rule.go 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120
  1. package constant
  2. // Rule Type
  3. const (
  4. Domain RuleType = iota
  5. DomainSuffix
  6. DomainKeyword
  7. DomainRegex
  8. GEOSITE
  9. GEOIP
  10. SrcGEOIP
  11. IPASN
  12. SrcIPASN
  13. IPCIDR
  14. SrcIPCIDR
  15. IPSuffix
  16. SrcIPSuffix
  17. SrcPort
  18. DstPort
  19. InPort
  20. DSCP
  21. InUser
  22. InName
  23. InType
  24. ProcessName
  25. ProcessPath
  26. ProcessNameRegex
  27. ProcessPathRegex
  28. RuleSet
  29. Network
  30. Uid
  31. SubRules
  32. MATCH
  33. AND
  34. OR
  35. NOT
  36. )
  37. type RuleType int
  38. func (rt RuleType) String() string {
  39. switch rt {
  40. case Domain:
  41. return "Domain"
  42. case DomainSuffix:
  43. return "DomainSuffix"
  44. case DomainKeyword:
  45. return "DomainKeyword"
  46. case DomainRegex:
  47. return "DomainRegex"
  48. case GEOSITE:
  49. return "GeoSite"
  50. case GEOIP:
  51. return "GeoIP"
  52. case SrcGEOIP:
  53. return "SrcGeoIP"
  54. case IPASN:
  55. return "IPASN"
  56. case SrcIPASN:
  57. return "SrcIPASN"
  58. case IPCIDR:
  59. return "IPCIDR"
  60. case SrcIPCIDR:
  61. return "SrcIPCIDR"
  62. case IPSuffix:
  63. return "IPSuffix"
  64. case SrcIPSuffix:
  65. return "SrcIPSuffix"
  66. case SrcPort:
  67. return "SrcPort"
  68. case DstPort:
  69. return "DstPort"
  70. case InPort:
  71. return "InPort"
  72. case InUser:
  73. return "InUser"
  74. case InName:
  75. return "InName"
  76. case InType:
  77. return "InType"
  78. case ProcessName:
  79. return "ProcessName"
  80. case ProcessPath:
  81. return "ProcessPath"
  82. case ProcessNameRegex:
  83. return "ProcessNameRegex"
  84. case ProcessPathRegex:
  85. return "ProcessPathRegex"
  86. case MATCH:
  87. return "Match"
  88. case RuleSet:
  89. return "RuleSet"
  90. case Network:
  91. return "Network"
  92. case DSCP:
  93. return "DSCP"
  94. case Uid:
  95. return "Uid"
  96. case SubRules:
  97. return "SubRules"
  98. case AND:
  99. return "AND"
  100. case OR:
  101. return "OR"
  102. case NOT:
  103. return "NOT"
  104. default:
  105. return "Unknown"
  106. }
  107. }
  108. type Rule interface {
  109. RuleType() RuleType
  110. Match(metadata *Metadata) (bool, string)
  111. Adapter() string
  112. Payload() string
  113. ShouldResolveIP() bool
  114. ShouldFindProcess() bool
  115. ProviderNames() []string
  116. }