From 392c4be55bc5d6d96379be144017c7aa74930da8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Thu, 30 Nov 2023 21:28:00 +0800 Subject: [PATCH] Fix rule-set matching logic --- adapter/inbound.go | 7 ++++ route/rule_abstract.go | 89 +++++++++++++++++++++--------------------- 2 files changed, 52 insertions(+), 44 deletions(-) diff --git a/adapter/inbound.go b/adapter/inbound.go index 30dec9d1..ad063628 100644 --- a/adapter/inbound.go +++ b/adapter/inbound.go @@ -49,6 +49,13 @@ type InboundContext struct { FakeIP bool IPCIDRMatchSource bool + // rule merge + + SourceAddressMatch bool + SourcePortMatch bool + DestinationAddressMatch bool + DestinationPortMatch bool + // dns cache QueryType uint16 diff --git a/route/rule_abstract.go b/route/rule_abstract.go index 312caaee..997dd60a 100644 --- a/route/rule_abstract.go +++ b/route/rule_abstract.go @@ -17,6 +17,7 @@ type abstractDefaultRule struct { destinationAddressItems []RuleItem destinationPortItems []RuleItem allItems []RuleItem + ruleSetItem RuleItem invert bool outbound string } @@ -62,62 +63,62 @@ func (r *abstractDefaultRule) Match(metadata *adapter.InboundContext) bool { return true } + if len(r.sourceAddressItems) > 0 && !metadata.SourceAddressMatch { + for _, item := range r.sourceAddressItems { + if item.Match(metadata) { + metadata.SourceAddressMatch = true + break + } + } + } + + if len(r.sourcePortItems) > 0 && !metadata.SourceAddressMatch { + for _, item := range r.sourcePortItems { + if item.Match(metadata) { + metadata.SourcePortMatch = true + break + } + } + } + + if len(r.destinationAddressItems) > 0 && !metadata.SourceAddressMatch { + for _, item := range r.destinationAddressItems { + if item.Match(metadata) { + metadata.DestinationAddressMatch = true + break + } + } + } + + if len(r.destinationPortItems) > 0 && !metadata.SourceAddressMatch { + for _, item := range r.destinationPortItems { + if item.Match(metadata) { + metadata.DestinationPortMatch = true + break + } + } + } + for _, item := range r.items { if !item.Match(metadata) { return r.invert } } - if len(r.sourceAddressItems) > 0 { - var sourceAddressMatch bool - for _, item := range r.sourceAddressItems { - if item.Match(metadata) { - sourceAddressMatch = true - break - } - } - if !sourceAddressMatch { - return r.invert - } + if len(r.sourceAddressItems) > 0 && !metadata.SourceAddressMatch { + return r.invert } - if len(r.sourcePortItems) > 0 { - var sourcePortMatch bool - for _, item := range r.sourcePortItems { - if item.Match(metadata) { - sourcePortMatch = true - break - } - } - if !sourcePortMatch { - return r.invert - } + if len(r.sourcePortItems) > 0 && !metadata.SourcePortMatch { + return r.invert } - if len(r.destinationAddressItems) > 0 { - var destinationAddressMatch bool - for _, item := range r.destinationAddressItems { - if item.Match(metadata) { - destinationAddressMatch = true - break - } - } - if !destinationAddressMatch { - return r.invert - } + if len(r.destinationAddressItems) > 0 && !metadata.DestinationAddressMatch { + return r.invert } - if len(r.destinationPortItems) > 0 { - var destinationPortMatch bool - for _, item := range r.destinationPortItems { - if item.Match(metadata) { - destinationPortMatch = true - break - } - } - if !destinationPortMatch { - return r.invert - } + if len(r.destinationPortItems) > 0 && !metadata.DestinationPortMatch { + return r.invert } return !r.invert