mirror of
https://github.com/Control-D-Inc/ctrld.git
synced 2026-05-27 12:52:27 +02:00
Cuong Manh Le
3afdaef6e6
Extract DNS policy rule matching logic from dns_proxy.go into a dedicated internal/rulematcher package to improve code organization and maintainability. The new package provides: - RuleMatcher interface for extensible rule matching - NetworkRuleMatcher for IP-based network rules - MacRuleMatcher for MAC address-based rules - DomainRuleMatcher for domain/wildcard rules - Comprehensive unit tests for all matchers This refactoring improves: - Separation of concerns between DNS proxy and rule matching - Testability with isolated rule matcher components - Reusability of rule matching logic across the codebase - Maintainability with focused, single-responsibility modules
44 lines
1.1 KiB
Go
44 lines
1.1 KiB
Go
package rulematcher
|
|
|
|
import (
|
|
"context"
|
|
"strings"
|
|
)
|
|
|
|
// NetworkRuleMatcher handles matching of network-based rules
|
|
type NetworkRuleMatcher struct{}
|
|
|
|
// Type returns the rule type for network matcher
|
|
func (n *NetworkRuleMatcher) Type() RuleType {
|
|
return RuleTypeNetwork
|
|
}
|
|
|
|
// Match evaluates network rules against the source IP address
|
|
func (n *NetworkRuleMatcher) Match(ctx context.Context, req *MatchRequest) *MatchResult {
|
|
if req.Policy == nil || len(req.Policy.Networks) == 0 {
|
|
return &MatchResult{Matched: false, RuleType: RuleTypeNetwork}
|
|
}
|
|
|
|
for _, rule := range req.Policy.Networks {
|
|
for source, targets := range rule {
|
|
networkNum := strings.TrimPrefix(source, "network.")
|
|
nc := req.Config.Network[networkNum]
|
|
if nc == nil {
|
|
continue
|
|
}
|
|
for _, ipNet := range nc.IPNets {
|
|
if ipNet.Contains(req.SourceIP) {
|
|
return &MatchResult{
|
|
Matched: true,
|
|
Targets: targets,
|
|
MatchedRule: source,
|
|
RuleType: RuleTypeNetwork,
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return &MatchResult{Matched: false, RuleType: RuleTypeNetwork}
|
|
}
|