Added Prometheus metrics and tokens for routes

Added first basic prometheus metrics.
Now generates a token for newly created routes that can later be used for removing specific routes or
otherwise keeping track of them better

CHANGELOG.md

@@ -1,4 +1,8 @@
 # Changelog
+## v0.2.0
+* Added basic prometheus metrics and corresponding endpoint
+* Creating a route will now return a string token, that will be needed to remove the route normally in the future
+
 ## v0.1.4
 * Another fix for the routes with different protocols
 * Added more tests to detect more possible regressions

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "iptables-proxy"
-version = "0.1.4"
+version = "0.2.0"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@@ -12,3 +12,5 @@ tracing = "0.1.37"
 tracing-subscriber = "0.3.17"
 serde = { version = "1.0.171", features = ["derive"] }
 clap = { version = "4.3.11", features = ["derive"] }
+prometheus = "0.13.3"
+rand = { version = "0.8.5", features = ["small_rng"] }

src/backend.rs

@@ -0,0 +1,145 @@
+use std::fmt::Debug;
+
+use crate::ForwardingRoute;
+
+pub trait Command {
+    fn execute(self) -> impl core::future::Future<Output = Result<(), ()>>;
+}
+
+pub trait Backend {
+    type Cmd: Debug + Command;
+
+    fn register_cmds(&self, route: &ForwardingRoute) -> Result<Vec<Self::Cmd>, ()>;
+
+    fn deregister_cmds(&self, route: &ForwardingRoute) -> Result<Vec<Self::Cmd>, ()>;
+}
+
+impl Command for tokio::process::Command {
+    async fn execute(mut self) -> Result<(), ()> {
+        self.output().await.map(|o| ()).map_err(|e| ())
+    }
+}
+
+pub mod iptables {
+    use std::borrow::Cow;
+
+    use crate::ForwardingRoute;
+
+    use super::Backend;
+
+    #[derive(Debug)]
+    pub struct IPTablesBackend {}
+
+    impl IPTablesBackend {
+        pub fn new() -> Self {
+            Self {}
+        }
+
+        fn register_args(
+            &self,
+            route: &ForwardingRoute,
+        ) -> impl Iterator<Item = Vec<Cow<'static, str>>> {
+            [
+                vec![
+                    "-I".into(),
+                    "FORWARD".into(),
+                    "-d".into(),
+                    format!("{}", route.dest_ip).into(),
+                    "-m".into(),
+                    "comment".into(),
+                    "--comment".into(),
+                    "[iptables-proxy] SD - Accept to forward traffic".into(),
+                    "-m".into(),
+                    route.protocol.as_str().into(),
+                    "-p".into(),
+                    route.protocol.as_str().into(),
+                    "--dport".into(),
+                    format!("{}", route.pub_port).into(),
+                    "-j".into(),
+                    "ACCEPT".into(),
+                ],
+                vec![
+                    "-I".into(),
+                    "FORWARD".into(),
+                    "-m".into(),
+                    "comment".into(),
+                    "--comment".into(),
+                    "[iptables-proxy] DS - Accept to forward return traffic".into(),
+                    "-s".into(),
+                    format!("{}", route.dest_ip).into(),
+                    "-m".into(),
+                    route.protocol.as_str().into(),
+                    "-p".into(),
+                    route.protocol.as_str().into(),
+                    "--sport".into(),
+                    format!("{}", route.dest_port).into(),
+                    "-j".into(),
+                    "ACCEPT".into(),
+                ],
+                vec![
+                    "-t".into(),
+                    "nat".into(),
+                    "-I".into(),
+                    "PREROUTING".into(),
+                    "-m".into(),
+                    route.protocol.as_str().into(),
+                    "-p".into(),
+                    route.protocol.as_str().into(),
+                    "--dport".into(),
+                    format!("{}", route.pub_port).into(),
+                    "-m".into(),
+                    "comment".into(),
+                    "--comment".into(),
+                    "[iptables-proxy] redirect pkts to homeserver".into(),
+                    "-j".into(),
+                    "DNAT".into(),
+                    "--to-destination".into(),
+                    format!("{}:{}", route.dest_ip, route.dest_port).into(),
+                ],
+            ]
+            .into_iter()
+        }
+        fn deregister_args(
+            &self,
+            route: &ForwardingRoute,
+        ) -> impl Iterator<Item = Vec<Cow<'static, str>>> {
+            self.register_args(route).map(|mut args| {
+                for arg in args.iter_mut() {
+                    if arg == "-I" {
+                        *arg = "-D".into();
+                    }
+                }
+                args
+            })
+        }
+    }
+
+    impl Backend for IPTablesBackend {
+        type Cmd = tokio::process::Command;
+
+        fn register_cmds(&self, route: &crate::ForwardingRoute) -> Result<Vec<Self::Cmd>, ()> {
+            let cmds = self
+                .register_args(route)
+                .map(|args| {
+                    let mut cmd = tokio::process::Command::new("iptables");
+                    cmd.args(args.into_iter().map(|c| c.to_string()));
+                    cmd
+                })
+                .collect();
+
+            Ok(cmds)
+        }
+
+        fn deregister_cmds(&self, route: &crate::ForwardingRoute) -> Result<Vec<Self::Cmd>, ()> {
+            let cmds = self
+                .deregister_args(route)
+                .map(|args| {
+                    let mut cmd = tokio::process::Command::new("iptables");
+                    cmd.args(args.into_iter().map(|c| c.to_string()));
+                    cmd
+                })
+                .collect();
+            Ok(cmds)
+        }
+    }
+}