use std::sync::atomic::Ordering;
use anyhow::Result;
use crate::opt;
use super::{exec_process, INJECT_MARK, IS_U32_SUPPORTED};
const DPIBREAK_TABLE: &str = "dpibreak";
fn nft(rule: &str) -> Result<()> {
crate::info!("nft: {rule}");
exec_process(&[opt::nft_command(), "-f", "-"], Some(rule))
}
pub fn install_nft_rules() -> Result<()> {
let queue_num = opt::queue_num();
let rule = format!(
r#"add table inet {DPIBREAK_TABLE}
add chain inet {DPIBREAK_TABLE} OUTPUT {{ type filter hook output priority 0; policy accept; }}
add rule inet {DPIBREAK_TABLE} OUTPUT meta mark {INJECT_MARK} return
add rule inet {DPIBREAK_TABLE} OUTPUT tcp dport 443 @ih,0,8 0x16 @ih,40,8 0x01 queue num {queue_num} bypass"#
);
nft(&rule)?;
IS_U32_SUPPORTED.store(true, Ordering::Relaxed);
Ok(())
}
pub fn cleanup_nftables_rules() -> Result<()> {
let rule = format!("delete table inet {DPIBREAK_TABLE}");
nft(&rule)?;
Ok(())
}