IPv6 support for outside (udp) (#369)
This commit is contained in:
56
config.go
56
config.go
@ -235,13 +235,18 @@ func (c *Config) GetAllowList(k string, allowInterfaces bool) (*AllowList, error
|
||||
return nil, fmt.Errorf("config `%s` has invalid type: %T", k, r)
|
||||
}
|
||||
|
||||
tree := NewCIDRTree()
|
||||
tree := NewCIDR6Tree()
|
||||
var nameRules []AllowListNameRule
|
||||
|
||||
firstValue := true
|
||||
allValuesMatch := true
|
||||
defaultSet := false
|
||||
var allValues bool
|
||||
// Keep track of the rules we have added for both ipv4 and ipv6
|
||||
type allowListRules struct {
|
||||
firstValue bool
|
||||
allValuesMatch bool
|
||||
defaultSet bool
|
||||
allValues bool
|
||||
}
|
||||
rules4 := allowListRules{firstValue: true, allValuesMatch: true, defaultSet: false}
|
||||
rules6 := allowListRules{firstValue: true, allValuesMatch: true, defaultSet: false}
|
||||
|
||||
for rawKey, rawValue := range rawMap {
|
||||
rawCIDR, ok := rawKey.(string)
|
||||
@ -276,31 +281,48 @@ func (c *Config) GetAllowList(k string, allowInterfaces bool) (*AllowList, error
|
||||
// TODO: should we error on duplicate CIDRs in the config?
|
||||
tree.AddCIDR(cidr, value)
|
||||
|
||||
if firstValue {
|
||||
allValues = value
|
||||
firstValue = false
|
||||
maskBits, maskSize := cidr.Mask.Size()
|
||||
|
||||
var rules *allowListRules
|
||||
if maskSize == 32 {
|
||||
rules = &rules4
|
||||
} else {
|
||||
if value != allValues {
|
||||
allValuesMatch = false
|
||||
rules = &rules6
|
||||
}
|
||||
|
||||
if rules.firstValue {
|
||||
rules.allValues = value
|
||||
rules.firstValue = false
|
||||
} else {
|
||||
if value != rules.allValues {
|
||||
rules.allValuesMatch = false
|
||||
}
|
||||
}
|
||||
|
||||
// Check if this is 0.0.0.0/0
|
||||
bits, size := cidr.Mask.Size()
|
||||
if bits == 0 && size == 32 {
|
||||
defaultSet = true
|
||||
// Check if this is 0.0.0.0/0 or ::/0
|
||||
if maskBits == 0 {
|
||||
rules.defaultSet = true
|
||||
}
|
||||
}
|
||||
|
||||
if !defaultSet {
|
||||
if allValuesMatch {
|
||||
if !rules4.defaultSet {
|
||||
if rules4.allValuesMatch {
|
||||
_, zeroCIDR, _ := net.ParseCIDR("0.0.0.0/0")
|
||||
tree.AddCIDR(zeroCIDR, !allValues)
|
||||
tree.AddCIDR(zeroCIDR, !rules4.allValues)
|
||||
} else {
|
||||
return nil, fmt.Errorf("config `%s` contains both true and false rules, but no default set for 0.0.0.0/0", k)
|
||||
}
|
||||
}
|
||||
|
||||
if !rules6.defaultSet {
|
||||
if rules6.allValuesMatch {
|
||||
_, zeroCIDR, _ := net.ParseCIDR("::/0")
|
||||
tree.AddCIDR(zeroCIDR, !rules6.allValues)
|
||||
} else {
|
||||
return nil, fmt.Errorf("config `%s` contains both true and false rules, but no default set for ::/0", k)
|
||||
}
|
||||
}
|
||||
|
||||
return &AllowList{cidrTree: tree, nameRules: nameRules}, nil
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user