From 086271ef29fdd6858ba2edcead9646c4e97f9add Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Mon, 17 Jun 2024 22:28:32 +0800 Subject: [PATCH] Fix generate empty sets --- redirect_nftables_exprs.go | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/redirect_nftables_exprs.go b/redirect_nftables_exprs.go index 09fe589..8202994 100644 --- a/redirect_nftables_exprs.go +++ b/redirect_nftables_exprs.go @@ -79,17 +79,9 @@ func nftablesCreateIPSet( ) (*nftables.Set, error) { if len(prefixList) > 0 { var builder netipx.IPSetBuilder - if appendDefault && len(setList) == 0 { - if family == nftables.TableFamilyIPv4 { - prefixList = append(prefixList, netip.PrefixFrom(netip.IPv4Unspecified(), 0)) - } else { - prefixList = append(prefixList, netip.PrefixFrom(netip.IPv6Unspecified(), 0)) - } - } for _, prefix := range prefixList { builder.AddPrefix(prefix) } - ipSet, err := builder.IPSet() if err != nil { return nil, err @@ -103,7 +95,7 @@ func nftablesCreateIPSet( ipSets = append(ipSets, mySet) rangeLen += len(mySet.rr) } - setElements := make([]nftables.SetElement, 0, len(prefixList)+rangeLen) + setElements := make([]nftables.SetElement, 0, rangeLen) for _, mySet := range ipSets { for _, rr := range mySet.rr { if (family == nftables.TableFamilyIPv4) != rr.from.Is4() { @@ -122,6 +114,23 @@ func nftablesCreateIPSet( }) } } + if len(prefixList) == 0 && appendDefault { + if family == nftables.TableFamilyIPv4 { + setElements = append(setElements, nftables.SetElement{ + Key: netip.IPv4Unspecified().AsSlice(), + }, nftables.SetElement{ + Key: netip.IPv4Unspecified().AsSlice(), + IntervalEnd: true, + }) + } else { + setElements = append(setElements, nftables.SetElement{ + Key: netip.IPv6Unspecified().AsSlice(), + }, nftables.SetElement{ + Key: netip.IPv6Unspecified().AsSlice(), + IntervalEnd: true, + }) + } + } var keyType nftables.SetDatatype if family == nftables.TableFamilyIPv4 { keyType = nftables.TypeIPAddr