wip

cmds/modules/netlightd/main.go

@@ -131,6 +131,10 @@ func action(cli *cli.Context) error {
 		return fmt.Errorf("failed to setup mycelium on host: %w", err)
 	}
 
+	if err := nft.DropTrafficToLAN(); err != nil {
+		return errors.New("failed to drop traffic to lan")
+	}
+
 	mod, err := netlight.NewNetworker()
 	if err != nil {
 		return fmt.Errorf("failed to create Networker: %w", err)

pkg/netlight/nft/nft.go

@@ -1,10 +1,14 @@
 package nft
 
 import (
+	"fmt"
 	"io"
+	"log/slog"
+	"net"
 	"os/exec"
 
 	"github.com/rs/zerolog/log"
+	"github.com/vishvananda/netlink"
 
 	"github.com/pkg/errors"
 )
@@ -32,3 +36,47 @@ func Apply(r io.Reader, ns string) error {
 	}
 	return nil
 }
+
+// DropTrafficToLAN drops all the outgoing traffic to any peers on
+// the same lan network
+func DropTrafficToLAN() error {
+	mac, err := getDefaultGwMac()
+	slog.Info("returned", "mac", mac.String(), "err", err)
+	return nil
+}
+
+func getDefaultGwMac() (net.HardwareAddr, error) {
+	routes, err := netlink.RouteList(nil, netlink.FAMILY_V4)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list routes: %v", err)
+	}
+
+	var defaultRoute *netlink.Route
+	for _, route := range routes {
+		if route.Dst == nil {
+			defaultRoute = &route
+			break
+		}
+	}
+
+	if defaultRoute == nil {
+		return nil, fmt.Errorf("default route not found")
+	}
+
+	if defaultRoute.Gw == nil {
+		return nil, fmt.Errorf("default route has no gateway")
+	}
+
+	neighs, err := netlink.NeighList(0, netlink.FAMILY_V4)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list neighbors: %v", err)
+	}
+
+	for _, neigh := range neighs {
+		if neigh.IP.Equal(defaultRoute.Gw) {
+			return neigh.HardwareAddr, nil
+		}
+	}
+
+	return nil, nil
+}

util.go

@@ -0,0 +1,7 @@
+package main
+
+import "github.com/threefoldtech/zos4/pkg/netlight/nft"
+
+func main() {
+	nft.DropTrafficToLAN()
+}