feat: support sub-rule, eg.
rules:
- SUB-RULE,(AND,((NETWORK,TCP),(DOMAIN-KEYWORD,google))),TEST2
- SUB-RULE,(GEOIP,!CN),TEST1
- MATCH,DIRECT
sub-rules:
TEST2:
- MATCH,Proxy
TEST1:
- RULE-SET,Local,DIRECT,no-resolve
- GEOSITE,CN,Domestic
- GEOIP,CN,Domestic
- MATCH,Proxy
This commit is contained in:
adlyq
@ -5,7 +5,7 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
errPayload = errors.New("payload error")
|
||||
errPayload = errors.New("payloadRule error")
|
||||
initFlag bool
|
||||
noResolve = "no-resolve"
|
||||
)
|
||||
|
||||
@ -18,11 +18,11 @@ func (d *Domain) RuleType() C.RuleType {
|
||||
return C.Domain
|
||||
}
|
||||
|
||||
func (d *Domain) Match(metadata *C.Metadata) bool {
|
||||
func (d *Domain) Match(metadata *C.Metadata) (bool, string) {
|
||||
if metadata.AddrType != C.AtypDomainName {
|
||||
return false
|
||||
return false, ""
|
||||
}
|
||||
return metadata.Host == d.domain
|
||||
return metadata.Host == d.domain, d.adapter
|
||||
}
|
||||
|
||||
func (d *Domain) Adapter() string {
|
||||
@ -47,4 +47,4 @@ func NewDomain(domain string, adapter string) *Domain {
|
||||
}
|
||||
}
|
||||
|
||||
var _ C.Rule = (*Domain)(nil)
|
||||
//var _ C.Rule = (*Domain)(nil)
|
||||
|
||||
@ -18,12 +18,12 @@ func (dk *DomainKeyword) RuleType() C.RuleType {
|
||||
return C.DomainKeyword
|
||||
}
|
||||
|
||||
func (dk *DomainKeyword) Match(metadata *C.Metadata) bool {
|
||||
func (dk *DomainKeyword) Match(metadata *C.Metadata) (bool, string) {
|
||||
if metadata.AddrType != C.AtypDomainName {
|
||||
return false
|
||||
return false, ""
|
||||
}
|
||||
domain := metadata.Host
|
||||
return strings.Contains(domain, dk.keyword)
|
||||
return strings.Contains(domain, dk.keyword), dk.adapter
|
||||
}
|
||||
|
||||
func (dk *DomainKeyword) Adapter() string {
|
||||
@ -48,4 +48,4 @@ func NewDomainKeyword(keyword string, adapter string) *DomainKeyword {
|
||||
}
|
||||
}
|
||||
|
||||
var _ C.Rule = (*DomainKeyword)(nil)
|
||||
//var _ C.Rule = (*DomainKeyword)(nil)
|
||||
|
||||
@ -18,12 +18,12 @@ func (ds *DomainSuffix) RuleType() C.RuleType {
|
||||
return C.DomainSuffix
|
||||
}
|
||||
|
||||
func (ds *DomainSuffix) Match(metadata *C.Metadata) bool {
|
||||
func (ds *DomainSuffix) Match(metadata *C.Metadata) (bool, string) {
|
||||
if metadata.AddrType != C.AtypDomainName {
|
||||
return false
|
||||
return false, ""
|
||||
}
|
||||
domain := metadata.Host
|
||||
return strings.HasSuffix(domain, "."+ds.suffix) || domain == ds.suffix
|
||||
return strings.HasSuffix(domain, "."+ds.suffix) || domain == ds.suffix, ds.adapter
|
||||
}
|
||||
|
||||
func (ds *DomainSuffix) Adapter() string {
|
||||
@ -48,4 +48,4 @@ func NewDomainSuffix(suffix string, adapter string) *DomainSuffix {
|
||||
}
|
||||
}
|
||||
|
||||
var _ C.Rule = (*DomainSuffix)(nil)
|
||||
//var _ C.Rule = (*DomainSuffix)(nil)
|
||||
|
||||
@ -13,8 +13,8 @@ func (f *Match) RuleType() C.RuleType {
|
||||
return C.MATCH
|
||||
}
|
||||
|
||||
func (f *Match) Match(metadata *C.Metadata) bool {
|
||||
return true
|
||||
func (f *Match) Match(metadata *C.Metadata) (bool, string) {
|
||||
return true, f.adapter
|
||||
}
|
||||
|
||||
func (f *Match) Adapter() string {
|
||||
@ -32,4 +32,4 @@ func NewMatch(adapter string) *Match {
|
||||
}
|
||||
}
|
||||
|
||||
var _ C.Rule = (*Match)(nil)
|
||||
//var _ C.Rule = (*Match)(nil)
|
||||
|
||||
@ -25,10 +25,10 @@ func (g *GEOIP) RuleType() C.RuleType {
|
||||
return C.GEOIP
|
||||
}
|
||||
|
||||
func (g *GEOIP) Match(metadata *C.Metadata) bool {
|
||||
func (g *GEOIP) Match(metadata *C.Metadata) (bool, string) {
|
||||
ip := metadata.DstIP
|
||||
if !ip.IsValid() {
|
||||
return false
|
||||
return false, ""
|
||||
}
|
||||
|
||||
if strings.EqualFold(g.country, "LAN") {
|
||||
@ -37,13 +37,13 @@ func (g *GEOIP) Match(metadata *C.Metadata) bool {
|
||||
ip.IsLoopback() ||
|
||||
ip.IsMulticast() ||
|
||||
ip.IsLinkLocalUnicast() ||
|
||||
resolver.IsFakeBroadcastIP(ip)
|
||||
resolver.IsFakeBroadcastIP(ip), g.adapter
|
||||
}
|
||||
if !C.GeodataMode {
|
||||
record, _ := mmdb.Instance().Country(ip.AsSlice())
|
||||
return strings.EqualFold(record.Country.IsoCode, g.country)
|
||||
return strings.EqualFold(record.Country.IsoCode, g.country), g.adapter
|
||||
}
|
||||
return g.geoIPMatcher.Match(ip.AsSlice())
|
||||
return g.geoIPMatcher.Match(ip.AsSlice()), g.adapter
|
||||
}
|
||||
|
||||
func (g *GEOIP) Adapter() string {
|
||||
@ -98,4 +98,4 @@ func NewGEOIP(country string, adapter string, noResolveIP bool) (*GEOIP, error)
|
||||
return geoip, nil
|
||||
}
|
||||
|
||||
var _ C.Rule = (*GEOIP)(nil)
|
||||
//var _ C.Rule = (*GEOIP)(nil)
|
||||
|
||||
@ -23,13 +23,13 @@ func (gs *GEOSITE) RuleType() C.RuleType {
|
||||
return C.GEOSITE
|
||||
}
|
||||
|
||||
func (gs *GEOSITE) Match(metadata *C.Metadata) bool {
|
||||
func (gs *GEOSITE) Match(metadata *C.Metadata) (bool, string) {
|
||||
if metadata.AddrType != C.AtypDomainName {
|
||||
return false
|
||||
return false, ""
|
||||
}
|
||||
|
||||
domain := metadata.Host
|
||||
return gs.matcher.ApplyDomain(domain)
|
||||
return gs.matcher.ApplyDomain(domain), gs.adapter
|
||||
}
|
||||
|
||||
func (gs *GEOSITE) Adapter() string {
|
||||
@ -75,4 +75,4 @@ func NewGEOSITE(country string, adapter string) (*GEOSITE, error) {
|
||||
return geoSite, nil
|
||||
}
|
||||
|
||||
var _ C.Rule = (*GEOSITE)(nil)
|
||||
//var _ C.Rule = (*GEOSITE)(nil)
|
||||
|
||||
@ -13,13 +13,13 @@ type InType struct {
|
||||
payload string
|
||||
}
|
||||
|
||||
func (u *InType) Match(metadata *C.Metadata) bool {
|
||||
func (u *InType) Match(metadata *C.Metadata) (bool, string) {
|
||||
for _, tp := range u.types {
|
||||
if metadata.Type == tp {
|
||||
return true
|
||||
return true, u.adapter
|
||||
}
|
||||
}
|
||||
return false
|
||||
return false, ""
|
||||
}
|
||||
|
||||
func (u *InType) RuleType() C.RuleType {
|
||||
|
||||
@ -35,12 +35,12 @@ func (i *IPCIDR) RuleType() C.RuleType {
|
||||
return C.IPCIDR
|
||||
}
|
||||
|
||||
func (i *IPCIDR) Match(metadata *C.Metadata) bool {
|
||||
func (i *IPCIDR) Match(metadata *C.Metadata) (bool, string) {
|
||||
ip := metadata.DstIP
|
||||
if i.isSourceIP {
|
||||
ip = metadata.SrcIP
|
||||
}
|
||||
return ip.IsValid() && i.ipnet.Contains(ip)
|
||||
return ip.IsValid() && i.ipnet.Contains(ip), i.adapter
|
||||
}
|
||||
|
||||
func (i *IPCIDR) Adapter() string {
|
||||
@ -74,4 +74,4 @@ func NewIPCIDR(s string, adapter string, opts ...IPCIDROption) (*IPCIDR, error)
|
||||
return ipcidr, nil
|
||||
}
|
||||
|
||||
var _ C.Rule = (*IPCIDR)(nil)
|
||||
//var _ C.Rule = (*IPCIDR)(nil)
|
||||
|
||||
@ -22,7 +22,7 @@ func (is *IPSuffix) RuleType() C.RuleType {
|
||||
return C.IPSuffix
|
||||
}
|
||||
|
||||
func (is *IPSuffix) Match(metadata *C.Metadata) bool {
|
||||
func (is *IPSuffix) Match(metadata *C.Metadata) (bool, string) {
|
||||
ip := metadata.DstIP
|
||||
if is.isSourceIP {
|
||||
ip = metadata.SrcIP
|
||||
@ -30,7 +30,7 @@ func (is *IPSuffix) Match(metadata *C.Metadata) bool {
|
||||
|
||||
mIPBytes := ip.AsSlice()
|
||||
if len(is.ipBytes) != len(mIPBytes) {
|
||||
return false
|
||||
return false, ""
|
||||
}
|
||||
|
||||
size := len(mIPBytes)
|
||||
@ -38,15 +38,15 @@ func (is *IPSuffix) Match(metadata *C.Metadata) bool {
|
||||
|
||||
for i := bits / 8; i > 0; i-- {
|
||||
if is.ipBytes[size-i] != mIPBytes[size-i] {
|
||||
return false
|
||||
return false, ""
|
||||
}
|
||||
}
|
||||
|
||||
if (is.ipBytes[size-bits/8-1] << (8 - bits%8)) != (mIPBytes[size-bits/8-1] << (8 - bits%8)) {
|
||||
return false
|
||||
return false, ""
|
||||
}
|
||||
|
||||
return true
|
||||
return true, is.adapter
|
||||
}
|
||||
|
||||
func (is *IPSuffix) Adapter() string {
|
||||
|
||||
@ -36,8 +36,8 @@ func (n *NetworkType) RuleType() C.RuleType {
|
||||
return C.Network
|
||||
}
|
||||
|
||||
func (n *NetworkType) Match(metadata *C.Metadata) bool {
|
||||
return n.network == metadata.NetWork
|
||||
func (n *NetworkType) Match(metadata *C.Metadata) (bool, string) {
|
||||
return n.network == metadata.NetWork, n.adapter
|
||||
}
|
||||
|
||||
func (n *NetworkType) Adapter() string {
|
||||
|
||||
@ -24,11 +24,11 @@ func (p *Port) RuleType() C.RuleType {
|
||||
return C.DstPort
|
||||
}
|
||||
|
||||
func (p *Port) Match(metadata *C.Metadata) bool {
|
||||
func (p *Port) Match(metadata *C.Metadata) (bool, string) {
|
||||
if p.isSource {
|
||||
return p.matchPortReal(metadata.SrcPort)
|
||||
return p.matchPortReal(metadata.SrcPort), p.adapter
|
||||
}
|
||||
return p.matchPortReal(metadata.DstPort)
|
||||
return p.matchPortReal(metadata.DstPort), p.adapter
|
||||
}
|
||||
|
||||
func (p *Port) Adapter() string {
|
||||
|
||||
@ -17,12 +17,12 @@ func (ps *Process) RuleType() C.RuleType {
|
||||
return C.Process
|
||||
}
|
||||
|
||||
func (ps *Process) Match(metadata *C.Metadata) bool {
|
||||
func (ps *Process) Match(metadata *C.Metadata) (bool, string) {
|
||||
if ps.nameOnly {
|
||||
return strings.EqualFold(metadata.Process, ps.process)
|
||||
return strings.EqualFold(metadata.Process, ps.process), ps.adapter
|
||||
}
|
||||
|
||||
return strings.EqualFold(metadata.ProcessPath, ps.process)
|
||||
return strings.EqualFold(metadata.ProcessPath, ps.process), ps.adapter
|
||||
}
|
||||
|
||||
func (ps *Process) Adapter() string {
|
||||
|
||||
@ -71,10 +71,10 @@ func (u *Uid) RuleType() C.RuleType {
|
||||
return C.Uid
|
||||
}
|
||||
|
||||
func (u *Uid) Match(metadata *C.Metadata) bool {
|
||||
func (u *Uid) Match(metadata *C.Metadata) (bool, string) {
|
||||
srcPort, err := strconv.ParseUint(metadata.SrcPort, 10, 16)
|
||||
if err != nil {
|
||||
return false
|
||||
return false, ""
|
||||
}
|
||||
var uid int32
|
||||
if metadata.Uid != nil {
|
||||
@ -83,15 +83,15 @@ func (u *Uid) Match(metadata *C.Metadata) bool {
|
||||
metadata.Uid = &uid
|
||||
} else {
|
||||
log.Warnln("[UID] could not get uid from %s", metadata.String())
|
||||
return false
|
||||
return false, ""
|
||||
}
|
||||
|
||||
for _, _uid := range u.uids {
|
||||
if _uid.Contains(uid) {
|
||||
return true
|
||||
return true, u.adapter
|
||||
}
|
||||
}
|
||||
return false
|
||||
return false, ""
|
||||
}
|
||||
|
||||
func (u *Uid) Adapter() string {
|
||||
|
||||
Reference in New Issue
Block a user