nftables: types: add conversion traits

Some parts of the firewall config map directly to nftables objects, so
we introduce conversion traits for convenient conversion into the
respective nftables objects / types.

They are guarded behind a feature, so the nftables crate can be used
standalone without depending on the proxmox-ve-config crate.

Co-authored-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>
Reviewed-by: Max Carrara <m.carrara@proxmox.com>

proxmox-nftables/src/types.rs

@@ -7,6 +7,12 @@ use crate::{Expression, Statement};
 
 use serde::{Deserialize, Serialize};
 
+#[cfg(feature = "config-ext")]
+use proxmox_ve_config::firewall::types::address::Family;
+
+#[cfg(feature = "config-ext")]
+use proxmox_ve_config::firewall::types::ipset::IpsetName;
+
 #[cfg(feature = "config-ext")]
 use proxmox_ve_config::guest::types::Vmid;
 
@@ -33,6 +39,15 @@ impl TableFamily {
             _ => vec![IpFamily::Ip, IpFamily::Ip6],
         }
     }
+
+    #[cfg(feature = "config-ext")]
+    pub fn families(&self) -> Vec<Family> {
+        match self {
+            TableFamily::Ip => vec![Family::V4],
+            TableFamily::Ip6 => vec![Family::V6],
+            _ => vec![Family::V4, Family::V6],
+        }
+    }
 }
 
 #[derive(Clone, Copy, Debug, Eq, PartialEq, Deserialize, Serialize)]
@@ -157,6 +172,21 @@ pub enum RateTimescale {
     Day,
 }
 
+#[cfg(feature = "config-ext")]
+use proxmox_ve_config::firewall::types::log::LogRateLimitTimescale;
+
+#[cfg(feature = "config-ext")]
+impl From<LogRateLimitTimescale> for RateTimescale {
+    fn from(value: LogRateLimitTimescale) -> Self {
+        match value {
+            LogRateLimitTimescale::Second => RateTimescale::Second,
+            LogRateLimitTimescale::Minute => RateTimescale::Minute,
+            LogRateLimitTimescale::Hour => RateTimescale::Hour,
+            LogRateLimitTimescale::Day => RateTimescale::Day,
+        }
+    }
+}
+
 #[derive(Clone, Debug, Deserialize, Serialize)]
 pub struct TableName {
     family: TableFamily,
@@ -586,6 +616,44 @@ impl SetName {
             name: name.into(),
         }
     }
+
+    pub fn name(&self) -> &str {
+        self.name.as_ref()
+    }
+
+    #[cfg(feature = "config-ext")]
+    pub fn ipset_name(
+        family: Family,
+        name: &IpsetName,
+        vmid: Option<Vmid>,
+        nomatch: bool,
+    ) -> String {
+        use proxmox_ve_config::firewall::types::ipset::IpsetScope;
+
+        let prefix = match family {
+            Family::V4 => "v4",
+            Family::V6 => "v6",
+        };
+
+        let name = match name.scope() {
+            IpsetScope::Datacenter => name.to_string(),
+            IpsetScope::Guest => {
+                if let Some(vmid) = vmid {
+                    format!("guest-{vmid}/{}", name.name())
+                } else {
+                    log::warn!("Creating IPSet for guest without vmid parameter!");
+                    name.to_string()
+                }
+            }
+        };
+
+        let suffix = match nomatch {
+            true => "-nomatch",
+            false => "",
+        };
+
+        format!("{prefix}-{name}{suffix}")
+    }
 }
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
@@ -788,7 +856,17 @@ pub enum L3Protocol {
     Ip6,
 }
 
-#[derive(Clone, Debug, Deserialize, Serialize)]
+#[cfg(feature = "config-ext")]
+impl From<Family> for L3Protocol {
+    fn from(value: Family) -> Self {
+        match value {
+            Family::V4 => L3Protocol::Ip,
+            Family::V6 => L3Protocol::Ip6,
+        }
+    }
+}
+
+#[derive(Clone, Copy, Debug, Deserialize, Serialize)]
 #[serde(rename_all = "lowercase")]
 pub enum CtHelperProtocol {
     TCP,