From 34ebe9b054a7b362c46720e57250e9086cc59cc6 Mon Sep 17 00:00:00 2001 From: Cuong Manh Le Date: Fri, 15 Mar 2024 17:43:10 +0700 Subject: [PATCH] cmd/cli: allow MAC wildcard matching --- cmd/cli/dns_proxy.go | 11 ++++++----- cmd/cli/dns_proxy_test.go | 23 +++++++++++++++-------- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/cmd/cli/dns_proxy.go b/cmd/cli/dns_proxy.go index 52cb27e..fb5f903 100644 --- a/cmd/cli/dns_proxy.go +++ b/cmd/cli/dns_proxy.go @@ -282,7 +282,7 @@ networkRules: macRules: for _, rule := range lc.Policy.Macs { for source, targets := range rule { - if source != "" && strings.EqualFold(source, srcMac) { + if source != "" && (strings.EqualFold(source, srcMac) || wildcardMatches(strings.ToLower(source), strings.ToLower(srcMac))) { matchedPolicy = lc.Policy.Name matchedNetwork = source networkTargets = targets @@ -590,7 +590,8 @@ func canonicalName(fqdn string) string { return q } -func wildcardMatches(wildcard, domain string) bool { +// wildcardMatches reports whether string str matches the wildcard pattern. +func wildcardMatches(wildcard, str string) bool { // Wildcard match. wildCardParts := strings.Split(wildcard, "*") if len(wildCardParts) != 2 { @@ -600,15 +601,15 @@ func wildcardMatches(wildcard, domain string) bool { switch { case len(wildCardParts[0]) > 0 && len(wildCardParts[1]) > 0: // Domain must match both prefix and suffix. - return strings.HasPrefix(domain, wildCardParts[0]) && strings.HasSuffix(domain, wildCardParts[1]) + return strings.HasPrefix(str, wildCardParts[0]) && strings.HasSuffix(str, wildCardParts[1]) case len(wildCardParts[1]) > 0: // Only suffix must match. - return strings.HasSuffix(domain, wildCardParts[1]) + return strings.HasSuffix(str, wildCardParts[1]) case len(wildCardParts[0]) > 0: // Only prefix must match. - return strings.HasPrefix(domain, wildCardParts[0]) + return strings.HasPrefix(str, wildCardParts[0]) } return false diff --git a/cmd/cli/dns_proxy_test.go b/cmd/cli/dns_proxy_test.go index 52d3edb..cb2e459 100644 --- a/cmd/cli/dns_proxy_test.go +++ b/cmd/cli/dns_proxy_test.go @@ -22,14 +22,21 @@ func Test_wildcardMatches(t *testing.T) { domain string match bool }{ - {"prefix parent should not match", "*.windscribe.com", "windscribe.com", false}, - {"prefix", "*.windscribe.com", "anything.windscribe.com", true}, - {"prefix not match other domain", "*.windscribe.com", "example.com", false}, - {"prefix not match domain in name", "*.windscribe.com", "wwindscribe.com", false}, - {"suffix", "suffix.*", "suffix.windscribe.com", true}, - {"suffix not match other", "suffix.*", "suffix1.windscribe.com", false}, - {"both", "suffix.*.windscribe.com", "suffix.anything.windscribe.com", true}, - {"both not match", "suffix.*.windscribe.com", "suffix1.suffix.windscribe.com", false}, + {"domain - prefix parent should not match", "*.windscribe.com", "windscribe.com", false}, + {"domain - prefix", "*.windscribe.com", "anything.windscribe.com", true}, + {"domain - prefix not match other s", "*.windscribe.com", "example.com", false}, + {"domain - prefix not match s in name", "*.windscribe.com", "wwindscribe.com", false}, + {"domain - suffix", "suffix.*", "suffix.windscribe.com", true}, + {"domain - suffix not match other", "suffix.*", "suffix1.windscribe.com", false}, + {"domain - both", "suffix.*.windscribe.com", "suffix.anything.windscribe.com", true}, + {"domain - both not match", "suffix.*.windscribe.com", "suffix1.suffix.windscribe.com", false}, + {"mac - prefix", "*:98:05:b4:2b", "d4:67:98:05:b4:2b", true}, + {"mac - prefix not match other s", "*:98:05:b4:2b", "0d:ba:54:09:94:2c", false}, + {"mac - prefix not match s in name", "*:98:05:b4:2b", "e4:67:97:05:b4:2b", false}, + {"mac - suffix", "d4:67:98:*", "d4:67:98:05:b4:2b", true}, + {"mac - suffix not match other", "d4:67:98:*", "d4:67:97:15:b4:2b", false}, + {"mac - both", "d4:67:98:*:b4:2b", "d4:67:98:05:b4:2b", true}, + {"mac - both not match", "d4:67:98:*:b4:2b", "d4:67:97:05:c4:2b", false}, } for _, tc := range tests {