mirror of
https://github.com/Control-D-Inc/ctrld.git
synced 2026-03-13 10:26:06 +00:00
d42a78cba9
- Add detailed package documentation to engine.go explaining the rule matching system, supported rule types (Network, MAC, Domain), and priority ordering - Include usage example demonstrating typical API usage patterns - Remove unused Type() method from RuleMatcher interface and implementations - Maintain backward compatibility while improving code documentation The documentation explains the policy-based DNS routing system and how different rule types interact with configurable priority ordering.
39 lines
953 B
Go
39 lines
953 B
Go
package rulematcher
|
|
|
|
import (
|
|
"context"
|
|
"strings"
|
|
)
|
|
|
|
// NetworkRuleMatcher handles matching of network-based rules
|
|
type NetworkRuleMatcher struct{}
|
|
|
|
// Match evaluates network rules against the source IP address
|
|
func (n *NetworkRuleMatcher) Match(ctx context.Context, req *MatchRequest) *MatchResult {
|
|
if req.Policy == nil || len(req.Policy.Networks) == 0 {
|
|
return &MatchResult{Matched: false, RuleType: RuleTypeNetwork}
|
|
}
|
|
|
|
for _, rule := range req.Policy.Networks {
|
|
for source, targets := range rule {
|
|
networkNum := strings.TrimPrefix(source, "network.")
|
|
nc := req.Config.Network[networkNum]
|
|
if nc == nil {
|
|
continue
|
|
}
|
|
for _, ipNet := range nc.IPNets {
|
|
if ipNet.Contains(req.SourceIP) {
|
|
return &MatchResult{
|
|
Matched: true,
|
|
Targets: targets,
|
|
MatchedRule: source,
|
|
RuleType: RuleTypeNetwork,
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return &MatchResult{Matched: false, RuleType: RuleTypeNetwork}
|
|
}
|