in pkg/skoop/netstack/iptables.go [873:927]
func parseOneRule(xmlRule *etree.Element) (*rule, error) {
var conditions []*match
xmlConditions := xmlRule.FindElement("conditions")
if xmlConditions != nil {
for _, xmlModule := range xmlConditions.ChildElements() {
moduleKey := xmlModule.Tag
moduleType, ok := ModuleTypes[moduleKey]
if !ok {
return nil, fmt.Errorf("unspported match module %s", moduleKey)
}
for _, xmlExpr := range xmlModule.ChildElements() {
key := xmlExpr.Tag
value := xmlExpr.Text()
invertAttr := xmlExpr.SelectAttr("invert")
invert := invertAttr != nil && invertAttr.Value == "true"
matcher, err := createMatcher(moduleType, key, value)
if err != nil {
panic(err)
}
conditions = append(conditions, &match{matcher: matcher, invert: invert})
}
}
}
var target Target
xmlAction := xmlRule.FindElement("actions")
if xmlAction == nil || len(xmlAction.ChildElements()) == 0 {
target = &NopTarget{}
return &rule{matches: conditions, target: target}, nil
}
action := xmlAction.ChildElements()[0]
if action.Tag == "call" {
target = &CallTarget{Chain: action.ChildElements()[0].Tag}
} else if action.Tag == "goto" {
target = &CallTarget{Chain: action.ChildElements()[0].Tag}
} else {
actionType, ok := ActionTypes[action.Tag]
if !ok {
return nil, fmt.Errorf("unsupported action %s", action.Tag)
}
params := make(map[string]string)
for _, child := range action.ChildElements() {
params[child.Tag] = child.Text()
}
var err error
target, err = createTarget(actionType, params)
if err != nil {
return nil, errors.Wrapf(err, "error create target %s, err: %v", action.Tag, err)
}
}
return &rule{matches: conditions, target: target}, nil
}