Support port numbers and protocols in filter rules

petabi · Mar 25, 2024 · 1438cee · 1438cee
1 parent 96be658
commit 1438cee
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,14 @@ file is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and
 this project adheres to [Semantic
 Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Changed
+
+- `request::Handler::update_traffic_filter_rules` takes a slice of `(IpNet,
+  Option<Vec<u16>>, Option<Vec<u16>>)`, instead of `IpNet`, to support port
+  numbers and protocols.
+
 ## [0.10.0] - 2024-02-23
 
 ### Changed
@@ -255,6 +263,7 @@ without relying on the content of the response.
 
 - `send_frame` and `recv_frame` to send and receive length-delimited frames.
 
+[Unreleased]: https://github.com/petabi/oinq/compare/0.10.0...main
 [0.10.0]: https://github.com/petabi/oinq/compare/0.9.3...0.10.0
 [0.9.3]: https://github.com/petabi/oinq/compare/0.9.2...0.9.3
 [0.9.2]: https://github.com/petabi/oinq/compare/0.9.1...0.9.2

diff --git a/src/request.rs b/src/request.rs
@@ -94,6 +94,9 @@ pub enum HandlerError {
     SendError(#[from] frame::SendError),
 }
 
+// IP address, port numbers, and protocols.
+pub type TrafficFilterRule = (IpNet, Option<Vec<u16>>, Option<Vec<u16>>);
+
 /// A request handler that can handle a request to an agent.
 #[allow(clippy::diverging_sub_expression)]
 #[async_trait]
@@ -141,7 +144,10 @@ pub trait Handler: Send {
         return Err("not supported".to_string());
     }
 
-    async fn update_traffic_filter_rules(&mut self, _rules: &[IpNet]) -> Result<(), String> {
+    async fn update_traffic_filter_rules(
+        &mut self,
+        _rules: &[TrafficFilterRule],
+    ) -> Result<(), String> {
         return Err("not supported".to_string());
     }
 
@@ -310,7 +316,7 @@ pub async fn handle<H: Handler>(
             }
             RequestCode::ReloadFilterRule => {
                 let rules = codec
-                    .deserialize::<Vec<IpNet>>(body)
+                    .deserialize::<Vec<TrafficFilterRule>>(body)
                     .map_err(frame::RecvError::DeserializationFailure)?;
                 let result = handler.update_traffic_filter_rules(&rules).await;
                 send_response(send, &mut buf, result).await?;
@@ -359,7 +365,7 @@ async fn send_response<T: Serialize>(
 mod tests {
     use crate::{
         frame, message,
-        request::HostNetworkGroup,
+        request::{HostNetworkGroup, TrafficFilterRule},
         test::{channel, TOKEN},
         Process, RequestCode,
     };
@@ -402,7 +408,10 @@ mod tests {
                 Ok(())
             }
 
-            async fn update_traffic_filter_rules(&mut self, rules: &[IpNet]) -> Result<(), String> {
+            async fn update_traffic_filter_rules(
+                &mut self,
+                rules: &[TrafficFilterRule],
+            ) -> Result<(), String> {
                 self.filter_rules = rules.len();
                 Ok(())
             }
@@ -472,8 +481,16 @@ mod tests {
         assert!(res.is_ok());
 
         let rules = vec![
-            IpNet::from_str("192.168.1.0/24").unwrap(),
-            IpNet::from_str("10.80.10.10/32").unwrap(),
+            (
+                IpNet::from_str("192.168.1.0/24").unwrap(),
+                Some(vec![80]),
+                Some(vec![6]),
+            ),
+            (
+                IpNet::from_str("10.80.10.10/32").unwrap(),
+                Some(vec![80]),
+                Some(vec![6]),
+            ),
         ];
 
         let res = message::send_request(