[agent-go] [Bastion] - swap firewall

2024-04-18 10:35:39 +08:00
parent abe83b68e9
commit 8e43f1f90f
5 changed files with 248 additions and 110 deletions
--- a/agent-go/a_init/bastion_init/TrieSearch_test.go
+++ b/agent-go/a_init/bastion_init/TrieSearch_test.go
@@ -2,6 +2,7 @@ package bastion_init

 import (
 	"fmt"
+	"syscall"
 	"testing"
 )

@@ -21,13 +22,37 @@ func TestNewTrie(t *testing.T) {
 }

 func TestDp(t *testing.T) {
-	words := []string{"Apple", "Apricot", "Apprentice", "Application", "Docker-Compose", "Docker-Compose-File", "Docker-Compose-File-V2", "Docker-Compose-File-V3", "Docker-Compose-File-V4", "Docker-Compose-File-V5", "Docker-Compose-File-V6", "Docker-Co", "Install-Docker"}
-	prefix := "Install"
+	// 获取netlink接口（用于网络控制的内核机制）
+	nl := syscall.NewLk(syscall.AT_FDCWD, "netlink")
+	if nl == nil {
+		fmt.Println("Unable to open netlink")
+		return
+	}
+	defer nl.Close()

-	closest, err := FindClosestWordDp(words, prefix)
-	if err != nil {
-		fmt.Println(err)
+	// 设置对netlink的访问权限
+	if err := syscall.Setpgid(0, syscall.Getpid()); err != nil {
+		fmt.Println("Unable to set pgid", err)
+		return
+	}
+
+	// 设置netlink接口为非阻塞模式
+	if err := nl.Control(syscall.SET_NONBLOCK, 1); err != nil {
+		fmt.Println("Unable to set netlink nonblocking", err)
+		return
+	}
+
+	// 获取IPv4路由转发设置的值
+	var value syscall.SysctlValInt
+	if err := syscall.Sysctl(nl, "net/ipv4/ip_forward", &value); err != nil {
+		fmt.Println("Unable to get ip_forward value:", err)
+		return
+	}
+
+	// 打印IPv4路由转发的状态
+	if value == 1 {
+		fmt.Println("IPv4 routing forwarding is enabled")
 	} else {
-		fmt.Printf("The closest word to '%s' is '%s'\n", prefix, closest)
+		fmt.Println("IPv4 routing forwarding is disabled")
 	}
 }