
		Table: t,
	}
	conn.AddChain(c)

	err = conn.Flush()
	p(err)

	for i := 0; ; i++ {
		for j := 0; j < rulesPerFlush; j++ {
			conn.AddRule(&nftables.Rule{
				Table:    t,
				Chain:    c,
				UserData: []byte("some-string-with-user-data"),
				Exprs: []expr.Any{
					&expr.Meta{
						Key:      expr.MetaKeyIIFNAME,
						Register: 1,
					},
					&expr.Cmp{
						Op:       expr.CmpOpEq,
						Register: 1,
						Data:     []byte("my-interface"),
					},
					&expr.Payload{
						DestRegister: 1,
						Base:         expr.PayloadBaseNetworkHeader,
						Offset:       16,
						Len:          net.IPv4len,
					},
					&expr.Range{
						Op:       expr.CmpOpEq,
						Register: 1,
						FromData: []byte{10, 0, 0, 1},
						ToData:   []byte{10, 0, 0, 2},
					},
					&expr.Counter{},
					&expr.Verdict{
						Kind: expr.VerdictAccept,
					},
				},
			})
		}
		if i%100 == 0 {
			fmt.Printf("%d\n", i)
		}

		err = conn.Flush()
		if err != nil {
			fmt.Printf("failed at flush %d\n", i)
			p(err)
		}
	}
}

func p(err error) {
	if err != nil {
		panic(err.Error())
	}
}
	package main

	import (
	"fmt"
	"net"
	"os"
	"strconv"

	"github.com/google/nftables"
	"github.com/google/nftables/expr"
	)

	func main() {
	_, lastingConn := os.LookupEnv("LASTING_CONN")

	rulesPerFlush := 100
	rulesPerFlushEnv, ok := os.LookupEnv("RULES_PER_FLUSH")
	if ok {
	var err error
	rulesPerFlush, err = strconv.Atoi(rulesPerFlushEnv)
	p(err)
	}

	var opts []nftables.ConnOption
	if lastingConn {
	opts = append(opts, nftables.AsLasting())
	}

	conn, err := nftables.New(opts...)
	p(err)

	t := &nftables.Table{
	Name: "buffer-test",
	Family: nftables.TableFamilyIPv4,
	}
	conn.AddTable(t)

	c := &nftables.Chain{
	Name: "chain1",
	Table: t,
	}
	conn.AddChain(c)

	err = conn.Flush()
	p(err)

	for i := 0; ; i++ {
	for j := 0; j < rulesPerFlush; j++ {
	conn.AddRule(&nftables.Rule{
	Table: t,
	Chain: c,
	UserData: []byte("some-string-with-user-data"),
	Exprs: []expr.Any{
	&expr.Meta{
	Key: expr.MetaKeyIIFNAME,
	Register: 1,
	},
	&expr.Cmp{
	Op: expr.CmpOpEq,
	Register: 1,
	Data: []byte("my-interface"),
	},
	&expr.Payload{
	DestRegister: 1,
	Base: expr.PayloadBaseNetworkHeader,
	Offset: 16,
	Len: net.IPv4len,
	},
	&expr.Range{
	Op: expr.CmpOpEq,
	Register: 1,
	FromData: []byte{10, 0, 0, 1},
	ToData: []byte{10, 0, 0, 2},
	},
	&expr.Counter{},
	&expr.Verdict{
	Kind: expr.VerdictAccept,
	},
	},
	})
	}
	if i%100 == 0 {
	fmt.Printf("%d\n", i)
	}

	err = conn.Flush()
	if err != nil {
	fmt.Printf("failed at flush %d\n", i)
	p(err)
	}
	}
	}

	func p(err error) {
	if err != nil {
	panic(err.Error())
	}
	}