Feature: add source ipcidr condition for all rules

2021-08-31 21:46:04 +08:00 · 2021-08-31 21:46:04 +08:00 · 66d9aab6cc
commit 66d9aab6cc
parent 92396fc893
14 changed files with 155 additions and 93 deletions
--- a/constant/rule.go
+++ b/constant/rule.go
@ -52,5 +52,5 @@ type Rule interface {
 	Adapter() string
 	Payload() string
 	ShouldResolveIP() bool
-	NetWork() NetWork
+	RuleExtra() *RuleExtra
 }
--- a/constant/rule_extra.go
+++ b/constant/rule_extra.go
@ -0,0 +1,25 @@
 package constant
 import "net"
 type RuleExtra struct {
 	Network   NetWork
 	SourceIPs []*net.IPNet
 }
 func (re *RuleExtra) NotMatchNetwork(network NetWork) bool {
 	return re.Network != ALLNet && re.Network != network
 }
 func (re *RuleExtra) NotMatchSourceIP(srcIP net.IP) bool {
 	if re.SourceIPs == nil {
 		return false
 	}
 	for _, ips := range re.SourceIPs {
 		if ips.Contains(srcIP) {
 			return false
 		}
 	}
 	return true
 }
--- a/rule/base.go
+++ b/rule/base.go
@ -2,6 +2,8 @@ package rules
 import (
 	"errors"
 	"net"
 	"strings"
 	C "github.com/Dreamacro/clash/constant"
 )
@ -14,6 +16,7 @@ var (
 func HasNoResolve(params []string) bool {
 	for _, p := range params {
 		p = strings.Trim(p, " ")
 		if p == noResolve {
 			return true
 		}
@ -23,6 +26,7 @@ func HasNoResolve(params []string) bool {
 func findNetwork(params []string) C.NetWork {
 	for _, p := range params {
 		p = strings.Trim(p, " ")
 		if p == "tcp" {
 			return C.TCP
 		} else if p == "udp" {
@ -31,3 +35,23 @@ func findNetwork(params []string) C.NetWork {
 	}
 	return C.ALLNet
 }
 func findSourceIPs(params []string) []*net.IPNet {
 	var ips []*net.IPNet
 	for _, p := range params {
 		p = strings.Trim(p, " ")
 		if p == noResolve || len(p) < 7 {
 			continue
 		}
 		_, ipnet, err := net.ParseCIDR(p)
 		if err != nil {
 			continue
 		}
 		ips = append(ips, ipnet)
 	}
 	if len(ips) > 0 {
 		return ips
 	}
 	return nil
 }
--- a/rule/domain.go
+++ b/rule/domain.go
@ -9,7 +9,7 @@ import (
 type Domain struct {
 	domain    string
 	adapter   string
-	network C.NetWork
+	ruleExtra *C.RuleExtra
 }
 func (d *Domain) RuleType() C.RuleType {
@ -35,14 +35,14 @@ func (d *Domain) ShouldResolveIP() bool {
 	return false
 }
-func (d *Domain) NetWork() C.NetWork {
+func (d *Domain) RuleExtra() *C.RuleExtra {
-	return d.network
+	return d.ruleExtra
 }
-func NewDomain(domain string, adapter string, network C.NetWork) *Domain {
+func NewDomain(domain string, adapter string, ruleExtra *C.RuleExtra) *Domain {
 	return &Domain{
 		domain:    strings.ToLower(domain),
 		adapter:   adapter,
-		network: network,
+		ruleExtra: ruleExtra,
 	}
 }
--- a/rule/domain_keyword.go
+++ b/rule/domain_keyword.go
@ -9,7 +9,7 @@ import (
 type DomainKeyword struct {
 	keyword   string
 	adapter   string
-	network C.NetWork
+	ruleExtra *C.RuleExtra
 }
 func (dk *DomainKeyword) RuleType() C.RuleType {
@ -36,14 +36,14 @@ func (dk *DomainKeyword) ShouldResolveIP() bool {
 	return false
 }
-func (dk *DomainKeyword) NetWork() C.NetWork {
+func (dk *DomainKeyword) RuleExtra() *C.RuleExtra {
-	return dk.network
+	return dk.ruleExtra
 }
-func NewDomainKeyword(keyword string, adapter string, network C.NetWork) *DomainKeyword {
+func NewDomainKeyword(keyword string, adapter string, ruleExtra *C.RuleExtra) *DomainKeyword {
 	return &DomainKeyword{
 		keyword:   strings.ToLower(keyword),
 		adapter:   adapter,
-		network: network,
+		ruleExtra: ruleExtra,
 	}
 }
--- a/rule/domain_suffix.go
+++ b/rule/domain_suffix.go
@ -9,7 +9,7 @@ import (
 type DomainSuffix struct {
 	suffix    string
 	adapter   string
-	network C.NetWork
+	ruleExtra *C.RuleExtra
 }
 func (ds *DomainSuffix) RuleType() C.RuleType {
@ -36,14 +36,14 @@ func (ds *DomainSuffix) ShouldResolveIP() bool {
 	return false
 }
-func (ds *DomainSuffix) NetWork() C.NetWork {
+func (ds *DomainSuffix) RuleExtra() *C.RuleExtra {
-	return ds.network
+	return ds.ruleExtra
 }
-func NewDomainSuffix(suffix string, adapter string, network C.NetWork) *DomainSuffix {
+func NewDomainSuffix(suffix string, adapter string, ruleExtra *C.RuleExtra) *DomainSuffix {
 	return &DomainSuffix{
 		suffix:    strings.ToLower(suffix),
 		adapter:   adapter,
-		network: network,
+		ruleExtra: ruleExtra,
 	}
 }
--- a/rule/final.go
+++ b/rule/final.go
@ -28,8 +28,8 @@ func (f *Match) ShouldResolveIP() bool {
 	return false
 }
-func (f *Match) NetWork() C.NetWork {
+func (f *Match) RuleExtra() *C.RuleExtra {
-	return C.ALLNet
+	return nil
 }
 func NewMatch(adapter string) *Match {
--- a/rule/geoip.go
+++ b/rule/geoip.go
@ -15,7 +15,7 @@ type GEOIP struct {
 	country      string
 	adapter      string
 	noResolveIP  bool
-	network      C.NetWork
+	ruleExtra    *C.RuleExtra
 	geoIPMatcher *router.GeoIPMatcher
 }
@ -43,11 +43,11 @@ func (g *GEOIP) ShouldResolveIP() bool {
 	return !g.noResolveIP
 }
-func (g *GEOIP) NetWork() C.NetWork {
+func (g *GEOIP) RuleExtra() *C.RuleExtra {
-	return g.network
+	return g.ruleExtra
 }
-func NewGEOIP(country string, adapter string, noResolveIP bool, network C.NetWork) (*GEOIP, error) {
+func NewGEOIP(country string, adapter string, noResolveIP bool, ruleExtra *C.RuleExtra) (*GEOIP, error) {
 	geoLoaderName := "standard"
 	//geoLoaderName := "memconservative"
 	geoLoader, err := geodata.GetGeoDataLoader(geoLoaderName)
@ -78,7 +78,7 @@ func NewGEOIP(country string, adapter string, noResolveIP bool, network C.NetWor
 		country:      country,
 		adapter:      adapter,
 		noResolveIP:  noResolveIP,
-		network:      network,
+		ruleExtra:    ruleExtra,
 		geoIPMatcher: geoIPMatcher,
 	}
--- a/rule/geosite.go
+++ b/rule/geosite.go
@ -14,7 +14,7 @@ import (
 type GEOSITE struct {
 	country   string
 	adapter   string
-	network C.NetWork
+	ruleExtra *C.RuleExtra
 	matcher   *router.DomainMatcher
 }
@ -43,11 +43,11 @@ func (gs *GEOSITE) ShouldResolveIP() bool {
 	return false
 }
-func (gs *GEOSITE) NetWork() C.NetWork {
+func (gs *GEOSITE) RuleExtra() *C.RuleExtra {
-	return gs.network
+	return gs.ruleExtra
 }
-func NewGEOSITE(country string, adapter string, network C.NetWork) (*GEOSITE, error) {
+func NewGEOSITE(country string, adapter string, ruleExtra *C.RuleExtra) (*GEOSITE, error) {
 	geoLoaderName := "standard"
 	//geoLoaderName := "memconservative"
 	geoLoader, err := geodata.GetGeoDataLoader(geoLoaderName)
@ -74,7 +74,7 @@ func NewGEOSITE(country string, adapter string, network C.NetWork) (*GEOSITE, er
 	geoSite := &GEOSITE{
 		country:   country,
 		adapter:   adapter,
-		network: network,
+		ruleExtra: ruleExtra,
 		matcher:   matcher,
 	}
--- a/rule/ipcidr.go
+++ b/rule/ipcidr.go
@ -23,7 +23,7 @@ func WithIPCIDRNoResolve(noResolve bool) IPCIDROption {
 type IPCIDR struct {
 	ipnet       *net.IPNet
 	adapter     string
-	network     C.NetWork
+	ruleExtra   *C.RuleExtra
 	isSourceIP  bool
 	noResolveIP bool
 }
@ -55,20 +55,20 @@ func (i *IPCIDR) ShouldResolveIP() bool {
 	return !i.noResolveIP
 }
-func (i *IPCIDR) NetWork() C.NetWork {
+func (i *IPCIDR) RuleExtra() *C.RuleExtra {
-	return i.network
+	return i.ruleExtra
 }
-func NewIPCIDR(s string, adapter string, network C.NetWork, opts ...IPCIDROption) (*IPCIDR, error) {
+func NewIPCIDR(s string, adapter string, ruleExtra *C.RuleExtra, opts ...IPCIDROption) (*IPCIDR, error) {
 	_, ipnet, err := net.ParseCIDR(s)
 	if err != nil {
 		return nil, errPayload
 	}
-
+	ruleExtra.SourceIPs = nil
 	ipcidr := &IPCIDR{
 		ipnet:     ipnet,
 		adapter:   adapter,
-		network: network,
+		ruleExtra: ruleExtra,
 	}
 	for _, o := range opts {
--- a/rule/parser.go
+++ b/rule/parser.go
@ -10,32 +10,36 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) {
 	var (
 		parseErr error
 		parsed   C.Rule
 		network  = findNetwork(params)
 	)
 	ruleExtra := &C.RuleExtra{
 		Network:   findNetwork(params),
 		SourceIPs: findSourceIPs(params),
 	}
 	switch tp {
 	case "DOMAIN":
-		parsed = NewDomain(payload, target, network)
+		parsed = NewDomain(payload, target, ruleExtra)
 	case "DOMAIN-SUFFIX":
-		parsed = NewDomainSuffix(payload, target, network)
+		parsed = NewDomainSuffix(payload, target, ruleExtra)
 	case "DOMAIN-KEYWORD":
-		parsed = NewDomainKeyword(payload, target, network)
+		parsed = NewDomainKeyword(payload, target, ruleExtra)
 	case "GEOSITE":
-		parsed, parseErr = NewGEOSITE(payload, target, network)
+		parsed, parseErr = NewGEOSITE(payload, target, ruleExtra)
 	case "GEOIP":
 		noResolve := HasNoResolve(params)
-		parsed, parseErr = NewGEOIP(payload, target, noResolve, network)
+		parsed, parseErr = NewGEOIP(payload, target, noResolve, ruleExtra)
 	case "IP-CIDR", "IP-CIDR6":
 		noResolve := HasNoResolve(params)
-		parsed, parseErr = NewIPCIDR(payload, target, network, WithIPCIDRNoResolve(noResolve))
+		parsed, parseErr = NewIPCIDR(payload, target, ruleExtra, WithIPCIDRNoResolve(noResolve))
 	case "SRC-IP-CIDR":
-		parsed, parseErr = NewIPCIDR(payload, target, network, WithIPCIDRSourceIP(true), WithIPCIDRNoResolve(true))
+		parsed, parseErr = NewIPCIDR(payload, target, ruleExtra, WithIPCIDRSourceIP(true), WithIPCIDRNoResolve(true))
 	case "SRC-PORT":
-		parsed, parseErr = NewPort(payload, target, true, network)
+		parsed, parseErr = NewPort(payload, target, true, ruleExtra)
 	case "DST-PORT":
-		parsed, parseErr = NewPort(payload, target, false, network)
+		parsed, parseErr = NewPort(payload, target, false, ruleExtra)
 	case "PROCESS-NAME":
-		parsed, parseErr = NewProcess(payload, target, network)
+		parsed, parseErr = NewProcess(payload, target, ruleExtra)
 	case "MATCH":
 		parsed = NewMatch(target)
 	default:
--- a/rule/port.go
+++ b/rule/port.go
@ -18,7 +18,7 @@ type Port struct {
 	port      string
 	isSource  bool
 	portList  []portReal
-	network  C.NetWork
+	ruleExtra *C.RuleExtra
 }
 func (p *Port) RuleType() C.RuleType {
@ -47,8 +47,8 @@ func (p *Port) ShouldResolveIP() bool {
 	return false
 }
-func (p *Port) NetWork() C.NetWork {
+func (p *Port) RuleExtra() *C.RuleExtra {
-	return p.network
+	return p.ruleExtra
 }
 func (p *Port) matchPortReal(portRef string) bool {
@ -67,7 +67,7 @@ func (p *Port) matchPortReal(portRef string) bool {
 	return false
 }
-func NewPort(port string, adapter string, isSource bool, network C.NetWork) (*Port, error) {
+func NewPort(port string, adapter string, isSource bool, ruleExtra *C.RuleExtra) (*Port, error) {
 	//the port format should be like this: "123/136/137-139" or "[123]/[136-139]"
 	ports := strings.Split(port, "/")
 	if len(ports) > 28 {
@ -118,6 +118,6 @@ func NewPort(port string, adapter string, isSource bool, network C.NetWork) (*Po
 		port:      port,
 		isSource:  isSource,
 		portList:  portList,
-		network:  network,
+		ruleExtra: ruleExtra,
 	}, nil
 }
--- a/rule/process.go
+++ b/rule/process.go
@ -16,7 +16,7 @@ var processCache = cache.NewLRUCache(cache.WithAge(2), cache.WithSize(64))
 type Process struct {
 	adapter   string
 	process   string
-	network C.NetWork
+	ruleExtra *C.RuleExtra
 }
 func (ps *Process) RuleType() C.RuleType {
@ -71,14 +71,14 @@ func (ps *Process) ShouldResolveIP() bool {
 	return false
 }
-func (ps *Process) NetWork() C.NetWork {
+func (ps *Process) RuleExtra() *C.RuleExtra {
-	return ps.network
+	return ps.ruleExtra
 }
-func NewProcess(process string, adapter string, network C.NetWork) (*Process, error) {
+func NewProcess(process string, adapter string, ruleExtra *C.RuleExtra) (*Process, error) {
 	return &Process{
 		adapter:   adapter,
 		process:   process,
-		network: network,
+		ruleExtra: ruleExtra,
 	}, nil
 }
--- a/tunnel/tunnel.go
+++ b/tunnel/tunnel.go
@ -33,7 +33,7 @@ var (
 	// default timeout for UDP session
 	udpTimeout = 60 * time.Second
-	preProcessCacheFinder, _ = R.NewProcess("", "", C.ALLNet)
+	preProcessCacheFinder, _ = R.NewProcess("", "", nil)
 	tunBroadcastAddr = net.IPv4(198, 18, 255, 255)
 )
@ -235,7 +235,7 @@ func handleUDPConn(packet *inbound.PacketAdapter) {
 		switch true {
 		case rule != nil:
-			log.Infoln("[UDP] %s(%s) --> %s:%s match %s(%s) %s using %s", metadata.SourceAddress(), metadata.Process, metadata.RemoteAddress(), metadata.DstPort, rule.RuleType().String(), rule.Payload(), rule.NetWork().String(), rawPc.Chains().String())
+			log.Infoln("[UDP] %s(%s) --> %s:%s match %s(%s) using %s", metadata.SourceAddress(), metadata.Process, metadata.RemoteAddress(), metadata.DstPort, rule.RuleType().String(), rule.Payload(), rawPc.Chains().String())
 		case mode == Global:
 			log.Infoln("[UDP] %s(%s) --> %s using GLOBAL", metadata.SourceAddress(), metadata.Process, metadata.RemoteAddress())
 		case mode == Direct:
@ -285,7 +285,7 @@ func handleTCPConn(ctx C.ConnContext) {
 	switch true {
 	case rule != nil:
-		log.Infoln("[TCP] %s(%s) --> %s:%s match %s(%s) %s using %s", metadata.SourceAddress(), metadata.Process, metadata.RemoteAddress(), metadata.DstPort, rule.RuleType().String(), rule.Payload(), rule.NetWork().String(), remoteConn.Chains().String())
+		log.Infoln("[TCP] %s(%s) --> %s:%s match %s(%s) using %s", metadata.SourceAddress(), metadata.Process, metadata.RemoteAddress(), metadata.DstPort, rule.RuleType().String(), rule.Payload(), remoteConn.Chains().String())
 	case mode == Global:
 		log.Infoln("[TCP] %s(%s) --> %s using GLOBAL", metadata.SourceAddress(), metadata.Process, metadata.RemoteAddress())
 	case mode == Direct:
@ -339,12 +339,21 @@ func match(metadata *C.Metadata) (C.Proxy, C.Rule, error) {
 				continue
 			}
-			if rule.NetWork() != C.ALLNet && rule.NetWork() != metadata.NetWork {
+			extra := rule.RuleExtra()
 			if extra != nil {
 				if extra.NotMatchNetwork(metadata.NetWork) {
 					continue
 				}
 				if extra.NotMatchSourceIP(metadata.SrcIP) {
 					continue
 				}
 			}
 			return adapter, rule, nil
 		}
 	}
-	return proxies["DIRECT"], nil, nil
+	//return proxies["DIRECT"], nil, nil
 	return proxies["REJECT"], nil, nil
 }