Feature: add source ipcidr condition to rule final
This commit is contained in:
parent
fb836fe441
commit
b904ca0bcc
4 changed files with 25 additions and 13 deletions
|
@ -404,15 +404,22 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, error) {
|
||||||
for idx, line := range rulesConfig {
|
for idx, line := range rulesConfig {
|
||||||
rule := trimArr(strings.Split(line, ","))
|
rule := trimArr(strings.Split(line, ","))
|
||||||
var (
|
var (
|
||||||
payload string
|
payload string
|
||||||
target string
|
target string
|
||||||
params = []string{}
|
params = []string{}
|
||||||
|
ruleName = strings.ToUpper(rule[0])
|
||||||
)
|
)
|
||||||
|
|
||||||
switch l := len(rule); {
|
switch l := len(rule); {
|
||||||
case l == 2:
|
case l == 2:
|
||||||
target = rule[1]
|
target = rule[1]
|
||||||
case l == 3:
|
case l == 3:
|
||||||
|
if ruleName == "MATCH" {
|
||||||
|
payload = ""
|
||||||
|
target = rule[1]
|
||||||
|
params = rule[2:]
|
||||||
|
break
|
||||||
|
}
|
||||||
payload = rule[1]
|
payload = rule[1]
|
||||||
target = rule[2]
|
target = rule[2]
|
||||||
case l >= 4:
|
case l >= 4:
|
||||||
|
@ -427,10 +434,10 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, error) {
|
||||||
return nil, fmt.Errorf("rules[%d] [%s] error: proxy [%s] not found", idx, line, target)
|
return nil, fmt.Errorf("rules[%d] [%s] error: proxy [%s] not found", idx, line, target)
|
||||||
}
|
}
|
||||||
|
|
||||||
rule = trimArr(rule)
|
//rule = trimArr(rule)
|
||||||
params = trimArr(params)
|
params = trimArr(params)
|
||||||
|
|
||||||
parsed, parseErr := R.ParseRule(rule[0], payload, target, params)
|
parsed, parseErr := R.ParseRule(ruleName, payload, target, params)
|
||||||
if parseErr != nil {
|
if parseErr != nil {
|
||||||
return nil, fmt.Errorf("rules[%d] [%s] error: %s", idx, line, parseErr.Error())
|
return nil, fmt.Errorf("rules[%d] [%s] error: %s", idx, line, parseErr.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,7 +22,7 @@ type geoipFilter struct {
|
||||||
|
|
||||||
func (gf *geoipFilter) Match(ip net.IP) bool {
|
func (gf *geoipFilter) Match(ip net.IP) bool {
|
||||||
if multiGeoIPMatcher == nil {
|
if multiGeoIPMatcher == nil {
|
||||||
countryCodeCN := gf.code
|
countryCode := gf.code
|
||||||
countryCodePrivate := "private"
|
countryCodePrivate := "private"
|
||||||
geoLoader, err := geodata.GetGeoDataLoader("standard")
|
geoLoader, err := geodata.GetGeoDataLoader("standard")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -30,7 +30,7 @@ func (gf *geoipFilter) Match(ip net.IP) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
recordsCN, err := geoLoader.LoadGeoIP(countryCodeCN)
|
recordsCN, err := geoLoader.LoadGeoIP(countryCode)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorln("[GeoIPFilter] LoadGeoIP error: %s", err.Error())
|
log.Errorln("[GeoIPFilter] LoadGeoIP error: %s", err.Error())
|
||||||
return false
|
return false
|
||||||
|
@ -44,7 +44,7 @@ func (gf *geoipFilter) Match(ip net.IP) bool {
|
||||||
|
|
||||||
geoips := []*router.GeoIP{
|
geoips := []*router.GeoIP{
|
||||||
{
|
{
|
||||||
CountryCode: countryCodeCN,
|
CountryCode: countryCode,
|
||||||
Cidr: recordsCN,
|
Cidr: recordsCN,
|
||||||
ReverseMatch: false,
|
ReverseMatch: false,
|
||||||
},
|
},
|
||||||
|
|
|
@ -5,7 +5,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type Match struct {
|
type Match struct {
|
||||||
adapter string
|
adapter string
|
||||||
|
ruleExtra *C.RuleExtra
|
||||||
}
|
}
|
||||||
|
|
||||||
func (f *Match) RuleType() C.RuleType {
|
func (f *Match) RuleType() C.RuleType {
|
||||||
|
@ -29,11 +30,15 @@ func (f *Match) ShouldResolveIP() bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (f *Match) RuleExtra() *C.RuleExtra {
|
func (f *Match) RuleExtra() *C.RuleExtra {
|
||||||
return nil
|
return f.ruleExtra
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewMatch(adapter string) *Match {
|
func NewMatch(adapter string, ruleExtra *C.RuleExtra) *Match {
|
||||||
|
if ruleExtra.SourceIPs == nil {
|
||||||
|
ruleExtra = nil
|
||||||
|
}
|
||||||
return &Match{
|
return &Match{
|
||||||
adapter: adapter,
|
adapter: adapter,
|
||||||
|
ruleExtra: ruleExtra,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,7 +41,7 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) {
|
||||||
case "PROCESS-NAME":
|
case "PROCESS-NAME":
|
||||||
parsed, parseErr = NewProcess(payload, target, ruleExtra)
|
parsed, parseErr = NewProcess(payload, target, ruleExtra)
|
||||||
case "MATCH":
|
case "MATCH":
|
||||||
parsed = NewMatch(target)
|
parsed = NewMatch(target, ruleExtra)
|
||||||
default:
|
default:
|
||||||
parseErr = fmt.Errorf("unsupported rule type %s", tp)
|
parseErr = fmt.Errorf("unsupported rule type %s", tp)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue