Skip to content

Instantly share code, notes, and snippets.

@aojea

aojea/dump.go

Last active January 4, 2025 22:05
Show Gist options
  • Save aojea/8a811e11a060fa638aa2dd8165960d5a to your computer and use it in GitHub Desktop.
Save aojea/8a811e11a060fa638aa2dd8165960d5a to your computer and use it in GitHub Desktop.
Download ZIP
golang nftables dump go objects
Raw
dump.go
package main
import (
"fmt"
"log"
"os"
"github.com/google/nftables"
)
func main() {
args := os.Args[1:]
if len(args) != 2 {
log.Fatalf("need to specify the table and chain to list")
}
c, err := nftables.New()
if err != nil {
log.Fatalf("nftables.New() failed: %v", err)
}
table, err := c.ListTableOfFamily(args[0], nftables.TableFamilyINet)
if err != nil {
log.Fatalf("ListTableOfFamily failed: %v", err)
}
chain, err := c.ListChain(table, args[1])
if err != nil {
log.Fatalf("ListChain failed: %v", err)
}
rules, err := c.GetRules(table, chain)
if err != nil {
log.Fatalf("GetRules failed: %v", err)
}
for _, rule := range rules {
log.Printf("rule position %d", rule.Position)
for _, exp := range rule.Exprs {
fmt.Printf("%#v\n", exp)
}
}
}
@aojea
Copy link
Author

aojea commented Jan 2, 2025

This makes easy to migrate from nft to google/nftables creating the rules with nft and dumping them we can obtain the necessary elements for the rules without having to parse the bytecode

                chain prerouting {
                        type nat hook prerouting priority dstnat; policy accept;
                        dnat ip to ip daddr . ip protocol . th dport map @hostport-map-v4
                        dnat ip6 to ip6 daddr . meta l4proto . th dport map @hostport-map-v6
                }

2025/01/02 12:38:08 rule position 0
&expr.Meta{Key:0xf, SourceRegister:false, Register:0x1}
&expr.Cmp{Op:0x0, Register:0x1, Data:[]uint8{0x2}}
&expr.Payload{OperationType:0x0, DestRegister:0x1, SourceRegister:0x0, Base:0x1, Offset:0x10, Len:0x4, CsumType:0x0, CsumOffset:0x0, CsumFlags:0x0}
&expr.Payload{OperationType:0x0, DestRegister:0x9, SourceRegister:0x0, Base:0x1, Offset:0x9, Len:0x1, CsumType:0x0, CsumOffset:0x0, CsumFlags:0x0}
&expr.Payload{OperationType:0x0, DestRegister:0xa, SourceRegister:0x0, Base:0x2, Offset:0x2, Len:0x2, CsumType:0x0, CsumOffset:0x0, CsumFlags:0x0}
&expr.Lookup{SourceRegister:0x1, DestRegister:0x1, IsDestRegSet:true, SetID:0x0, SetName:"hostport-map-v4", Invert:false}
&expr.NAT{Type:0x1, Family:0x2, RegAddrMin:0x1, RegAddrMax:0x1, RegProtoMin:0x9, RegProtoMax:0x9, Random:false, FullyRandom:false, Persistent:false, Prefix:false, Specified:true}
2025/01/02 12:38:08 rule position 97
&expr.Meta{Key:0xf, SourceRegister:false, Register:0x1}
&expr.Cmp{Op:0x0, Register:0x1, Data:[]uint8{0xa}}
&expr.Payload{OperationType:0x0, DestRegister:0x1, SourceRegister:0x0, Base:0x1, Offset:0x18, Len:0x10, CsumType:0x0, CsumOffset:0x0, CsumFlags:0x0}
&expr.Meta{Key:0x10, SourceRegister:false, Register:0x2}
&expr.Payload{OperationType:0x0, DestRegister:0xd, SourceRegister:0x0, Base:0x2, Offset:0x2, Len:0x2, CsumType:0x0, CsumOffset:0x0, CsumFlags:0x0}
&expr.Lookup{SourceRegister:0x1, DestRegister:0x1, IsDestRegSet:true, SetID:0x0, SetName:"hostport-map-v6", Invert:false}
&expr.NAT{Type:0x1, Family:0xa, RegAddrMin:0x1, RegAddrMax:0x1, RegProtoMin:0x2, RegProtoMax:0x2, Random:false, FullyRandom:false, Persistent:false, Prefix:false, Specified:true}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment