Página inicial Explorar Ajuda
Entrar
golang
/
nebula
mirror de https://github.com/slackhq/nebula
2
0
Fork 0
Arquivos Issues 0 Wiki
Tree: 3ea7e1b75f
Branches Tags
nebula
/
allow_list.go

allow_list.go 940 B
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 
  1. package nebula
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"net"
    6. 

  6. 	"regexp"
    7. 

  7. )
    8. 

  8. 

  9. type AllowList struct {
    10. 

  10. 	// The values of this cidrTree are `bool`, signifying allow/deny
    11. 

  11. 	cidrTree *CIDR6Tree
    12. 

  12. 

  13. 	// To avoid ambiguity, all rules must be true, or all rules must be false.
    14. 

  14. 	nameRules []AllowListNameRule
    15. 

  15. }
    16. 

  16. 

  17. type AllowListNameRule struct {
    18. 

  18. 	Name  *regexp.Regexp
    19. 

  19. 	Allow bool
    20. 

  20. }
    21. 

  21. 

  22. func (al *AllowList) Allow(ip net.IP) bool {
    23. 

  23. 	if al == nil {
    24. 

  24. 		return true
    25. 

  25. 	}
    26. 

  26. 

  27. 	result := al.cidrTree.MostSpecificContains(ip)
    28. 

  28. 	switch v := result.(type) {
    29. 

  29. 	case bool:
    30. 

  30. 		return v
    31. 

  31. 	default:
    32. 

  32. 		panic(fmt.Errorf("invalid state, allowlist returned: %T %v", result, result))
    33. 

  33. 	}
    34. 

  34. }
    35. 

  35. 

  36. func (al *AllowList) AllowName(name string) bool {
    37. 

  37. 	if al == nil || len(al.nameRules) == 0 {
    38. 

  38. 		return true
    39. 

  39. 	}
    40. 

  40. 

  41. 	for _, rule := range al.nameRules {
    42. 

  42. 		if rule.Name.MatchString(name) {
    43. 

  43. 			return rule.Allow
    44. 

  44. 		}
    45. 

  45. 	}
    46. 

  46. 

  47. 	// If no rules match, return the default, which is the inverse of the rules
    48. 

  48. 	return !al.nameRules[0].Allow
    49. 

  49. }
    50.