Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Outgoing traffic filter part 2: named address (metalbear-co#1648)
* outgoing filter metalbear-co#702 * Update .lock * Refactoring connect, move connect to local address into UserSocket impl. * Revert to free function to avoid dup issue. * Extracting values from config (unsatisfied). * Changes im not sure about. * Add outgoing filter parsing. * Add some invalid cases for testing. * Outgoing filter initialization. * No need to re-create filters with TCP UDP distinction for ANY, as they will be checked in connect_outgoing ConnectType anyway. * Filter is plugged in. * Appease clippy * Add default to config. * Add default for remote/local config. Fix comparing resolved address, now compares user address on port 0 (resolved addresses always have port 0). * inline comparison. * Docs in layer. * unused. * remove comments. * Improve bypass for filtered out. Add to analytics. * Update schema. * Log more stuff in connect_outgoing. * Only bypass on selector if its not unix. * Add more logs. * Log on socket close. * Revert localhost connect refactor. * Add reference, fix compilation * Dont bypass on unix stream, or on empty option for selector. * Better if else. * Better connect_to_local_address (question mark). * Small cleanup and docs. * Add docs for config. * More docs for parsing. * Appease clippy * Modify outgoing test to take filter. Fix filter not properly checking ip port when unspecified. * Docs detailing precedence. * changelog * Removed unused type. * debug->trace * Remove some more logs. * Missed log. * Adding DNS resolution to outgoing filter (issue metalbear-co#702). * Notes on what to do in getaddrinfo * Fix broken doc link. * s/input/rest as the return binding in the parser functions. * Change getaddrinfo, now its possible to resolve dns with it through the remote directly. Resolve DNS for named addresses in the outgoing filter when REMOTE_DNS is enabled. * Address (hehe) CR. Improve docs. Improve names for bindings. Remove many1 concats where digit1 is used. * appease clipy * Docs for outgoing local test. * Only allow either remote or local to be specified. Remove intersection check (cant specify both anymore). * deal with strs instead of bytes. * Improve docs. Co-authored-by: t4lz <t4lz.git@gmail.com> * Fix check on connect_remote. Update docs. * Convert outgoing filter into enum, to typefy that the user can only specify 1 variant. * Improve config, now it works and no long allows remote + local together. * Fix docs (update them to the new config). * Mark with unstable. * Update schema. * Add error on empty values when using from_env outgoing filter. * Change log level for connect. * Improve config, take out inner filter struct. * Remove outdated file. * Fix config for tests. * Run test on mac and linux * Improve config path handling in test. Co-authored-by: t4lz <t4lz.git@gmail.com> * Working config. * Build test for macos. * Sanity check that missing remote address doesnt trigger daemon messages and hangs. * Fix docs. Co-authored-by: t4lz <t4lz.git@gmail.com> * update schema * Fix compilation. Added some notes on how to improve DNS resolution. * Appease clippy * Fix filtering unresolved hosts (bool flag was wrong). Add a few logs. Outgoing named filter should be working now. * Add test for DNS resolving filter. * panic on unexpected message. * use magic service * trying to get the flow right * the test keeps growing (and not working) * Use e2e outgoing_traffic_udp_with_connect to test outgoing named filter. * Remove integration changes. * revert files * Fix config * Use dynamic internal service name in config. * cleanup, fix docs * changelog * use service name as the random string for test file * remove commented code * Resolve DNS locally when local is used. * Address review. Better length calculation. Improve name of closure. Dont reuse test. Better order for filtering. * Warn on potential misuse of remote + dns turned off. * new warning Co-authored-by: t4lz <t4lz.git@gmail.com> * Move warning to cli execution thingy. * use warning to print warning * Improving DNS resolving for connect filter. Now local = port 7777 resolves with the correct local address, and swap it on the users connect call. * remote filter on port now resolves and connects to address from cluster * fix local resolve dns for filters not having port * simplify retrieval of connection address from dns_cache. * docs * appease clippy * docs for DNS_CACHE * cargo.lock * improve docs. refactor some names. simplify local resolve check in dns_cache. * debug -> trace * cache -> reverse mapping * docs for local selector * improve docs Co-authored-by: t4lz <t4lz.git@gmail.com> * appease fmt lint --------- Co-authored-by: t4lz <t4lz.git@gmail.com>
- Loading branch information