Página inicial Explorar Ajuda
Entrar
AetherVPN
/
slackhq.nebula
mirror de https://github.com/slackhq/nebula.git
3
0
Fork 0
Arquivos Issues 0 Wiki
Branch: windows_udp_buffer_setting
Branches Tags
slackhq.nebula
/
allow_list.go

allow_list.go 932 B
Link permanente Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 
  1. package nebula
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"regexp"
    6. 

  6. )
    7. 

  7. 

  8. type AllowList struct {
    9. 

  9. 	// The values of this cidrTree are `bool`, signifying allow/deny
    10. 

  10. 	cidrTree *CIDRTree
    11. 

  11. 

  12. 	// To avoid ambiguity, all rules must be true, or all rules must be false.
    13. 

  13. 	nameRules []AllowListNameRule
    14. 

  14. }
    15. 

  15. 

  16. type AllowListNameRule struct {
    17. 

  17. 	Name  *regexp.Regexp
    18. 

  18. 	Allow bool
    19. 

  19. }
    20. 

  20. 

  21. func (al *AllowList) Allow(ip uint32) bool {
    22. 

  22. 	if al == nil {
    23. 

  23. 		return true
    24. 

  24. 	}
    25. 

  25. 

  26. 	result := al.cidrTree.MostSpecificContains(ip)
    27. 

  27. 	switch v := result.(type) {
    28. 

  28. 	case bool:
    29. 

  29. 		return v
    30. 

  30. 	default:
    31. 

  31. 		panic(fmt.Errorf("invalid state, allowlist returned: %T %v", result, result))
    32. 

  32. 	}
    33. 

  33. }
    34. 

  34. 

  35. func (al *AllowList) AllowName(name string) bool {
    36. 

  36. 	if al == nil || len(al.nameRules) == 0 {
    37. 

  37. 		return true
    38. 

  38. 	}
    39. 

  39. 

  40. 	for _, rule := range al.nameRules {
    41. 

  41. 		if rule.Name.MatchString(name) {
    42. 

  42. 			return rule.Allow
    43. 

  43. 		}
    44. 

  44. 	}
    45. 

  45. 

  46. 	// If no rules match, return the default, which is the inverse of the rules
    47. 

  47. 	return !al.nameRules[0].Allow
    48. 

  48. }
    49.