diff --git a/component/sniffer/dispatcher.go b/component/sniffer/dispatcher.go index aca77842..cfcc58fb 100644 --- a/component/sniffer/dispatcher.go +++ b/component/sniffer/dispatcher.go @@ -117,13 +117,13 @@ func (sd *SnifferDispatcher) sniffDomain(conn *CN.BufferedConn, metadata *C.Meta host, err := sniffer.SniffTCP(bytes) if err != nil { - log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP) + //log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP) continue } _, err = netip.ParseAddr(host) if err == nil { - log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP) + //log.Debugln("[Sniffer] [%s] Sniff data failed %s", sniffer.Protocol(), metadata.DstIP) continue } diff --git a/rule/logic/common.go b/rule/logic/common.go index 75e3c319..1f9a56c1 100644 --- a/rule/logic/common.go +++ b/rule/logic/common.go @@ -102,7 +102,8 @@ func parseRule(tp, payload string, params []string) (C.Rule, error) { case "PROCESS-PATH": parsed, parseErr = RC.NewProcess(payload, "", false) case "RULE-SET": - parsed, parseErr = provider.NewRuleSet(payload, "") + noResolve := RC.HasNoResolve(params) + parsed, parseErr = provider.NewRuleSet(payload, "", noResolve) case "NOT": parsed, parseErr = NewNOT(payload, "") case "AND": diff --git a/rule/parser.go b/rule/parser.go index 05595c10..e1d27371 100644 --- a/rule/parser.go +++ b/rule/parser.go @@ -50,7 +50,8 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) { case "NOT": parsed, parseErr = logic.NewNOT(payload, target) case "RULE-SET": - parsed, parseErr = RP.NewRuleSet(payload, target) + noResolve := RC.HasNoResolve(params) + parsed, parseErr = RP.NewRuleSet(payload, target, noResolve) case "MATCH": parsed = RC.NewMatch(target) default: diff --git a/rule/provider/classical_strategy.go b/rule/provider/classical_strategy.go index 1c2cba4f..4ce69389 100644 --- a/rule/provider/classical_strategy.go +++ b/rule/provider/classical_strategy.go @@ -30,26 +30,20 @@ func (c *classicalStrategy) ShouldResolveIP() bool { } func (c *classicalStrategy) OnUpdate(rules []string) { - var classicalRules []C.Rule - shouldResolveIP := false - count := 0 for _, rawRule := range rules { ruleType, rule, params := ruleParse(rawRule) r, err := parseRule(ruleType, rule, "", params) if err != nil { log.Warnln("parse rule error:[%s]", err.Error()) } else { - if !shouldResolveIP { - shouldResolveIP = shouldResolveIP || r.ShouldResolveIP() + if !c.shouldResolveIP { + c.shouldResolveIP = r.ShouldResolveIP() } - classicalRules = append(classicalRules, r) - count++ + c.rules = append(c.rules, r) + c.count++ } } - - c.rules = classicalRules - c.count = count } func NewClassicalStrategy() *classicalStrategy { diff --git a/rule/provider/domain_strategy.go b/rule/provider/domain_strategy.go index 81979658..d78bb44c 100644 --- a/rule/provider/domain_strategy.go +++ b/rule/provider/domain_strategy.go @@ -8,9 +8,8 @@ import ( ) type domainStrategy struct { - shouldResolveIP bool - count int - domainRules *trie.DomainTrie[bool] + count int + domainRules *trie.DomainTrie[bool] } func (d *domainStrategy) Match(metadata *C.Metadata) bool { @@ -22,7 +21,7 @@ func (d *domainStrategy) Count() int { } func (d *domainStrategy) ShouldResolveIP() bool { - return d.shouldResolveIP + return false } func (d *domainStrategy) OnUpdate(rules []string) { @@ -55,5 +54,5 @@ func ruleParse(ruleRaw string) (string, string, []string) { } func NewDomainStrategy() *domainStrategy { - return &domainStrategy{shouldResolveIP: false} + return &domainStrategy{} } diff --git a/rule/provider/rule_set.go b/rule/provider/rule_set.go index d5f0a7c9..5d0cb67a 100644 --- a/rule/provider/rule_set.go +++ b/rule/provider/rule_set.go @@ -12,6 +12,7 @@ type RuleSet struct { ruleProviderName string adapter string ruleProvider P.RuleProvider + noResolveIP bool } func (rs *RuleSet) ShouldFindProcess() bool { @@ -35,7 +36,7 @@ func (rs *RuleSet) Payload() string { } func (rs *RuleSet) ShouldResolveIP() bool { - return rs.getProviders().ShouldResolveIP() + return !rs.noResolveIP && rs.getProviders().ShouldResolveIP() } func (rs *RuleSet) getProviders() P.RuleProvider { if rs.ruleProvider == nil { @@ -46,7 +47,7 @@ func (rs *RuleSet) getProviders() P.RuleProvider { return rs.ruleProvider } -func NewRuleSet(ruleProviderName string, adapter string) (*RuleSet, error) { +func NewRuleSet(ruleProviderName string, adapter string, noResolveIP bool) (*RuleSet, error) { rp, ok := RuleProviders()[ruleProviderName] if !ok { return nil, fmt.Errorf("rule set %s not found", ruleProviderName) @@ -56,5 +57,6 @@ func NewRuleSet(ruleProviderName string, adapter string) (*RuleSet, error) { ruleProviderName: ruleProviderName, adapter: adapter, ruleProvider: rp, + noResolveIP: noResolveIP, }, nil }