Feature: add source ipcidr condition to rule final

This commit is contained in:
gVisor bot 2021-09-01 18:29:48 +08:00
parent 01d76959ff
commit 3817f2ae91
4 changed files with 25 additions and 13 deletions

View file

@ -407,12 +407,19 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, error) {
payload string
target string
params = []string{}
ruleName = strings.ToUpper(rule[0])
)
switch l := len(rule); {
case l == 2:
target = rule[1]
case l == 3:
if ruleName == "MATCH" {
payload = ""
target = rule[1]
params = rule[2:]
break
}
payload = rule[1]
target = rule[2]
case l >= 4:
@ -427,10 +434,10 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, error) {
return nil, fmt.Errorf("rules[%d] [%s] error: proxy [%s] not found", idx, line, target)
}
rule = trimArr(rule)
//rule = trimArr(rule)
params = trimArr(params)
parsed, parseErr := R.ParseRule(rule[0], payload, target, params)
parsed, parseErr := R.ParseRule(ruleName, payload, target, params)
if parseErr != nil {
return nil, fmt.Errorf("rules[%d] [%s] error: %s", idx, line, parseErr.Error())
}

View file

@ -22,7 +22,7 @@ type geoipFilter struct {
func (gf *geoipFilter) Match(ip net.IP) bool {
if multiGeoIPMatcher == nil {
countryCodeCN := gf.code
countryCode := gf.code
countryCodePrivate := "private"
geoLoader, err := geodata.GetGeoDataLoader("standard")
if err != nil {
@ -30,7 +30,7 @@ func (gf *geoipFilter) Match(ip net.IP) bool {
return false
}
recordsCN, err := geoLoader.LoadGeoIP(countryCodeCN)
recordsCN, err := geoLoader.LoadGeoIP(countryCode)
if err != nil {
log.Errorln("[GeoIPFilter] LoadGeoIP error: %s", err.Error())
return false
@ -44,7 +44,7 @@ func (gf *geoipFilter) Match(ip net.IP) bool {
geoips := []*router.GeoIP{
{
CountryCode: countryCodeCN,
CountryCode: countryCode,
Cidr: recordsCN,
ReverseMatch: false,
},

View file

@ -6,6 +6,7 @@ import (
type Match struct {
adapter string
ruleExtra *C.RuleExtra
}
func (f *Match) RuleType() C.RuleType {
@ -29,11 +30,15 @@ func (f *Match) ShouldResolveIP() bool {
}
func (f *Match) RuleExtra() *C.RuleExtra {
return nil
return f.ruleExtra
}
func NewMatch(adapter string) *Match {
func NewMatch(adapter string, ruleExtra *C.RuleExtra) *Match {
if ruleExtra.SourceIPs == nil {
ruleExtra = nil
}
return &Match{
adapter: adapter,
ruleExtra: ruleExtra,
}
}

View file

@ -41,7 +41,7 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) {
case "PROCESS-NAME":
parsed, parseErr = NewProcess(payload, target, ruleExtra)
case "MATCH":
parsed = NewMatch(target)
parsed = NewMatch(target, ruleExtra)
default:
parseErr = fmt.Errorf("unsupported rule type %s", tp)
}