Add address filter support for DNS rules

2026-06-12 22:38:15 +03:00 · 2024-02-03 17:45:27 +08:00
parent 234ea4261e
commit 2838e702d9
14 changed files with 282 additions and 69 deletions
--- a/route/rule_abstract.go
+++ b/route/rule_abstract.go
@@ -15,6 +15,7 @@ type abstractDefaultRule struct {
 	sourceAddressItems      []RuleItem
 	sourcePortItems         []RuleItem
 	destinationAddressItems []RuleItem
+	destinationIPCIDRItems  []RuleItem
 	destinationPortItems    []RuleItem
 	allItems                []RuleItem
 	ruleSetItem             RuleItem
@@ -64,6 +65,7 @@ func (r *abstractDefaultRule) Match(metadata *adapter.InboundContext) bool {
 	}

 	if len(r.sourceAddressItems) > 0 && !metadata.SourceAddressMatch {
+		metadata.DidMatch = true
 		for _, item := range r.sourceAddressItems {
 			if item.Match(metadata) {
 				metadata.SourceAddressMatch = true
@@ -73,6 +75,7 @@ func (r *abstractDefaultRule) Match(metadata *adapter.InboundContext) bool {
 	}

 	if len(r.sourcePortItems) > 0 && !metadata.SourcePortMatch {
+		metadata.DidMatch = true
 		for _, item := range r.sourcePortItems {
 			if item.Match(metadata) {
 				metadata.SourcePortMatch = true
@@ -82,6 +85,7 @@ func (r *abstractDefaultRule) Match(metadata *adapter.InboundContext) bool {
 	}

 	if len(r.destinationAddressItems) > 0 && !metadata.DestinationAddressMatch {
+		metadata.DidMatch = true
 		for _, item := range r.destinationAddressItems {
 			if item.Match(metadata) {
 				metadata.DestinationAddressMatch = true
@@ -90,7 +94,18 @@ func (r *abstractDefaultRule) Match(metadata *adapter.InboundContext) bool {
 		}
 	}

+	if !metadata.IgnoreDestinationIPCIDRMatch && len(r.destinationIPCIDRItems) > 0 && !metadata.DestinationAddressMatch {
+		metadata.DidMatch = true
+		for _, item := range r.destinationIPCIDRItems {
+			if item.Match(metadata) {
+				metadata.DestinationAddressMatch = true
+				break
+			}
+		}
+	}
+
 	if len(r.destinationPortItems) > 0 && !metadata.DestinationPortMatch {
+		metadata.DidMatch = true
 		for _, item := range r.destinationPortItems {
 			if item.Match(metadata) {
 				metadata.DestinationPortMatch = true
@@ -100,6 +115,9 @@ func (r *abstractDefaultRule) Match(metadata *adapter.InboundContext) bool {
 	}

 	for _, item := range r.items {
+		if _, isRuleSet := item.(*RuleSetItem); !isRuleSet {
+			metadata.DidMatch = true
+		}
 		if !item.Match(metadata) {
 			return r.invert
 		}
@@ -113,7 +131,7 @@ func (r *abstractDefaultRule) Match(metadata *adapter.InboundContext) bool {
 		return r.invert
 	}

-	if len(r.destinationAddressItems) > 0 && !metadata.DestinationAddressMatch {
+	if ((!metadata.IgnoreDestinationIPCIDRMatch && len(r.destinationIPCIDRItems) > 0) || len(r.destinationAddressItems) > 0) && !metadata.DestinationAddressMatch {
 		return r.invert
 	}

@@ -121,6 +139,10 @@ func (r *abstractDefaultRule) Match(metadata *adapter.InboundContext) bool {
 		return r.invert
 	}

+	if !metadata.DidMatch {
+		return false
+	}
+
 	return !r.invert
 }