use iptables;
use regex::Regex;
use std::collections::HashSet;

#[derive(PartialEq,Eq,Debug,Hash)]
pub struct Port {
    proto: String,
    number: u16,
}

pub fn setup(ipt: &iptables::IPTables) {
    ipt.new_chain("filter", "DIPLONAT").unwrap();
    ipt.insert("filter", "INPUT", "-j DIPLONAT", 1).unwrap();
}

pub fn open_ports(ipt: &iptables::IPTables, ports: Vec<Port>) {

    for p in ports {
        ipt.append("filter", "DIPLONAT", &format!("-p {} --dport {} -j ACCEPT", p.proto, p.number)).unwrap();
    }
}

pub fn get_opened_ports(ipt: &iptables::IPTables) -> HashSet<Port> {
    let mut opened_ports: HashSet<Port> = HashSet::new();

    let list = ipt.list("filter", "DIPLONAT").unwrap();
    let re = Regex::new(r"\-A.*? \-p (\w+).*\-\-dport (\d+).*?\-j ACCEPT").unwrap();
    for i in list {
        let caps = re.captures(&i);
        match caps {
            Some(c) => {
                let raw_proto = c.get(1).unwrap();
                let raw_port = c.get(2).unwrap();

                let proto = String::from(raw_proto.as_str());
                let number = String::from(raw_port.as_str()).parse::<u16>().unwrap();

                opened_ports.insert( Port { proto, number } );
            },
            _ => {}
        }
    }

    opened_ports
}

pub fn cleanup(ipt: &iptables::IPTables) {
    ipt.flush_chain("filter", "DIPLONAT").unwrap();
    ipt.delete("filter", "INPUT", "-j DIPLONAT").unwrap();
    ipt.delete_chain("filter", "DIPLONAT").unwrap();
}

/*
fn main() {
    let ipt = iptables::new(false).unwrap();
    setup(&ipt);

    let mut test: HashSet<Port> = HashSet::new();
    test.insert(Port { proto: String::from("tcp"), number: 443 });
    let a = get_opened_ports(&ipt);
    let l = test.difference(&a).collect::<Vec<&Port>>();
    println!("{:?}", l);
}
*/